Automated Malware Analysis Management Report for 5JPwmNu0eD.exe

Overview

General Information

Sample name:	5JPwmNu0eD.exe renamed because original name is a hash value
Original sample name:	c10ab9645fbf16b897e602b348c3479ce9abfe82a41f5e69fe0a6a196e691ef7.exe
Analysis ID:	1417306
MD5:	b503c3727555bb1d97b96e58032f4f22
SHA1:	b5fed92483584600ca9cf8f719c53d88a5db93f1
SHA256:	c10ab9645fbf16b897e602b348c3479ce9abfe82a41f5e69fe0a6a196e691ef7
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Multi AV Scanner detection for submitted file

Creates files in the recycle bin to hide itself

Drops PE files to the startup folder

Drops executables to the windows directory (C:\Windows) and starts them

Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)

Machine Learning detection for sample

Creates files inside the system directory

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Installs a raw input device (often for capturing keystrokes)

May sleep (evasive loops) to hinder dynamic analysis

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Tries to load missing DLLs

Uses 32bit PE files

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 5JPwmNu0eD.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\ProgramData\.curlrc.exe.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\MF\Active.GRL.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\MF\Pending.GRL.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\_curlrc.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\.curlrc.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe.tmp	Avira: detection malicious, Label: TR/ATRAPS.Gen

Multi AV Scanner detection for submitted file

Source: 5JPwmNu0eD.exe

ReversingLabs: Detection: 95%

Machine Learning detection for sample

Source: 5JPwmNu0eD.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: 5JPwmNu0eD.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source:	Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb source: integrator.exe.tmp.2.dr
Source:	Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: integrator.exe.tmp.2.dr

Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\.curlrc.exe	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\.curlrc.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\.curlrc.exe	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\.curlrc.exe	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\.curlrc.exe	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\.curlrc.exe	Jump to behavior

Source: integrator.exe.tmp.2.dr	String found in binary or memory: http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte
Source: integrator.exe.tmp.2.dr	String found in binary or memory: https://nexus.officeapps.live.comhttps://nexusrules.officeapps.live.com
Source: integrator.exe.tmp.2.dr	String found in binary or memory: https://otelrules.azureedge.net/rules/.bundlesdxhelper.exeFailed

Installs a raw input device (often for capturing keystrokes)

Source: integrator.exe.tmp.2.dr

Binary or memory string: RegisterRawInputDevices

memstr_fa7589ce-c

Creates files inside the system directory

Source: C:\Users\user\Desktop\5JPwmNu0eD.exe

File created: C:\Windows\SysWOW64\Zombie.exe

Jump to behavior

Tries to load missing DLLs

Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	Section loaded: mfc42.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	Section loaded: mfc42.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: mfc42.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Section loaded: wldp.dll	Jump to behavior

Uses 32bit PE files

Source: 5JPwmNu0eD.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal84.adwa.evad.winEXE@5/1393@0/0

Source: C:\Users\user\Desktop\5JPwmNu0eD.exe

File created: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe

Jump to behavior

Source: C:\Windows\SysWOW64\Zombie.exe

File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\Temp\965c09a6-ff8d-4ab0-8c44-dfc6cfd8416f.tmp

Jump to behavior

Source: 5JPwmNu0eD.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\Zombie.exe

File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\5JPwmNu0eD.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: integrator.exe.tmp.2.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: integrator.exe.tmp.2.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: integrator.exe.tmp.2.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: integrator.exe.tmp.2.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

Source: 5JPwmNu0eD.exe

ReversingLabs: Detection: 95%

Source: C:\Users\user\Desktop\5JPwmNu0eD.exe

File read: C:\Users\user\Desktop\5JPwmNu0eD.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\5JPwmNu0eD.exe "C:\Users\user\Desktop\5JPwmNu0eD.exe"
Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	Process created: C:\Windows\SysWOW64\Zombie.exe "C:\Windows\system32\Zombie.exe"
Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	Process created: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe "_ChocolateyInstall.ps1.exe"
Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	Process created: C:\Windows\SysWOW64\Zombie.exe "C:\Windows\system32\Zombie.exe"	Jump to behavior
Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	Process created: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe "_ChocolateyInstall.ps1.exe"	Jump to behavior

Source:	Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb source: integrator.exe.tmp.2.dr
Source:	Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: integrator.exe.tmp.2.dr

Persistence and Installation Behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\Desktop\5JPwmNu0eD.exe

Executable created and started: C:\Windows\SysWOW64\Zombie.exe

Jump to behavior

Drops PE files

Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-AMFilter.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES-valencia\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\DefenderPerformance.psd1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\KeyHolder\61afd6a2-d7c3-8d25-36c2-0c2c47e3aca8.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.E6.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\89028913-695D-4F8F-BCE6-1E5C836C197B.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.67.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.dat.cat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdDevFlt.sys.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.83.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fil-PH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreatDetection.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\FD83A2FA-E662-485E-9726-D8D117B311DE.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\.curlrc.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{31A74449-CB37-4ECC-AFE0-BB17DBA5F0AC}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	File created: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4C7ED29D-4CA0-4B8A-A1B0-8771A4123396}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EDA3810-3491-4E83-A2AA-7EFB12171CF7}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpRollback.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\confident.cov.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.A0.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreat.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-AMFilter.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\as-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ea39969e-9808-10a2-23ff-be783a132fea.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F360F1F0-1516-4749-8FDA-56C0D526A6A0}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-083136-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Windows-Windows Defender.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpuser.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUpdate.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\837E475F-211F-4DAA-A7EF-B29AE54D6A99.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mt-MT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES-valencia\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ml-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.man.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	File created: C:\Windows\SysWOW64\Zombie.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bs-Latn-BA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.7C.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement_Uninstall.mof.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-082301-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.hash.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-100619-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.psm1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPerformanceRecording.wprp.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mr-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-092824-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\eu-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\as-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-085715-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-095933-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nn-NO\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.809ce127-f5c0-40ef-bf85-cecccac2ef33.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-122008-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpWDOScan.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17206FD8-D501-467A-8461-D4CD16DAE0D9}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bs-Latn-BA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSvc.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement_Uninstall.mof.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreatCatalog.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.hash.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lo-LA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{12B0E5A4-D79A-45DF-838E-AC01484FC2C5}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.6C.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.wprp.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\MasterDescriptor.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpavdlta.vdm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreatCatalog.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-122002-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mi-NZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\9328EB67-F254-48BB-9DA6-3F76F41A0E9C.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.firefox.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\CC950129-487E-43A8-B5DC-2A23C6222934.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpComputerStatus.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-Protection.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Windows-Windows Defender.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{51F47079-4C5B-4BCE-8B60-6ABDED8A93F5}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\s320.hash.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-Protection.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\am-ET\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21998843-E48C-4F95-BF9D-1FCCDB76BDF2}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0BDE9245-0887-4D0E-AF72-3F842A887930}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.ba7c6d46-fc3a-452e-b58c-88c0a5384d76.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\i320.c2rx.hash.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.hash.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDefenderCoreService.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4AB.tmp.WERInternalMetadata.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\quz-PE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-308046B0AF4A39CB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\or-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{27AA0E46-67D6-4248-876C-119B366B0CC4}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-085557-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreatDetection.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64\cab1.cab.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\7A3F9868-21FB-41DA-BAD8-070F118AB9C4.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\WER\Temp\965c09a6-ff8d-4ab0-8c44-dfc6cfd8416f.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ne-NP\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.80.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\StableuserEtwLocation\mpuser_etw.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.07248d50-97f1-4932-b7a8-3060c262dd55.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.87.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\VirtualRegistry.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.01.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\0ED1E367-1E22-4AFD-A208-D0061CB0CFDD.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpOAV.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpasdlta.vdm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kok-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.d0cded3b-bc60-4eaa-b8ae-e2b969b977ba.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.man.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.chrome.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\urgent.cov.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{37985AB5-E7D4-4674-920C-57A10432DE6D}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-GB\WelcomeFax.tif.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\MasterDescriptor.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCommu.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpWDOScan.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ms-MY\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{53DDC43E-344A-49CD-ACDA-043ABC13F1FF}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{298FA87E-B950-4D81-A5D8-7EC2DB6559B3}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3658DEA2-07B4-45D2-A78D-DA364921E14A}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\i320.c2rx.hash.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{599816D5-203B-4199-9494-22E61188AB58}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-114524-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\1A4B1382-EEB5-4D59-B0FA-B93F83A518E1-0.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdNisDrv.sys.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.hash.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.wprp.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-GB\resource.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-131119-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement_Uninstall.mof.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\com.microsoft.defender.be.chrome.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.DB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\b7851b46b4e32902708f1f5391c2e1bef58802ce.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSenseComm.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\com.microsoft.defender.be.firefox.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-125718-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\s321033.hash.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\operations.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\DefenderCSP.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Catalogs\IGD.CAT.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cy-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpSignature.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\6064F839-A1A6-488E-98E6-64026859F62C.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPreference.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3251831E-957E-4C11-8C3F-80159E63BA37}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdFilter.sys.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-125143-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\packages\vcRuntimeMinimum_amd64\cab1.cab.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-Service.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F15AA7CB-B4A2-4646-9E16-EFA5C568D9AF}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement_Uninstall.mof.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\.curlrc.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.7E.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{483CFBC2-FDEC-448E-BE7B-F72AD070FECF}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\mpuxagent.dll.mui.tmp	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-AMFilter.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{94DB5E4F-5EEE-4E34-8316-B18D9F37D7EF}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpClient.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\KeyHolder\61afd6a2-d7c3-8d25-36c2-0c2c47e3aca8.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-071726-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-082259-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\FD83A2FA-E662-485E-9726-D8D117B311DE.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpSignature.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\.curlrc.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{31A74449-CB37-4ECC-AFE0-BB17DBA5F0AC}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpRollback.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4C7ED29D-4CA0-4B8A-A1B0-8771A4123396}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EDA3810-3491-4E83-A2AA-7EFB12171CF7}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpRollback.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpuser.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\837E475F-211F-4DAA-A7EF-B29AE54D6A99.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.man.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPreference.cdxml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\hardz.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\config.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C40F71FB-A0CD-46D7-A5AA-0E57C9BA9E1F}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpClient.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BC4BE93B-34FF-4463-AA89-69BFD3D84502}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-082301-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00011.jtx.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-092824-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-32.png.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-122008-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17206FD8-D501-467A-8461-D4CD16DAE0D9}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7DE9C20C-810C-4780-AB50-C177DC64322C}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreat.cdxml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Windows-Windows Defender.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ro-RO\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E2C80A90-4D8C-4F08-A24C-F5E7848A4E51}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21998843-E48C-4F95-BF9D-1FCCDB76BDF2}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0BDE9245-0887-4D0E-AF72-3F842A887930}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\i320.c2rx.hash.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.hash.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-40.png.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{27AA0E46-67D6-4248-876C-119B366B0CC4}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreatDetection.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64\cab1.cab.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00001.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.07248d50-97f1-4932-b7a8-3060c262dd55.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.87.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CD57D4D7-887A-494B-A386-6BEC95671675}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\VirtualRegistry.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.01.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpasdlta.vdm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.d0cded3b-bc60-4eaa-b8ae-e2b969b977ba.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.chrome.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edb.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{858A509E-DE26-4DF0-A1D9-851F87E9EE9D}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpuserdb.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Network\Downloader\edb00001.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{53DDC43E-344A-49CD-ACDA-043ABC13F1FF}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{298FA87E-B950-4D81-A5D8-7EC2DB6559B3}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3658DEA2-07B4-45D2-A78D-DA364921E14A}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\i320.c2rx.hash.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{599816D5-203B-4199-9494-22E61188AB58}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpComputerStatus.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\1A4B1382-EEB5-4D59-B0FA-B93F83A518E1-0.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpOAV.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdNisDrv.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-093351-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.hash.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\s320.hash.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-100144-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.DB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\com.microsoft.defender.be.firefox.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\CTAC.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-125718-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\operations.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00003.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\MF\Pending.GRL.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\mpasdesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpSignature.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6CD35735-DB6C-4841-B376-FEBE51AD17BD}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3251831E-957E-4C11-8C3F-80159E63BA37}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-093638-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.firefox.json.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Package Cache\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\packages\vcRuntimeMinimum_amd64\cab1.cab.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F15AA7CB-B4A2-4646-9E16-EFA5C568D9AF}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\.curlrc.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.7E.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\user-48.png.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES-valencia\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\DefenderPerformance.psd1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\User Account Pictures\defaultuser0.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.tmp	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\Desktop\5JPwmNu0eD.exe

File created: C:\Windows\SysWOW64\Zombie.exe

Jump to dropped file

Boot Survival

Drops PE files to the startup folder

Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe

File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp

Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip Help.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Notepad.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Adobe Acrobat.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Google Chrome.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Edge.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\desktop.ini.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.exe.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.exe.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\desktop.ini.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Examples.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\desktop.ini.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\desktop.ini.exe.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Creates files in the recycle bin to hide itself

Source: C:\Windows\SysWOW64\Zombie.exe

File created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp

Jump to behavior

Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5JPwmNu0eD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\SysWOW64\Zombie.exe	Window / User API: threadDelayed 2964	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	Window / User API: threadDelayed 1902	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	Window / User API: threadDelayed 676	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Window / User API: threadDelayed 712	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Window / User API: threadDelayed 2100	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Window / User API: threadDelayed 2844	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\ProtectionManagement.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-AMFilter.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{94DB5E4F-5EEE-4E34-8316-B18D9F37D7EF}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpClient.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\KeyHolder\61afd6a2-d7c3-8d25-36c2-0c2c47e3aca8.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Windows-Windows Defender.man.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user.png.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-071726-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb00011.jtx.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-082259-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Google Chrome.lnk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\FD83A2FA-E662-485E-9726-D8D117B311DE.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpSignature.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\.curlrc.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{31A74449-CB37-4ECC-AFE0-BB17DBA5F0AC}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetoursCopyAccelerator.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpRollback.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4C7ED29D-4CA0-4B8A-A1B0-8771A4123396}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.d0cded3b-bc60-4eaa-b8ae-e2b969b977ba.1.etl.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EDA3810-3491-4E83-A2AA-7EFB12171CF7}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpRollback.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\packages\vcRuntimeMinimum_amd64\cab1.cab.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpuser.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\837E475F-211F-4DAA-A7EF-B29AE54D6A99.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpavdlta.vdm.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.man.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\7A3F9868-21FB-41DA-BAD8-070F118AB9C4.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPreference.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpEvMsg.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\config.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\hardz.dat.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C40F71FB-A0CD-46D7-A5AA-0E57C9BA9E1F}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreatCatalog.cdxml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpClient.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BC4BE93B-34FF-4463-AA89-69BFD3D84502}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-082301-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Users\Public\Pictures\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00011.jtx.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{53DDC43E-344A-49CD-ACDA-043ABC13F1FF}.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\9328EB67-F254-48BB-9DA6-3F76F41A0E9C.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{298FA87E-B950-4D81-A5D8-7EC2DB6559B3}.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MpWppTracing-20231005-083136-00000003-ffffffff.bin.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-092824-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Users\Public\Desktop\Google Chrome.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user-32.png.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpEvMsg.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-122008-00000003-ffffffff.bin.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17206FD8-D501-467A-8461-D4CD16DAE0D9}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\ProtectionManagement.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\MpEvMsg.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\DefenderPerformance.psd1.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7DE9C20C-810C-4780-AB50-C177DC64322C}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.hash.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{94DB5E4F-5EEE-4E34-8316-B18D9F37D7EF}.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.dat.cat.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreat.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpAsDesc.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Windows-Windows Defender.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetoursCopyAccelerator.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Users\Public\Videos\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ro-RO\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Users\Public\Desktop\Firefox.lnk.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E2C80A90-4D8C-4F08-A24C-F5E7848A4E51}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\ProtectionManagement.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21998843-E48C-4F95-BF9D-1FCCDB76BDF2}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0BDE9245-0887-4D0E-AF72-3F842A887930}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\i320.c2rx.hash.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.wprp.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.hash.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\User Account Pictures\user-40.png.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{27AA0E46-67D6-4248-876C-119B366B0CC4}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\ProtectionManagement.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreatDetection.cdxml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64\cab1.cab.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00001.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.07248d50-97f1-4932-b7a8-3060c262dd55.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CD57D4D7-887A-494B-A386-6BEC95671675}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.87.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\VirtualRegistry.dat.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MpWppTracing-20231003-100619-00000003-ffffffff.bin.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.01.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES-valencia\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpAsDesc.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\VdiState.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{B4E0C99D-A1B5-451C-8C4D-2FC579C5B5A2}.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.hash.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\s320.hash.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpasdlta.vdm.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\USOShared\Logs\User\NotifyIcon.d0cded3b-bc60-4eaa-b8ae-e2b969b977ba.1.etl.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-NIS.man.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-GB\resource.xml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.chrome.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.firefox.json.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Network\Downloader\edb.log.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Firefox.lnk.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpRollback.cdxml.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.exe.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{858A509E-DE26-4DF0-A1D9-851F87E9EE9D}.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\mpuxagent.dll.mui.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\Zombie.exe	Dropped PE file which has not been started: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\mpuserdb.db.tmp	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\Zombie.exe TID: 6084	Thread sleep count: 2964 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe TID: 6084	Thread sleep count: 1902 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe TID: 6084	Thread sleep count: 676 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe TID: 6084	Thread sleep count: 265 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe TID: 6084	Thread sleep count: 265 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe TID: 6084	Thread sleep count: 53 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe TID: 6084	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe TID: 6032	Thread sleep count: 712 > 30	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe TID: 6032	Thread sleep count: 295 > 30	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe TID: 6032	Thread sleep count: 2100 > 30	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe TID: 6032	Thread sleep count: 2844 > 30	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe TID: 6032	Thread sleep count: 282 > 30	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe TID: 6032	Thread sleep count: 52 > 30	Jump to behavior
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe TID: 6032	Thread sleep count: 36 > 30	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\SysWOW64\Zombie.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\Zombie.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\.curlrc.exe	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\.curlrc.exe.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\.curlrc.exe	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\.curlrc.exe	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\.curlrc.exe	Jump to behavior
Source: C:\Windows\SysWOW64\Zombie.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\.curlrc.exe	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)

Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (copy)			Jump to dropped file

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5B25C244E5EFB688F841C7800D126269	46A69FC3C9CC850BEDE55C44A18C2713A8AA3437	C957D7AE5B936A22F84FFC082AB78C6D584A322FD63FEDCE3E17FB7C3CCA5EA6
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	59B36914839C3C3ADDD83F068CD7602F	9F49C3ACB72290DBDC08F493E9991007D5048248	68C7A8F89ED928671AA259BA110C59742B1EB88D73B64E8B740FB21B3CF03BC4
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5B25C244E5EFB688F841C7800D126269	46A69FC3C9CC850BEDE55C44A18C2713A8AA3437	C957D7AE5B936A22F84FFC082AB78C6D584A322FD63FEDCE3E17FB7C3CCA5EA6
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1029786728E1ED68574D7BB97EFD5092	8F594CF33B9BCAC6B8EE8682E792BE5D481FB329	2AE71910944E4ED521EB5A65BFD077D74654F3A54B2E4BCCA7A7F966BFD36C63
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	921298DC1092213F65BFD8A8D53777BE	B6016BBB388F4E788F291F181A9F90CB540BC98F	996AB4CDB7808380CE5292D50069AFE6FFCD3D30B615C0E9AFD49FAB0FEF8567
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1029786728E1ED68574D7BB97EFD5092	8F594CF33B9BCAC6B8EE8682E792BE5D481FB329	2AE71910944E4ED521EB5A65BFD077D74654F3A54B2E4BCCA7A7F966BFD36C63
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1D13108E65FF621140AB53E8E0E20CD3	608BBCE43DBAB7B711771D273E76E61D32C76F59	DF834087DF3FD11EA214A66A64CEAC69AE357A23B5D7D531E4937977998A4173
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CFF3283756434DE26303794321405DA4	F3F3AFC1506CE6CCC2806D5A7A4D7B8D065B3DB8	3808D5E1A5BF1692C005C1C73D16E63B0B7ED3E5767114F5768F90230C9719EE
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1D13108E65FF621140AB53E8E0E20CD3	608BBCE43DBAB7B711771D273E76E61D32C76F59	DF834087DF3FD11EA214A66A64CEAC69AE357A23B5D7D531E4937977998A4173
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7E7E8BF9A24C22B2F3769CCFA6E44CF8	448EBD7847889339E6FF0CBF45E996AD505E7FDF	E32014A9EE3D55FD8B4E5E9D06998C22F95C4D3727F576E232AE816B9DD51289
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ED6488762E4170613C3767D39BAEB02A	709F1746C18870ACA63961989065F790D9A49DB3	40F0DFA50F128FF8C55F3E1640E5C1F4872B67C3956A3FAF637AA0EBE8B2E2A7
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7E7E8BF9A24C22B2F3769CCFA6E44CF8	448EBD7847889339E6FF0CBF45E996AD505E7FDF	E32014A9EE3D55FD8B4E5E9D06998C22F95C4D3727F576E232AE816B9DD51289
C:\Documents and Settings\All Users\.curlrc.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8A04E034DBDD26DD034DCA1EC38B5211	6AD3B59C32B58450099C09F8326FA2B0007FC343	F7FBAA63F4BF349CD08C8AF1745DDDA616551E458C955D85F1FAA5AEFF7EC169
C:\Documents and Settings\All Users\Application Data\.curlrc.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	48B30B882E6678E6F1F27D00F869F676	2FCA0633679B708C5C710E0AB784B25A0971A32A	20C97E55F2A69CE98BDB0141D5693D6548CF9C2E58EFFF2DB18FB6ABA7EA578C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\_curlrc.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A9CA2C21114887821E6B60D0B1EC7180	84B7FF537DC5381F23A62CDDD19CD9A0870F2E02	36433EC2631DB46FAF96FA8154F4622077E5F7E660FA0FE6A83E69BAD7930388
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Adobe Acrobat.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	349781EEE3AB716275291D595DCF6726	927AFFAB351537FCC2680AFE973929363E880D20	43A7A37938CB595AF4E341AA0F11414205165B84C0F03B73D0BE64CA45A2C2FB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Firefox.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E7D590501C13B83931BECB2091C5539E	490E426A9CCA058A074BD21BC844F15F0CA15979	FC598C9C606FCF95E915B414E5FC8E4D4FA29BD61C6C958A451595641491BF61
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Google Chrome.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4C860A1AA525DE48F03D708C999E88A0	52C69A260850797890589B1C35F6426BCCECC08D	422C21B9B79A2B663F193BE09B157DFB0581C6665BCF96BD38687F8F444C429B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D32113A1296C67B25183E578798E2B2F	152C8E3754E0226B8DF68FE84B68B686FB5CD301	90023C145E1D3F014A98459CB679DDF5F42503F454FBB4E6E28CAB5D4A06CF30
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	831AA07086962324C9689D6A303C9849	1DE3AFBB2D4A806D5A57A28142A816747674F02A	A292A1AD7AF4F1433414EA902C52B55376534C6F48D8A19708F3876BD8221463
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	B40558094F42D0425B4071269B2EB7A1	09E7B2FEFC4CD4D77EDBF52DC3EDA304526049CC	667FE82486A02F066893E9D0FC021F7CE6E96D6F07F0634EE5D9655C13FF45FA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8998196DB18424872ACC1F8381B6E939	BB93A278FEC27A58AD200306B43FE53964DC21D9	B063A355DD2CF75DA8BC2EC360080E9C6607FF0BE2DDD25FCBCA68127EDC6D30
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0445EBF19A99E60FBE5E8F6CF814DE14	E6E33960891AA9B06AA63E85D55CC1D9A62095A8	CE49FCEBEE8F07DBB33A46A2E7A488A18483089A84873DA7DEEAA565FFE8C6B9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	FDFBDC7BD3A2E14303230630A9C07EE6	12898A4DDB39AED10BDFF0068342D09E53610ECE	0FAA98AC444B914095BFFDA3318E782B3EE53CD2639776A4564570E9B1B3FD08
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	966DE312588E15322AAAB9366F7C20AC	4AA03D583902A374FDD731F1D35B3B6E9297CF95	AF61290FE14AEF92E39F4755695D93D2CD2CEE34C56D1E137C08AF4CBE34C0D5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	ADEEDE1DB5A27E5538CC10D115B3EDD7	1A5FEC71513842A40E7A7F303BF0E28FB53B83C1	46ABA3347882F33FA1DF41DB17D0127B48EFC554ADA31DEDB2E87FB9AB45605B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	16B9977745B4032A8DD068B1BC5C8383	410E6F2B42258300C810F8596CFBD40918386D1C	38314163806130FF6FA0BFFD9956E6C4454C216E94424F153B1AC340E6775E35
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	25DF877FDCFAA22C77DC666DA51C443F	5E80A17BBC9932D0A387B81CB3C1E8C408CC9901	1D8559B71BBA8CC7C673AB7C285C6CF7D128BD86E03DF710BA4350B15D11E806
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DCAAFB2E506E1F2C446F2B67F2DA9546	E5DCB273410F373B987A511B1417F6DEFD414CBF	C95BAF7ADE53C79E143C2B5FB0AE46FCA56F9C0C1985155533975182B3D18315
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	160A871CDB35271333E70BC9DCB97EC9	4CF7D3DE24C32392191D5646F09A372BDE6E2AB8	4F81693C2998933B6F32737BBB3954C1AB17C95B058ECECA0B8E924EE589DEA8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E739BA756D748524A1AB596DBC97F410	8D8359A00C09EC905574FC334E00FB40C498BAD9	F977A9F46B5B69EF3A0B734FA50684E5827455822FCB34F7EBB39D8903A6C546
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0ED140FF4F5D522FF2B8C579FE14F02F	E97C5543A5014CCE1DEAE5CE508227DB0577204B	0D3ADC0440DBE318FA90B6E31197F43ECD849D919B15B3AB966300727BABB7FD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	B5ADB21DB5FAA27C3A9AA93AD126D47A	C8C3A5F7E68D68905DCD23A25DB174F5F2FADF70	EEDD1972D0DC68E78FE913667A7A321C6AB2F789B25A43E1C7AB1EB33D2E62C8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	67FE747506F26CB3D0DC455F26065DD1	56C5AEA5F401FD9873C12D41B2AC8A032612F873	91310282DE8AD01A94C239DE79CC5A358512FB038BB465D2B72C9339678BE52A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D8DDDBBAC07F7B92E1D22CBF5E5BDD2E	58DBC63B6779276BCF034247C42227C990A6EE71	A5E9487C4C274121D6853F0D2179E6BCCA578C5E5D678306251F1DAD31E23A83
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DCDDC8FD9FFE78A494A517E6608FD154	69A9BBD58EB300E6F1A22B03D91694E66073CB83	59AC2E1DF41691414AC1812B4FC3011E7813A582FFB39957C6EB161FEB22015E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BEC1C160E87543001A11E4BA2BC3F2B8	D145BBCB8EFC873FF01DA4BD1E61BA57E2483A20	6DEEAB9AAB2CAAA5C42A67BC13391637E507B3E5082E80E75A063E7363B0A143
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\OfficeIntegrator.ps1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EF973879AD575932675A337F9EF867B4	C70D2536104CF9FDC6F5C13C72B2C0DC22B3C310	39F8C5607DA881D58704285E4C89B0041800616BF2A4005DC1B31B8BFE7D80A2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C46446C519476D86144E012562867D6C	82CB1F7EEBEF25391967E8C68F2D6F37973FA906	DC3CA8459072629D83CF14ABD2B1D5364C91FD29A851E957AA6F11667C3ECCCD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F091DA0372D4F0F1B00E59F165C16C6F	957724B63E02F853D10DF1063CDE34C46BB5DF5B	23BC19C0C9476E45859926B99717B95D7E0DF423F8E5C12D1ADD0D8846159569
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EE494EB0493F6D55240DAA783A2E662D	18B06F8CACAFF41707C072FE89E367BD9A8F500F	E0216392BFFFECE4877F0EDFF992691BD9B1AF8EDAE42809DC4AE0664BE2E2CD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\EventStore.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1BCEEB15B2AAF786731B6A7A49277266	B5E7A3AEE94C8824FC93766CFACCFE50BFC1B897	B07BF79546225E1F801F90AC269EC690CE49A41E1F4A51B90A6B50279FF8E3C0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	08C1A378F6FB56203C133E82D4FCFF00	F846E43BCA17E3619F1E720000E62BBE2D7EBE71	60370F48F02D77751B2795EA8E58FEB98106101FAEB74C296248562A11419723
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4D2FD80F9B758090D12EDD8BB26FF55E	58F5335A2D57A382D5B8EC1A1DCFE664C9D0FB7F	A081D85CD27C83B74766F792A64210CC0EA8A4EA1B0AF043283706603F58CD53
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	FC2408FDA9176DC1F621D0FA10C644CB	D5222C9369412B996379CD7DFC1BDFF44B71A103	E539E103C5F08F2205811E488884465761ABE87E24252E5A368B90B0203BD9C0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	45BBD25127923C8838AEBC4E8A89BFE0	025BA6BA694813D50CD41FEC17D499C66E97DC16	161B5E851FC981592B6E0015BA55D47C9D1D8B24204FAE8AFE76BA57774550A7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	40870EDB78B9CD81FEF8B46FF9DDD9F9	9BCC29844414908A2AA4AE8FA74586980DAFE916	3CA08DB530C9553CCE3F53BD3B79DFA1D23B85E12212F931331CCA36DE3DF20A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb00001.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	FECAC41950BEE5DA3C7D9CAAAD9D2157	506F211F29F1B3D1BF6A4BCAA70B314CE3EDA2AE	5519AF7C35CCD9147ADC150A3BFC3DA606B4DBE0BCF3F9904C7492C9F4B877DE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.jfm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	B8AC9D6390B2C7A01D1D2157862F2EF2	40FF10A73DEAD73DDDC21C88EB454A883BC19AE1	9A2B80C67D2CA8B5C2F0C6F5178543DBDE4234D7B696022E20F5120027D60920
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edb00001.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1502FBB49D5A508860867CB39A3648D0	9AFF6790B1062E9CD418A39C47DF311640573FE2	B20BE67DB03EB8A0D3CEE9293C14B44169D30605C1F86E6843167871EEEF2B92
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\StorageHealthModel.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	34260D258ED0A0DCB8CFFF4A864A0A90	06EEEE36301CF46306BE34D030E3E4558A375997	0CAE127D10C6EEC0E62452A95F19FAF87C930FFB398A41E7D5FF9FAF506E1650
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	CD93D1D693A7AE75BE57811FEB5ECEAE	544EFD783A6EE189F3D30669A914A0195D424291	372A1EB2E692076DEDD93C88DD195943DB25C3D6198025E22D722F9F1AC28473
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D6A6AD1098DB2A23696DF96F4EF488EE	1EF6A533DD28DA2524F1B07C90A11FC91306FC73	46A00616D6143199E618221CC5A74418CF109CD7EF6C1E252F7BDD7BC86E1265
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\VdiState.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	144ACDC513EA1DA3AED524EB6FF73B2E	4CF52EE567F53BE2A8B2894A1C7651887134987C	2FBF2850B2C136469D63F43049EDF9731454416F308D5E4EBFF472ED92DF1926
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\hardz.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1F562AF8F9462D8B038CCE786497C579	1776379FAA6A3F71A4C4E03F205B7879B45B32BF	4440FB8FD98B976F481CD725C7D4B6330A60D7A2CB332C8EFB269B7B399A2758
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	2D06350B0D62F48E529CFB97F4676F93	D5DDA861490DD01AC67DD0420765A148A89462CE	0630102EA2E7661C00838DDE85B584E2729F4FA6115E9960418267376026D120
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	66969ADF811CE678284490A26A557800	A9134A0B4586B2FED46AAEDF6F625D884CAF8885	3FA4CDD57B8C90D6CEB57B97AD5E1CCEEB9CE059F8BC44733474DEE104B33FEB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D342618B8183E9D2140AAF766002F55D	196ED0C7E99A040BC1E60F24A26C24C666F8AFBA	DACE1C756EB94161B0D4CD424AEBA4B24EB9C127B860CFD76D95429473D46302
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Edge.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	289D779C3D5EAB134D669803A644CE6A	3C5803AAB2FA07B0D5D4357F1614E4A363991DE2	79E02677097ED627750437075371392322859E8AE418B3E5F326485D0B33A80C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	95ADE903970C6F6579609017CB49F79D	21FEB425999518198D67FC2BECF3B4EB7CF47D66	298348B5CF008B21A012BB39B50124959EFFE2126E52A2DC6A5D89817CA9C99F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	FF1474128272F3C90F74895675758A0D	CC10B684BF724F54D54DA62721ABCCA24277D864	7525EE3B5BDDEA0CE79DDC25473362070A50E0210E409E6C6CF5134EA4075EB7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	640004FB14122FCC8A3AB6441B9FC05F	DBCE28C9B5832DC715BE298BCE8F7E70A45C00D5	55FFB41FE446D8F924C8CEF2A49526136DD584622995F3D6651B5B887305C76F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	9F8350CD156177C41C39B5C8653211B7	109C0FEA9A4A5270D308B4FCC1845E6F1CAE5E14	57E8EDDF0ADB6DE83F98BD7A126F01333655C13A1E3010FEB6AE25B0F7D688F6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.jfm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	15BEC4795992661DB6E52A0302691AC2	697C7AD06EC620887D64B4F7BCE39FC1BEE33B07	2B7CDEDF1DFC036FCAD77BBD13D0779C968C205D648490A17D0C8B5503BFA025
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb00011.jtx.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	37816FCEF81A72625BE4FCEB9EDADC27	06DA63D5F7EE5A8EC7E9E02714AC89AABAAB6815	47C2A077754474CC85A3FF1B7799EA0AE0D5981E0FD05E7E595549D1554530C1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb00012.jtx.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F58DA03C66DD9CE575CEE06F03A8A3FD	EBAAB0299D6C03059CDC7B45D27F466244EB0C25	A4137B7651346B3CD799F70649634034BEC6C7C7619D992B44772CF80EBF8ACB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	681E68D4F5913F479E6C0DD1D7E656CB	5B59BDA88C322A8E512A3A5D16004CB92A68636B	F0B8F6783671DD4BB5F143C0593D5B69C560C7D701E0B8F05231FAED30A7E76B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	43B49E5751486710D65D1EADFFE6F93D	7D21DF0A852C26500EA9C694832B1DBC8F7E1EBC	8316AA51E48FF0B583140F20D2D118CC225A51414AFACDBBE3D3B26F0A6BA209
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	669E13DCAA85D9B1D1725548738AA105	5A775D0EC987546D8896EF7961D4FB44EECB8929	17E87409F0D4D3F73FDFC42CE0E7F9652F8C677DC44C56D2D41067048F8249FC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D64CCC2A06E18BDABAF2B5FFCA1EF216	00BDCFA0FABDB185E28653E2590E5BEE01F730BF	C3629563B6B17545D7351BAB10D119177A3A60584F19DFC939D1062087ECBF77
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D31D62C9C1850F895AA191FEBD06926A	7F1DB6D2F0D69568E6C9C0917298668D584E4549	04D07E37F9228066397F7382A642E9BE860D3C740FEDDBC3DA49020D1C64417B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4F447915D458A7AC614CE30666C88669	D4D546271234FFFF077CAA4EA1E9F1EFAFAD7E07	E7D074B241EFF29BEA64404E07904C8CD149571E87062CE094C41EC834E51D39
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	2C3E25B7B0A40ADC28F152B959722009	BFD6109AF047D7E3BC18928C37BA29C47E28ECF3	D23FCD18E20B4C657BE0A26BF985A0C2211DFAB26F440878BFB986A5131893EA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5225E640C026BCDBF33C03A8C6CB4DBA	B3137368F60EE770B766FD3213BE277B6E568C78	8595250E7BE8998A148519DBEF3E6AAAFB3BBB570090E9171C57835760B1BEF1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C2BA2653440BB0088657209943098C7C	E7D1730BCE155234E84FE554F53ED13428B7E697	F4E710BEE40FBE0FD3562D2AC8B3A91F36F11D3F9B44DE556CD62E48209AC48B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	CD6C4667F68A209680B9FF6AC3358DD7	563A0848CA8A815A9660A36311258DA1BE707A5E	E998FA6BE4266214E00C7F493868E73E128206967A2FB1723C6DEE603DC4B55F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	9DD8BACB799DA370E053A65C626E6C98	6F5A24060732368946A9EA09E8871D956FC49282	0A52675434B68B293665AF494D6E1065FEA8010A8C9AC829B96C44124EEC1ACB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	3D25123C90D7FC5E7EFE5285B5C92F42	5AEBD4734B7BE51072F29B4818870BB452F6A483	9CF2676F96988EA428E28021AD07DBFFB72B377BC62DE41B4CE1B34B99477A65
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	9D1FEA2E169484AAF4FF278E930CF0B4	6C2FF4B5E5581E2F75F6F8575F96BFD89044BBC9	724D2F49570CA947494F69BD9E9FD1B5F524D4864A83DC200010568FB80F5898
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	B065B6E2D1F1A89F141DCD4A80B63D8E	1A6EB70D6C15D0CBB0888302476EA52D38E2C3F3	FBE610FC5F4526DF68F4CD14977CD3FF80886EFC97EF8BC6F71D897761740EA8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C4BD5BFBC1559E6AAF0FCFCAC9174797	249F2A9ACDD0DDF05906B6C9DE685A2E82BCB614	1EE6C43CE57734DC0B05CC5C6B617058686356A8EB98A16BF0B15E4CE17226A4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6D95D3C837A29240664640387A0A181B	15FD0F60E122617CE9D4A954DC60F7B34C1F6C88	A03AE805303B1EF72B03A42FCAE8E256783057D7AE04F33B4D3C635DE4D75D01
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5F24F2BAF459682BB05A29D0EE288D33	B4A81E904C733A0015292085A6328CED999F438B	86CE461357E3C326CFF2DA92662C3C0A07FBCE842254624441C2DD512D9CB807
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	2731A4CCC96E9CB3A03DDF0D9E2C37EF	676E1C1EDCFDE45C23D85297553FEE49F0BF41DE	4565DCD4090BC177A8088B8D379DB46CCF4CC4E5A114FBEBA37ED8F3C00D7A0C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8066681170EFCF4ACBADFD81EF88AB5B	E06417CEF84543E42112FAE8562EDFE02FFEC550	FB604A783FCD6D7E40E29E2F8734FC8E2B5348096D70C7224A2E8869E2FDBF11
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	656A22818A3614C86178D8B779C9255A	88C270AA54C644FEE387DEFCD131C713EC7E97F3	FB31396D475821FFBE82BB73F3E5F0775946EE5FB1CBA7BE7447E5344069F9CC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	930ACE7C4EB8BF380EEDF2E77251939B	F2C24A4CD64B482AAB77F856C66DD4D3D119CAFC	EB74C8B027BCA4324B5EF45E2DE4A1BA16594D62378F8673FE0AFF7C34169FC8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	2D91C633571B8B5F4B202A37E969F09C	50AB951E88EF6B22ADBB0C10DE4A09C8DF581CCA	93E1DFE4E2FC3768BDA431073FD36F2470EC978706F0C80CA8E6C7A53477AD05
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	9A1F36087102D009429C5D8DD7BF1406	6BDCAB6FAF6BA1FEE455BC203EBB4FDF94CB5FAD	1D1F32307115DF05EB1B165D2345C487A91183B6878DD16BBED3ECDB78655BCE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	06DA941C9A853D76DA096788409A3D07	DA6831B0D6BEE358490DF4629785A03AFDA16258	DFE286E6E6C9539EFC3684F01FF1A479F03D78F1F600FFCDF0AEE0AF15B6B1FF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7BB6F70A4D71D8FA0CD52DA362FD98C4	3980507EF8F236ACF5337EC18CD2D7F545AF879F	FE5D12CC7410D0FB55F44783FA88BECB75468C1B62716842ABD7DD8AF7CF7CC2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	291EDF3D851B545101BADF0959A95B75	C3734E764B0CF776DADBC40D7DEE1B8AE1EAFD6B	B9A14D5A8A3AF47586B5723234B49F91650F9755E0DB33A2EC17DB7823087E97
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	2BC1BF1277048D989EFE2CB70DDE0A9F	85AF23631031DFBF2752FBDB0644EFF5EA308919	BF1ED764545B7549BE0B197E843A6907E3578315E053A5B130A28DBC7C9677E0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4D122D053F766CBB8CFD1CF1D28AB0AC	4264E5C2F1FBE752C8EAB45F6CBBFA4F7030EF4A	6E27C7F56FEE6EB63A3145857AFEA3130B6F958453A762D34CD457B9B242B228
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	04B9B1929DCE98AA72AACF7967EAADCF	7E469552C569DDB6F6ABFACC91A8C9B5572B7EE0	947B451A3BDF69591C52EC74FE97C30DFA6EBFEA2093F3558410006545DC5790
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\VdiState.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	ACDE4540A46E8789A74372780D337479	88F69DB0BC2E7A7AB93718DB5BC5C890C19F2899	3160C1DD9553942736B9D8837245943EA383B5EF20927DCD67922633BD6D3A76
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	33C5490675CC3FC1892E95EA5EEDEC4F	53860CAA103CC916EAF085E3646BD2490A0AE76D	DCC0A62F05FDEFF6E56D5600ADB4A97614775A050471E093087FF3E192B00A01
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DB112C0AFC49AF9CBA1E8C6791B3C18A	C96BEF8A85765ECD198FACA27677F96985E5F779	33DF587CCFAA03AFB0DFB0B54887500ED90AA7C0CD7E3BD33C35150EB8958EE0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C08748858AA06D1FC5289C75621D6C24	A3E4BA7508484713F1E0F5C0829284669C2E7ACF	959AB002FC89BA3B8058CE16F73AE29FFE0CFF982309A5216E6EA75088CD5B64
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4C8000EE85E8706CE4C1ECFF84B0E018	69A2215334CF1B056A8FA515BBE2FDD4CD0635AD	CC4E1B4141A3161D9B648C19EE96065AC0C580FAD837A1BA6D01723EC7639703
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1DB58F605E4B719BA9162CDD73F2201F	A3EDC491B330EA2CA097A28AFD4F64230B8C7FE7	83BFA15D19E81CA8AA95950F0AD3D7E33EA3C35C146C496A38911229B3CD0989
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8B4FED895CC0488DB308B3C6BF9F1582	8C4DCDBBF7A727CDE14CE352E1D666136A19D5FB	BA63CB334AD833262C8E4E7BDD5F6B586DCA0B555EDE706BE3E8A743F841B54F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	967FFE7DE2052DBBCDB10A7E148CBE23	32813E205579816684214FCE03DC6F41FF43EE06	A6B86226DE4DB9978FFA38DCD51E148D5121CDB45D56448455A2128B09E35FBA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F6FD1ED283FEB845DAD0FF6A7D5AC5D8	AB1FAF3FAD113D072F5707ACE6E8BB7188A57B6B	EE2C4880B029494006408D1778AC8E0EDAABA1482704D839922003CCD4A753C2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	ED1510D2E460E7D587565DF36589ED88	5B24ED923D019AA7F1EE0558027161CD4E9F95B4	8F7EE4BC554BB27569D4C225B3475F92A7A327F24595F3FB8AFFC87CE48A73DC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	59E97D8A22B98BF06353ECB1E8E91740	141D2C1A7D56CE10BD2393AFF28B1A7D1CFC40D6	9B059273EF6906BF80BA1A57A166278AC4390116237F9DECDD8F0C3CEC8B168A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D222447B1761189B312DB393F5B4C4CF	844D2BB7E67309189206EBFE6953181BD0EB9E5D	1416B224CFCF476A6D78E63625F208283366667FF8BA2A73FD7FCE3EAE57F7AA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7354B68A4FC2C211534617B7C4429AC6	D7C85A2854D2544B7A8F0B34DA5F46F47008F43E	07721CD253EA45F4BB80AE4E492EF558865C08C57C1F2E38544651876F1A6022
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D3F9C293211C4E59825D72FD793B0038	36D15AA5F837194F107625EB19FA4321A074CBB6	82CEBF1305B8FD2E2FA7A97DAE6C00624D2B1B20DDAA63286944BD8C92A54503
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5D0274733941EFF1B7728538D963CEE7	20D04D32507ED3FC735CDBD8C0C1FF037982EADD	125ACB89226B73C9ABDAF774563594CADEA3A27055E6758474F2CFB52EE1123A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C975815A0E41B87D1EB1751C6D575C8B	969AEBB92FAD6E2B3D4C9A6BC9D350689E81EF73	973EE764862B845EEDA46A723C5E515652703D3E73C2A820460F711CD85732EB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	42F0CA30A974B705A6E842C4214FBD5E	FDBAFEE0F073E9E4545087D46A5073B1B4831B39	1C6D267CB5386BB619607D6602BCC29E21F7172C62A31671A8E6408E180E1CBE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1FF099F5095757FA701FF60E1C78B806	172929955E9C466D1AF8E2724DD240815CC1A331	F207C0DF0ABBEA856EA81701BB848FD331E939397FF5DF439FE75E83CE5E558D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCommu.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	932F37605256CB2A5B30BDC56C37F4D6	157BB369180610912F38D5D2609FB1FF6C6DDDCC	A1330EE610D1B5590A769C097EAB8110CA237D1CCB591900F4BD48CA1E8B1399
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	96095C70C3708FC58E555C53F19247C5	23F56D0BE70740341FB67276BF1CC7E40F1126D0	E3BDD5055B07E81874F33A337D2B7878F3C6C20AC346B70740DAF70E566D71E5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	679A400EDA5165BEE66BBF8B1BBF60BE	5DDBA14852D867EA755961B94FED3CFB4AE814B3	1BAE18DA9082F05528023DCE1619FFB7D143CE4AC52EF61FE831BFC6B2CA4285
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EC32AE09E1CFC289B593B1A4D29178A9	2431F026250A6EF83A6DADBD79BF18A27CE375E5	C284E94FAB20280E2CAD0F9CF366303298D56AE811304BC16186BE5651A62E5B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUpdate.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	FBBB646A44CE308EC87C2C0C48BB605A	7C57A016A708B130ACD9C6A3A6D48FEFEC43EA22	CF990F5174BAC9C0660E07B85B57A4039C2572F259759A69CBB767496AEDF5A7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	2A05136F218D791D1A013F90D55788C5	4BFD95D4F03766BB2E0F53592796399646F6E669	CF8ACE0915B95D723CF0B3C0F93A972A9A48E7BD85370A1A49AC66C90B9F13E4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	CB888C16B77AD7339D2A2EB5315C586A	91A39D8D9EBE35313BC803EB3F44994EEB1022A5	DF43BBD2249F8BAFC899A97AECD23DBA37E9189597BED9F1E8F31C76180D5678
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	684B0F0B11A38088F59D45FE86C6D7F4	AA82D6270BAB2B0120C3C23C47D7E49E73E3061D	64ABF203C54EAB3AF3B13D7529A87A0A452B8D7868313FEE1AF0E48E2F67821A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5631AF6A0A0115A484289526C6D3532B	90CEF72485373214528797EC3B1E712D58A6024F	5533C076D4221A9DA97E732110D0E7132C390DC0AB2E34AF8DF2D8D61AF09ACA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DFABE7271E86267177BEF25501D84036	9ABFC6CB55087D8AA3A748ABD10A48B7F545E704	3269C584FEAD14343B50F4628A06FC725E80C4CD7E230C36FAFC2BABAB881ECF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-GB\WelcomeFax.tif.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C063DDD8A0623C6B5DDAD80D2FF36907	3EF25B52036445FD62FD53037A2D2B9A4D2BAA50	777BA80454B56177C8A33493A569D8C2F7C97D4E2ADBA19B3B9DF7694B64F54D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1B1DEB4DBAE1CA61FB67A7012957A43D	CA13FE301414F687D18B53723223E95581964BF0	C0E20B9DEE27E4B14FFE4A057536E6ABE56ED7E9F7E3E2AA4F268E3F69B5D67C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0BF9D650E43A461CA6F7114078745768	94797FB3BA93259361622063A3B5A835FB1DCD6E	90A876AA87F5C12E9CF6A33C17E52EE4CF606602556E49649A70287F28C17296
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\DirectXDbVersion.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A116F2F12E1D089D65A1D2C357CE0366	5302C407D63D60E432F276CF3D12DF6F3D4BD2F2	66547642D6F8D71E1CED8F4AF6673B5971A68180F1995868E9117445FCB2001F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\SCCInstallService.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	499AFE2BFB2516D7FE932C8FA1A53D91	1B0A49008D5FCA6EAB347BF90CB288E234A4B6FC	9C7710767E6D583354932AE8C46620DB1B5DD97D925F6EADD902140CE5C01CC8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\StorageGroveler.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BAA77BC5F75C7F12F96BAA8BDD0CF039	1B6459A484345A590A8B1A924F7736DEC443F4E2	72E62C9B9A5D4762C24E8E68E3CD923FBC8919D9EC75BBCF40E47EE893CE11FA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	79995DA4B2D8B2A6B280B1829800C88A	CE6D6C2F149422859497AE893DD825B2290915B3	E350AEF0DDD8E00B94B3B81867060D47783BE7A656A07D790DEDA8678D7AA398
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BEF3C9902DA3611BCBF6D75A19D2F338	EA62F6C266BDDDC9D1071918A0F87EE8D4A9A27A	9129E1AEC21F3D6DABC384CC09BB94ADE190296EDB1AFC5B52F80301427806A3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\Temp\965c09a6-ff8d-4ab0-8c44-dfc6cfd8416f.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D5EFB657C3557115BB11C5FBE2B8D103	906213907DEC3625184AFC74A395AA165266005C	EFBA66AB8FA0060D00F6D2CA3ACC4F87AA71156D0497FE74EBB13CCF436EAC33
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\Temp\WERB4AB.tmp.WERInternalMetadata.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	875650465400EA2DDF1DCFFC6A20780D	EAAAD60CC6C91D376E1A53E7B24B281314105E6D	62CE826FAF4B0A2F3873D5D962B505BDF68D8030DB8451C3C2773C7BAAB0FC33
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	50FD97834B15D705B2C193BD370E2FB2	D7535F7D500B8B94936B5E8D7BB3CDE28881F0C0	B1A7DBE2CD01604DC2F186F812F21BE2A882D41BA99AC3920A810796B29756F9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	226319504B94C6ED358C46E1251F33C1	41D2E61F54F60FEFF5024B5185CDD7E0B8DBB394	929BCBF16CF5C80EFE0151EA1D4E163E0FC08985158122914282658754415836
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	16FF7977123AB4B4309450EC99563A44	B7C0CF1A0F55DB107F15A43F2F0CD16A5C8D2AA7	600511B7544BCC053205A31ECE0F4F8F015A17B1495D0A1E530F36061AE53A8D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	3E7287A723AB4D9B7B155AFC8C98E5E5	6CC55577E9EF78C1503B8A27EE58463B02FEDFF3	604B3A62D2A1D63DE2A140E8A86114B859C282DB1E646BD3F3C04B4D878DE49A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	14888DB7DFE172632917391C82076694	F6A4B91C54D7C07E88655661D4B168CEBA367986	8DEE442EE7475FFFC975FAD7E7B6764B894A3C4595651DB725C19E28AB54ECCF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	126F7BAB5B3BD30BC1508D6EC3CCBFF5	D521ED1AF5FEA6F20E0EB8F2A5DF38D3698719BF	401AC1C54366651183269980434E9A1A6D025B5C40A9BD8E810D2C7C06B45FE8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1BA67D9A852A15AAE340D5534ADA24DA	EE4E50B7D476FD15F5A25471B9A365275977DAAA	9E6732977521B8E556F95D17441DB402480A1770064C40058D0AB79FDBB7DD29
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	663AC7FA9E3DB02E79CD2D9E8896059B	C861DF90DD70B468A1E9B3702646B7EB1BF36248	E7E0943F7DC899B3454A53183C2B889DC8914CF680F3274D049E6B52E654D958
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5014CCD68D03CB1296E6480B8B96440F	24C7F0235E47AA20E414A028CCA8E1577EE978BA	3E524D366D660C435CA3F9C63B7F3696434DC591E35F0EA22F01A700FED99A14
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6C7C32B5AB0C8A1A6FFA78A3A54BF7D2	782C9B84737DBB3C78245D8340FF817AE775441A	2BFFDF1866412E32AB08121A3059287AD5A15F9DC4C88E67EE37317C0EC22C22
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EEE023B61A84E7737CE4008E1DBDB999	EF5812660F509B3058B17408372D0CC5B26BF89C	5C2F040A65AF0FB4BDFB6AFBE81E57A316E529C2EAC4440339A00C7832076CDB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5270FCF8D73FFB25CC007E7AE4408856	34B376B3CC738D54B50DAC318AEFB77F5A4BCBCC	2280D5A4427BD85EBDA265C86AB71B9330E3DF2C33ECECC2D90CAEE444D513D1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	9DCB8D2B3E81D9CE77EA02BE1E643A30	8A48B4DA0211A0EE9143A42BFFDF8E97FF4C23BF	B8BD81A22ABE8DC7DB7A107CA821E7FEC6EF89048C7D1C6CA79414CDC75FF047
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C14C1F7787B6299A6BCE5339650E864A	F2A140D6A67428F11A0461C605682408AA63FCB3	80FB77E79C71C6219CDE744A5C46A3B2B7F34ECBD0714DEE590ED1510F53A6A3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1C3784972FC11C3C3FA00861E79EBA54	BDE5AFD9D73E80B52294782D5C10992B5F7D5C81	827C678EF3A4240296F2A0E511615CD6E1EA36064AEFB511159F02D909305F88
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	70019A9D57B3758B85582976BC703535	036D35B535C07D3F21E3131714F91F09D496A609	5E310F46D8F55B047C270D12FD0A20D0534E1405311E37371728A44B7BAB7B63
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DBCB3EF3BE863B47294650AA237F9495	11D89DDB82CD7E6E88F7889B89866B6E92D1266A	1E4D0C1D20716E5BF6DA57A95E94E9B801E141D4F901711A8C332C8B810C426D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EED1CC687A14D3FC8F1D2F50D192D2FA	F34CF2475DCD6349F56928B08E871257D41C8D12	FF6838E5688A62B1880FEA60390F607E529730AFA60D4A2E85BC17C7E7496606
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	203C79CA9784969C7299AACB4F139C0D	1566425F23735E2EAB4777784CEAFCB242C7B17A	846EE0AD268C854C6F268CF12578E38F2B630752909B9996620F91E715FAF449
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	591F99422EB8D4890FED63148FC8F453	D3861FFAD7A2EFF3C712E2DAAB0FD91BBEE191F5	A968740036592AC6383EE45A64597AAD9C80ECBA5DE80D2FBFE415EA36AEABEA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-NIS.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	63C727EBC98B4F3AD9A7D83C85F0BD3A	894F3059E56CC05118040FFBFF677EBC0026CF6D	58A09DC1D81A75A673BDF1473C66CF4B6616DE24611D88C58A67BB189C20496B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1195D3E5BB67B32BCEF1EC85A3D8BD0D	9D25579A64A2F4507D9189CAFA00003E9BF5230F	819C306E3EB2741CD3F127D7057196A1CCCA980041BEB8AF31919872D5D44E9E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	54D8701D172562A4C5D53C6F51C920D4	A3C7FE14DD1817E6A35DC7700247CDEC2557DBA8	5EE74D0C51FC23362BECE2DBD9CA8373AA5513F8273EF1EE9657C93E2F496AD0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EF930D5DFCFBE14B086A9DAF3D82A5F2	2A2DB1E46AC99DEBEFB85F2EFB726ECD499E24E1	ADEE7D0092FED1E2BAFADA301EC5E444D5B10EB792E14C91B9C17A8504A26747
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C16AE8469AA986629475A9FCF4524BE0	4772FE4CF5BBFFE60D4AE5927EA6AEBD75D17EB3	94D9C57103248EFB94948649ABA9AD382CFCDB223495FC897E14B3D044E2784E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetours.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	551BA3979F526FCE743BEA33C7B9A21C	EB5C9C8ED96F80AEDCDEF21A4C26A5B8FEB57155	6FD3F8B8B539ADBDB8C61E7C32FAB6EC65BDC493D63C819F246E2C15B5B496BB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F417CDC74259BAF3F75C07725F9A5AF6	D8E61D145C0A8BA582705200A3C49431DA26B881	23DFE0ED03A2666C186D5F9498C58167F809065AD5BA71B90ACB81566C6E417D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7B3CEB20E0F83D83837ED587112D2EA3	37C9BFF58737F1E8E42A08B5EE6877E6184EB3CB	E1BDCC200B1182658E49075FD97C63EDFB93BFB3222E63F01DEF4900F591DD81
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	845E13676A0800B18E42DB05A5B48F5F	8C4C2A7CC916A593958119D44AB1C692A3D248A0	4083F9D026F2DC38B7076EA812EC9D50E7BB5C581542CB7EB660B2D7379CFA25
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	3A270AF48D919A60E297A518F74341B9	CBFDE2E04C3B922177607A0BACE6B7B3A1A1BBD3	86D777D5C5B211B1E2CC7D3D865AD96D11DFC9EEAE0625F564034059C380DD52
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F1E541506867507579473F5FFEC1B846	5793054F7E26CA316C78B1BE76A3148179315329	016012AF9A0DB0195F2415A3EB584CEBB914D58C2680B85413F1CE2DE8136E1F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0295E0F248FF079AA661639D2D447B6E	1010C0EEE548B0BBD23C0E9F562909FAF0B54178	45071677E571BA08BDC735396653842AC966C70D28D738CE39F49D9D55DBD20B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C038CF8EE573A40CE4113F80A7BE9E4C	C6FEA4C4CF025AFC91D805D283E32C3AD63CB5AE	BE3712F762568BEC78DC12C34B7A1AC65D55E0217F513B7A0390D3C6E7E75118
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	32FBCD9D27F106AD9F8874A99A87119A	3873951AD072B2583B58005DAC402C953C32C0F9	81531CB3A48476016568D17ED3445E1466319F9FDAE8D2746067C0BB5015612D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	692B3622B9D60E665E760D61EAB9360B	432B68EBAB8E0E7DD0E82298802F89EC3DDD9782	25D3119971F28A94EBFBC9EEE1C214C4D5B5C4466AA19F172AB8306BC0C2653B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	716534DE049EF36B9420E4AD7287AD9F	8B6EAE2689913843E9F564776BDC12A9E95A9A25	5BAE4FEE129FFACF880686C1F1CACB9B840E2593ECC9EBA0A1D2C9D79D462ED3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	AF051704D8A2F49AAF0CDF47C3F13953	8B01E1F8E994CE5F9F3B0D9D1842CC3E0A67B190	8F3248F213F6B81E6C8986FC4661253C0A0C3711A4071CDDB4D354C42C7C1EAB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	38BBFF1EA6A7D50C1FCE0F6AD180303B	E70E276D6468B5DAA8B8687E228E79B096C65B1C	C91EBD6A721B5CEF7EAB724A7A2446612A4AC1957C0CAF8F33B7A9855767DDDA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A88CF4B2EFD41DA2E411906F924DA3BD	32B02905BACB86EC4609D03F6F0011ACED4DA798	3B32ACE1A682303BFDBEF3400BD85FE815C0C3F0C080D73C1858A0CFACED086D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	FC1EF05C492B00386FD48F242BA7237C	7C1CF5CBF275507C8DDCCD23F4AF35B870B90A1B	0A8150E2387B2CBE7668DFE07DDE68C3CAF9B92DAA45BFD4FA13D6029D0FEF5E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C85A255D0BCADD0896DC22E33E54484D	97576DEF19180EC84A58D72F25CD4C5CB0CBC217	032D5C215D8407BEBE9C9CED734E4C51BD808955A5A35E18C00BB4AA1AAAE267
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1EC2661B7F778576A8CDAE90438833C3	D32FE1D25B4199D4B4E5E7FC97FB524D77D36FFC	5BAE6D2589189603108FEB71B374600F38F9DD5C96B1FBE461729EAF08384AAB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	AA04EA9CFEBBB68A75F593626A3EE50A	8DD25D705FF1EB17DF62982338951CCF181400CA	064D64BF675E0AA5ED8368A319727878C502A0DE8B81FF3642AD8C471723C768
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	ACC3640012D9CD8F78184CB2FC18603B	4FCA492E9FF80A143F8470D836E1D924BAEBC390	1BBF43CCE7E054F35E76F4EEB805F2D2A8462333F4088D1AC7398FFBE22A6CBB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	9E3D45B16737BFE75A7B7CFD33488810	02269F5A4A0FB2F4BB6959C50DAFC49789F30760	B4E0CDC0C45A915CDE6FDE1A2E9F39D9E1E968A3ABE517A44536A9B758953171
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E4FB405001A46834B76B052888A7DB95	3E2656BEFD89326824EA6F61BB0145F1CFDADBC2	3490CE52DD20C8963D7AC18E60FF40BAFC6565902308DB8034CF876646C3DCDE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	515D395B92F54E311DBF4396B5D90614	7CAC55B2C6799E21273FB8F310AD433C705C40CA	939F49AA345DA2791147131187754BEFAEB4420909C41FDFCF64DA9DA801D7AA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E6D82451A994D3BCE051A3105C7E6A8D	5DD1F218248BC2D748BF9334D4BFC6E922618F13	B5F60FAF15A545A910FB91EFC34A158251545A3153E5CEB7F8A1F1B51A147121
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	104C2819E435C72FFED440152C10B530	5A48A6BF1518CDB5991C9E02DC8ECC4DECC536AF	CD9C2427FF9B9F2E2355CC31BEB5B678B8B5A76BE11EB4554593D95687AEDB18
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ro-RO\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E80BECB764E5EDCF510D05A8C5597DE7	E9461381C8376C36EE0B2844EF64CD1C8EE868E1	B24E2217A63058F2B65272057D7264136885B67C4AAA893199190EFFFADF262F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	AE5371BE1D72E200F5E41A5D6BB85D54	790CDA41A34BAFC44B1E49254EFB9DE0AA2CA783	C1D5B19D04D86139C824A1B0A5CE8B44171E0618A08AB205FEFE56BBF6751302
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6F96BC03BABF95060FA9F944FA8F2EBD	495F0848F38165800E0C0BE395D6B58F2AC2A49D	CC7FE13F2D8C7745FBD2A01F99F856F34A7C0E5489981A6A2FEC55615AF2D6AD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	25B4ECFB074C0470F362B95776ED7269	B466A079F463FEE2890FA937DCF5A528C694295A	32F2BBEF02AB669C7DBCD5C373684D7EF3CD3E127E73E1A7359EF4DD30F6816C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7DBB5CD48F5DB0CF3D552A7F74E7758D	F6D56E1BB42522F7F8E7697522F235253404AFE6	7E27BE71D5F3C045A7C0B64765E7D9550E410DC0F076F0282A79945EA5AE6943
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	77A8015DD3955D37A01CAD7145FC028A	3E993F138B85DCBB26CEDAB5F59425CE6376E07F	CDD860E2768C3E0107EA3E8BF8A51B9706FCD0A65639EADD03A9AFBB5F19B92F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	67E0020DC8B5AC9ADC919C7C6D46A0C5	A83A57D0172B3FE0046102C879587FDDD0D5A97A	C03A7649170A0ADB36E97FFD5F429AFE056CC5AD886B8C744D4C5DFE39DBA4D8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C8F703077B949A33263448E0A4BB074A	262F0C6C7E2EFF63F06525C3B755FBAB84CF9FFC	C86741E7355B69A0B76119776507DE8D2AEB69A37722DE2CC5981E02223194FA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DED04942D84E085A27459518AFA8D8E5	AFC1406B1849E54FC43515AD14B57BE431D9F898	DE902D4819D77F24E57E3C64136991287D717D2BB4B493CAB8371A7B1D0BC84D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	51DCAF7F471769CD18139AAF85496EEE	71A754FBC84C9BA13D3FAAC2FB4EE2AC0DFAFD9D	9D19C09E1BB5D6964C2B627FEDF250A9F187ED2E56D36A15F488A6CA48CB5C90
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D804041B253A310A737934E6D6829C96	981FEF4FF418433527B3AF90257A4B3FEDFF2B42	F7051DBEDFE5339DE96974C9B06EBC2CAD8284B09C31600BA2B935537245A3ED
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	584658AC4AABF451836EC9B178297CD6	435450A4D60E7EDD9793FEC88D7E998E3FFD5BC1	DABCBB83597850559E464F5D3F034D40E2E02729AC332A3FF5BB22F35B36C0CA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7E316764BDF61DBF67CB77BA22BBC734	A52F4A40F8881A259D47CE2B1C6A0067CC3712C9	28E7621BA4D22EFA3BBAC743942B29916CBCDB7E1E87ACE9B701E126CFE1898E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpCmdRun.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	349BCB0DF936B95B5D57AEB334420A06	EA83810787760D3C6E475F9DFE608A66B91D9909	331B44BDD2D9D611B1E3870F38FC4D801D212E12C6F62F7A67711A1A4655B71D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5E557C777878202A78F49EA4845AAA53	324677F2E9895E739DB1BD3B70137EFF8B7B2EFB	FD6D3505DBF2CBB5AEBE631753C4DCE598556D2D95135C99D4AAD7C6FE60B5E1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D495CE5D9B97D30A4735C457C15DB90A	547E23074EC9696873AA8B548E625BFB686902D1	A67EE60E6A4D18EEF31D00AD2B94B35480F0F5540DA605C89A5B5184B4EE873C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	866FA2CCD397ACC53892499D9E6BBE6D	B2AD2A02B3F979D71B4053E15AF06880B0284514	5576FC22D2D72E00B55AD05ADCB388260D2F5A5A8C08FDA3AAF6CE94E5538383
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8729B01897EBB02761C8D53895C7F6A7	8E4E02F13DCEAE0B04154539E74752AE5EE907DC	086CA4B1D794A1674ADDCFCCA36C07DCFFFE3450D35C728F3854D426462EFE02
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	3BBBAD380EA819C162D2B6F8D46642C5	9D3E7E04D1ED665042D7E95979A129AC06A92025	2EFD4513DF02B98A6B86D78057B15029129A57A16331CE234C2CCEB82BF23F2D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bs-Latn-BA\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7D5B2DE3CC838DFDB6EE801D1EF525B1	DA2C1CC35A3B2500D51B6448B437BC80A0BE71B0	87EB4135EBE20E9DE681472FB4C4848DCF3C3520EE1AF15F509CBE59FC5824B2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	58A0D68314837988FE74DFDA776851AC	39EFF8EFB69DF7307FA82699F352A4A22BF538A9	7F1180390C7A5F9BA110033D9D954A5428E2C78BF7047B528B17CFA81492A1E8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	ED216C85B2BF3B9EEABD357774C3F3DA	E56F8AF116F18510F793F69D547EAF1D379F02E3	C660AB9F1B5A55F202A9A9058C3B174BA88B9528504164260B08DD756C98A48F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	594875480891C52102BA47C14557E681	86A0C7BDD4B35FE1030C1CF3A4E50FFF603963D4	E7D04FB7716EE3BE8E8637A90B7EA1CDE2A9E14D2A35BB160BA7773C13A3BBA6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6F3EB4C2314EC3236D41764B6674DAD3	C530E182B24E6CC5971C8A0ADE3793E85CB3611B	69D087D6B091AE3D74EFD06BD3A227071342B8325149179D6053626484491E79
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	ED74A880CB4F5625DE48A0231555A46C	FEE6004E2BBB3F83AD59457091B0166D8DC2EB2B	DA9E24BC30CA937C674702C5AE948896220C3871AD3FAABB4F112AC6D192E837
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	87F1605BF33179F5F59B1C42780C51E2	61A790CC37DFB8C28A32EEFD01EB0B0339E2EDB2	D3C0344032F579C0E12B8F9614D921C2E5B723F8F492D8290A6A5F95CF2DBF9A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	944518C923AB66217C757FFCF322FB69	C1FD039FA2CF30B423B72854FC8B0AFDA938C9E9	CD135C93D138F0A6D2BDE0576A21ED4F26237466E2CBDF1C6F39477FECCEBE7C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A9812624A7C7D398C3C9DC5BB3231B0B	86EC58C2407BD8BD713666C0CAD3EC2BC9B9DFF6	5BF48523C5470EB2B48EF29DD7FF2202CDC53F9C45BF2B542302F514B8C7B779
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EBD94B0CDE1F395D9DB3F79F27CC4A23	1E707B588EC92AF5C52637E8E069530D0051755F	DFB551436F24581A65006D77E6F3E747CC2A6A537E0F04C7B3A488A08BBF4005
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	12855AAB153E73DCFCCD8A42679762E9	C2B8811F67AC2DD74DBB9FB77F8FAB8934B6E78D	03672270491242A4E938C599DC0080E5D858923C1B6CE3D8A0671B2C44DA174D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	36A02ABF128A0CF65E29B26ABC8B7D0B	EDE20BCF3B81B8C63E3BB84A1D749C45FEC79B6D	0C415E18F159FF371DDD4FBE9E12BAA8533AF4B5C8A48C87AA9499568A2C19F7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ms-MY\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8AE755038C65556258528592DFAA4C4E	15C1A7DA18906B6F2412929C903B34A13A5339DF	8EACA9F795F5BFBC8DFD567F4AFC5C637025ECC012AE6C412751BD5DC3EF02C8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BEB9E1F15ECB998C565F307445DD1BCD	6A6049B5296A0534B112AEBAA3C56041175BF834	D59EE6506FC217BEABB16EBD41A830D52518BC5B8EF3A6966E5F05085302738C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0FAFC1CD6DA7521D8AD47543F11F8935	FA4DF84962E1537A02EF8945A17A8E21C8AB9E35	277BC8D3F0A7ADA2807CE834AD750A7BAE3F60203A95FE35A0738B88ADBFD21C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5E7761D8C566608688177AEA570FA911	232869B9D6326F4522D041FA4214428B51159CBD	8E036CE131F1FEB44710597E647551C5301457F49389AC70433C8A16DDA9BCF6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	9A2E782621C20716A0B4F720E0E45B06	B2CC41F6FD46EC036A7E2FBEF8F60ED8E1DECAB8	9F0AF9F74EAE066A1F69A16EE964BC693AA98FC59364C408618AB7BD90D1A5FA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpEvMsg.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	86637C4CFB5C777C0DA5BC1CE0AA123E	A9C91998CD9529D64913059379BD4FA80EF53DCB	A001577E41601045EE724B30EF34FDB84DF6AA54A0CAE595598FE555722AB367
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BEC43B6643053F06C46EFCEBED55DAE2	48FB3F73B11BB0ACC045AB17677A29E0740815AB	F5FDBF3FE62957392EAE4906857D78303AC4C34671015B1D9214EF1F6F6CDE39
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\te-IN\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A78CBD01A9AACF762415E9A13A156C3F	4ED0DE756C7C1322E478F10104EDFDBC65D65B80	3EF67D07F8B6BDAE565ECDD315B2B258A52B477866314DA524FE83E1BF36C1BF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	60BE77B979544EFF8FC322AF580F311E	AF9C6210EE975964BA133D9ADF51A216AB21623F	6A8F47430F139A59487794DD55D08C5DE7E94CC4112A13FABD9FCB6B244129B5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	AFC339D9F5FBB14229F9FCB74FCB465F	E96724FEEAFECDDD62CD0F51C99C16DA0BE2B73A	B051E64EA34AD1E31DC792D1CA22BAC141ACBAAF99B3EBE10C2D4040DB7D536F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	B44C57583EE48CF6E106B37C3F0C49BE	E200D9FAB6BBF32E78E80C57CD225EA9514083B3	35701826788F1F0CEDCC7AE0D36663FE12223A6514EE5D1C2EBB8B9CF324098E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	649670A025378F9D383FDD946A58A384	FDDC7BB9E4221D2329A141F132DF46726F0B90D1	5ADF5278E4683DD15AA7CB99302BE09D83CBFD7B2136CE99C1261DDD0CD66FE0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	58E44AA3373F12B1CF120E4828DA82F7	F758469AF916AD466EC5E9F21EB541E5B922C652	AAB9CF26023115F5F73BF5A6B81BCED24CF6BDF50CEC111F0C8ED0A0FE82D772
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7F3061B7DDEB1383FC8E4EAAD6B543A3	67B7443638FD12FE70DF3CDAEB20A930DCBB42C2	A034918256F43EE446153C45B5B33A572867A0AA840547ADCC59D25C1FFAAB47
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F2F9A2FCA822744C082BB4AD725E0F2D	8AFC5BE435E0BF2C62549EF5E0AEF1F715E64F43	B0299FAA150CAE3F29EEB4014574DC1D006AA5BD7467CB4DDD95E84FF85E11CE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BFA1C49A7956DD6B1B5D66B916FDDB8A	16F3D8DE4433E1C85925D2838B33404C5049F716	82A0BF576FF54CF2FE908B9A0B076F503FC2E01D19AAF10B88ED5C446106AFD0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8F226A8C842AFAD678FD9C5C5836968C	938BB6D0D8A7B1E6181555597C4A03F5EEFF30A2	3395594526AC12662910E2960B94FF2216FDC88332A29FBE85308FD7D158AFE6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	507F04784607EE5FC594D394777A951C	CD622E517003CF30742FAFAA8880913A38F2138A	BD97F79BDCDDB8A33A30BB6F3D7B243E9ECC53DFC2E6D0A3EA58EA128F6307AB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EC387F7CE6777512AED0B7326A7DFB81	591503DDAACC13CF62B74C421CCDE76D85D28EC1	40B446BE843F625D0D5A8CFDCCE3A929B857A18D42FB6EB1B9E1696EB5435C95
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	77EA82167651AFE50F7CB1FCB61425B6	8C7E7FC16C20D3DA38CCB34AE18EAC9BE3AC85BE	20EFF955EEA6640754E454B88E4EDD427CB3DDE5F25BCDC93613583DF048E80E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4DFE4FD0D16671CAD462676E33C18241	56F75A520CA281249295219AB390C374E5C25C69	BAFC43F41BFBB0B0C1AD9431A8C4F372D5C76A4E03CAFF6860614DC03FC89C09
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A48CEEA4BE42987299C4EBD110B771F0	95909085442B37E38C7B6FC8C0F52DC8E787C1B7	DB72AA5D829018F22F138002D4F3BE025C2975CD417CE702FC20807722E81D21
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A4E1834EE6F80EA15A8BB4F626E38DE5	86509F23003035CAE6FCA3C571D9227B5764BCC2	3F7665FE1219F8738F5FD5ACFA4AD2DAB334697C7283D65DE0C8E3F496EB6C19
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	48B5DBD8E60CDCDFC93425E4F2311542	8D53BC50F86508E3DD1EA50D40D0ACBF24CEBAF6	13665C644CCD50ADC13738825B303600A45A42B15186DF0E96B2DDE737373F25
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0FE3ACA0718C2DF00CCEFAE39A81EFF0	410F108EE74C85307171560574A7F2E29FC095E8	14601811F158159B95B194D5B054753B8220CD12C83B7D032EF1E8C9F5AD1637
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A391BDFBA697C4AB4046762F0B18F47B	36D0E7B2985D9C829FDAA16CB24024710E43F3E9	0DAFC86D12E590AA7F67B0FDD56820E649C39A417E6D041E9DF2D0C0EFD3BB71
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1D3FC6D7ADC06073F0E7D26EC8320AD9	FD91F9E1ECFDBCF2AA96B57F2DAA74E477A0841C	CD88661D1C2B0A48B7BD1A9B1B4876D29B1C5533B486AC9F9E893BB55CD9F84E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5DBF8D5360A6F5D699FC10879A2DAD17	83C9B225A7C2E8B7D6D8DE2849E64B4C098DFC05	C5F63611FFC134DB54A20FDDE889D6337FA6500073769F8940E68A6CD0536649
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D4C83B10EB6BDA118B626F4987B2AF47	F7D6030D6028A0D026241ED7E6F1BEADC5F9317A	A3F684BBD6DBCEA9CCCB2D6EA8B3A865BF8B79734BFF96025AE04E1178E5FE17
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E528A4043FB0D03E4A0A6041A8E1C448	19425CD5F3E9F28759B07F963D13DD377AC5CF9B	0558898536DED11058B670FDC1E619B521F716D63D2DFEE7C2552E4CE3BC3F50
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	3B58CFE88C0C432B3BDE6DFCB8EE1719	0D8CA6DD8A91A6BCA3F184ADF535B04B0C5E3E49	3074FEA69491343C423E02D2691CC163773127E8C485B1FC7F44B7B314BA0E41
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	63A7C6E7EF6FBDC920A90B91A2DE3BEE	89EA4F84A31AFEB7EE6C907DC6BD739E005679D6	E6B85BE51DAAC1CFF9B295298596BADF5C426908B79EDBAFFA41BB5354B91E18
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C0BCC93BE5D4EE92BB7FE472B7B5901B	CC878E095962E6A31E8A7BC9A865C65D0F37006E	18C086F8032B9F29A6903D903B2311857777EB9F87E9E23111E1D6261069D184
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	386FD313F45C91ECA55B9D4D3FF4FF0C	F07ED596766271485DA9E29630EBB368CE446938	AC0A33DFE38D9C8D1AEB113CD87FCF2E9DDD6643C75BB12B3DFB63795F4BBE3B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4EA1F7436EFA7BA479AF753E63FEFA1F	5550F3F25A47EE5175E3D7E7F9FE02C859E53592	62A12003B0BFA8C79FBECBCE75AF6AF546278F1CE27A5D36B945958EB2EE2AFC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	783F78D0303654648A5BCDDCAA307D0E	4F1F4503DB274B73C48B904AA9E360A465D4140A	EDA26DE434AF8CA26A3C15C5911F27229BB508D224019A1B365564E56DE44B72
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A644F1ED483AAC63F6A43AF9D9A74B2C	DA6F14DF5925CC14A0E77CEB2B6023270289BEBB	B04D5EB53F8482492B96A03A2DB080EC46BFA4F23AB2A9CEDC3F4288C45D175C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4A1D8CF3212AE57368859CA6F28B59E9	6855EBA930463C8CC6A42A3865EB7B4BF8A04787	A56D7267A7A02A5DEAC309D5212E491E27A845B52A3EE69D7BA188FCD30EB671
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8129B9B718A379ED51E58BEE19ED269D	1F0E270EFA15B11730E57285BBDE6615143938B3	02E63A24D20FC2211C20F318E60BD00A25B393EA366E05E7C141C1F4F65C4C66
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.07248d50-97f1-4932-b7a8-3060c262dd55.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DDACCE752FD45B781F01A44E07FD2271	635A0BC2D4B4D83F2C09C5FB8AE6AA07C9512617	856F9C3238023978F2473E7A719000FD134936CC44D289623882FE66150F9CE0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	447E1D0B07CF1FE79BF8674369EAC8C4	F3A90328D0B3AD238041FCB7E8A93E3C9C8BD96B	F89F5D1BC6E05BBE8F3191BC830F92022ACCD1672D4F6EEDCF06AC48439A95DD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.809ce127-f5c0-40ef-bf85-cecccac2ef33.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4AC2D9BE1EBCF7CC28BDBF10A3BE9887	FEB3A501132CF8789063675377D1F5BB6E091470	BC995C1B269AAE21D8B21039C72FF2733C3A31D1E3F028A090A6EB8B699A683E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	99732807E45427D0AA1B746BD9B5226A	A27BB9D8AE5461A6DEE0537F87401398D53F2CA3	B898875D4E24BF3F6B8BE6BAA2361FAB4551166791FDCEF2D793C9B5B8F945C2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.ba7c6d46-fc3a-452e-b58c-88c0a5384d76.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0E866A35645E6CDA3D5F76AAA228B824	34E07C968FC2A39FCD68EF9A639427C5632BB38A	C24DE34275958CDFF2EE8D4F25477F03D89269185F5E8EAC6AE7052A986D39AE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.d0cded3b-bc60-4eaa-b8ae-e2b969b977ba.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EBEAC013D927DA998585EC2C27ED90F9	9AAC89FB459223E4F157B1E286E8BE17F3047E5D	A417346F1B27C04E4BAE6FFC5A22901CFEB7EA9C4B37587553DC0D3E0EE7ECFB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	5C8E3910D48BE938704C9E4A953CFDC1	592EE4EC3F7AD7E9F13D23CCD7572A72100CC6FD	64923C2B791CEF07A8B739509C22FB11DCA73738AF3CCAD3FEA141C9D16CF5B1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E816B9EEB1F0993AEFAACC62E86D17BC	719DF00F9659C1521E08CDC66780F9BDD359BB5D	0C67B69A0710C72034A5706169803330995D263D9BEF59566A8C35B55EA7F650
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	91A55BCDB85739569EB1001026EDE41F	EE6B96EC708EB50EA2F1C1F465B68F57B1CD29B0	7C7BC4C1C9180CE7064D73E352B03853BAD09F6A5CC2A100E7BFF5256514A35E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6906C4B59D7D1C8B2718D96A56C10C76	7336427E6E2596C548A2CB057E1288FBECC88B71	323E7478C7D527D116C413ED6FE2763AACC594C37C18D22810BEC2E1094DB2BC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	53F8D1607273EE1B5B16AD98BA434EE2	D2366D777985021A8E51FC43C1925E0AA5DF2F34	07DFAE1B04AC3198A64D03AA65740F8547D5BE0A6A28B8BF1CE9074689C7EEA8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\i320.c2rx.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BC658EE9CE36F10CFFA85D869BFEC9EE	ED037E16240BB8DF1830CC3F5AC52460C9ACF8AD	51F9C62CE2457936704A4D7AA53C4C652B4C0EFC91E9B421A227EE37FE287038
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\s320.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	FC04F8CDAFF2F758F2CE02AB10595B3B	F09BEB270C005A6BE37E2C5D8D9D423C694754F2	ABF9708660301A31647B65194262C34F663A79C684A94352D7DC349736345F4D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C0C71D9628E74E14119430036CF78EEF	93B56DEFB27C52BE979020BFD49D4FBF5611921B	82C5E7A2880C8D26A9C570DF2EBEA89EBFC2B90B75532C9F21CCDDA477DBA7BE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	15A07CA01DAD84F571CB2EF9AA6C9A67	04B8332A0566F5231DC36B68EA5A29C3226FE9E8	0A662A4887503C940A5B223A16BD16871C82DAB96E996DD5E81EFA4B21923DA3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7EDF47560334375D55BB8ABFEC923F7C	5B3A2AD4E3C07DFE214F18E55C403443F1055E61	13821B89D65E4E0A9693C2F039874761A07689E61F1E590F3B7108CAF160FBA3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	790E5B9B311A0D83FA839CC14CAAED43	F87E7A3A3865F4F293BFF2FAD64C2B16ECC8C6C7	1E8ACC66D2B854B238D64CE6EC629A512D9C11C33EAC20722B0AE0675425191C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	232947A1AB6013F8D5EC65F8BE5EDEEC	2EAE717406604EB66A9ECEC210E1F20C1FAE7DC3	35D58ECA0939364026ED7102A80CD31BFE91FFA66D2730796655AF3396CD4541
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6E56C4E197F32A0973E1C07746AFAA8E	CDD870F155ED2B86BE39B710E7632B3CEF3DDF45	E2343D037AE9E7BB6BC9139EF6D441756F9BA31A455D99E993328A980830E24C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BB49D466C0803FF013FC62E6CF0F779B	AD26C6F6B97D84C691527C8E07E2E7A3CB873484	444BE2E9425715BBD8C0257A9DA6D54D840728A1DBB9F8EDDDF11A51E1A9A00C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6CB0ACC9B92EF31553925038F32664A0	A5E50535F2AA075680726A1D36CF8F57EBCD932A	0D5B42AA97DE69B75F00ED69783AC169C5BA40AB6989DFEE22E6C3C2E5C64CDE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	29DADCF6383F3B87315D53C016547AD2	AC27C33AEA89544418C31412627486C3D4A0F1DE	211990C6F0BF0DC5D17C862E84460625A892C82623AC84D9E391F37C41A382F2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7263B560CE9E45477D0F0BA0BAAAB197	802E213EB1E5FE019599E27692C48ABEE8BE5261	63D752A50979D94395D232FC1BCFE81B1F2D31E57F3C6FF85C7A5E72C141B113
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0150EFF1997957A5E90A2EB4B738E952	06BA8BC4A6C524A18EC5BE6E5B43E06FF72DEE18	409128E384684715BB57FDB04EDA3E35441D5CC3F4935F308BF270D94C22B75E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DCC4903CEE7B60E077AAEAEDDC684E97	C457D114E2DC94A225075D98E331DF9321BFC52D	C8477BF8FB678DD34FDD032CDD07AF8655489375530B39052A2AEAAC17115A01
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-GB\resource.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	AC42803A519EE1A121C8CD9964DF6201	0467C600AF8CCA275A6FFE94D64EB9E1F2769293	000414BA34D45C0B6A546747E79F2EF4AFA0395F6BAC5D4304B869CAA25F7175
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F2AF3F94F1A8FEBEB82FEA88ACBBBEF2	7EB54C5E05954D662F7EA05E0053BE26FB2EB21D	C30C91323D681A461004818D1448965DC26377DB7FD45667269D04B0A21CC544
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	CB82E2BF1FAF0D88D48E18E4EACA9E3F	FD960AFDD69019B18690F940F84ADBA1A77CDA90	60D0A3BE8A8E35D1623B2BA5D2864799D574FFE81565B90E12AB6AE8ABB799D3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0E7428328034D5FF4B94CE682C807369	A2C60F096294767DC8B12F51EA40C59652FB92AC	05F5C2C9A41831BA0FA3DAA1674AE95F21E6B0F74D8ECF8B3AD2CC496FD7B1EF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8FFAD76076F62610B84B094A14C58263	895C955C84691A9210632BB6E2B3867F757C59E3	5069762298511266934C84F7BA67FC268117F32B39A3926BD69E9AFB1B870728
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	86437595A705295D923CC3FABCD74252	D67C83FA5EB396A466A9161023765AD1A99F5036	07DFCB13A587E6D2B0F0916F49CB29CB792EBFAABA190F9507E4E5B5CE8BB9F2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BF447EA60DA59EA18652BB5C804C7E1E	DBAC67CC58F91C9802F77A3F521EFAF895547160	C1F5756FE2827B9C9BB85FDDB8B93833CD1FE07ADAA233E80DCCC5A5BCA713A8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpasdlta.vdm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D7609C727884C5AE91CB42D8B880C700	CE29FC40F409B66E368EC30210D9BDA1729E1CD2	F651C53F71DAEE2CA4282A370D27F7672B5C77EB8F803BC84D07924F85FE00B1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpavdlta.vdm.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	90D6F7F8A2A4AA147B8A47930FEAD44A	9104AA35D71E6D7C5D79BDDCD0137D7B0E7C4998	A86CDE628D7097A87F4BB62BAAD2CB12D745F74766F43D08D95E13F0465C75A4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-AMFilter.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	3D778E5F01DAD03B7CF0EC69E65C769A	A6DE66A8AA525740875CC1E6F5A88A89C83DCD3A	1C752FD66E2519B86446ACF4717CC5A15F5DAD859BEB3E639211DB86EC385C29
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-Protection.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	575318EFB5F86D6ACD46F340F34045A9	F9A4B4C4BDD52328A6B50A46E4AF0DFF7E1D94B5	142022DC792363341FC7DFC1D0CA89E57B3671D52368F70427B42FAD1F7F30BD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-Service.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	2BC9BFC8C773304A8E32E5A419407673	463CB94B05E46B0E5F17B603A9DF5FF6E0CCBD93	0C261A0E27AD9E6D2BFC97585535DF6AE19790B70E060CF526B16694E368804B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Windows-Windows Defender.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4B29BCEAA6B8514FF7D00A3FB53D6078	5F4DDAC865877537EC02A76C72249D82175A75BA	07F39E7E02B274EA56B0E004BE37353A88BB6258D058399451D97158249021B2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\DefenderPerformance.psd1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	BA002D2B23D2B3A9B3BB6EECA8D02675	97E37FFFE9FFC15A62FBF157B8D9605A07FC5529	1F45E833FB69B66494B652A0FE19E4BA823104CC9A5BC40ECAF319774E98E590
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpComputerStatus.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	06F28D9624E8A5CF16192124B511C686	7081C773B72FE3919BC25FCBCC7290C94EB696E2	581FACFCF86DA294E4AFC72D4970FEC2D97A306CAB54B4FEA814ED1AA152311D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.psm1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A957B5AF7D4F087D760C17D31926803A	D63D4157DA322F6DE0DD32A48371B70FE5923BCF	C2FE1EBFFD5153DA0AFB15CF20BE6E74E33843F6ED0913E57F920A408089257F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.wprp.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EC8B8D3B39297379E7C5A74E7A7C1248	EE8369196C83469202D51B4CED320FD7108D150F	DB902D48DE33BCDA3EB4D4517A07E682B7D6E3FEDFDACFB4C0D22E5ED2160415
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPreference.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	3135A9B78277468C59A2DC0A25010CFB	5F483959BE8F085E86BBA8DF73491B8727642A08	17752F6040F4651971D791897183253BBC927B6FC3B21C0587C8887043EC0C5E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpRollback.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EDEDE1DF4A1B99D1E9CE3E0D22063DDC	3263B33D40F86959F4F670D717AEAEE2D51E93A1	02396C54F19B7F15D2E643B81A6BA84E9ECE6D3C00D221E2969AA19F6ACB347C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpSignature.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	92F1DEF781956CC3E6B3E520757B7728	A4054A9F79AA82C870487D09C25851A51B1BC7BD	1E57C593E9C051146F0DED3965DBEA1DF2E6ED34D7BCE4E5A7E4AA4AB8F9792F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreat.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D0734AE2386841A38F7A893F0798072D	BCE5078501FD3AA8CB595146B1CB74D4335C14E6	ADCA9BA31B4951AAFDC8875EA0BD76BB0B8098FBA931CDA5462D57A47B7FAFB7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreatCatalog.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1E4DB07255A7DB9EEB8859A089BC1442	E1F004AA6F66970371FE7789B32C290A63858FA6	2EA5182C3B95AD7057CAC18B0F7CB5CEEB6798FDE5C4B13BC99E5341509EEB91
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreatDetection.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	62FECBC9314C462FC4BDA17968123A8B	77107E4A72560809B54220AF77F7068563A70CD0	FA2F5F62D9B2F32F999C00F216F6C19ECCC677D6F2BF7E8694B608740FFDD155
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpWDOScan.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4856B71F2BD4D27E055DB1506100FAF5	665190147660ED3503005BAD407375379F5077F3	677883DA031EC7F742405E3646E613319E6951D000568571EBFF51012265AA76
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement_Uninstall.mof.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D39440618F99F1B6BFD8535316F62AB5	38FFE544483F12EAD6F4E4635036292CA7FC1C24	A3989380A8E4A4DA0B91D1609CF6D7077CB487C5207EB5FC4B1306B14C233720
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES-valencia\mpuxagent.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	95587BBD205AB871737318E6B7D3DED6	EE1B28B5305246650AC695688BA262208BA6079D	BC2ADD1ED38297EB186299C65466C56CF3ED04AE6A6EB87E121C9C9174458219
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.chrome.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0A78746BA889299728BF444520E89694	B7198044D3A9F65945D76FF4DA1F4C87E33E8473	204E52A6F78FB31C7840DBBFA48965D15DD5A5EA423B78074551B25D61985C17
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.firefox.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	006C144E7BE50432585281AF19E03F3C	22AF414F613CCB69A0B0C5E9E3761564A198D945	15566752C130337636272C94691B172243101217335B217C42820942560008D3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	39768CF44CB6914E2D965B95A50DD87E	2C2720BB8EB1E09D72534FE576BFF4426F33E114	C62A0CD48FA149A7A27C719A9565257E38356C1ACF55B98412B887145D4442B3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	65B9189481DA1309F40235DBE3C0B9C3	E604494202FB8FF4381DCF9D21C749845543D339	BAB8898575C24FE2F289A2950129CF5AEDB0CC68DABC0AC1B42F3A06F99BEEF1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E6277BC56AED85D8409EB486E89BB06D	8D78A240DDAAA0EFF6D76456CE57120E7164871D	C3C67A41B6D4779766276F335AC214A29941AAB9362283D4B77FB003B8954301
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4496FA77873820B00CA9264CFCD01289	87598C4F9D1DD8820EA6562762BBC9066EF594CD	CB649FB9F5731B796F645CC034AA18B9709465229282174EB1E0269DC46D7580
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F31F00EA3FDEDE4525F11B2B9B840F4F	17CC01583CA6CBA58BDA81B9DD84650DBD91103B	1CE5254B77F67698504844F2CE51CEDA9DAB59E55D5AA81078F2E0B6C24E1DB2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	37E939525C2E3DF4147CDC5456AEAC6D	9F97FAC1221D67AE2DD0D0D51C517ACEEC6BBF76	7BA37D62D689722976875C7A4086DD1B7FB08E089003B125D81C72972FA0042C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	045EA3898DAC6B0BA21B68149AE3B0D7	E2E29CCA3E9C713945876CEB9C7E8BC1D9C69FD8	721E42BEC9F982DA9B357210036E3F8DF4B1F2144835AABD61BCE4565A8F82C7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	9D4CC83FEA28C3DCC3CD339E69B71094	6A23BCE2FC5DBA165EC28EF5B9FAA5625B70E7FE	409113E041CDA2C0DDDC253AD9934CCAB37AD731BCBC6D7B38DBD22A51D3A7F6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	B43F8E2EFD38885E5DB618BF927F36F8	D0347C04F9DD940D12EA681D797612A93EBADE1D	2C191DFA417B1BDC26FD136FC1A69641180A59959645809E971DD1848EAC9E34
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-AMFilter.man.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C56882299AC06605E1608E607D3CCB44	B0DA8B59175149E9EBE4D40C04497F79C7A5D869	22A2B6B1C11A5E2A0D83779475D2D6EA23CD680F652A911CB4205A389556FCE1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPerformanceRecording.wprp.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	AD9B9F929D83D08D35022D253B509515	28B610AE3070FE792EEDA500B4EFEAFDD8D7503A	C77DD44C451D03A9737FEE6373B5C1D9DAEA614FD4CB32D9BF7E97A976DE9052
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpRollback.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A06D1C09227CF7CB974342077B821184	061097A667DF0541B2DB118AC49FF42250014126	8DCB00FB30B93E43F6E4F1846237E58930D98559B45CABDA7B7A2085C30DB8DC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpSignature.cdxml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E81293AC167738CB11FAB909462CF598	16DDEC0B3926944E2066D29D1F695B6523A84A03	C7CCB58C43322651395979E8E2EED15063D232C64C4FD3CBA00DB4944D75C858
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement_Uninstall.mof.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C640ED6A05348273E814EF3798901126	A5571CEC5E5B80444229313B29BBE56A5A25BC07	DC6A473BDA60BAABD5FEC4256A1817749555085EB5AA4577A6E78D779C86D154
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetoursCopyAccelerator.dll.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1CC9038C258E5D1299AE0C12403CB4E9	670CAF815D1D727D2FE1B617D1CEEDAC7659BD12	DC5AEBA61D4870A63C18EB054EB33E6622001E702CF4F90358BBB02A7C465E5E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	FF83BFCB41AF4C5232121A2B895076D4	15A4CD2F86917A0FB2C7059C0CB93E12D136302E	814E36B74791C4509432EA53611116F7083B35647B541496E9E4906DDC064C8A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\ProtectionManagement.dll.mui.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D7E2BC8BF33AE5F79FA8D23B9ABA62BB	3BEEC883DFCFE93DCAADFCF2EB7204CE35E7C4C9	94674226F5EA8BF783390827AD8C03390D5BFBC4DF160DFA5F39E296EA92064A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{0BDE9245-0887-4D0E-AF72-3F842A887930}.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6EFDA0D77491500C893BDF538D2C7CE7	CF94A69D6472F1384DFB82D387FA99DDE57F0C85	A36A8316F9BBA0356DBB849BD8C82C1A4E6C02E24C08BFE9F9E40E7976AAD110
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{298FA87E-B950-4D81-A5D8-7EC2DB6559B3}.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F67041DD8D6C6802F733B161E4427814	478E6639C26DC56E311BF067BAD92CCD1D6284B6	6FC202990BCA482CF076BEC57434E00034BBD369FD052419F8ECB96ADFCFFA1E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{31A74449-CB37-4ECC-AFE0-BB17DBA5F0AC}.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C08C263B622129EC0FDA5CF39AF98FB9	7BC3C8247C96781E72267492768B196F650A008E	98489AA1AF54A4FA5BDC7EB732CDB36C878CC35DF9FC4483B4A91798BE292EBB
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{53DDC43E-344A-49CD-ACDA-043ABC13F1FF}.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	0E5E4BAA4CC4CA2813BA6B5B7B632611	8D64A2C2F2A0BEAF7C63A8CB5F1F45F1B839B80D	CEEEEBEAB7B923D5C6BD6BA334945A90420C918FE72B62A61176EE85C22A17DE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{94DB5E4F-5EEE-4E34-8316-B18D9F37D7EF}.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	17495952800CB623895C6ABBC8683098	3DEBFECB798AB1FB04FC2597ADF125A296DEE0D3	3C015976863A46CB2DB29850A0B2E5049609F9DC7E7DDCA34D2D749A2F78A97D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{B4E0C99D-A1B5-451C-8C4D-2FC579C5B5A2}.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6AA8C76592B8E647D66D96300CAD48F7	881686D33947136E67581F8358C5094D159B6EDC	0115DDA0C87E74698E34EE01FC7FCD494120B225FA46F5D9A2C5E561538995E1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{BC4BE93B-34FF-4463-AA89-69BFD3D84502}.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	403286E3E04A4911AA73B67130913D5F	D1A3EEE1B10C3D935B525E9532253CAFDBBBEBF8	58C7C10AAE8BC0CF7F4C97DA6D8F63EF620A49B9301A1A5BC46615DB3F43C2B5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{F360F1F0-1516-4749-8FDA-56C0D526A6A0}.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	568E0A8CC5850F83F3720F0E98CB7418	D012F94E972054A3E55A077C5776EAE6CE46A8D6	D8FFFA105860B873C749FAC3534B826CFBE80F38D544CFF64BFE480DB2C765C6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\RtSigs\Data\b7851b46b4e32902708f1f5391c2e1bef58802ce.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	CB7E14BF1D795DC6BD2AB2EE78C0BAA6	A37EED44B35C5FA12005CF6F688163CD69D1B750	9E66A9CFC91020D81953FB0FEBE9930D61F4909AD9F6063DF8DA689D590F0D42
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.01.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	48AEC0287E968F4CEE345634FDEB798A	7D88BDD333703C962BA831577E1DD4F917F4CA4A	9C5F2C96790474FA74A37DB55FC64F7DBF1E480E20E3AA172787BC27962C05F1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.6C.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E58A21A6DF06DACB783AE12FD186B7FE	76D0F961EB9E35932FBBE1ABF0BB1C47F233CCDC	956BA786E7A581F6B26E493768AD57DD97925EAAFB8240AF9F273FAAF8296F65
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.7C.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DBFF6A3A4149B15EF63108232499F28F	215E25FBD3C09C85BF1C38C7ADB8F8CB4AC7E4E0	2B6B26B05472276D960A167F6E715D23F3166BA8CA59B13175E471D33CF444EC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.87.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	CAC4D9C6582B1FEDA10756D17B2C3A34	C751BEC251E9E9C88C442121D1E238E5A9ADA100	22988943F96511A861A9847107D5B924F58D418D03D54999920362AAFF8C4F2F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.DB.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	AA516D34821A461569F53F88CBA7BBA5	57226A96C1F49E9CECA768EE313DA1107992E5CF	C702A221AC2419147A29F1EBFBD9CFF9DCAD29446424B4168782C3AA7F1A7777
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.E6.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E0493183961D85DA00E1A7C47CF54AB5	C367B22B44BC9F7F99DE6CB8617AB4DFDF6D703B	7485F411BF8B84595EBE5F4A22237F222D74FDDC63681DCC4F3956C4CE6414AC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MpWppTracing-20231003-085557-00000003-ffffffff.bin.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6F586244CB9D2205CA7C8EFFB798FA8B	F82B0633A6D964107114FBAC3FB20D8DF1F57DEA	175EDCFC50E024F99B51BA7360EACC938DB6E215FF126B87C4E6698B50048C28
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MpWppTracing-20231003-085715-00000003-ffffffff.bin.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C58AC2279F0E8FED9FFD9DBCA48461B5	2FA53E13016E4983819F9EDB03EF2ED3FC0E2098	4725DFA2BEC4596A7A98D0BFD94DCE2FEA177ECCCD893A7DD2E70A1D660F83E3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MpWppTracing-20231003-095933-00000003-ffffffff.bin.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A0384F26B7BEE1289AA36704AACD610A	4E7CAAF208EC0EFE6557BC4284AA318C2F95B601	ECA8544D0EB1B3EDB3D91EAC2A8D18616972FA50E4E81CD425AEC3A2C5CDBFDC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MpWppTracing-20231003-100619-00000003-ffffffff.bin.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	69AC82B88076BBA009DDAD74E177BE56	8A54710868C93D30C919758628E769C425F8EFEA	950C1E12C80A6FB24D6E67A974731C98342030FF69890157070C00AD5722E89E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MpWppTracing-20231003-114524-00000003-ffffffff.bin.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1032612E962FA92EFE176FDDCFDE3E75	A34BD03B83B6913FEA4BAFCCC411C91A29ADA74A	30D72DC904E8B966F6AF7891498183385EBC371A0FFB6A832A3FB0B937176187
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MpWppTracing-20231003-131119-00000003-ffffffff.bin.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C9F8939542CAA17D1C1F446BD357A3D1	7914DD07E25B96052B4E1F82DC93028C079C697F	87B781FB6E1F526FAEBD01BB457176D9D51A3E04642C5F5F5EAC927E92C3CA3D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MpWppTracing-20231005-083136-00000003-ffffffff.bin.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	873A872BE4A59A379CD8BA94CDFEB22C	00A6962E181B94EBB46B7D66A7D809E22FB5CDD6	23E4058780B7242BE55405A02516390BCAE507804EEE62CDFD7F0E559A611473
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	B015C5EDB650525203FCB62570202F44	F115E5375F317743897AFF429146079B8328261F	F56522AE5C0C07A2078A6E21B97AD59BD8085E08510EACFD1B070562B2A4A110
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D3B3F151BE914A9194B1F2CEA46CB001	3EBC57324597F5AEEDAA1EA7C8D56FBC660C5084	D593574BB2049720A945072495247D4D25DB2740A18E95BEA923F6AE33BD34DF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8EE4797785F686076A1F8458275B2A84	093E8CFE5EF4F8C9809A6DC4FB697A56DF057B07	8F5D2ADDF0D4A608F663528601C713EF15B2D49D53C534B53AE50DEEC7DC6150
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	C9917D6BC24F64B376C735948899F418	C360F86031D88EA35451FA9C3F7A87813346BB9B	B63DFA3D681FBA68C43296989615A157522B03F1685477F9D0857A6A2D856E29
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\MasterDescriptor.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EB2CDA2E2A2F957256BDFBFF3234BDD0	07CC0523861FA80970BBEBA617DFA51DBE0C5420	68DA64079CD86A3AAD6B9237312CC78E4717459DC02175190E3BA3DD16A6B025
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	1B37894CC05521DD929E991EFDBEDFAD	BA72B9846669345CE24E0ED8AB95037CD0EC850D	A1FAD953423DA7B67B0ED7764E37BD9E2880B4CF468AAB58E93602424B1E5AED
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\i320.c2rx.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	62C506A92E2B4737CFAC7B385018C67F	D495D34C7C51EDAB6FBB3ED5A0872A2DB7AFB6A8	AE1ABC76C3078BCECA6A996D52BD38F6DEF769D526A1D467A6E4980350E026DE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.dat.cat.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A1C24A588C3A7173FD6CE4D3A278B756	6FCDC25F214CC930066F070E906E63FF81F2CB6C	520CA1733A95B76534EDE59857F214D7B7E3125113692FFCCE6E6B602D68B246
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6D79AD276F2CFDA3F3085F468B508BFC	A551938FDB6E0AC81E5ADC01B2C6D79EC87F2EE6	F5BC66CC60CD35CB8CD75D48760C7EBC61D212277CB105787450784557D4EA26
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	4245E8192F83476E77B3F141AE8DD834	90ABF6E13BEE8B66CAC7B38D07DC8C607A5890D5	FFCCB9AD60403B7329C7699BF9F1ACB757B561B4A10E5F74394B0EDF5D049445
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	7EADA71B0A9DF00B7E51CF26A1CFD730	AF2696D23CE06F09FC9B2B75E31F12C372944A7D	9A9CF49F7078738EDA2B83422ACC3CBDC4D4133AE50F2874AB91F18AFB257D47
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	ECDC1421D03C6923A9F800456CF17C32	83EADAAB9E2B0B9BF5F1E52C56701951294817DC	42B3A2374313A14C222B0D1ED54BD666EBBAA29BAE26A556EA815F8C04AA51DD
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F3350183471C68FA971036B9D4B5907E	F97D0052E1F71A26C226FB3286C061C3F79D2532	8B7455855405EA24CF8D8DD06129C6E35124D0C68719C21887EA82136EAB74E0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	DC62675C1C52356813F39DDD244BF253	706F39C0BC00F173401BF1DFB1B5074B8D04CAC6	18F43A56A53BC15756B638EF1C6F1D2A9A719A8DAF261EC4B08D82A79B551E5F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	69296F05EFB3BF5986915CA314B31B90	91312DF9054F3ADD07A6756D60A1D881E16375B5	A18F64EB67C501C6ADBF65F316ACC2BAE94C962E83AB599D7795D823317EFE84
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E8BC860B69B799C155A42E13022F3D57	3D78C55593269D73A9058470370F7D5C784E5A0E	3566550669E12FF3960BDE3D876C95280D3F5E1546C8A7E99DCB1681C5981501
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D83B36EB97584BC4D1BFBEB51047426F	C530E103C67473F65AC78DAE0816C348B0517E3C	E21CED579B06FF788936910FACB9F43727CCE756D0F3C5B0C321BC1E6896316D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E6A29BE0E5526FEFA8D5D7D5FA462783	6E7999706F49406FC7A65073051A376BBA4CD2D1	415597A97D04C2F653F8E36D01AA79C67209BFB5C88FD05672749C555A80B915
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.wprp.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8305C4E828FE0E24AFC6F0848EEB827F	8CD663E2BD7F6D43E1E01CDF74795BDED8BE804A	41B6C9122F7D3D5C7175C4A1D16F292C549D04566E590B939AB0960BDD15F27A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\9328EB67-F254-48BB-9DA6-3F76F41A0E9C.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	9E572F537F6B06D2F3BA0F3489CC4552	B650822104AB3726AC02692D8B6DC1B4387FDA61	F85DB8C8CFDBDD5E6D28AFEB647EF3F8D2BE35A7ACC70DE1096B4814CCF2B5C2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\0ED1E367-1E22-4AFD-A208-D0061CB0CFDD.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	E6476E564492D6F5367EB734AB0C62CB	FFDC0B691FBFE84EA62C0C02CB1C48115933881F	CA2C261F2557D895EBC87A3BFC93CA40FA7422E75645E7B19C0A418B382138C0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\89028913-695D-4F8F-BCE6-1E5C836C197B.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	19BE755C928DEEB695F78354E945AD27	9D33B5F90EF3718327A95A077EC0256C504F8392	AE9C723ECBE41155C84FDFCF4925B5E4256481FBA6AF632392BB5A01FF279DD2
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\CC950129-487E-43A8-B5DC-2A23C6222934.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	8EA18757A431FC9D0A44ABDA3949CC42	C7B2F0AD7D0600DAF9ABC4754D31B67937E0BC78	E81D32F3563F5030BE91D9DD25463BC09B84415A750DF125ECC85C67D24D3459
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\7A3F9868-21FB-41DA-BAD8-070F118AB9C4.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	D45D9CD35B6DBFBC1E5DD56B02BAE9C7	1F4503B8195AD4C5E67416469D328B02D4998412	CF4725531C87CBD055B69D59D1643E89B6CA4CC83612B9F5440D0B7D9F31A2E6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\packages\vcRuntimeMinimum_amd64\cab1.cab.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	2E338D5E8D66566E0EC99F3D55CBAE3B	6399AB75F5CF3419E02EBD63B5E526EBA8187A1F	2B93CBAA21C246A6BE78A2C34049E66F4B27FA9AA0CA6C16C84BC63CC945A1DA
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	66084E44BFC2651C0CF38208FE9DAB12	FA6EC8D87FDE568FC7F700B2F925E00445BE4136	E9E563F8F44503C9D7701BC3B0F59CFBFE1E3DBEB5CA92E7B7D7AB459A29741F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.hash.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	EF7731BC9EAF0C978A76929EED8ED9E4	95AD3EE7945BC57877ACDE7825A4190802100CF9	AC61AE3D039C83EABCE029C7BA57444F33BD87C7A6567DE585AE5082B51585A6
C:\ProgramData\.curlrc.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	48B30B882E6678E6F1F27D00F869F676	2FCA0633679B708C5C710E0AB784B25A0971A32A	20C97E55F2A69CE98BDB0141D5693D6548CF9C2E58EFFF2DB18FB6ABA7EA578C
C:\ProgramData\.curlrc.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8A04E034DBDD26DD034DCA1EC38B5211	6AD3B59C32B58450099C09F8326FA2B0007FC343	F7FBAA63F4BF349CD08C8AF1745DDDA616551E458C955D85F1FAA5AEFF7EC169
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4E0BA6C4DEA8F8A50EC2DD5E4BEE9C31	E469277DB5279A51ABF0C1C4B1CA1965189EAAF1	4953336AA19035209CD6DBDB68045D800EDC863A0A8B4D36D8F75EDF0A01BF7F
C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	011B9C052295D8DFE21F93672A0A40F8	BFFAEBCA5140065C1AF1C2E7EA7BD6F029A719B4	A3BF1D47C43D3887DA3CFBD9489E70A30B4D7B7187C448A343473C8B5D3A2600
C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EF973879AD575932675A337F9EF867B4	C70D2536104CF9FDC6F5C13C72B2C0DC22B3C310	39F8C5607DA881D58704285E4C89B0041800616BF2A4005DC1B31B8BFE7D80A2
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	44B5E79D8549BA6458521CB41819535D	4171796D404D80598C520A357167CE7B98D69057	F5AEA98D310F9E685406BA58F03B4BB52912AC4275EE5A73556306F772796B84
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C46446C519476D86144E012562867D6C	82CB1F7EEBEF25391967E8C68F2D6F37973FA906	DC3CA8459072629D83CF14ABD2B1D5364C91FD29A851E957AA6F11667C3ECCCD
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F8840B00248B5A64B463252802AF9755	49DD5C42B628426982E508F129CB92768BBEB992	37669BAF1A65B2CA4A973CC88B50B5B47C791643A71E07EC3FDA518298FB8B4D
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F091DA0372D4F0F1B00E59F165C16C6F	957724B63E02F853D10DF1063CDE34C46BB5DF5B	23BC19C0C9476E45859926B99717B95D7E0DF423F8E5C12D1ADD0D8846159569
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CA6CE1A3A674C122B507007970B7A5F6	5737048264BA70DDA5401C31B11F0DBE54C0A4FF	6F7462EC7F6FFB0BE10A4C194751FBE9B9F28AC49E03B97E9292260E13077ACD
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EE494EB0493F6D55240DAA783A2E662D	18B06F8CACAFF41707C072FE89E367BD9A8F500F	E0216392BFFFECE4877F0EDFF992691BD9B1AF8EDAE42809DC4AE0664BE2E2CD
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\VirtualRegistry.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5B2B1C52D2E83985AFAF1B5B8906BBBA	71D38DCD9905E338E0D2EF0BE4176B5A8542EEA4	7F0EED97798DFB0BD8FADF4ED5B462154FD6BBF2DB06DA0381A54226C0C29CF5
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\MasterDescriptor.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EB2CDA2E2A2F957256BDFBFF3234BDD0	07CC0523861FA80970BBEBA617DFA51DBE0C5420	68DA64079CD86A3AAD6B9237312CC78E4717459DC02175190E3BA3DD16A6B025
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\s321033.hash.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4712C6B0F1567B0807D14901595F0E10	32FEE21F32DA07C7BE8D7A649FB3ECF8B067BE8E	2EDA32FC5E89E5F96E258CDA9D3E6416B13F6F23FB527269A07B1C75F5C68FC6
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E373ED35EC6DC9C80F4F225A2997F5D5	E2ED52DEBA3EE08E40050BD23B4DDCFE621FA2BD	5DC005EE55D8E4EA78BF597C1E97AF957F52B1FE54F53807A74ED98A0CA7B604
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.hash.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	66084E44BFC2651C0CF38208FE9DAB12	FA6EC8D87FDE568FC7F700B2F925E00445BE4136	E9E563F8F44503C9D7701BC3B0F59CFBFE1E3DBEB5CA92E7B7D7AB459A29741F
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.hash.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1B37894CC05521DD929E991EFDBEDFAD	BA72B9846669345CE24E0ED8AB95037CD0EC850D	A1FAD953423DA7B67B0ED7764E37BD9E2880B4CF468AAB58E93602424B1E5AED
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\en-us.16\stream.x86.en-us.man.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EBDA07523EB642D398B0A5F2E3FB8A2D	27C81099817BABDD3E62474AB75C1C8592958E4B	937473E9D7556257B3AB8C10638324B792A897D36689D8F58FE694EC05EBB56C
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\operations.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CE45698CFB56AB04B7BDAE53B11D2CDA	3605C2CB135E98B9F8377E092AC80C56E497AFFB	23934766F503878297FBFADA4F1911C8B605E9466B83C3124FCB3DFD8C0304D2
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\MasterDescriptor.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	90B72977D09F4E861DCD9C138DCD75B5	5F7B737098788F9DEE3CE53F6010AF7730E07B67	E295AAD5B6938A34130D58E63D410293C9964DBE6BACA743FF6DC38455C88994
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\i320.c2rx.hash.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	62C506A92E2B4737CFAC7B385018C67F	D495D34C7C51EDAB6FBB3ED5A0872A2DB7AFB6A8	AE1ABC76C3078BCECA6A996D52BD38F6DEF769D526A1D467A6E4980350E026DE
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\i320.c2rx.hash.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BC658EE9CE36F10CFFA85D869BFEC9EE	ED037E16240BB8DF1830CC3F5AC52460C9ACF8AD	51F9C62CE2457936704A4D7AA53C4C652B4C0EFC91E9B421A227EE37FE287038
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\s320.hash.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	927C866AA73D3A70BF1F2CC4ACA84DAB	8DDA4D5DCE3A26B43461260F1CF03A98272E620E	15DF28FDECF231BD86B8A7617093F0CDDE1EBA0CCD10CB948E3E7307AD497A22
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\s320.hash.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FC04F8CDAFF2F758F2CE02AB10595B3B	F09BEB270C005A6BE37E2C5D8D9D423C694754F2	ABF9708660301A31647B65194262C34F663A79C684A94352D7DC349736345F4D
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.dat.cat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A1C24A588C3A7173FD6CE4D3A278B756	6FCDC25F214CC930066F070E906E63FF81F2CB6C	520CA1733A95B76534EDE59857F214D7B7E3125113692FFCCE6E6B602D68B246
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FF99C6DF53C358E9B81BD8B3D9B3BEE7	8206037899D47B9B3D8E71E36CBA377833143F17	BA0406879EB2B22F9C4625867F8A57B36DD8F58919F91F34B98BFC114F7187DD
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.hash.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EF7731BC9EAF0C978A76929EED8ED9E4	95AD3EE7945BC57877ACDE7825A4190802100CF9	AC61AE3D039C83EABCE029C7BA57444F33BD87C7A6567DE585AE5082B51585A6
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.hash.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6D79AD276F2CFDA3F3085F468B508BFC	A551938FDB6E0AC81E5ADC01B2C6D79EC87F2EE6	F5BC66CC60CD35CB8CD75D48760C7EBC61D212277CB105787450784557D4EA26
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\39D4F9E5-695B-46C1-A26C-5CA55C23376D\x-none.16\stream.x86.x-none.man.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A6121BBC25A2616C0265A45E51AE9E87	5821E10E83B0F0F84367EFB2FC29F6A4AA1D2C38	145EE38072AC298BE2A4F6F57BB69ED04E9848141DF2A8131049DE7C53ADB5FF
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9DCB8D2B3E81D9CE77EA02BE1E643A30	8A48B4DA0211A0EE9143A42BFFDF8E97FF4C23BF	B8BD81A22ABE8DC7DB7A107CA821E7FEC6EF89048C7D1C6CA79414CDC75FF047
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4245E8192F83476E77B3F141AE8DD834	90ABF6E13BEE8B66CAC7B38D07DC8C607A5890D5	FFCCB9AD60403B7329C7699BF9F1ACB757B561B4A10E5F74394B0EDF5D049445
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7EADA71B0A9DF00B7E51CF26A1CFD730	AF2696D23CE06F09FC9B2B75E31F12C372944A7D	9A9CF49F7078738EDA2B83422ACC3CBDC4D4133AE50F2874AB91F18AFB257D47
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ECDC1421D03C6923A9F800456CF17C32	83EADAAB9E2B0B9BF5F1E52C56701951294817DC	42B3A2374313A14C222B0D1ED54BD666EBBAA29BAE26A556EA815F8C04AA51DD
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E7561D22FE91CE10E48557AE68CBD9DB	FE7532F2402D4C0DAE1CB14C23764BC235A72296	BF7A258B92DE4A86792D61A02ACC13629FA218866930B91668F900CEE07B4D77
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BDECFAA5943F3F7E7DDF749F6818B7D9	7A01A99DB6FE132318EDBB9B9D66B91ACB3B902E	5D6AEC3D5CA5D0060547883E9F4E18AD1C0A87DCA2263EBAB4AD3947017FFA04
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F3350183471C68FA971036B9D4B5907E	F97D0052E1F71A26C226FB3286C061C3F79D2532	8B7455855405EA24CF8D8DD06129C6E35124D0C68719C21887EA82136EAB74E0
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	945AF2AC2BC7F9F5D712DB5529F8529C	A7C36798C2E940EB538CE7012F7B5ADACF48188E	D325F5B60512020CA47AADFF07A377ECB7591BDE84DAFC666EFCC276E2118631
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8823F418E58DCFD17B1A048E210E5C75	07702E2403F7E6A1C14A75F9FF08EB240C0A1CF9	34024DEADBC86B2CCA1D3F1F71343F41395CD6EAD265387EF4DDC87E4BE8BE9F
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2AF06D02D31783BB32584932D64EA4B3	A35FE2BAA01A2728A8BE225A875FD76829DDDD3E	5A79AFC87031F30BD3A02B574257F3173D5E4E3D0B8F838F1BD4D632D3BB1AE3
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4D59ED3D09EC0254BB27905F9FE19BE3	DAE059D4AC9994F9411AF0EC0444D23C640A0C5D	014C54B64A4615BA1467427693971EBE836ACB96B4D7FDE574D610EE419C725B
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DC62675C1C52356813F39DDD244BF253	706F39C0BC00F173401BF1DFB1B5074B8D04CAC6	18F43A56A53BC15756B638EF1C6F1D2A9A719A8DAF261EC4B08D82A79B551E5F
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	69296F05EFB3BF5986915CA314B31B90	91312DF9054F3ADD07A6756D60A1D881E16375B5	A18F64EB67C501C6ADBF65F316ACC2BAE94C962E83AB599D7795D823317EFE84
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E8BC860B69B799C155A42E13022F3D57	3D78C55593269D73A9058470370F7D5C784E5A0E	3566550669E12FF3960BDE3D876C95280D3F5E1546C8A7E99DCB1681C5981501
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C0C71D9628E74E14119430036CF78EEF	93B56DEFB27C52BE979020BFD49D4FBF5611921B	82C5E7A2880C8D26A9C570DF2EBEA89EBFC2B90B75532C9F21CCDDA477DBA7BE
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	15A07CA01DAD84F571CB2EF9AA6C9A67	04B8332A0566F5231DC36B68EA5A29C3226FE9E8	0A662A4887503C940A5B223A16BD16871C82DAB96E996DD5E81EFA4B21923DA3
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7EDF47560334375D55BB8ABFEC923F7C	5B3A2AD4E3C07DFE214F18E55C403443F1055E61	13821B89D65E4E0A9693C2F039874761A07689E61F1E590F3B7108CAF160FBA3
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	790E5B9B311A0D83FA839CC14CAAED43	F87E7A3A3865F4F293BFF2FAD64C2B16ECC8C6C7	1E8ACC66D2B854B238D64CE6EC629A512D9C11C33EAC20722B0AE0675425191C
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	232947A1AB6013F8D5EC65F8BE5EDEEC	2EAE717406604EB66A9ECEC210E1F20C1FAE7DC3	35D58ECA0939364026ED7102A80CD31BFE91FFA66D2730796655AF3396CD4541
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6E56C4E197F32A0973E1C07746AFAA8E	CDD870F155ED2B86BE39B710E7632B3CEF3DDF45	E2343D037AE9E7BB6BC9139EF6D441756F9BA31A455D99E993328A980830E24C
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BB49D466C0803FF013FC62E6CF0F779B	AD26C6F6B97D84C691527C8E07E2E7A3CB873484	444BE2E9425715BBD8C0257A9DA6D54D840728A1DBB9F8EDDDF11A51E1A9A00C
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6CB0ACC9B92EF31553925038F32664A0	A5E50535F2AA075680726A1D36CF8F57EBCD932A	0D5B42AA97DE69B75F00ED69783AC169C5BA40AB6989DFEE22E6C3C2E5C64CDE
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BCFC7060C59F44389B988A3A6FC49342	BC0531CC7CCCC10DE46F78D982DB1B10684288A5	FC1EAF9D0C12626A0C68EA75C5462E51B0CE8C5C5E7DA8F0290DBFF699C6FFB4
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	29DADCF6383F3B87315D53C016547AD2	AC27C33AEA89544418C31412627486C3D4A0F1DE	211990C6F0BF0DC5D17C862E84460625A892C82623AC84D9E391F37C41A382F2
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	97B7EDB645C3E9870E2F2CC1DF27E2EC	CDB86DBCA6C17520DD0C7953CE009A98182A750A	574FE1DFA4B18C549673407A06721A088C1BF3EB82D05C7E5BC70E68C5B8CFE4
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7263B560CE9E45477D0F0BA0BAAAB197	802E213EB1E5FE019599E27692C48ABEE8BE5261	63D752A50979D94395D232FC1BCFE81B1F2D31E57F3C6FF85C7A5E72C141B113
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A0BDA4E705E40E7A7C0EA397FD13B426	B8E98CF3C6CA3BB70F4D3CC3EC9180A781D34714	C64356792391E9E0F842B3088EAF3996599A9AAAA7EC497736E1BEB61FE396DF
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D83B36EB97584BC4D1BFBEB51047426F	C530E103C67473F65AC78DAE0816C348B0517E3C	E21CED579B06FF788936910FACB9F43727CCE756D0F3C5B0C321BC1E6896316D
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6B5819BB56EDD933DD53F30C30247BFF	0AAE857587480C8C2E4C2B4896D6FBE808FF4E90	E4F9968FD99701F204E899EF004F2F18A29DA6390DC21C820C487AE9225A2408
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4ECF5C33C0D07B655338FAF4EDDFA27B	0AB9B07F94F141547845EA5FB9CD9A4F7F3B1067	496F003EF62A43C717ACC04049B232F4D64A979B07C0DBB9A6904DCC39F3832C
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	45BFD87B5706D6772926F5573768B07A	384D768E864FB0BBEF3D5BBFD950DFE43C151C45	3958EBF9F2BF373C447C20BCA0C4CEEBA7C55031D04897DCD170EB1C89C91685
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AA6E4EDC9FC3A7BA3F64CD62F9245976	CFD993DE505D31F385DEED3CBFA32CF30991AE33	0F4CD833838A57E261590A1FF951716DF19DD4F16AD3639FC7F48753323301C5
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A60F923DE9DB85DBF6AE2D777D3259D0	574295C01925C13A5E5AF27877EC40DA7489EBEE	98E9B39DB7AF94FE942EA52FCD1A0DE8C3416858EFBFABCE280A2CF66EBC042E
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C14C1F7787B6299A6BCE5339650E864A	F2A140D6A67428F11A0461C605682408AA63FCB3	80FB77E79C71C6219CDE744A5C46A3B2B7F34ECBD0714DEE590ED1510F53A6A3
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1C3784972FC11C3C3FA00861E79EBA54	BDE5AFD9D73E80B52294782D5C10992B5F7D5C81	827C678EF3A4240296F2A0E511615CD6E1EA36064AEFB511159F02D909305F88
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	70019A9D57B3758B85582976BC703535	036D35B535C07D3F21E3131714F91F09D496A609	5E310F46D8F55B047C270D12FD0A20D0534E1405311E37371728A44B7BAB7B63
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	95D59A5819FFD304CCA0CC53121AAEF0	B5A4E2E32FABE007D9E684E5D464887D69338786	21D6809A8D154CD94F2E43F2F4775F4CFBEA23CB63DD47B3B7FBE0C2A7368E5C
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2993494741D1B541671E8241F9B5CFDD	90393C687C693AA0A520DD17726206391D10CAF1	7E60112E6567E542ADE886D5D418C85E3437526BB15CAFA4E30B7AE9E4338B20
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6D6D330BD98B8F2372902A743DE51078	E8BD7EFFAB0A7178EC5B6BDE13EEF434FCAEE323	010CDA1D9E54C210ECB9AB892D94F2A265FB47FA82193730E7385FA5BE753224
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EA787BD7DDDEAAA6BDFF5BA62E7E7E1C	712F132CEEC198FB050AB145708BDBE7C9D61454	70E1B9718187CB58F6CCD2E2739D240D37737B16E1BD8DAB436CEEFB4A4B60B9
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	433A952B0E2E105C607B7DFC96CC1C5D	65EE36DA3097CE20FCDFE2A4F4BE2781624B649D	021FF8EB38045EAE7FA076AB5DCE7B825BA60341E9E36CBD3D36378293636196
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	651DCBC2C54A00BA70935F2B12456074	20620C5FC6B2CBD5AB5742D5C762D4EB3D5B0E14	28E0651A92281317D3EA8D136F8C071385AF1D164096E19EB0331F2B0334A32A
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DBCB3EF3BE863B47294650AA237F9495	11D89DDB82CD7E6E88F7889B89866B6E92D1266A	1E4D0C1D20716E5BF6DA57A95E94E9B801E141D4F901711A8C332C8B810C426D
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2E7CB9D4549F1EA47307AB6CAD1B9F0A	6E90186264202359708A09FE84D2CCF20B83C36D	061AFB01CCAC29CBE61DE6B6534BFD6723697AA09EC29D1BAF4AC39ECCB911DE
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5B0A464F02CC27DE47AB9E2FDE453670	B44C50D3F8099A1F3C2EF8BCF8C312C37B6DE678	1F70FEF3C359B18E923F2AEB04F5C2B016E016FCB8438D6178A1A6EA3116C86E
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0150EFF1997957A5E90A2EB4B738E952	06BA8BC4A6C524A18EC5BE6E5B43E06FF72DEE18	409128E384684715BB57FDB04EDA3E35441D5CC3F4935F308BF270D94C22B75E
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	44087E3CB7C70C751F8536D1D3723B36	9C63E24E7B59734F3C1084A4C0C4827B85520644	C777FA4AB9D4D284C2F88CAA898111F8F75E2304345DF762062DCD2472B67B0D
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	58DA547909A21FD2564C6BCD9A556B6B	9D954FD9E50065570FF16ACB6A1C30E01C08C513	C2458CA18C46CADC6C88126B8B8756159BB498D1D4E75DCE48E7B91C840CA446
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C2EFEF6938A34FACB8DD098DFF00F257	5D727BE6F0C1BAC0F266A98C98E64B1E246F5C05	506D922724F57273A4E486BADD28E5D534E39AE50039C009652ABC31A34DB90E
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DCC4903CEE7B60E077AAEAEDDC684E97	C457D114E2DC94A225075D98E331DF9321BFC52D	C8477BF8FB678DD34FDD032CDD07AF8655489375530B39052A2AEAAC17115A01
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EED1CC687A14D3FC8F1D2F50D192D2FA	F34CF2475DCD6349F56928B08E871257D41C8D12	FF6838E5688A62B1880FEA60390F607E529730AFA60D4A2E85BC17C7E7496606
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0A95EE885B268B6FA13EA784A356B3E5	18EB594CAFFD7E603DF762A2B8234D266948B7CD	27993FC465038E3AF9CE6104A5A44D8103673F12891E49CDF90D825DC315FB26
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3E1EFE15017AD534090D15C3A5CEB43F	C026DCD2BCA6A8BD6759D6E2339FB0B2B12A751F	133E779CF07F8D22EB9773AEF3FA9A2C4CE9268DCB4383B5D79B013F9136AE69
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A00D94C93E091F9281870ED7BA5FEA81	6636F367CDEF2CDFA35D389DED3932D0B9F564AE	C79DF73D630A9A80A8EE69A7AA270ECCC9379496E2061D9A9B9B22802C51BA30
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	203C79CA9784969C7299AACB4F139C0D	1566425F23735E2EAB4777784CEAFCB242C7B17A	846EE0AD268C854C6F268CF12578E38F2B630752909B9996620F91E715FAF449
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	975FAD63EADE2CF9E7B45AAC8561C12A	EE9706857235AD6169B5FC1E1171B7B04EF76B81	98EF3594BCD23D6098872E150D51DC93C474CAF7CEAB005B28D32D68C11CC2A3
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-GB\resource.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0267D6DFD37277A47F4547C5820BA915	A2CF989A85BC63863152433BDE9082FF1CC6F65E	2B5F78C51D4E808D3D6EE229033E2F433E2DED3A0FB2D1679B4BCE9BEE3FEF48
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-GB\resource.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AC42803A519EE1A121C8CD9964DF6201	0467C600AF8CCA275A6FFE94D64EB9E1F2769293	000414BA34D45C0B6A546747E79F2EF4AFA0395F6BAC5D4304B869CAA25F7175
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BBFAA036A824723F32A8D0925A7703CB	A1CD404088A4171A17C99281F3A71B86A2781489	9FA125286A20EC28537B515E52B24A92EAEEF0C2D2053F8544D26DB78CEA40BD
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F2AF3F94F1A8FEBEB82FEA88ACBBBEF2	7EB54C5E05954D662F7EA05E0053BE26FB2EB21D	C30C91323D681A461004818D1448965DC26377DB7FD45667269D04B0A21CC544
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D1508D1386942241E58941BC8EED3BE4	9AABAF3C5EAED3293DD0C21E3913DFF72A2A1C69	4E3AA1A99959CC03537BFDC43423300CD0A334C99C40D90025030CDBF0C34650
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BF6D2A3CC65A6397944E7DB30D43A069	066CC583F3579A5BB7854A00B1753018BC15E680	F618AB3E2012A7B7CBD174AA3641B8396CFF2E50DAD5500A4A2AEF6ECFEAF7D7
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7A9CF13E0BB43BEBE7BFA00898B7CD8A	38D6DE09A5BA580FB62FFE9B3C7E7A6582C16199	E0648A6A3ABEA24515FDE3051B5A8D6FDD045C26CE76E77162F4822DC2080CBA
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	19D6D8F28780B2D6DE8ABAF793176962	888386CA61072B1DD251DC5AA86F8629EDF7E444	72315724F25F011D57B98053C63CCA491F7659D0302140F0EBA57BA08380F516
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C65D49D2B350C7C81200339B98285971	CA55DDA31C27ECEBB3280D29A413749FF160ED3B	BD043823AE132E95F3D13B05988CC22CECE9D5206ECCF93BB15B1EF3FEB7A2A7
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	986AA6E9C5760871631A6BB02B079243	FEF0939227540CA454B735E3279920BAAE1E9FB8	3D57C0AA6D151329D6AD497A7D3BE2F0842AC708AF3B405185807905D7F2DCE5
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	591F99422EB8D4890FED63148FC8F453	D3861FFAD7A2EFF3C712E2DAAB0FD91BBEE191F5	A968740036592AC6383EE45A64597AAD9C80ECBA5DE80D2FBFE415EA36AEABEA
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E98B6B248C89C36C319652E8FAD75455	9870D347FA74C32B8E22DDC362D871C400AEED27	8EF02B7B84FE1A4EB24F783145DEB7FB13A643E19B09AC17EB9B75C976179E64
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8A4C675FF86AF1B854122B8178D6BF34	216296554D20E62002952F54712374B6FE09D491	EE4CC34BDA3AD7FDCBD981B9D4A78336AF34BD1B028490D7D3F94534652F7272
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9FCF08E63E73B6A9AB24E24586E3AA12	C9108F68196704CB9CEB9590143CEBB84C2A33D1	248FF08A55A3C4673516FE8F05107993B6CC53ABC80913F97CD56C5829CFB75A
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1C02C5281BF98E9F281C7BFB89AAB69D	30DFAE49C1E008F828CF2BE12EBE9E1A8122F414	DEE3243F360E57B7739FB7DAD726C7E750C3DB9AF2807566BE7834DFEA9AED4F
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B0E3BA529516830B168B8DBF4C8BD2BD	15C776DA6E576E381374B42D954FF117CDFA506F	28A88D1A2DAFEB8AD78C4F666C5B1C7ACE972E183089ABD6D7DDCB849D019485
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E2471AF8991255DEA62F45F82989502F	D82BF8BA0D7E6A9ECBDA1ACB2B29270C1796D6EA	002FDA8DC64694BBE4E74A72A797E7B4BA6197BC1F0B914B5B7A967E83C59906
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1CF6A4FB9716E107A5D635C139EE7BCA	2D8FD86F8472C29FE1ECE871F65ED9D1108C2F46	25FD994058F3CD27BB95AF52A1A99336DD2BE49064EE39ADA28779E7C0D33A33
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ABC72E2F2963D18946580DF2B6F20EE4	3C588B2A621E58014BCFCA0F7287EEEDCF1E111E	949ADDEDC0466E8B6EE86FF3D25CD1453844E52F6F2663835E37E8CA8D3CC878
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	45A76A6F69557C35E1F96FA04011B588	94A38570C3BB19036F98733EAC44993ED2ED101D	7F8BDD530B3D8EFE8477D4D0806686A1F3236962EBDB2E06B9B701C757BF582A
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	950B55B8D6035C531DED788FD5092236	3E2FF26743552B6EF523FC3E9731B2DD85AFB31B	3163AA50C18622C89183341FAF63779C69E640485F73799BEE0D4F409325FA55
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FF1474128272F3C90F74895675758A0D	CC10B684BF724F54D54DA62721ABCCA24277D864	7525EE3B5BDDEA0CE79DDC25473362070A50E0210E409E6C6CF5134EA4075EB7
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\Diagtrack-Listener.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	807B891011F5A962A5F748A616BB0A2F	4CCC145AAD2465574E9AFAEBB633BFB3F1809F9B	FCC1F57F27EDD376415516BA4E5C40C2CD856F4A352A0D6486D67A5790F53557
C:\ProgramData\Microsoft\Diagnosis\EventStore.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1BCEEB15B2AAF786731B6A7A49277266	B5E7A3AEE94C8824FC93766CFACCFE50BFC1B897	B07BF79546225E1F801F90AC269EC690CE49A41E1F4A51B90A6B50279FF8E3C0
C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	640004FB14122FCC8A3AB6441B9FC05F	DBCE28C9B5832DC715BE298BCE8F7E70A45C00D5	55FFB41FE446D8F924C8CEF2A49526136DD584622995F3D6651B5B887305C76F
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8209989B2E7D27CD3A4A20A50CB55853	10B14094CB821DC07D734031E0B7887CDA0F9FD1	876B2B475781FC0EFE790384D75257B75EC49905B7394B44BD9065C57AF15D9C
C:\ProgramData\Microsoft\Diagnosis\osver.txt.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	08C1A378F6FB56203C133E82D4FCFF00	F846E43BCA17E3619F1E720000E62BBE2D7EBE71	60370F48F02D77751B2795EA8E58FEB98106101FAEB74C296248562A11419723
C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0445EBF19A99E60FBE5E8F6CF814DE14	E6E33960891AA9B06AA63E85D55CC1D9A62095A8	CE49FCEBEE8F07DBB33A46A2E7A488A18483089A84873DA7DEEAA565FFE8C6B9
C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FDFBDC7BD3A2E14303230630A9C07EE6	12898A4DDB39AED10BDFF0068342D09E53610ECE	0FAA98AC444B914095BFFDA3318E782B3EE53CD2639776A4564570E9B1B3FD08
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4D2FD80F9B758090D12EDD8BB26FF55E	58F5335A2D57A382D5B8EC1A1DCFE664C9D0FB7F	A081D85CD27C83B74766F792A64210CC0EA8A4EA1B0AF043283706603F58CD53
C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FC2408FDA9176DC1F621D0FA10C644CB	D5222C9369412B996379CD7DFC1BDFF44B71A103	E539E103C5F08F2205811E488884465761ABE87E24252E5A368B90B0203BD9C0
C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9F8350CD156177C41C39B5C8653211B7	109C0FEA9A4A5270D308B4FCC1845E6F1CAE5E14	57E8EDDF0ADB6DE83F98BD7A126F01333655C13A1E3010FEB6AE25B0F7D688F6
C:\ProgramData\Microsoft\MF\Active.GRL.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	966DE312588E15322AAAB9366F7C20AC	4AA03D583902A374FDD731F1D35B3B6E9297CF95	AF61290FE14AEF92E39F4755695D93D2CD2CEE34C56D1E137C08AF4CBE34C0D5
C:\ProgramData\Microsoft\MF\Pending.GRL.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ADEEDE1DB5A27E5538CC10D115B3EDD7	1A5FEC71513842A40E7A7F303BF0E28FB53B83C1	46ABA3347882F33FA1DF41DB17D0127B48EFC554ADA31DEDB2E87FB9AB45605B
C:\ProgramData\Microsoft\Network\Downloader\edb.chk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	45BBD25127923C8838AEBC4E8A89BFE0	025BA6BA694813D50CD41FEC17D499C66E97DC16	161B5E851FC981592B6E0015BA55D47C9D1D8B24204FAE8AFE76BA57774550A7
C:\ProgramData\Microsoft\Network\Downloader\edb.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	40870EDB78B9CD81FEF8B46FF9DDD9F9	9BCC29844414908A2AA4AE8FA74586980DAFE916	3CA08DB530C9553CCE3F53BD3B79DFA1D23B85E12212F931331CCA36DE3DF20A
C:\ProgramData\Microsoft\Network\Downloader\edb00001.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FECAC41950BEE5DA3C7D9CAAAD9D2157	506F211F29F1B3D1BF6A4BCAA70B314CE3EDA2AE	5519AF7C35CCD9147ADC150A3BFC3DA606B4DBE0BCF3F9904C7492C9F4B877DE
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8A178A0DC59255DF4C4FEA547F40B019	4CD1D57EFC9D753C4B9AEB0EC6E5D0ACDF3DDD5E	D7A56FBBF815E4188D0B68652A3283FB2E8ADF08066A67712E1A42711470C864
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	887D0D0DBF304363BD54C0581CB634A9	E7E9147B5D66B5ABA73D19802B8F6784FA55B3AE	054175FC185C5FEDB30F629182BB84E5CA631C1EDA37EF67DC64C7976736E692
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	48A4F9E990C6F5106A856A4AA1887AB6	81AFDEF0914E992DF2E0C6BC4173FD27BD4FA1B1	4F27E74D9465BCF48F0AFB10120B1F81466E66652FAFF7400595EAD7D3604695
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	075327390A14A67808AE36DA53B6AA9C	0F5932FC922C846A569C8A7B7AF879B714BD70AD	F5D974BD9C8A3E05B04D7FE2EF1305DF9335A18A593AB4E121A564D6241A8AB6
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B8AC9D6390B2C7A01D1D2157862F2EF2	40FF10A73DEAD73DDDC21C88EB454A883BC19AE1	9A2B80C67D2CA8B5C2F0C6F5178543DBDE4234D7B696022E20F5120027D60920
C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C778A5772CD7434E56E55DC6DAC38617	87AAE38B97305CE3CC04A45BBFA5E1C28BC7E226	B9CA1277DE494FA71998F680C9A7E4F95EE444B2FCE5DAAE09CEEEC61224D09A
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	90BA056EB8920074E8B480E85531D731	CD9D226C85605EF6B4E899A3C9060DBDA11B5FF4	CBDE660DEA0278A8C0D9B32838BEEC93CD6CB0BCA5CA8381391D03B623BA84BF
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9C37EE2B0D51EAA0A2B77D62329F9BE8	C148338DCC8AD5EDAF5C987F265DD647F9BE0B23	4169D5FE283D19412A5AD2EB033500003CFBE2558ACE439F77F8169C65C682BF
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0AFD04D3F43947E5D7266F1B99B1AA92	C4694CBE8291429DDBD84CDE784706201D56F309	4E4FE9E7E8F05BDD5667465B8A41DC5E4A0D39BFFDED830E8DCB6BB1AF5428F7
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F22F124DEF51E196DC4D9EB70E7387D2	4144A378A04AC5417A21079C35F51D89066D1D2A	348DE52839D58C8DABDCEF710613904F1AC52D1D1BFE010FD9CF2CF9D03336AB
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CB82E2BF1FAF0D88D48E18E4EACA9E3F	FD960AFDD69019B18690F940F84ADBA1A77CDA90	60D0A3BE8A8E35D1623B2BA5D2864799D574FFE81565B90E12AB6AE8ABB799D3
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A14567B06E04547FF4F0DC674C6B226F	555C2DB9D3032F8BECE7DB1B7F14EE1E6ABDB8CF	D8397FA827FF7B5C8421C7F40BA21587551A55D155EA3C6FD652106FFE329516
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0E7428328034D5FF4B94CE682C807369	A2C60F096294767DC8B12F51EA40C59652FB92AC	05F5C2C9A41831BA0FA3DAA1674AE95F21E6B0F74D8ECF8B3AD2CC496FD7B1EF
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9EDED97DC89F50B85280355453202555	D45BDA107BD9A62531AB0D25B839CB8A6F42CBF7	2E4C7C056F47A7F1B27CEA70FCCDE67BF73C90E1D6905F59D24FCFE32D5E3243
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	08A4DF3F6F0C15C2C25716137E269E57	FE66BB0F50B18CA3B001CD407E5B51092005ABDD	394EB5BAD6ED85C0E5BBDAD31F4A2C40CD860F1E347751D0873A9318BC3F9441
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E9A89CE3DE7CF9566C45C79064D0EAC9	EA5E6C4F457200FEE50F773E9A692A181E24235E	00B887AC6C2FEC14A54F8A8001F68B217FDA1B7E10EE69857D89CBA2F9E68783
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	398F71D58420F0B49F5EE247584A68D3	F7581DA24BBDA2552C678880434E3279E7B181B5	62EDD58EEA3A4337C63212C9AE1A82A889AB242B2848F4BDE4DE2F2FACF6C7EB
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9A76C6692030C40E2A4FBE669653389F	C7EBB90D266EEA5837D1B465D4EADD80347AB9B8	A823802C04BD3EDD90B8A1951964A6821A8B6E67CD5D117FC4A784B455EDBD36
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	69D127AB9B00C4DCD759046A17D2FE19	05219F9BD6A1D43B1DC44A4696E3629BF1F54F92	FBB9402E4918BEAFA938EAFBEC6C4B8353BC3887A8D54700960F236AB93C81D4
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2777714C71754FC91120784F41809E17	05AA4EADA9F6A21F3E9B0F412C629D5BAF5F8407	71B442CFCC8DC19C231794CB0727ACCC67A55575EA886096ED3060A239A58898
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	15BEC4795992661DB6E52A0302691AC2	697C7AD06EC620887D64B4F7BCE39FC1BEE33B07	2B7CDEDF1DFC036FCAD77BBD13D0779C968C205D648490A17D0C8B5503BFA025
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5900275B737499D52A8F3892D1515327	7E154FB8BE9FB1D89D075076799103DAC8F38358	DED08F6E618E5BFE811A680F56326EAECCB03EEEA3373FFCDBAA4E6EF4765715
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2339526B5BE7CAC0FDC8368821FC4285	161848F2DFFDF2B4DCB70D1B3BDCAC783D5F2366	4CDD321DA58B741F57433E8544B68F03A1F66567F225BF1BFDD4F1F7DB113941
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00011.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	37816FCEF81A72625BE4FCEB9EDADC27	06DA63D5F7EE5A8EC7E9E02714AC89AABAAB6815	47C2A077754474CC85A3FF1B7799EA0AE0D5981E0FD05E7E595549D1554530C1
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00012.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F58DA03C66DD9CE575CEE06F03A8A3FD	EBAAB0299D6C03059CDC7B45D27F466244EB0C25	A4137B7651346B3CD799F70649634034BEC6C7C7619D992B44772CF80EBF8ACB
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00013.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	08920EC2303646273065F3C1DFE77016	8EE15D5F9EACFC653081FB34AADBE19B14515604	C3215BC9CC85E102E64B611E13015B2D45D326CD88F6414414EB367E36E60F4F
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7EF99184E7A585AED7125AEBFB3CC4D5	FF9906A8CF4A099E4542C61E52DC16B3828082D1	3F92E47AFA8A96C2E740BF50B3AB4CBB0C5278B675B05A341A235FBC8982AE43
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AF6ADE27077CC165F1AD4BAE43239D26	EA6A469A4BB397ABF8F120D11CFECF7DB1B45D0B	2FBA12FB023DA9929DB632A6FBCE1773E9A560F4BDAC339651FA168ED6BCEB18
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0965D82A18A3D6BE409E3E9CDA262090	312B871F36CEF910A16DBFBBE07F08638135CF91	209CCA98BC6A49DB3D6AA437FAA91E2742BA7C79B791275A97B05E3A49A43195
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	681E68D4F5913F479E6C0DD1D7E656CB	5B59BDA88C322A8E512A3A5D16004CB92A68636B	F0B8F6783671DD4BB5F143C0593D5B69C560C7D701E0B8F05231FAED30A7E76B
C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	43B49E5751486710D65D1EADFFE6F93D	7D21DF0A852C26500EA9C694832B1DBC8F7E1EBC	8316AA51E48FF0B583140F20D2D118CC225A51414AFACDBBE3D3B26F0A6BA209
C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	669E13DCAA85D9B1D1725548738AA105	5A775D0EC987546D8896EF7961D4FB44EECB8929	17E87409F0D4D3F73FDFC42CE0E7F9652F8C677DC44C56D2D41067048F8249FC
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5B4109FD296B7284C59133FCCB9B467B	919E413FCD135FEC759CE91CEFEA911F39D9EA5E	7087CA06497F387034205562EA6BE5EF2BFDA5330EC9CD756C07F80D274E2A9F
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4992247CFA757105ECB79BEAE06B5497	8AA35290F1A6608706B99BF3A52507C267398D25	8A8B9FF5905CFE0F807596DF51F95E1087F2A42073D1A46E2049B2F817B41B42
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00001.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1502FBB49D5A508860867CB39A3648D0	9AFF6790B1062E9CD418A39C47DF311640573FE2	B20BE67DB03EB8A0D3CEE9293C14B44169D30605C1F86E6843167871EEEF2B92
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00002.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	40465579D4520A973C00ED20BFACF800	88DF901B133C064D2DC1DF4475D438669E294CE2	BFB116FE21EC7FD7C19EF7CCC4FDB2AB5E4AB8B03D4DB19A9EBC39AA8ECE8F83
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00003.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CA91EE1CF62CA5436D4E4C297658D246	CD04B3E908E62C931821B56375C06A8AF22A021E	37D531FDE3230A85731D85368BF0E642CE468E2E7B4E186A492DAA66E39612E3
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00001.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1EDB5311F549DC937B64FCDA0FEFEB53	C7054C3BF2B3C4599D2F42D46C215309C40CF3AB	90A68700B222EF014E616B217B4E2E62961AC2A41E54607AC6CE4E3618A9DF34
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00002.jrs.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	92E10AD3D4AF524C17FE42D3B555EE64	32AB4410F1B64E24C0494D8283CE1E9C4121C501	2B7D01F026BDC910CC5B6FE6C852EB8C14A5B2497FAA5C1C87BA4A85661DE4FA
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	12AA1153664C11FEC5EBDC5377076570	B239FBE46F830E45F8E764952F52D3328D1A6D6C	7327E51BD6AF49CE2D844C33FAF2737214FDF6EC22BA27980E874E268C56BDF3
C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	34260D258ED0A0DCB8CFFF4A864A0A90	06EEEE36301CF46306BE34D030E3E4558A375997	0CAE127D10C6EEC0E62452A95F19FAF87C930FFB398A41E7D5FF9FAF506E1650
C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D64CCC2A06E18BDABAF2B5FFCA1EF216	00BDCFA0FABDB185E28653E2590E5BEE01F730BF	C3629563B6B17545D7351BAB10D119177A3A60584F19DFC939D1062087ECBF77
C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D31D62C9C1850F895AA191FEBD06926A	7F1DB6D2F0D69568E6C9C0917298668D584E4549	04D07E37F9228066397F7382A642E9BE860D3C740FEDDBC3DA49020D1C64417B
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4CFDF75D44F5841D25BC5ABA28FE0AE1	A282FA4D3149D1DE00E9471D615E5C2DE1E18C81	12BED82BCA2C37AE5EEFD36D2C676C493BF0F6C41780AF1104B5EE01435B4A24
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4F447915D458A7AC614CE30666C88669	D4D546271234FFFF077CAA4EA1E9F1EFAFAD7E07	E7D074B241EFF29BEA64404E07904C8CD149571E87062CE094C41EC834E51D39
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4AB4746E776AA0DF94D55E3909214E06	79D62A87D466F6E58E8871F4794BE2DF7C1E3C9F	B30ACA5E81636C50536805FA17DADFCCEAAF5BEF40F102E19CFD4EFBDFB29ACF
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FB448499311025B1B264C0E309605265	E5743ADF276476EC6486EB7A0545A79E86278754	1096EA82FFA3B0DB64ED374E72134E99C72D3FCB11764CD7297AF0C2CE033270
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2C3E25B7B0A40ADC28F152B959722009	BFD6109AF047D7E3BC18928C37BA29C47E28ECF3	D23FCD18E20B4C657BE0A26BF985A0C2211DFAB26F440878BFB986A5131893EA
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	11509F7213CD1C3B35ADA40C90276BDC	8CF7209883372E5E5403451A366D9EDD6F334EFB	F3D8CA60D91CFF26EA5C7D1B4925EB4F91C1094BD314019D06A2BB1AE6A50AF3
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5225E640C026BCDBF33C03A8C6CB4DBA	B3137368F60EE770B766FD3213BE277B6E568C78	8595250E7BE8998A148519DBEF3E6AAAFB3BBB570090E9171C57835760B1BEF1
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ED16ABC6B2156A37F39C081EA6898C4C	DBE5E4648BCFD023E26187A38EFA52B23458FBF4	40C944748463ABC79FD4095A053DF51EE8FA63C16A802446719A54AABC0C36F0
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C2BA2653440BB0088657209943098C7C	E7D1730BCE155234E84FE554F53ED13428B7E697	F4E710BEE40FBE0FD3562D2AC8B3A91F36F11D3F9B44DE556CD62E48209AC48B
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CD6C4667F68A209680B9FF6AC3358DD7	563A0848CA8A815A9660A36311258DA1BE707A5E	E998FA6BE4266214E00C7F493868E73E128206967A2FB1723C6DEE603DC4B55F
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CD93D1D693A7AE75BE57811FEB5ECEAE	544EFD783A6EE189F3D30669A914A0195D424291	372A1EB2E692076DEDD93C88DD195943DB25C3D6198025E22D722F9F1AC28473
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9DD8BACB799DA370E053A65C626E6C98	6F5A24060732368946A9EA09E8871D956FC49282	0A52675434B68B293665AF494D6E1065FEA8010A8C9AC829B96C44124EEC1ACB
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3D25123C90D7FC5E7EFE5285B5C92F42	5AEBD4734B7BE51072F29B4818870BB452F6A483	9CF2676F96988EA428E28021AD07DBFFB72B377BC62DE41B4CE1B34B99477A65
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9D1FEA2E169484AAF4FF278E930CF0B4	6C2FF4B5E5581E2F75F6F8575F96BFD89044BBC9	724D2F49570CA947494F69BD9E9FD1B5F524D4864A83DC200010568FB80F5898
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B065B6E2D1F1A89F141DCD4A80B63D8E	1A6EB70D6C15D0CBB0888302476EA52D38E2C3F3	FBE610FC5F4526DF68F4CD14977CD3FF80886EFC97EF8BC6F71D897761740EA8
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C4BD5BFBC1559E6AAF0FCFCAC9174797	249F2A9ACDD0DDF05906B6C9DE685A2E82BCB614	1EE6C43CE57734DC0B05CC5C6B617058686356A8EB98A16BF0B15E4CE17226A4
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6D95D3C837A29240664640387A0A181B	15FD0F60E122617CE9D4A954DC60F7B34C1F6C88	A03AE805303B1EF72B03A42FCAE8E256783057D7AE04F33B4D3C635DE4D75D01
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5F24F2BAF459682BB05A29D0EE288D33	B4A81E904C733A0015292085A6328CED999F438B	86CE461357E3C326CFF2DA92662C3C0A07FBCE842254624441C2DD512D9CB807
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2731A4CCC96E9CB3A03DDF0D9E2C37EF	676E1C1EDCFDE45C23D85297553FEE49F0BF41DE	4565DCD4090BC177A8088B8D379DB46CCF4CC4E5A114FBEBA37ED8F3C00D7A0C
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8066681170EFCF4ACBADFD81EF88AB5B	E06417CEF84543E42112FAE8562EDFE02FFEC550	FB604A783FCD6D7E40E29E2F8734FC8E2B5348096D70C7224A2E8869E2FDBF11
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	656A22818A3614C86178D8B779C9255A	88C270AA54C644FEE387DEFCD131C713EC7E97F3	FB31396D475821FFBE82BB73F3E5F0775946EE5FB1CBA7BE7447E5344069F9CC
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	930ACE7C4EB8BF380EEDF2E77251939B	F2C24A4CD64B482AAB77F856C66DD4D3D119CAFC	EB74C8B027BCA4324B5EF45E2DE4A1BA16594D62378F8673FE0AFF7C34169FC8
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2D91C633571B8B5F4B202A37E969F09C	50AB951E88EF6B22ADBB0C10DE4A09C8DF581CCA	93E1DFE4E2FC3768BDA431073FD36F2470EC978706F0C80CA8E6C7A53477AD05
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3EB64AB45E271200CADD9066FA00B74C	B7AE9F597274536E3D33AF69F198DE81777211AD	79586347A2D42377C05D16FD8C6BCA587E7298ADB194FCAE2FFD12075BA9190E
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9A1F36087102D009429C5D8DD7BF1406	6BDCAB6FAF6BA1FEE455BC203EBB4FDF94CB5FAD	1D1F32307115DF05EB1B165D2345C487A91183B6878DD16BBED3ECDB78655BCE
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C7206932C09792C62B788A210C40C53D	66922BA049283B9FB475A380DEF6A6CB37B66081	E5BA1016D2A47B76A364D291B8B195AF75AC0B59984E8F19E9308650514D1EDE
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	06DA941C9A853D76DA096788409A3D07	DA6831B0D6BEE358490DF4629785A03AFDA16258	DFE286E6E6C9539EFC3684F01FF1A479F03D78F1F600FFCDF0AEE0AF15B6B1FF
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	12E9C99ECE32E7EA920A29D3BF159BE8	E0AAF54F0FD1303CBE8C3BF836DF556D3B67F5F0	79E340D32397D4F2AB5426D217876E197FA51D8E24FDA9C1DB812858C92C3884
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7BB6F70A4D71D8FA0CD52DA362FD98C4	3980507EF8F236ACF5337EC18CD2D7F545AF879F	FE5D12CC7410D0FB55F44783FA88BECB75468C1B62716842ABD7DD8AF7CF7CC2
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1278C30C22FFADC9015898D2B34715BE	9CFAF220B495430D1BAFD79D08CE1BBA1F2A212F	93BCC870A63B413EBE4E495A598B62E944AB79F72174EAA329C04AF740A8C119
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	291EDF3D851B545101BADF0959A95B75	C3734E764B0CF776DADBC40D7DEE1B8AE1EAFD6B	B9A14D5A8A3AF47586B5723234B49F91650F9755E0DB33A2EC17DB7823087E97
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2F960B1D353ED6F0CF2361798E6808EE	7703F1EB70C4EC78278710C8F2C38BFC204C399B	01029738336C7B463D9ABF6E84F15414E71659D09D52A41CACDF2C91542FFEB2
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F9D0683B7A0A66EB1F1D391608BC5568	8D8942F72179969B519CEC14B5418A0D3FCB0C73	F79D7421F91A85E3EFF2376B8417B37DDC6BBB97B8F2E62168C7BE7049CFAE56
C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EF8B8C705E718D905E618EF4EED6F9E5	03BBD3FB24312BA61DA5FDCD689A375D10C8DB23	16ACBBBAF1E7218FF6EC83C4D6EBEC780FDE925C8A28F0C61CD2D42AFB92EFCE
C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2BC1BF1277048D989EFE2CB70DDE0A9F	85AF23631031DFBF2752FBDB0644EFF5EA308919	BF1ED764545B7549BE0B197E843A6907E3578315E053A5B130A28DBC7C9677E0
C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D6A6AD1098DB2A23696DF96F4EF488EE	1EF6A533DD28DA2524F1B07C90A11FC91306FC73	46A00616D6143199E618221CC5A74418CF109CD7EF6C1E252F7BDD7BC86E1265
C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	410BCA37BD66EFEB9F78600A7273E4AE	40085386AA8B01CB2614AB072632D713C0D2D677	1CC91D1B565906105841B22E75FC02B9C1648BAA125448E60336F1A02ABB0297
C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4D122D053F766CBB8CFD1CF1D28AB0AC	4264E5C2F1FBE752C8EAB45F6CBBFA4F7030EF4A	6E27C7F56FEE6EB63A3145857AFEA3130B6F958453A762D34CD457B9B242B228
C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6C6E66636F44F0BA41504AC97FCF38B9	08316EBA2CA7E1FE67EE68B4AE577252DE86DCBC	6B1D53BEB37DFF8BE5DC6836D6B51B63281843E6833183598A3491E6516A43CE
C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	04B9B1929DCE98AA72AACF7967EAADCF	7E469552C569DDB6F6ABFACC91A8C9B5572B7EE0	947B451A3BDF69591C52EC74FE97C30DFA6EBFEA2093F3558410006545DC5790
C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ACDE4540A46E8789A74372780D337479	88F69DB0BC2E7A7AB93718DB5BC5C890C19F2899	3160C1DD9553942736B9D8837245943EA383B5EF20927DCD67922633BD6D3A76
C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	144ACDC513EA1DA3AED524EB6FF73B2E	4CF52EE567F53BE2A8B2894A1C7651887134987C	2FBF2850B2C136469D63F43049EDF9731454416F308D5E4EBFF472ED92DF1926
C:\ProgramData\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	036025A6F8C9C2078A51AABB197FFE1A	C8980FE9FDAB3415AA7027E8752E670A3448D41C	C791CAB7D97523F465212A13D48F148AB03FDDB8178FC5A157AAA93FA8992D79
C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	33C5490675CC3FC1892E95EA5EEDEC4F	53860CAA103CC916EAF085E3646BD2490A0AE76D	DCC0A62F05FDEFF6E56D5600ADB4A97614775A050471E093087FF3E192B00A01
C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DB112C0AFC49AF9CBA1E8C6791B3C18A	C96BEF8A85765ECD198FACA27677F96985E5F779	33DF587CCFAA03AFB0DFB0B54887500ED90AA7C0CD7E3BD33C35150EB8958EE0
C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C08748858AA06D1FC5289C75621D6C24	A3E4BA7508484713F1E0F5C0829284669C2E7ACF	959AB002FC89BA3B8058CE16F73AE29FFE0CFF982309A5216E6EA75088CD5B64
C:\ProgramData\Microsoft\User Account Pictures\defaultuser0.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DB5664032ACBBD48F8812222538787EA	DADB306A5E7FC7F5DEDC2FA9CE25E6F7F89063C5	9714626D8E07528D5376C60714D22AAF288F3F3837A7A63516953CCA375429D6
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2FCAA8807DFCDB07A8138CA7349256E1	F1F592510BC32459FAB352561DFF449D189A0797	867DD61C94B603BD9655AEB9E2607DBACBA1C97B74AB3776EC7312C17D0175B7
C:\ProgramData\Microsoft\User Account Pictures\guest.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2F75B1314F1597686FFD9929234938BC	AF21663861B815D6A62478BD6F09EAE5E5C8C42D	F8D878619016F16B445276F09746178961CB116A4FC8DA60E7E1DD897E3F817F
C:\ProgramData\Microsoft\User Account Pictures\hardz.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1F562AF8F9462D8B038CCE786497C579	1776379FAA6A3F71A4C4E03F205B7879B45B32BF	4440FB8FD98B976F481CD725C7D4B6330A60D7A2CB332C8EFB269B7B399A2758
C:\ProgramData\Microsoft\User Account Pictures\jones.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	21382D78A753D4C1FDAB270F3A13AC08	EB85EBE1CE58C7849BFE800A4B2480A3D75FEAFB	60E5E9480A2B5080AB7F719E4E9E86F681D9D7D2B8C74B693CCA520BFE47059C
C:\ProgramData\Microsoft\User Account Pictures\user-32.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	73425BB4AEBA52F5448F5EE96EFFA5FA	0F4BADB9D178EC44F72D58F0D327BF99FD018AD3	23B83467D09C7584FD70F1350AF66F6343305E129A499BEF59328B8E8BDF232B
C:\ProgramData\Microsoft\User Account Pictures\user-40.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E0DD0B942FF2003B4761817318124CBE	893D089AA89B64F02AB0D178F402AB7AD7E0C155	7B26564250E17BC7609B8D472442C2D4BD2EA0AC3876DE79C8B356B4F4224250
C:\ProgramData\Microsoft\User Account Pictures\user-48.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6B7F50F3D6194F924F3DDA69B49A55F8	285E967FEB4476DE87899F0C9C545A843C7EB9E5	C7ECB022EBA787A26D605163DD9F111C8A8E708C26F650974D13AF568990B7DE
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9585F2F8C5AC4BA952B2592246ACE878	887CE5A3260C57FAA210A21D11E9610100AD8104	ED8F3A8B7865B46A1C9B4F414B4A27174E45E69D4C511F5825B00649C48D335A
C:\ProgramData\Microsoft\User Account Pictures\user.png.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2D06350B0D62F48E529CFB97F4676F93	D5DDA861490DD01AC67DD0420765A148A89462CE	0630102EA2E7661C00838DDE85B584E2729F4FA6115E9960418267376026D120
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8FFAD76076F62610B84B094A14C58263	895C955C84691A9210632BB6E2B3867F757C59E3	5069762298511266934C84F7BA67FC268117F32B39A3926BD69E9AFB1B870728
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A88FB349C04B46A0D9A9A9F4215501A7	B1982122B143409B994DF9FBF4768C052592EE2B	74333E0B56E3D7D7F6BA7184EA598C472B750A423A0DC33700B8B2E967A03973
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	39D129F93EC7544AED7D48DAABEFDF74	BA3B8418745E45A6917EF222F6A6C6A3432CCBCD	5FFE54B25B82BFC523FF99E2119239272B368238BC0A1179BF762D8FF16CCBDC
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	86437595A705295D923CC3FABCD74252	D67C83FA5EB396A466A9161023765AD1A99F5036	07DFCB13A587E6D2B0F0916F49CB29CB792EBFAABA190F9507E4E5B5CE8BB9F2
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E6A29BE0E5526FEFA8D5D7D5FA462783	6E7999706F49406FC7A65073051A376BBA4CD2D1	415597A97D04C2F653F8E36D01AA79C67209BFB5C88FD05672749C555A80B915
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BF447EA60DA59EA18652BB5C804C7E1E	DBAC67CC58F91C9802F77A3F521EFAF895547160	C1F5756FE2827B9C9BB85FDDB8B93833CD1FE07ADAA233E80DCCC5A5BCA713A8
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BF4E754FF00357682052A38591AC6CFD	0F9C83176BBFFA4907003AE0B897D9F1EC024E15	E02C760CF11C9023C86E783C689EED5384FA6E7B487004F3806994C1DB124259
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4C8000EE85E8706CE4C1ECFF84B0E018	69A2215334CF1B056A8FA515BBE2FDD4CD0635AD	CC4E1B4141A3161D9B648C19EE96065AC0C580FAD837A1BA6D01723EC7639703
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1DB58F605E4B719BA9162CDD73F2201F	A3EDC491B330EA2CA097A28AFD4F64230B8C7FE7	83BFA15D19E81CA8AA95950F0AD3D7E33EA3C35C146C496A38911229B3CD0989
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8B4FED895CC0488DB308B3C6BF9F1582	8C4DCDBBF7A727CDE14CE352E1D666136A19D5FB	BA63CB334AD833262C8E4E7BDD5F6B586DCA0B555EDE706BE3E8A743F841B54F
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	967FFE7DE2052DBBCDB10A7E148CBE23	32813E205579816684214FCE03DC6F41FF43EE06	A6B86226DE4DB9978FFA38DCD51E148D5121CDB45D56448455A2128B09E35FBA
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F6FD1ED283FEB845DAD0FF6A7D5AC5D8	AB1FAF3FAD113D072F5707ACE6E8BB7188A57B6B	EE2C4880B029494006408D1778AC8E0EDAABA1482704D839922003CCD4A753C2
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpuser.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	259CE1E1E48F5B5F5390BD3754A6F79A	7BC0BAA910E1FB2D27FD14EA389A259F80317923	C88886540BE911DC09A095AE5BC8FCD40B5D1A4A4713886D6C59C030DA80FA2F
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpuser.lkg.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	81E9157F89226A7C5083D428563023FC	01D6700771710B66168D13F9D8507E6D160ED2F4	7DCDF334BDD4CA5134B6FC39FB70FC4DB710E2FDEB8E5C61553B4DDB2C11F701
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\StableuserEtwLocation\mpuser_etw.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	16358C112FE06312874EB5F145B9CD87	EB510EB1D3232AD4E88DBC2E05BD317DAEA04D6D	3CEA558A5A9156F6517C8CBDA440ABB39BC91DA8977DA001B92379BB5CC9802B
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpasdlta.vdm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D7609C727884C5AE91CB42D8B880C700	CE29FC40F409B66E368EC30210D9BDA1729E1CD2	F651C53F71DAEE2CA4282A370D27F7672B5C77EB8F803BC84D07924F85FE00B1
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpavdlta.vdm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	90D6F7F8A2A4AA147B8A47930FEAD44A	9104AA35D71E6D7C5D79BDDCD0137D7B0E7C4998	A86CDE628D7097A87F4BB62BAAD2CB12D745F74766F43D08D95E13F0465C75A4
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62FC919B-273C-468F-973F-F41E1BBA604A}\mpuser.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	993E117AD3C230ED5C972A3D96056EE5	E69CC642A5C74632111960E8CBD2C88B627E842C	DF2FFFF638251E0AFB88FD92BCCE04449C85F9C3599698696CE127A9225F0DFA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Catalogs\IGD.CAT.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2904255224E3B3FBB1E5CF6D5866322D	CF0176B885E2C6329CBBB7DDF1F1E337EDDE6E72	AC916CF5AE0BBF1E0621ACF43560961B77DB961A3105055BC5D13BBAD736B9E5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\DefenderCSP.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	922141FBFE70F9C3940A832124093457	0E40919F1DCD7C145291CB85E87D3BCF6F098C4A	6160437A5FDC2F25B432EDC26E25E08C20AC8D40DD0CF4DEC8449B59ECA6F94F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdBoot.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	45A5EDC06C6113A4D43C716F886BC662	5BFC659AA900541378D821E52F0ED0B2207F98E8	161D290BBF1FC93E4772C1CEA2DDD6CCBD68911B13D3976CE997997F628E1C77
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	67122D32AD609D99425BE1EFAE99C148	D3326480C8AB78C3F65539D1823172EC8E662F6E	D061782C64C26EE81181F51E779CA97E5AF8C1C2CB3EF2F49C233D982E804DCB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdFilter.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	12F0AEAB013A3A3D1BF55AA3160133B4	4D4EA3F9DDA2948770ECA4DF3BCAA6B88738EB37	B3F6E17CDBB272B523ED2E40CC209B1C6E408F67997D0E4A58DF0386B37B633E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-AMFilter.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3D778E5F01DAD03B7CF0EC69E65C769A	A6DE66A8AA525740875CC1E6F5A88A89C83DCD3A	1C752FD66E2519B86446ACF4717CC5A15F5DAD859BEB3E639211DB86EC385C29
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-NIS.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	63C727EBC98B4F3AD9A7D83C85F0BD3A	894F3059E56CC05118040FFBFF677EBC0026CF6D	58A09DC1D81A75A673BDF1473C66CF4B6616DE24611D88C58A67BB189C20496B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-Protection.man.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	700E9287EC5567F8A6B4E83D3AE97EC8	7E87A169CDC7B9967D52357A28F6352C8BC5FF14	1099FD693E7D27F935DC40EFACBF49AF2AC3F732D7CBE2CDC2485B324B282614
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-Protection.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	575318EFB5F86D6ACD46F340F34045A9	F9A4B4C4BDD52328A6B50A46E4AF0DFF7E1D94B5	142022DC792363341FC7DFC1D0CA89E57B3671D52368F70427B42FAD1F7F30BD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-RTP.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F48FEBD0C2E58A40E32ED3BA57A65405	EBBCAC0BB0F60AC2943540512C9341E445C9E55F	22FBD86DB4280F80CACA434A30CB848C8DD8BE852904946AFA5DD93C20A23985
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-Service.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2BC9BFC8C773304A8E32E5A419407673	463CB94B05E46B0E5F17B603A9DF5FF6E0CCBD93	0C261A0E27AD9E6D2BFC97585535DF6AE19790B70E060CF526B16694E368804B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Windows-Windows Defender.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4B29BCEAA6B8514FF7D00A3FB53D6078	5F4DDAC865877537EC02A76C72249D82175A75BA	07F39E7E02B274EA56B0E004BE37353A88BB6258D058399451D97158249021B2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ED1510D2E460E7D587565DF36589ED88	5B24ED923D019AA7F1EE0558027161CD4E9F95B4	8F7EE4BC554BB27569D4C225B3475F92A7A327F24595F3FB8AFFC87CE48A73DC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EB259FA33D8C729AFEC4F207631A6B7A	D6F127670D81CCC0B3F5F9C881E03FAB33725CED	20D4A775B0E0005081876319C2AB1D0197FEDED858A6642ADFFDB794737F1979
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	59E97D8A22B98BF06353ECB1E8E91740	141D2C1A7D56CE10BD2393AFF28B1A7D1CFC40D6	9B059273EF6906BF80BA1A57A166278AC4390116237F9DECDD8F0C3CEC8B168A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D222447B1761189B312DB393F5B4C4CF	844D2BB7E67309189206EBFE6953181BD0EB9E5D	1416B224CFCF476A6D78E63625F208283366667FF8BA2A73FD7FCE3EAE57F7AA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7354B68A4FC2C211534617B7C4429AC6	D7C85A2854D2544B7A8F0B34DA5F46F47008F43E	07721CD253EA45F4BB80AE4E492EF558865C08C57C1F2E38544651876F1A6022
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1F7120C6E62BE0BA7399B5B5032AD7AC	78A1E90D86BC7121E4117744E7BFD920090D780A	6EE989679160991ACDBE76A0BA6B81BCED9B14B85D35C4BA446D936F022DA3CE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1195D3E5BB67B32BCEF1EC85A3D8BD0D	9D25579A64A2F4507D9189CAFA00003E9BF5230F	819C306E3EB2741CD3F127D7057196A1CCCA980041BEB8AF31919872D5D44E9E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D3F9C293211C4E59825D72FD793B0038	36D15AA5F837194F107625EB19FA4321A074CBB6	82CEBF1305B8FD2E2FA7A97DAE6C00624D2B1B20DDAA63286944BD8C92A54503
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5D0274733941EFF1B7728538D963CEE7	20D04D32507ED3FC735CDBD8C0C1FF037982EADD	125ACB89226B73C9ABDAF774563594CADEA3A27055E6758474F2CFB52EE1123A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8BD7C3A84393E1DBAF67585C656C1E47	71EC491A70D9AA9DF77B6FD98450768014D49D15	AC6E88D62879A7D2205BB31AF12EC510E785EEBE812DC8AB30CD77263A8CE116
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B612A3743C43B8F7E1230C75DC14864F	0A75D13E50CC67E341BB1B2E75194C89C1F7F93B	9961F4ED4FFAD4E043CDBF5549D0F6643FB3CBD4D70B838FEDB2075FB832C646
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D8B12AAA6A269B3F0E881C53A2864211	FAA774BC72EA93159D389AD9EA5481A0A642C5C4	8A49DD67754EF8013340554F88227772D26A890E964883DFA0A11925A34ABC0C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSvc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4D56941817551113696D9E42831AEED0	B16A45B0393821121E883C8780E22D5AA546E085	E4027B7959802E583B60AE7BEE286104CAFD0D89EB0525BB14EDBF05A33EE709
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C975815A0E41B87D1EB1751C6D575C8B	969AEBB92FAD6E2B3D4C9A6BC9D350689E81EF73	973EE764862B845EEDA46A723C5E515652703D3E73C2A820460F711CD85732EB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	54D8701D172562A4C5D53C6F51C920D4	A3C7FE14DD1817E6A35DC7700247CDEC2557DBA8	5EE74D0C51FC23362BECE2DBD9CA8373AA5513F8273EF1EE9657C93E2F496AD0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	42F0CA30A974B705A6E842C4214FBD5E	FDBAFEE0F073E9E4545087D46A5073B1B4831B39	1C6D267CB5386BB619607D6602BCC29E21F7172C62A31671A8E6408E180E1CBE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A4FC2F3898417F6B9D306E687642E786	AFE6883ADB1295585B6A0EC1BBE5A49019523308	80B5869E158664353160812DAC89C262BEF0D8A73603819C79A49895BA21483E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1632DF7BF0F7D148F63E7680B4426E73	49886DECDF9F08146D6503D0D844BD1337A81B01	B907940D4CAF6482A8F7F38997FBDE9AE90F00878AB9FDCD26F95FC170BF1D6F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\Defender.psd1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DC352622869E51456C5B9CADB7EB490B	AC7FA3AA2454624E3A4E8A6A11602C06EED561B7	830D46F0A3D1163CCCE66CEB2D8AE910001CAF978E0554D41B45E561DBE94126
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\DefenderPerformance.psd1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BA002D2B23D2B3A9B3BB6EECA8D02675	97E37FFFE9FFC15A62FBF157B8D9605A07FC5529	1F45E833FB69B66494B652A0FE19E4BA823104CC9A5BC40ECAF319774E98E590
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpComputerStatus.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	06F28D9624E8A5CF16192124B511C686	7081C773B72FE3919BC25FCBCC7290C94EB696E2	581FACFCF86DA294E4AFC72D4970FEC2D97A306CAB54B4FEA814ED1AA152311D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.psm1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A957B5AF7D4F087D760C17D31926803A	D63D4157DA322F6DE0DD32A48371B70FE5923BCF	C2FE1EBFFD5153DA0AFB15CF20BE6E74E33843F6ED0913E57F920A408089257F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.wprp.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8305C4E828FE0E24AFC6F0848EEB827F	8CD663E2BD7F6D43E1E01CDF74795BDED8BE804A	41B6C9122F7D3D5C7175C4A1D16F292C549D04566E590B939AB0960BDD15F27A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceRecording.wprp.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EC8B8D3B39297379E7C5A74E7A7C1248	EE8369196C83469202D51B4CED320FD7108D150F	DB902D48DE33BCDA3EB4D4517A07E682B7D6E3FEDFDACFB4C0D22E5ED2160415
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	371762702E41CDA096EAFFD373BEF136	C3EC557F3B1E7239DBD5B84394AC8F494D34E95D	B251915F8E2C5D2E9D3B8DE7272BC0E3E7F7637164855752AEBD36EB212917B2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPreference.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3135A9B78277468C59A2DC0A25010CFB	5F483959BE8F085E86BBA8DF73491B8727642A08	17752F6040F4651971D791897183253BBC927B6FC3B21C0587C8887043EC0C5E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpRollback.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EDEDE1DF4A1B99D1E9CE3E0D22063DDC	3263B33D40F86959F4F670D717AEAEE2D51E93A1	02396C54F19B7F15D2E643B81A6BA84E9ECE6D3C00D221E2969AA19F6ACB347C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5A4BF8E2CE27EB3178CBDFD2D7385235	BA13AE0B20C8EFD1C3CD3F3C685967D757404AAE	C2D351778FB288E1E4A4E79948D51501CA6406DEE10FA3556728E086C95FE10C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpSignature.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	92F1DEF781956CC3E6B3E520757B7728	A4054A9F79AA82C870487D09C25851A51B1BC7BD	1E57C593E9C051146F0DED3965DBEA1DF2E6ED34D7BCE4E5A7E4AA4AB8F9792F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreat.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D0734AE2386841A38F7A893F0798072D	BCE5078501FD3AA8CB595146B1CB74D4335C14E6	ADCA9BA31B4951AAFDC8875EA0BD76BB0B8098FBA931CDA5462D57A47B7FAFB7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreatCatalog.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1E4DB07255A7DB9EEB8859A089BC1442	E1F004AA6F66970371FE7789B32C290A63858FA6	2EA5182C3B95AD7057CAC18B0F7CB5CEEB6798FDE5C4B13BC99E5341509EEB91
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreatDetection.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	62FECBC9314C462FC4BDA17968123A8B	77107E4A72560809B54220AF77F7068563A70CD0	FA2F5F62D9B2F32F999C00F216F6C19ECCC677D6F2BF7E8694B608740FFDD155
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpWDOScan.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4856B71F2BD4D27E055DB1506100FAF5	665190147660ED3503005BAD407375379F5077F3	677883DA031EC7F742405E3646E613319E6951D000568571EBFF51012265AA76
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0643BED6EB0BAA467FC15A58896D0607	31A86CE1B4011BBE75D6C86D5EEBF62EAE2C7A85	234AA668784A65665A6BBC7606DE9E360774A1818CD823A252CB4F7B05175C07
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement.mof.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	939DE06EC93EAD2B40B088EA6C304596	71EFE4CA938E6A4124C9812F8B24478A2934C108	68B0D01A5EEE2918D52DFC9AD41FDEBA9592C87560F8432F03E46649D3AFEBAD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement_Uninstall.mof.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E092C29AEF860362466529B75B9FF1C2	CCEF888172A8A3C86F0A35B4E606B567D8AA1E94	E25019B5508CD14E0985F75180CB087AB2ADDFE48E804775DA0BB97013BBD76B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement_Uninstall.mof.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D39440618F99F1B6BFD8535316F62AB5	38FFE544483F12EAD6F4E4635036292CA7FC1C24	A3989380A8E4A4DA0B91D1609CF6D7077CB487C5207EB5FC4B1306B14C233720
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EF930D5DFCFBE14B086A9DAF3D82A5F2	2A2DB1E46AC99DEBEFB85F2EFB726ECD499E24E1	ADEE7D0092FED1E2BAFADA301EC5E444D5B10EB792E14C91B9C17A8504A26747
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3524166D55A42B749A5DACEFEED99703	1470B157DE367F8193D398155E98E314534B9958	0FF16CF22896A4F655F220E6B20B757E7FDA6697357F3F6A9FB35CF84715A665
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpClient.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A8306A2034727C652FB66390DF8721D8	E51A55EC3271A8F3C81D7CB178E1F1E9EBB9C9D5	D3A3270178AA09CE29C4DCA94061C192DAC6C34D14B5180B0DA11855C824AC3C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C16AE8469AA986629475A9FCF4524BE0	4772FE4CF5BBFFE60D4AE5927EA6AEBD75D17EB3	94D9C57103248EFB94948649ABA9AD382CFCDB223495FC897E14B3D044E2784E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetours.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	551BA3979F526FCE743BEA33C7B9A21C	EB5C9C8ED96F80AEDCDEF21A4C26A5B8FEB57155	6FD3F8B8B539ADBDB8C61E7C32FAB6EC65BDC493D63C819F246E2C15B5B496BB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetoursCopyAccelerator.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	785047D42D40192A76FADEAF0D74F478	E0823C4097FB959C6CC64FB8D0296CB9C4CFC94E	B7098572A18E87621B2E6A36829BEAB5B2B8B72434440B6563444CA8FE273B3E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpOAV.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7F47C5FE339FB16B3A4C93A6EC0FE6D3	232405682D304FA885EF1E1ED92B68D809372511	9AEC4FDEEBB5E0B2A4C84AD8A4438929239AE8E2002971E9C4F92CF5012F185C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F417CDC74259BAF3F75C07725F9A5AF6	D8E61D145C0A8BA582705200A3C49431DA26B881	23DFE0ED03A2666C186D5F9498C58167F809065AD5BA71B90ACB81566C6E417D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	31ECC6369089DBDE05D0DD3A80DFE51F	D6621FCEA656A7C0B65A13023F69A9E3523B84F5	E2DECB57B14917C1F3524CD3E9BD0A283ECC5DC2B8620AB2F694CC9EBC3C645B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-US\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C6EEDE457653BDA7B5701BA88EA201A6	FEF8EEBC3EAEA6788DD0C029608D28F855A13788	068DC5B53AD2A4938646CA9C09F758E55B47242C58EFA8518F25338C24C107F9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7B3CEB20E0F83D83837ED587112D2EA3	37C9BFF58737F1E8E42A08B5EE6877E6184EB3CB	E1BDCC200B1182658E49075FD97C63EDFB93BFB3222E63F01DEF4900F591DD81
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	845E13676A0800B18E42DB05A5B48F5F	8C4C2A7CC916A593958119D44AB1C692A3D248A0	4083F9D026F2DC38B7076EA812EC9D50E7BB5C581542CB7EB660B2D7379CFA25
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3A270AF48D919A60E297A518F74341B9	CBFDE2E04C3B922177607A0BACE6B7B3A1A1BBD3	86D777D5C5B211B1E2CC7D3D865AD96D11DFC9EEAE0625F564034059C380DD52
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BBC76624B75DFBBE540CEC84D19CD07C	43266EA2561ACBD30111ADFFCD1C481FEDD43A85	D8D5749FAAEF5112E61BA56BDF88BBC9E29B0876929BF9C00B413AC1C00B40B5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9B394AC5B4BB988DA3BBD3AE98C6D987	BB2E044C8A9B601C5FD64063DB03C7C0847C8494	789BE48A8E8B2EE404781D876A93578962EACFA40336B648D54BEB5BA712244E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\as-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FA6C4069E9C9AEBAB64355D77A0508EC	63454776CF57455D7B5B7A16834F7FB066904280	3C7DCE204678CFDD5174CD0C30550616308775B4B47A1C4C74D300F5ED5AFA8F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F1E541506867507579473F5FFEC1B846	5793054F7E26CA316C78B1BE76A3148179315329	016012AF9A0DB0195F2415A3EB584CEBB914D58C2680B85413F1CE2DE8136E1F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0295E0F248FF079AA661639D2D447B6E	1010C0EEE548B0BBD23C0E9F562909FAF0B54178	45071677E571BA08BDC735396653842AC966C70D28D738CE39F49D9D55DBD20B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bn-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D2870B5B0EC43091D3E4DB676CA00BE6	E79F97E913EECF4C11B5C9915C1FECFADBFAC475	9D4DF58FD541A689CD7AA531D3DF349529477EA2485FBE03216F13AB301D887C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bs-Latn-BA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A610DBB330BD94E3816CE80D3E9F7AEA	193F7345E6AB5E2563DF0C6FF13776D95811611F	EE92F94232C75AA978D30ADB86A224AC035938A77A4A965FCD5CCCC68D188533
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES-valencia\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	95587BBD205AB871737318E6B7D3DED6	EE1B28B5305246650AC695688BA262208BA6079D	BC2ADD1ED38297EB186299C65466C56CF3ED04AE6A6EB87E121C9C9174458219
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F226A33AAE9C2FD3EE6FFBC06FEE99BD	51015BDE978043D7E6B2D50479788D20CF912E06	5C448837A5E8D83331FB23706B358EC776E197F302120F87393A6FE6BFCFE0CA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A6AE3BD653A52AE719ACB88551399063	F60EFF47945CF9B68263F68483CCAABDC638F55F	5FD46DBF63FB2D81308801ABFBDACF51ABA2B164BB5A2D0FBAC6EED195C7D46B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.chrome.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AB17B121BA6466B04CB0800235F17B32	C41DE12844E18617B92E9D15C988A7968E7AFE89	76E9B83FD8ACF72C6A81089F865534AA0E10E983BA20F23A581E2D3C7A37A33D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.chrome.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0A78746BA889299728BF444520E89694	B7198044D3A9F65945D76FF4DA1F4C87E33E8473	204E52A6F78FB31C7840DBBFA48965D15DD5A5EA423B78074551B25D61985C17
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.firefox.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5AA43B00C3A642C294C95A5739E9B4EA	3234B5862852527EC829FB9392044DD43DE7BE45	7D9202F22743EDE8052EE937DDB3E17A1CDA0CC841467442C03E72434868B698
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.firefox.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	006C144E7BE50432585281AF19E03F3C	22AF414F613CCB69A0B0C5E9E3761564A198D945	15566752C130337636272C94691B172243101217335B217C42820942560008D3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C038CF8EE573A40CE4113F80A7BE9E4C	C6FEA4C4CF025AFC91D805D283E32C3AD63CB5AE	BE3712F762568BEC78DC12C34B7A1AC65D55E0217F513B7A0390D3C6E7E75118
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	32FBCD9D27F106AD9F8874A99A87119A	3873951AD072B2583B58005DAC402C953C32C0F9	81531CB3A48476016568D17ED3445E1466319F9FDAE8D2746067C0BB5015612D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	692B3622B9D60E665E760D61EAB9360B	432B68EBAB8E0E7DD0E82298802F89EC3DDD9782	25D3119971F28A94EBFBC9EEE1C214C4D5B5C4466AA19F172AB8306BC0C2653B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cy-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8585497BAEF60670DA47FB93772E26F9	D2C4DFA5A1BFD577CE8D9B9EC458BE95003F7EE1	6EB179A702260C20B6C15064C4F9401CB673B9D460520E00889A98C4DC0C1F8C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9EDF7DAC6089439C0BEF9B0737275A44	10C01B5D75C492ECD6ABCBC0252B155855DCB020	2DFA95F0E2A340BF72E6EE3ADE250F4EF868B01A7F030FB33D4D0BBBA3EE26D6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8B8D3A33CB9C24784A210C7AE2E4AC19	0AB704053035C2626BB5C229BA1AF03D5FA7838E	8446BF197D4F207AD675B28FE856F517531AC4F3D39BE79CCC1CBD62A911C648
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EAD732389D81600DE9E44B65592BC29B	7BADF59DBB802BF5FE7B459E94D14554AE3A74F7	8387C51B794B5761CBEF873F7EECCF6B70383D901D67350156A9AC55D9194E0F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	716534DE049EF36B9420E4AD7287AD9F	8B6EAE2689913843E9F564776BDC12A9E95A9A25	5BAE4FEE129FFACF880686C1F1CACB9B840E2593ECC9EBA0A1D2C9D79D462ED3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	39768CF44CB6914E2D965B95A50DD87E	2C2720BB8EB1E09D72534FE576BFF4426F33E114	C62A0CD48FA149A7A27C719A9565257E38356C1ACF55B98412B887145D4442B3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3092C53CB50934E741B79C7E28F4E1E2	41186F7A28FF5B68514DC73914B75173F38B1263	95D82867F74429496D71F44CDFDC065E2C255A0BEE84086A185003841DD33DC4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	52701DA5B38CEE01999A24DF5B3FBE0A	2B8B08A4D100B3D242FFBE5D3D74B1AD7518388E	A4408507CD81D75695E2B2B5DED4EC9DCC24B4FCFFFA9B6B11A622C1D47ADC29
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	318D61377F1C5868BD8558656A7E938C	77C0CEFF12B97E45DA7B52EDB69536B5473A4254	8AA41E59595D25C218E305B70CC6A51C638DA73EEEEC9C1EE6F12E5590D01C98
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0A6E33495F6F5B5B842DF5AD62C278A9	7E661E6CA7471A034649E61CDD69483AD01F3088	4F0C86D5B212CECE9833F0F9F6501CA11ED172BD7633ADBB8D3CEFC38D528800
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	29F477BB7EBF7CAA1957DA193415722B	E86A59561CE166C43C41BFCF3E23A3F52F403731	8AA4FAAD774DD7F2F7127435FF59ACA28523B04CF947E64ABDDA9F87D6DEAD0E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	551C50D89A6E4FF52C561C85991C21E7	9C95F2EE654BE5B7FBE75C88DA3D66FF48D5048C	3257F7E880BB34ABA2DB323D334D044384C5451B5AA957E4B5AF49D0187F67D4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4BEEDD23DBADC0DDC9DF72C4E982134A	CD85E5682F7D992D70655EB56B21532412BE7232	1C5E191ED03E06111B4BB4AEDC5D45797CF0A2983F01DB19B0B8C123AD1BB1BC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	65B9189481DA1309F40235DBE3C0B9C3	E604494202FB8FF4381DCF9D21C749845543D339	BAB8898575C24FE2F289A2950129CF5AEDB0CC68DABC0AC1B42F3A06F99BEEF1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	41A00DCE83D7103DF3250AEDF24C2776	22C0C0B51C7BE1062C8403DAE76DA15DD158670E	224CAB7AD5857900C430F6E15C0FDC598C481AAE9CA15B6E6CA96FE0D72E589D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\endpointdlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	399C0A13465A9E294F5DDE5C66E4D839	6A4C784C48F95C7D1B1CAD1FCBBC8494426D9E99	DE5089C17F935A4ED5135D0559E3B3F6747324659DC50C99CA74952AD414834C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AF051704D8A2F49AAF0CDF47C3F13953	8B01E1F8E994CE5F9F3B0D9D1842CC3E0A67B190	8F3248F213F6B81E6C8986FC4661253C0A0C3711A4071CDDB4D354C42C7C1EAB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ECD3C7516D5BB8190F6D505E46FC995C	DFF7E959C3E4B01887B7CCCEE954118EF9D7575B	344E4C9DA12645EB38DE4FF60F61661137AF34B8573EA74D87619D39764A1DD6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E6277BC56AED85D8409EB486E89BB06D	8D78A240DDAAA0EFF6D76456CE57120E7164871D	C3C67A41B6D4779766276F335AC214A29941AAB9362283D4B77FB003B8954301
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	38BBFF1EA6A7D50C1FCE0F6AD180303B	E70E276D6468B5DAA8B8687E228E79B096C65B1C	C91EBD6A721B5CEF7EAB724A7A2446612A4AC1957C0CAF8F33B7A9855767DDDA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D1808D0C0231C4BD2748E59B3BCE6EFA	1861B0058BB782493B5C2C4476561CA941F0DE03	D53E0A9328845B6FE32B683F8AFECA97C83D27729209294AE9D3BA76C859512A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BA43973125DC7BB0F26F71D226E6F445	338EF5C7B11085E528E8B0F65FD5532980D38BDE	C36114CA13D46DEB454B615B24D818F038DFD3E426AC22202365278D0B7DA771
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E44E29C076F7A464225F5BB9570A97A9	934D0CAB6DBA3A37A9FC92021FB5D47988F8B9D4	FBA51229DC8EFE922440C5223F557C7EF539CBC314F0B7C3009C2C6A60DBD423
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	686CE0DC0A3DF8E3C4C2C1FEB794B8E1	8ED9FA007E34A9B4C85DF842EC25B7B60D2F1011	C9CAB524D3523E627F47C9825604B6CD3FA396B17ACA444A9DBEA25B3F643976
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	431386B591788E606D277B61C844D04E	951C41EE78B9BC0653124634E2C52A57DD20F5F4	DB7595202E26ACC9DBAAFEDB173CDD5BFFF5322D1D8C899EE2F051A48CD1D2CB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9F54A51A8E8A1F04AC2CE519F4004E2F	78185D7D1627B376044C1F9ACC38E89FAEC14685	8D1F532C45D4323EACE69502313623F2192A82B1909D9ECA7E8079035263B1F2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	361BBF416F39597C1E8E2E3FBE6AA7DB	85FB0C935CB04C8C03CDC7833CEE5C75042F48BB	47163F78BEB4DC902B7968EB54BA9576942DFBA4CDC4AF73FC03B2B883503B24
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8032DD2303844841411B30EBA656644E	9D82520133BFE155A7B4E74C2FFD27A6CB6E5477	CBFCE13343B3E5000ED223F462EB7721491D1AC9CBD2EA83D17432D87190CBB1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A88CF4B2EFD41DA2E411906F924DA3BD	32B02905BACB86EC4609D03F6F0011ACED4DA798	3B32ACE1A682303BFDBEF3400BD85FE815C0C3F0C080D73C1858A0CFACED086D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CD2CE319E9BBCD83205827ED6AF68C92	DF7C4C675442B90B830AD8F516DF04336D29D12B	6DBEA158FA2A0DE211AAAABB71D3964FDDA1D7CD71FE6BE201AAD4554D1927CE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	02C6B9247E7F79A7763B53B99E2501B5	84FEE8DBCC00745F348B412948E81C3BFFD1D670	9C01BA4F63BBF66DC0CE0C86CB022A06FD920E72F851CE0BF6748DEE4607D29A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AB008388BEB0C9BAD90197F4ABE02CAC	FA3319093E050099A7C9714888B2B67F7A53C2B9	E489448EC967F29623DD10076C10B0BD965134E41FFB3DF1F26F38150CA60FFD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7609EE109695C53CE23BBE315AA128BB	0A20A81A7C069B4C3E96DD5EF2C4D36A02546900	2AC1E80BC76451DB4AB4B0530D0B9EF692D50C0F2E6554778792E2D35E402886
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	471BEED6E95B36B511E72E97A2A01D0D	0355150F6C8F4E57DAF2E68632051D778B778C77	932D8B960EFFCD5464172579235FE1E2AF39FEB3DB0078C72FBE2750A82C3F5A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4496FA77873820B00CA9264CFCD01289	87598C4F9D1DD8820EA6562762BBC9066EF594CD	CB649FB9F5731B796F645CC034AA18B9709465229282174EB1E0269DC46D7580
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	98E939C4BEBC32A3F52F433C1DC7CBA1	CE3BA52651C274C1651EF99C3B37D48F33CD814F	3CC620FF68CC0E35889A90BE96E23A8CCC1CD034BCA948E61C9A85EA8E1EFAC0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	99ABA21C1AB0A44CCB2F0C644116B671	E50FF7FDD0EAB3E69CD570D26F799EAB1A6CC0F5	C1BE81A3FABD0DBCD5B5E87243C63A52EEFB5094A539DCA910DFA20DEA148F30
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	429AF6264801960F15BBEEAC2BABD5DE	D90A17C1BC722E2ABB75AB0EB8EDC5D0E7017A8A	FE79FDC3B0A7FFB6A582AC66477390951532148C9548178D07FABCFB85C9B3EB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1860CD2E169786BDF141C72EBD05A7A0	CA49886FC0A67F9B8F86804F738DF732F0EB7549	3FBB69E264977F7E80365DBED185F8AA84C7CA5753288D67646EAAF966D5E71F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7EA432F96D318E50D35C7236E95C7B54	9EB66C39E8F33C4497E1EC944AFB3117E91481F7	295F830935260A98BC6CF64849214C55FD47BACA8BD2B55320AE0CC7E8F97055
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	68D054CA992E9AE357DE4D1B40A1643B	8BC44E79989B3E0ACE4DD52C34C0DE4C9F0F9244	CE0710C411E5F2152FB4E42E95A51448257CEF3CAC2CD9AA657215047C08C26B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FC1EF05C492B00386FD48F242BA7237C	7C1CF5CBF275507C8DDCCD23F4AF35B870B90A1B	0A8150E2387B2CBE7668DFE07DDE68C3CAF9B92DAA45BFD4FA13D6029D0FEF5E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3DF665F2F2FF20E78F7E46EE4C613C8C	6CD0AA4EF5E977186FD0833FA0DAFA834EB8DA1B	D75CF75B89D4509E9B32E64DE145270ED90410BD85E90C6EB8488E53174DCF0A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	380E44324AC0F14490CE71B2ABBB46F9	67D7B130EC87E63CD9C0B7E31F53A3EB0ED3D07C	99FA0D61933882F7FF899823080F3013F660D0FEFB82300BEBCE65BA5038B22D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5EDDA5E3257AEC478BB11FC543F5DEE7	64B97460A6558BC07512F4C883FC4A325DC1176B	1058929263C9EEB5CC70D14B4ACD30D64051EEEB214B9FEF750EF5728374466C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	07B4125CF770E419F5F135714E4F9F26	0D21F6DA9E27343872F469E90FE9693D185C6C04	04990C454591FF3471376B5570608A0520AD7808FD85A002579ECA5333DCA37B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	28304001BE96E7F59840CDFBBDB956C6	4F709FAD850747585FC769E4EBD91500A6C4567E	814E56DFE63E95EC8C44D06CD2ACE44AE1411F7A3AE6F4D2C2723A0835103D64
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C85A255D0BCADD0896DC22E33E54484D	97576DEF19180EC84A58D72F25CD4C5CB0CBC217	032D5C215D8407BEBE9C9CED734E4C51BD808955A5A35E18C00BB4AA1AAAE267
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\is-IS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	759956911036136F9B2D94A3831F4EAD	C5D42B5FB75EBA65F0F0FE81CF2EEBBE8552B34B	BF32861C8E644689A8C0EA12838CBDEB81EDDB01C3298C40BF377440C560F87C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1EC2661B7F778576A8CDAE90438833C3	D32FE1D25B4199D4B4E5E7FC97FB524D77D36FFC	5BAE6D2589189603108FEB71B374600F38F9DD5C96B1FBE461729EAF08384AAB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F31F00EA3FDEDE4525F11B2B9B840F4F	17CC01583CA6CBA58BDA81B9DD84650DBD91103B	1CE5254B77F67698504844F2CE51CEDA9DAB59E55D5AA81078F2E0B6C24E1DB2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7077A6A94E46CF7E90227CE334B441BA	9A826B06D865B0F51AEC7E853C3383971740A492	6872EE30D58D3F62204A0F8E4A3C3AD6297C510A525EBDDCF9BF2558629A12FA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	354F6FA61985DE3721AD7A57C1251F47	4D01D5F0458C9E9A52701C0DD509D9F947828ABF	3DA785F4946A2CB4E86865D190330340B64E23E1BCFEC731FAA25523C5176208
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5701083E90BE9B8AA392BE97614B5FA7	405679160ABF84E3270A6F4B394987A20E8E777B	0FCEC5EF28A4931C7010EB534578C3589AB13E99D9A817A58C36964D5A495CE8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	37E939525C2E3DF4147CDC5456AEAC6D	9F97FAC1221D67AE2DD0D0D51C517ACEEC6BBF76	7BA37D62D689722976875C7A4086DD1B7FB08E089003B125D81C72972FA0042C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D7B2DD701D7D06FB7D0FD9D7C72028F3	B4BC603DE2CEAD2A8F2C857491AE9972C2612372	3DE45DC0C7F09F7801BDF27F2E8FCB4C25C4C8903072821608819D686FADE737
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1860CD2E169786BDF141C72EBD05A7A0	CA49886FC0A67F9B8F86804F738DF732F0EB7549	3FBB69E264977F7E80365DBED185F8AA84C7CA5753288D67646EAAF966D5E71F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B85501CE3081906E3E39F937B24FDD04	6B59531290611CC5CD426235291C4C7000A1ED08	22455D0E4ED7FFB4CD57FF7444DBF9C43222E76C61B61FD7017C3D7997531F15
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E644AF77831286D1F70903360A2B1380	26E66568771DA4D688EA811E825EA816BA56952B	466558707BAB432618BB0E4D4144F3909D7BD3A83F26261ABF7716E499F1833E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	971AF43241B2FAC7C792E2B03C2245C8	4AC4D1AA409456FCB6764486153EA11067E1F739	3487D063FAD115905F4D85BDB64465C56E2C22A4990D764AF4EB581B27B67D6A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	66F9196052860272E8F25ACEBF356C70	EE600A9FCE943E05B07C7A5A36572B42B5C57AEC	38FA09BB060095CC43E622201438E5A94B8E18819F87E07F0CDD0986FD9B05D5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	045EA3898DAC6B0BA21B68149AE3B0D7	E2E29CCA3E9C713945876CEB9C7E8BC1D9C69FD8	721E42BEC9F982DA9B357210036E3F8DF4B1F2144835AABD61BCE4565A8F82C7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	313D8F9E8027EEE8A51C2691D62F9C64	6FB95826BF666B7D81210A1C692D720C1BE49C14	BBA19E5B7686069D2F03C8501D9419A55EE38147820CEA83C8B34C247DC93169
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AA04EA9CFEBBB68A75F593626A3EE50A	8DD25D705FF1EB17DF62982338951CCF181400CA	064D64BF675E0AA5ED8368A319727878C502A0DE8B81FF3642AD8C471723C768
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ACC3640012D9CD8F78184CB2FC18603B	4FCA492E9FF80A143F8470D836E1D924BAEBC390	1BBF43CCE7E054F35E76F4EEB805F2D2A8462333F4088D1AC7398FFBE22A6CBB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AD5DEEF4D22048C6D95E696348B0C2E8	1F762DF9A0EC248399164837B0397D29FC6F7A9A	753CEA54960CC5F3BDA796E1BBEE49A07FAF16061C1CC9F02B240CA77A16D295
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B9C548F06AE6C328827EA87C635F7E20	4002A6E68DDCBD4453A286953A0383057ACC8DAD	E154C28A72A4ED0D1F860815D4B73F4A65089CD7FA29FA593827C4E9CEA9611F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2A362DEBD083646C5E6592031B630171	E92EF2ED7541847DCE36ED8CDF31218D99286C7B	13A48A672DC6615AA011D903C9330BA959E7E207C17C529385D4486BAB375356
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A11318834E32BA4D236944DE4C4D2186	BA0363030C7F309A02844180FAC76DDD4AE26035	5218827E14186D9DE1A95C4DFC5DE9C1C5F27C1E55D95AF12566E9A18A59B04B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9E3D45B16737BFE75A7B7CFD33488810	02269F5A4A0FB2F4BB6959C50DAFC49789F30760	B4E0CDC0C45A915CDE6FDE1A2E9F39D9E1E968A3ABE517A44536A9B758953171
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mi-NZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7469693C23DE255AB070E9106B187C5E	C6F6BFAE21AB833246BAD52C14CAC78717B5ADF0	3D38026C7AD9E42F9EECBC34F8BEDA1C6EC92FE3DEC24495256ED1DB8A0151B2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mk-MK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	94DB23304CB32B1E383ED0FEDF78255D	AE3D33CFF1F4354906E4A0331B5FA9B859E26A68	E5CFBDBA6C3788AF9F784BA1B6B733CBD4294C042E69F3C6EAB3FEF08ACA2E1D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C2488BC13CBB063572457DABFE8A0AB6	E9764B5EDDC992FDD7D776083D98D287E9F5DBC1	E8758E3B9B9B2EAAF1CFC03151FD858608E94BA3AB9A5054BED00DE89EBE3D09
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AE1363EEC1D1925B058F1061001FBB91	487CF449195D440479024A9FC683F9095C8B4DE8	01CF6B48F138F12577BE46A85EB9F77F71732A94ADD97AD1A5579902B9B2DF41
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E4FB405001A46834B76B052888A7DB95	3E2656BEFD89326824EA6F61BB0145F1CFDADBC2	3490CE52DD20C8963D7AC18E60FF40BAFC6565902308DB8034CF876646C3DCDE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	515D395B92F54E311DBF4396B5D90614	7CAC55B2C6799E21273FB8F310AD433C705C40CA	939F49AA345DA2791147131187754BEFAEB4420909C41FDFCF64DA9DA801D7AA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7EA62E4A193C3B06D37C408DAEE134C6	97775D6E780172327557B4AF42836F98C1E8CBEA	4FAF0E1D4A896D800DBCC05E4B31C75970A251F78B0705CCB3A79999F57AC6DC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BE55D8FDF72A11AFA0F5F9BC02BB96A4	900C2B31B2DE18CEE8E093646B89F1BA365B25A9	3C11A38EB26F1670F1D3181E7428A66CE1EA6460752CA4F1E4DE19A58F678333
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	00E5662AF74FE75A583016C00BBBDE16	C935598327E1139493A8AE42509635D3A44E3FFB	400CCC2EF3086F86D71A409CAF78074C9777E5A4D9CE3D4E9D1A7C563CAC0D4E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ne-NP\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7E7ECE5A609A784DFB278459E41861E4	38F7976EB35DCCE0C785AFA3F4CEBB7D9BDBA4D9	AFD35F4C44A056E6039D9ED4A2F44A836CE367D1F93E30B0F80F8B836E6E0C70
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	813F5F5EB2858F014101DE0562C7FCFD	CE1EB34F34BE2CD0BE4BA9E5777363BD17CC7740	731B0DE289FB36CE52009F3EADE73171E3710C1ABDCE3D45B19D64D76F40D853
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2D23C98BB02F32D1695C72BF842EC045	7838A203914468FA77A80B988012AF75AB6B6EE7	F1C0A3B6E84B624E6EBDDCDFB89BB45F5FDD5D6F8D0A38ECF988520F97B059C9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9B77CB424B3FAEB66EF5784F5FC62BFA	77D55473D1235AE84A2519FE340E721FFF39B50F	891E9228FF26589E6472FADAC9959CF140F4A1D6AE3DF0D4AE4BF25373123222
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nn-NO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5F9FEC7E6B20BF6D84562600550BCDEF	3E1979CA3CA0CCEE50B0463084FBB1B0F3AA1999	425ECC01760B0D6F5FFEDE2115CE51A1D217566237CA39AEC19A1EDFA5EA7740
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\or-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AB83548B482CB0A4F9585C97CA4806C3	1CA9FF83E17004EA9F3640112C7DEFB82FA43BAF	B0BA00224B47022681A75C5A0BAF5DCCDB9DC28DF074EDA7EE5FBB270466A163
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	15E346997F5A99F46DF84C01D7E095E8	79FAE7D7DC0E48B27DC3EAB5393FF75ECE1D0E26	7D1E16AD607C4D89F92FC64F2443AE5400BDBA51EF2D60175EB2D79F01B07E76
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F0DAF74D945D5B3D3134D21D61E64C0D	2111BC220F81A02E63D74E099996C7E5A4E37699	87CEEF37E9A0DDDB35B8AD153241DF6B27BA97E0C54D9181691BC030BAD79DD4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	543AEA6B82E30CB0442E7DABC2CB7C32	2C8D2C92FABCA41431B24B15FBD61966E1A9094F	12B34216438248AB54F69A2C5BEF790E1CFA3B76193199EBFD5AD7297B8BE0FA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AFD221EC9D88AA39CBFE3C027C3DBAC1	3541F5BAECC3F0AB2132C125151B87B55DED0481	8DA6A09219C97AF5F8AE16871E2BAEDE25C7548601D868B052C350A0B271CD62
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E6D82451A994D3BCE051A3105C7E6A8D	5DD1F218248BC2D748BF9334D4BFC6E922618F13	B5F60FAF15A545A910FB91EFC34A158251545A3153E5CEB7F8A1F1B51A147121
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9D4CC83FEA28C3DCC3CD339E69B71094	6A23BCE2FC5DBA165EC28EF5B9FAA5625B70E7FE	409113E041CDA2C0DDDC253AD9934CCAB37AD731BCBC6D7B38DBD22A51D3A7F6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	37A0CF30A337204AC79F059B50D93DAF	BA5DBDD5AA0DD36A63C23D359B54CDF0C4EAFAD7	6A56FAE0B9D5FCD75EF149C596FC3D6DEF5CDBE11DF27A6F7B1D9C0B1A2F9B56
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	85E422AFEEC7993CB10B01B892A7D98D	01014414FD218772B5C672FA1FB39F763229BC76	6862295A32B812963336A3A831DBAC25A6323B08BC3D66AE7EF4FCA031E10A57
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4C7AAF48DF08D9B565CA640CD3100491	40CF75D783373824F9F35B18A081CF45A048AC2F	844396A7684B6ABEDDF26A41C0483FBAB98123AC2BB764A96488EDA60439C7BE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	104C2819E435C72FFED440152C10B530	5A48A6BF1518CDB5991C9E02DC8ECC4DECC536AF	CD9C2427FF9B9F2E2355CC31BEB5B678B8B5A76BE11EB4554593D95687AEDB18
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\quz-PE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DC87DEB5D638C5932FABB45D565F5C49	5E0F19394E7D929AB0C4AD893F1CADEE39951F08	1D6AE49E947B1CF83FB07C5DED069174D05D6660936444510F5550E5C3004BF9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ro-RO\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E80BECB764E5EDCF510D05A8C5597DE7	E9461381C8376C36EE0B2844EF64CD1C8EE868E1	B24E2217A63058F2B65272057D7264136885B67C4AAA893199190EFFFADF262F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ro-RO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	872EC60C6D1F88F42B63306CB9876D34	9069A11514049749360A462353AE2F96B3D2B105	BFBE7FF26CF63FB5CBC90733A688A5F881486499ED2A5622DE0F05F0D5B10C0E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AE5371BE1D72E200F5E41A5D6BB85D54	790CDA41A34BAFC44B1E49254EFB9DE0AA2CA783	C1D5B19D04D86139C824A1B0A5CE8B44171E0618A08AB205FEFE56BBF6751302
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6F96BC03BABF95060FA9F944FA8F2EBD	495F0848F38165800E0C0BE395D6B58F2AC2A49D	CC7FE13F2D8C7745FBD2A01F99F856F34A7C0E5489981A6A2FEC55615AF2D6AD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B43F8E2EFD38885E5DB618BF927F36F8	D0347C04F9DD940D12EA681D797612A93EBADE1D	2C191DFA417B1BDC26FD136FC1A69641180A59959645809E971DD1848EAC9E34
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5869843A7B53FFC4EA33CB4C0932572B	E3241C3C49D59A992CF254BED5E0708AAD38116F	2FE9719B75F69A7A8A718063FF8C960C2DFEF3A4BD5FD88A769C8D902E136C06
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BCF44ADAB24132A4AC7BF5949710600F	19545504EAFD4897BA096EFFBDF0746B549906A7	83172BD313EDDE83622C33A6F7BA76DEB1D75D7B51961364B58CD07FFCF34257
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FC57F38FE4E17756C1BC393C122F3633	400EE763B8BC88505AD892B1A05A6C343638849F	D9238E87B199CA83756273B1BF07B370181EDE6771FEB5C05E046B0EEF97F6F8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	25B4ECFB074C0470F362B95776ED7269	B466A079F463FEE2890FA937DCF5A528C694295A	32F2BBEF02AB669C7DBCD5C373684D7EF3CD3E127E73E1A7359EF4DD30F6816C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	51266B316C75AAE4D08A2A63C53E81EF	D132A713EE35EE90973224CFCF2BB2F8AC2D39F2	049764D12D9AE9BBE41991FA3ACB1F8735B631DF706D8B17716E912FF8CE9BC4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7DBB5CD48F5DB0CF3D552A7F74E7758D	F6D56E1BB42522F7F8E7697522F235253404AFE6	7E27BE71D5F3C045A7C0B64765E7D9550E410DC0F076F0282A79945EA5AE6943
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-BA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4296F28F4860B1BCDA3D7134D30CDF7D	D80C54103CECCF08294678DF988B684E47B1140D	0645F7FBB12F0AD77ABFB64CAEEF8370EAE92F528CAD293C6922DE859610EFD5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	911709CA1F9EA137B7CBE7E77C6282E5	4BAA43A588ECB577FEEDED0AAA174EB4158259AC	F1FCEBA24F74667D0A2EDF9004572B903F961ADDCD05E13F9397132CC1D1E352
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BA17D4C3FE0ADA3F24FF4FFD37427C5F	560E9B7B36BBDDCCD9763750491401D44F731984	0FACB2F385356B02F7796092C53CD1B8165F7BA1E55EEC53CCBEA542992BF758
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5B71B204048AE0AED9FC6EA4FC1DCD57	D206BE2E1528CB37516C08B0417B10D0F00BF9AF	7A1D15CEA9FDF11C3524EDA80B07C7C3DDB462DD213A1D011D01F14C6E9C1A15
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F2B451AA9D3076952B551B12A4BF6F8B	E6C27788A08AC3AA28AB6F288C98FF5291598F0A	7CE22AFCCD905B9439C6C08B4DFBC84CB4F2E4CEC60CFE7F343E62F03B8EB8FF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	77A8015DD3955D37A01CAD7145FC028A	3E993F138B85DCBB26CEDAB5F59425CE6376E07F	CDD860E2768C3E0107EA3E8BF8A51B9706FCD0A65639EADD03A9AFBB5F19B92F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AA00B70A83E2D18DB813B6300BE07391	24AD1CAEAD70D2FFDBA5969E554E848CE8195452	AE7EE746986802C96E2C867EE5945B340FF3AE1AD242A07ACE85537BCBAE431F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	67E0020DC8B5AC9ADC919C7C6D46A0C5	A83A57D0172B3FE0046102C879587FDDD0D5A97A	C03A7649170A0ADB36E97FFD5F429AFE056CC5AD886B8C744D4C5DFE39DBA4D8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	47A00F5A07D8223CD164E2DB19E90524	8D3472805B9CC3B94FF81974DA65FBDA4C59CBDD	459AA94BC66676B78F5C375E193BB2436DB4C4592194183FB4A478F5D456ECAF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AC553889F2F755B221A0E84DD46B9685	90B002AEE829AA65A2D60F4CE437318645DBBFF2	E59DD2FDBD21D72C52E50C79EFF09B9CC7E80EA01BE170E40A30311D51E186FD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9E0863313FCAB8E3A2B3B1867BDCEBC3	9E0BDA484A3802242F1C4E8B6392B85B6BAEFCD2	7711F1BBD48D221EACF8B21CDF47182F193E68AC93D02B23796AB0DA510A9A8F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DC6B7DA0CC0EF25A51A4BFDF24F581A3	9EF9CA924676AEA1F244EC2F5544BBEEF7E7E1F6	2CC332434D6184E91AB1F4CF7BF44C57048C8AE3E6A9BAE815AB96C962124DD6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A18DFBE07325FD6B9286B410C98B1227	CEEBF8225AD09398B78818BE974C3184EE21A617	2311B78B7E78FC8379FC32154E10F486BDA74C123334A6854DAA03A63C2E2D66
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C8F703077B949A33263448E0A4BB074A	262F0C6C7E2EFF63F06525C3B755FBAB84CF9FFC	C86741E7355B69A0B76119776507DE8D2AEB69A37722DE2CC5981E02223194FA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	77FA8634D03A0AD4AE012152FA1C3945	010D048BC9D654C641E10BEA1D97753BB2BE1AA5	611C5BE5B6A082D62C3BC8D7A540219610798EADBA6F146614D9EB162376FB16
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F75D55765AFBD6D9318CA26D481D16B8	EF17D650E83F10C4AE9203DBAE386CD15D447897	BC2FC2FBC6076F82FA60292D6473EC2B0D21B984ED58070D66BF2231F82B67A1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A764F8C11570BD8BBD237F962B38FFE4	C3CBC5C21CFD9820364745F07B5054599F0892BD	09C03AAD18904F97ED34517E9D3A91A863DBFC4C68D0776C3D900F9EE3B6F0A6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5DDAE8B35697B86334E9A34856C65C7E	52FE56E419E821E6A32F64C935C584517FFDF4F1	9326FE771E00E3ACF1362AEBDA8C4C1E94BF053CA3017ECFA44B83FF51F3C01F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9429C0C7111547C31921B1CEB56FCE4F	4831A145C2AE7C2C98CC8DDD321840362E05BD85	081E1CB54B77127C05CE681860DD3CE98D5D7FBBD486CB4377071EA8BA6A88B4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B011BEDED97471FF13CF6FB9357EA580	69DA6291DB9D4485391BDA28D1A3DB2296F7DF17	B92D7709F3BFDC27AB37C41E21F6FC0FE44FFFC7F4DFBBC933C57115350E3F73
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	90758D2317389CB40BEACA1F8BBBAA35	298F2EC81A36D31F0E0FC3E9F5BD5A181054890B	9C65CB7ED9BC8331B9F2F1D0FBB86570554C4C2E8CD8753B927205E6441752A1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EED6E722DECC8D8E67515D3D1993479E	CAA1A942BCB0FA9C97537A4DE68ADD38F4DD4098	0942D2D473EFB321ACE1F134DDCB0994E88955F063D77092C6703EC27FB64BB9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BC2DEE82CBEA4EEA5C3FF2B65756E211	43883CC67B7310FB6B38BD5A9D02BE69F3BE0BA7	37F6EC1248B53E4FE0DB932BCD92B2FE1D373D7431F9B4D4EAF8CC213DF0C96B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E62A73F1F4CD46F974E053498EEEDEEC	EBC1C32B0C3B74CD1E6545B5324A0048B19D2259	7B8DC07F37C52DE16D93C6DD135E86EBD12375E4A441A730E27C399448DF4957
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	549F0BA44941BBBDFE61CABCFEF24443	EBF5D7702C1FE9A018576A6EC969F9E4FD987C43	3E7D54E50FF6E6A448771655EFF4B76F597993DD1DFFE23DE38A04BF26999A84
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DED04942D84E085A27459518AFA8D8E5	AFC1406B1849E54FC43515AD14B57BE431D9F898	DE902D4819D77F24E57E3C64136991287D717D2BB4B493CAB8371A7B1D0BC84D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\DefenderCSP.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	396F15FBE5363CBB8CA3FE4349D3C421	F57F2E9FDAFE224E056A3EE748E6A377898D798C	5FDD4D08941DCEFC39493B36A2CD174460E24E6406D44693A328933EF0663EDC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	76C3FDECD66A2EF7BC36BEE1E67B17EB	4750627F86AF66C360F622F97094787A4B3D2FB5	1B8890AB298B866B06AACCAD99451DD545F7108ED1657B3FCD2870F4CD3554F6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdDevFlt.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	33D13BDE3AFE03B44D00CA5791F11F45	5DB3090DB35706EA5C67021E9D38DF14F37B83E5	36B60228C08BFC04CC7A9811031A409FAE62644355D12AE9E299D5049841D64E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdFilter.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D4A79B6DA228BD392C3D925590E1A96A	B5C763BD5142F95432E29D9CA688C44D494F8908	6B868C3BE71ACCBC85C3A53529F39E73C7E014AC807269F8FA8FA8F7BA9F1158
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdNisDrv.sys.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CB33C0E6C06F5F2A3627A5D3D21149DB	47DB03D125ED23CC3340AFD95B1EBB14018758C8	DCB65553631B4070DAF23AFEB4096C186F600AA8D99E8A51AE3C6E44BA863453
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-AMFilter.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C56882299AC06605E1608E607D3CCB44	B0DA8B59175149E9EBE4D40C04497F79C7A5D869	22A2B6B1C11A5E2A0D83779475D2D6EA23CD680F652A911CB4205A389556FCE1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3429FA4511CADDF30CCEEFC781A2CC08	09BA7F3C2A5A08334CCFAF8587B5DB8E1F6B8AEF	AECA8D9E7680EE0E7A20A41BFE622971D3051D54B2D4E9EB5C144B8DCA7F38F0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-Protection.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A53D4A81F086113AFC44D53091B49AC0	BFCE1CC3F737DF535B9B07638C2590C99D7D7A72	6F1643E6F716755DB5467EB478D98DF187DF518E0E95906BFDFBF6533E33C099
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E721685681656C1499F26F81C982CF6F	042AD4217A8EBD58203609C8BA902435BF025CF2	A7794B814CCC04D3F112BEBA50044E9EEDCEF3268E86F88367630F68E17305C2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Windows-Windows Defender.man.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	71281B7E4FC5DBDE16A1D2BBEA939EDB	D7364F12A57B893B515EE520775A8DD23A9D3D81	F7B52F8AC1176CD1B3A66A933CEABA70CF70BF2AA5891EF044B46391FFCA3551
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1FF099F5095757FA701FF60E1C78B806	172929955E9C466D1AF8E2724DD240815CC1A331	F207C0DF0ABBEA856EA81701BB848FD331E939397FF5DF439FE75E83CE5E558D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ED7781AEB069A057D3F262087DC85ABC	C847AFA2304BE8BD99C9C95A8C0FB541DF05DE24	D0E44F35B9C01DA3D29F8DC63120CC70C31616242E8FC7FFDC1A722CE5C4C32B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A29C14F8C8A0C7C90BDEEA6E39761D20	7AF4818073D2D8425E93B8C985B8020543D20CE5	47053F0CB71A66331FBE0A5EC02A59CE50BF5B50B1D2F022A820508CA9D39A93
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	809F4B8096AE56401044A969F1C60CED	C0F2270E837B2684AFCF4EE6141F17E08149A1FA	1E19DEA0455CEB52A059A607726776D050578324196AC9E26F48F750006B23E1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCommu.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	932F37605256CB2A5B30BDC56C37F4D6	157BB369180610912F38D5D2609FB1FF6C6DDDCC	A1330EE610D1B5590A769C097EAB8110CA237D1CCB591900F4BD48CA1E8B1399
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	51DCAF7F471769CD18139AAF85496EEE	71A754FBC84C9BA13D3FAAC2FB4EE2AC0DFAFD9D	9D19C09E1BB5D6964C2B627FEDF250A9F187ED2E56D36A15F488A6CA48CB5C90
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDefenderCoreService.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E151D1D88C6CB50A65E5B342746946D2	BAF4CB4D8DA4E29085B9576EC0F23063F71D47F9	FBE3BAD63B707EBC9C091C317D22E6F1CE3ED12EFB03B846D47E8020AB6C2C61
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D804041B253A310A737934E6D6829C96	981FEF4FF418433527B3AF90257A4B3FEDFF2B42	F7051DBEDFE5339DE96974C9B06EBC2CAD8284B09C31600BA2B935537245A3ED
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetoursCopyAccelerator.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	86E34029D66C5E8D0191930CA5BBA0D1	F4BF56FAA85A0B9B3773123D7680ECEBCD8113FD	CE41B4AFBB185D84E598161941979CB452D9D90D962D0760D2940BB79741105E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	96095C70C3708FC58E555C53F19247C5	23F56D0BE70740341FB67276BF1CC7E40F1126D0	E3BDD5055B07E81874F33A337D2B7878F3C6C20AC346B70740DAF70E566D71E5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F3B88503EBCBA1929084725D6F2D0A52	485BB5CAA98EB023C46525C7D66EB72406CB8FD5	AE6BC38B0DA3243CCD12C34DF765B1088F11E9D1D2F6F6713BEC799645FB14A3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	679A400EDA5165BEE66BBF8B1BBF60BE	5DDBA14852D867EA755961B94FED3CFB4AE814B3	1BAE18DA9082F05528023DCE1619FFB7D143CE4AC52EF61FE831BFC6B2CA4285
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpOAV.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	74D0AF6B56A98F625F4745B9554661CC	6BABAF462C86FCABC9796B6C5A89613FCB787F82	655D244F2E37988504CF745614B7CDDE3AE51B4D8AAFA2471470DD97B1D2C95F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EC32AE09E1CFC289B593B1A4D29178A9	2431F026250A6EF83A6DADBD79BF18A27CE375E5	C284E94FAB20280E2CAD0F9CF366303298D56AE811304BC16186BE5651A62E5B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSenseComm.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7D54F3DF205A43855590D9C3A73B9DDF	7783CC6079FE5413F1C1BC906D8E4945983C23EC	A3723B6F59A7C777D9FE427ADF2D3E44A0A410736438D0E5144F770EA9135E1B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSvc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	69B67507624281E0B86341A290397495	8F9774F314A99143F538B49DD35E82BEB57A366A	6487550EF67AA5D450EA135D4377212FAB33DAB52B7FD475403841D6690157D1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUpdate.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FBBB646A44CE308EC87C2C0C48BB605A	7C57A016A708B130ACD9C6A3A6D48FEFEC43EA22	CF990F5174BAC9C0660E07B85B57A4039C2572F259759A69CBB767496AEDF5A7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	584658AC4AABF451836EC9B178297CD6	435450A4D60E7EDD9793FEC88D7E998E3FFD5BC1	DABCBB83597850559E464F5D3F034D40E2E02729AC332A3FF5BB22F35B36C0CA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2A05136F218D791D1A013F90D55788C5	4BFD95D4F03766BB2E0F53592796399646F6E669	CF8ACE0915B95D723CF0B3C0F93A972A9A48E7BD85370A1A49AC66C90B9F13E4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0C304EA7E01F466457051BF23D91C3A5	71F959703B3BD7E06CA60D0D7A4023DDE1815A92	D92DC1DAAF4F43049A74EB26974950BBD82BEE87C3455667312BC8A6AA7521B9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	09F30FA45C1472553BF6B5585BCF7F8A	C1B34EA6F2FDDCC5804E9AF0FCB6DD51330D560C	87E0BDB3A8F91383CA981215EC63AD5EF076C676212DF15126186137A2C559FC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DC32F063C5C55A25F688136035C0A848	520E00751C749566CD76D2A9BDC976E60CCECC9E	31C62D2E93D0CEEF637291DD586CCDD3936206F83AA46426650ABE098439544C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpComputerStatus.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9DE64BDAC972C405433D68EE41416CD8	7FB86728C1044E2DCFC5C51D74A61C04D3256174	488E492664071E1AB2A3BAD78432339BF0300448F86EC2FDA2A0E37F7DAE0E29
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPerformanceRecording.psm1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	94681103A599AFC0717AA03C23B0C749	4267208F3BBD06E88720C15C8E4C3EE4C1456001	A66A70408624A9D93C6BD1B0FE86AB78A5179BF011BE22E184BEB08A88C90186
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPerformanceRecording.wprp.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B487CABBA3BE2148938B98D184A28E54	1BC0C72D938126155CE078D8BB47B6CFE7FFF9E7	1628AF3DD9AFD00ECF3F672DAF519A318B9DC9C6EEED797C34D5CC3CF1225F19
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPerformanceRecording.wprp.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AD9B9F929D83D08D35022D253B509515	28B610AE3070FE792EEDA500B4EFEAFDD8D7503A	C77DD44C451D03A9737FEE6373B5C1D9DAEA614FD4CB32D9BF7E97A976DE9052
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	48C9BC4EB9A4D49FE2AA263F119FC90C	17AA7B64F61B6B9A0D1C1C21EDD37B22885A951D	66DEE479EA2B821F5BA801102E1269EE438BF317FBBFE4CCD1AFA40E57448332
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPreference.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9284A5BBA2BA9FE39663EFD47D85A735	1172207DC92F5F47250292575C7B3A7FB9AD33F5	EAE2662ED617E637821A58841CBFB1028438311890E51EE33AF9BA7E0FBAE17C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpRollback.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A06D1C09227CF7CB974342077B821184	061097A667DF0541B2DB118AC49FF42250014126	8DCB00FB30B93E43F6E4F1846237E58930D98559B45CABDA7B7A2085C30DB8DC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1CA744EC24D15AEE993350392E7B4621	A5388B160E001805C71A74C0D8768328F5F9E67E	C9367C013591574EC387666ECF17B8B1BEAE18A6E64244733A3164DB5C5471D3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpSignature.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E81293AC167738CB11FAB909462CF598	16DDEC0B3926944E2066D29D1F695B6523A84A03	C7CCB58C43322651395979E8E2EED15063D232C64C4FD3CBA00DB4944D75C858
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreat.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0DC40F041DE046E70D99D4556E30588E	E9EA3FCF5F219D6281E37AC7F7293C81630EBE58	3BD4D9D1D692CAAC3F99DE8E926D93A87E35E98CA383C06CDC154C906FE0FCF9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreatCatalog.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4F9D508DDEB6EF8823766486EB1017A1	B4A504F9CE13B9D4A7A093B91F9CBAA773C28AC2	D1CC99EBBB7B049431ED02F8573E98B25038EC0C40FB74F4B1B6393B55CD69FD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreatDetection.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2DE9389F32DAD406BA39E8ADE5F4709A	83C9AD467EDE35F52F5A9DB11A00F3F1B46AA987	3379A0DC362EAB7232072CDFB5EF238FFDA2443EEB9E28AB6096A838EC1D23B8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpWDOScan.cdxml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A99DB12A7DB077DA1A90107C3161B461	935C470EE7CE11B9262F86904D20AE8DD30C1040	FB93EDB3296C054901C59DE10BAB60275B6DA7879D895EEBDADDEF62A94BCD60
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	484649810930B896240CB1E5F67367E5	B0AD59B4674AF7B06BAC21EDBA7B3906EC4EB523	CDBA12E78E79617E1174FD1831D98FD4F5FB556B47176D955111B43EC7A0BF43
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement_Uninstall.mof.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	250539F83367D28E2BE4F05FCEB439BE	38DAF619D14187884932BA2C4D705315889F3250	6B5C5C4E05992FDA58EEB465BD7076F92B13B0F6D9B8D449DF8BC2178EB6BC86
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement_Uninstall.mof.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C640ED6A05348273E814EF3798901126	A5571CEC5E5B80444229313B29BBE56A5A25BC07	DC6A473BDA60BAABD5FEC4256A1817749555085EB5AA4577A6E78D779C86D154
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ThirdPartyNotices.txt.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9073BEE8F71A50A35502FC7D947E3241	013BAB04322CF6D1A9D804DEFCEFFCF6D0FFF054	E49ECD373EA27852AD98C5B34912C789990890CFCE13A9CE159F60143EE381B7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7E316764BDF61DBF67CB77BA22BBC734	A52F4A40F8881A259D47CE2B1C6A0067CC3712C9	28E7621BA4D22EFA3BBAC743942B29916CBCDB7E1E87ACE9B701E126CFE1898E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpClient.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3C25EE4853FD122D07D44223468FB1CF	30BA9F1BBF165514D4B70250D9AAC045BF056165	21028575D837F354C9D3D965D8EF6325B6CD224C9686CDCA2EF7727723373168
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpCmdRun.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	349BCB0DF936B95B5D57AEB334420A06	EA83810787760D3C6E475F9DFE608A66B91D9909	331B44BDD2D9D611B1E3870F38FC4D801D212E12C6F62F7A67711A1A4655B71D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5E557C777878202A78F49EA4845AAA53	324677F2E9895E739DB1BD3B70137EFF8B7B2EFB	FD6D3505DBF2CBB5AEBE631753C4DCE598556D2D95135C99D4AAD7C6FE60B5E1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetoursCopyAccelerator.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1CC9038C258E5D1299AE0C12403CB4E9	670CAF815D1D727D2FE1B617D1CEEDAC7659BD12	DC5AEBA61D4870A63C18EB054EB33E6622001E702CF4F90358BBB02A7C465E5E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpOAV.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9BDE1F842869F29AF4DCA6A1BCAA3D0C	BB36B030A163D0BFA028F17EE05FF300A0E10E1F	28DEF4C46A352C9795FA9EBC566BEDD4C2BF509D1F94E3C2214B91DB918DD5FA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D495CE5D9B97D30A4735C457C15DB90A	547E23074EC9696873AA8B548E625BFB686902D1	A67EE60E6A4D18EEF31D00AD2B94B35480F0F5540DA605C89A5B5184B4EE873C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\mpasdesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	59BC1BC450BAD9A924F3E38EF6799E9F	6D407C7BD5722B549B83B14A720C5CBECCE46A7F	8EEE73160011F4D5442CCA247BD4EC0F4790BA0DF0E744B3FCFF0499F0C3C398
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	866FA2CCD397ACC53892499D9E6BBE6D	B2AD2A02B3F979D71B4053E15AF06880B0284514	5576FC22D2D72E00B55AD05ADCB388260D2F5A5A8C08FDA3AAF6CE94E5538383
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\endpointdlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BFFC220A208A6AEF7F7F2F8815B31698	E911AD11353D2120F4C77C957BF8E371A7630AE5	9AB928F9419ECEA3A0A2BD521240D4580B1338F884722DBF6B001189E7674173
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8B4AED0D5A3F85D15B0B9984DFFBBFAA	4C794D6E788AA7C37381D483A1882C4507D2E957	710A6E74CB1B48624E03A2CF7D817E98A2EAE3B305D81C698E5197D342500448
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\am-ET\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F08C2A915ACB2FA750D8289B6ED959B0	43E94794EE7CF082B53379B21B1D552BCB7FD0AC	E2CA6A011374EF6BDC0320A83324B54FEA4E6CD782A7F71D3C31538726510500
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4B22327360B8ADCB5C1E2DE00050F5FA	939096C41259F4CA44FB550BD96CDC8D7AAC8A16	C8F887D9F0B57597A098B2C024DA03C16F2CA4F3A868B44DCEB21E1131603702
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8729B01897EBB02761C8D53895C7F6A7	8E4E02F13DCEAE0B04154539E74752AE5EE907DC	086CA4B1D794A1674ADDCFCCA36C07DCFFFE3450D35C728F3854D426462EFE02
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\as-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	33464B3CBBB4825BD1AAABCA16448BC8	84C1621B807371D6499DA103A88854F3D660F190	4B8E57C0AFF370DFE80AF12575161A1BE3A4372038C319C0F06DDB741C274E43
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3BBBAD380EA819C162D2B6F8D46642C5	9D3E7E04D1ED665042D7E95979A129AC06A92025	2EFD4513DF02B98A6B86D78057B15029129A57A16331CE234C2CCEB82BF23F2D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AC068892ED6B023DA6D6D31F839B07BC	A2B96A1F535AD8BB2D23B61763392BA64CD6523D	55AA4C0DDCBDB9017399DE18A31CB4576C118C565053545555662DA864C5A70F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9B8A3FA3C645319E831946A72A5B2910	7BF6A9191B2224B3DEA7CE6A937BBE1369BCC238	7EFBF2EA1A53E89C2C2B202A8257F15F6844F32DEA7A2BD04BDF1E5F297168C6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bn-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8F519C955059BDFEFF5A754BAA7A21F1	3C8E54DE0D12DF6BE52CCEC4BDC1313C354A9860	B57B66D68AA562DB3DD4847AC8C4740231B663C2B04073C9025EE252A5DAE1FC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bs-Latn-BA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7D5B2DE3CC838DFDB6EE801D1EF525B1	DA2C1CC35A3B2500D51B6448B437BC80A0BE71B0	87EB4135EBE20E9DE681472FB4C4848DCF3C3520EE1AF15F509CBE59FC5824B2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES-valencia\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	814C143911F2650D4A00DFD28FC5459D	D7848F5527DB4BF3605318B0EB62C03FCCDB30E3	4B4FFA99B19F186A918ADB0C1F547881DBBD80FA07EC8FC115B9F51F7E3F1118
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A1FB2DDFFF2C8F7ABD62B2E8C7029118	B1BB5E4F62B0113FD8877BA33DC7BE5D50C26DA5	C180B85AF99D91492B8117BBEA2181B7C93192B242F36A61CFC7294BD512545E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	58A0D68314837988FE74DFDA776851AC	39EFF8EFB69DF7307FA82699F352A4A22BF538A9	7F1180390C7A5F9BA110033D9D954A5428E2C78BF7047B528B17CFA81492A1E8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\com.microsoft.defender.be.chrome.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	680620A39A591E5DEA3549B871DB24F9	1368AE5DEB00C2BF24C7BD7EF3F57E09C416FA84	5A4971E84F46909B9DEC1CA04395696CC0D19EC30F5D15E78B25ECBBB0B19A38
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\com.microsoft.defender.be.firefox.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1640E0E963FF1D3FE38B66D0267DE779	7FBD2745BFD59833BCDD23BA3C36E8D5BD44D357	4602C366B6BEE265805DA41AD77BC469EA60117D5DC20C199323B479547A5382
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2A88836548F3E37F9A34D049C504F7FF	316047A9F117ED13D32DA1AFD5E1C64F1C932AC7	6A47CF34E07A745C2E4CE733CED931914C59A029D109F21EB5F17E8259ED7EEC
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	470157A73B86C4FD39AC6F973C3CFEBF	6CD76C625B7D2BE2905EEE5035A0E93A7BC85FBF	CB2026DBD95043FBCBCD6A466E642E746881561C9F857C871EB81E60E2BF4524
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6163E408A476B1828B99C824924F1305	2518C11C879CE9934A285DC91D9D11F38264E505	263E88A7E686957A50E7FF6FFDEF7E4DB97598ACA40975B2ABE9B3C5026A1030
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ED216C85B2BF3B9EEABD357774C3F3DA	E56F8AF116F18510F793F69D547EAF1D379F02E3	C660AB9F1B5A55F202A9A9058C3B174BA88B9528504164260B08DD756C98A48F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	594875480891C52102BA47C14557E681	86A0C7BDD4B35FE1030C1CF3A4E50FFF603963D4	E7D04FB7716EE3BE8E8637A90B7EA1CDE2A9E14D2A35BB160BA7773C13A3BBA6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9E5B51BC706F947AD369B7A3F621C1AD	B60AD8765E0929C00FAD2B82910AECD6388EA7DF	55B1891318FFA7366BEE985A3D12FDF0934BB5FBC5937CEB38F66DC7EB41AADA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AAC0D7F12FCA3C6613B5947F915D5E67	117EB542A6E07C83E3D550CDDE02C3ACDD964E0A	FE9D34678A01237D88681EB57D781D198D44AA8EB7533A7FACB2D342032249F3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	47195B67B7AD7258FAADCD63FFB4FD8E	61D51A1436E8AFF1EF96B436F79B908B701A709D	F5BEFB525573EDA191AC0F6B176AB127573092D43AA0C7E1BDBE796CC8C5305A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5753547A42916EEBF176FA3E447AF707	6B16023601AD10900FCF940A97AFDA5832E9C390	2A25398A06BEECDF83CE8E0E9FEA13F458D455B86407470518A95E9C7FB1185F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5504784DBDA54E07A4B492FD35F7528F	7D8F460DF82206CBCBF6DD98A63A87B049D00AE2	6139CE5B10100A348A847B8DC7F64BB71AFFD12EE1FA75C7F486A600118D29D2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	68EE9C2AF6E8D66378005A2173294E31	58EC6CB79E7523337B0540943CEA03521099A919	BE062FAFD6A475F6A628D42FE7C5F2F430B233872CB26D6FB30E1861CFDF372C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6F3EB4C2314EC3236D41764B6674DAD3	C530E182B24E6CC5971C8A0ADE3793E85CB3611B	69D087D6B091AE3D74EFD06BD3A227071342B8325149179D6053626484491E79
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ED74A880CB4F5625DE48A0231555A46C	FEE6004E2BBB3F83AD59457091B0166D8DC2EB2B	DA9E24BC30CA937C674702C5AE948896220C3871AD3FAABB4F112AC6D192E837
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FAB5A938B24540D07C479FBCAAF5E03D	B7A7B939B2E9CCBEEF01C30AF4FC7E8E38AC6CB7	CC7947A83A46FEA07E5995CBFE0222576A82CA3C76C06DD40CDCE555BD199D86
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5E7F26195FE3E6D4C228985B62AA2B4F	5C8BF05805B7DCE49698490CA74C082DD82DCAEA	050805E8D8E051A037FC4BBC99C4DFD5AEF0E2D79E1FB176850744B89057100B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	91E015917FAE9AFFFD8CEBF6646019B7	391E864AE77DF24CC755C2AF97FBE5B979F01AD4	3E5641ADA906C87FB2719E90F14870187E2AEA9CC702292AC5C7BABF36A3FC2F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	47910504B37A9C24C0189453461EB59F	41B199C3B91DFE711AEAD0067E019B87BA6F2BA3	FE8848C8A85D1A836BDC8A6E3B883F8E388DD828581DA3EDE8A5667E092A42D1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	51AA081E4EC7F7A485BBA4A83721E507	FFB22447E25764B67CEAB38EAFEB5D2B921FA282	9F856D5389B40132E31C9AC6FC6B45A23D821DA90FDCE3DBBD89C633FC7E161F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CF18AE17D41D97221795856D4529DEAD	5CBDE8F761AD9286B16A4B8E525E2D18214705A4	4DF4FB711A2E3F3A1BD5C13467C6D2263F0D977AD3AD7AD9F802233E2C353200
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C3AA11E095CF7FC5EBC05E60B6912781	4C3974146BB5E2561C9DE9450990A64EEAEF124B	F4CF3F648144787D7717ADA9EFC1B5BA9530ED457F786C172BB120DF9773593E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5E53FEB6CE51F637EFD877CF2BFCA0BB	7D31010D94AA0206EDEC98367EAEA90F6A4722F6	7FB70D10C6E2C0BBE1AA275F6EAC16FB6D0DA5B3BF05C98C62B56B98EA1CEAF9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	87F1605BF33179F5F59B1C42780C51E2	61A790CC37DFB8C28A32EEFD01EB0B0339E2EDB2	D3C0344032F579C0E12B8F9614D921C2E5B723F8F492D8290A6A5F95CF2DBF9A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9AACBA4710BC7D60DC7335E77FDBF7CC	B6A399413D236D5ABE5107FDF6A0B7F886C5C4D4	02C712762D76EB6DA64E7E30FC928298CD5A4E9AE76446793A5307266BC4BA1F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6043159EDE4F90C9B944BE3180847954	C7770A99604D64C5D60F7876DB1858A100369241	0ED3D9FDB8D6224E9A11994503B0C35EE7EC7CE794685CCA2542F9EF21FEC628
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F55A270A83EDE6C3B260B493356FFC9A	2B836C1822B579B84D37C61E59BE1448F576C8EE	B7750C84069EFD2A19B1A73893335D2A0F8C49AC4C1FCE26D0523F72CC6219FF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5220471A7AA21ADEFB7AFD0F591FC6F3	063C3C7FDBAF9184DAAA90B7E40E35650E85DAB8	B1C18DDA461CC2D1E12E1165D7BDDE928D82365320AAA5B0E244AB16758C9A94
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6BBE3AC8DCFA5E1E2B8CB519C0DD8203	621923E16CCC45560AB8D2E068A16C476EEB851C	ED08286AF5B48B68BC35246472A00D43FE3C857098FB74B1A5942F59D6412C6F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	47A61F0374106136A8E4141884AA2298	753604B7C7DE392920D90405893D1D1BA4520864	9BF5237D26BE2554EFB01E34F0F457764EAE778B21E65E78054FD2EB9970D13E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	944518C923AB66217C757FFCF322FB69	C1FD039FA2CF30B423B72854FC8B0AFDA938C9E9	CD135C93D138F0A6D2BDE0576A21ED4F26237466E2CBDF1C6F39477FECCEBE7C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\eu-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	36237234C1FD7A0EB44E3637000955CC	38C53937FBFE3E26F3AEECAE98749420178FB6CC	470A3685A606A0BC678FE1C7EB4FEDD0A1B567D747419DD3118D4D44B1D294F5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	93B33C7875EA3C5B1ECA1C50D071BE13	79E8E123550031E7FF33CCB835711348730ED19B	76174073AB15AF6D44299DFFE5103DB55790328EED6C54CDB8B21B7FCAE76278
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B6E72866F52427CE275E64A9D06EF769	00ED7C591D5F5CA35FE94CDF6F8F73BED4961F82	7472B978ADF739A907EF8E68FC2EC1E7D09F15A7A4AC8035C87CC05BA1209FEA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	41B8B95241CDB39444E256037CB7AFAC	22874BD0D0B241BA813275086D0E81C3561A8331	B2E0AC89374818706F8765A3F73629312254B5D27CBB04C03C4D77E6AF6D5E98
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2C2C5C347C6F4D458DAA015848B73ADC	86186F3348D86DD465EDE67E8383DAF2895D795B	03CA1B3C8A3873E70B5275DDEB0A095D21B65D73974F3D9EEEF74BB0F223D8DE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fil-PH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D5955ADEF3691AB5184F17F958CFA3CC	81F0F17600079DF0D42353AD0185CC50B12A2911	7191E4E33BF70B45D9F99D2E8558BDBAA038AD71B8646334FD775BD4A6CD03DA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5156C153AC7051507FAA590468FAFBEF	744298E16C8DB6C21B4A7FA1B5D3D6BC1A2B2B07	2FA4E002A32B8A6BC645C5E1E9D2FACA244F5D4B050C534E985E7EDEDEB77747
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EF7A0F6BEA86189DBACE253E662E27DA	FDB0964F5601F3FD5066A1217E4554FE65DE4A40	35A8882329C18C83B5E430A2085975531DCA01998ECA2DF3BADFA9DDE7D5BC77
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	95F1D11A34B888495750B2F56BB9203B	AF807707A08D6B8EE7B080D4A228A24E486674E6	2ED1F06C46C487291E86751CCAAAA4A10E9F193B4785FB4B4FD174287A815E12
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	75871C8EC16992632C544E44C420F165	CEFB9C03372A6FA09BB54E38DD71B0E0206BF063	2F8949D6F0812A9209BC170B4D3F5D8BADB133804FC041FB49E8C45E34385A7B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9632A016FC6DF0EB01DDA540E3711728	F7865A59E0CB4720A0607053AC44F950201617D7	95D7A1471393BFDF2E85A342C9E897E4BF0B90F758A485F2A0F3318CFA9F2118
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	42AE78E2CFD9482A4F40E352630CE294	8008164088C335C3DE24A6CE4121D142D7BC766E	EEE57A07EB7CA57C1007FAEF4A8116C4F1B233BD2CE525370B6ADEE4A810B277
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4EF8C8EC78A69C0416167095B48582D8	AD2F1B5F36555177BB9DDD5B1C298B706B9871AB	C6810C05D4DD5EFB453194F3D2DC19E012DC3CCD26CC4072AD968F1231333CC9
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gd-GB\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CD754122A8EE4F8F06D0645EDC45F464	FA86F295554645CCA9AACEA2CB2CA7DA4817F875	FC0CCB4F3853817579950999AA76E2E666A323360EA0EED741F27024DB9596DA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E038DAAFF48C18F524B96DE342025A71	77717E61AA41D73A36E0C0D5F40208AC66862625	FD25F33C4043D43C0F970F821E28F6EFC2B6AA1275EDA7A726F55428B24F7DD4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A9812624A7C7D398C3C9DC5BB3231B0B	86EC58C2407BD8BD713666C0CAD3EC2BC9B9DFF6	5BF48523C5470EB2B48EF29DD7FF2202CDC53F9C45BF2B542302F514B8C7B779
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0DDE2A3960BA2A0AF1703892315955C0	432EFC27965C0AA7F15D939A3BE558E52307A5A0	AA93F28F5E89C6FC808646971EB4262446F1463CA993CF0CA4E248768F5F5A5F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7B7B481B6EED9169890BCF92E2C241D2	E5DDF0EBB2B2CAE34D0586E7E59AB215E6756071	BB046C2A5EA70B2E0B353B954CFD896420252D8F30883B2F796443F268E503DB
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	57F3101D7ACD2563017B4AF7815CB743	1112CFE973AE3DFE46ECBA2522BC23907C62F67C	C0AC67D406A7F4EC1F134DA73D607E67AD078AD289A31F80C25D0896295D5BBA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5340CEBC7C80A9E7B10E5369F629BDDB	3B67406CF3C8BAF5127E8B1F3A7A0AB6112796AC	2A0C6FAA9239DB51E8BA741719CD608012E8E1F2DD2B77C5C0A8B51CE85CC632
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E3486987F9F3C5150050F8BAE79D6E7E	BFC88BE92B371F8D14FE6F2D576CD773E0B20A2A	705C08A1B7294D7D317D3462F8D839A39E5A688E542D8ADA1A880930FB2AE674
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F774B58507CF2856702C346D309BC598	A28C6027029A4259F63F6CE5017740D258DEBD6E	59F595157CB0E4CDE6E115602B5AC6E9517123CCD69787E43E732C629D91F5BA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6761BDF50AD3ECDC64AF9CA1553004E3	BA9D9D95AEC738A73CB3486C16BA05DD2094A9D8	6810E18B079AF225600CAB645217675B87E3A1695D5A9C613E64FEA6AD7DBE38
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EAEFC7D9CD8AED01E2046DAE0AF80476	472F128C84BE926E7F8C565B95600812629DBC16	0E487AC6D51536EB72F7D8D08D1AF9BB3B2509B2C94D9F1B42288BDF73DBA6DE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\is-IS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D0A2AD4CCFB106C3255EB8DB2E94E3F4	F8F01E6599AE93EA1DB8B6381A1564077EFC80EA	35D1EA365A3D0247B37630868959EC5E07AD96A20DD36DD24C51A0720A74D3CE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6D46E0F55A4D525B2E36D18B751F4DF7	46C7ED2E852C9FF2E1B35B1845A4B70706808475	1489D3BB3D25B2CB59FF0AA0D73AF063343053F37651EBC8DA5140EAC71262F8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9EBCB7BCB7312AEFC741966464EA757A	1D984A8DB092313D70476486F5BC40751AE5547E	D08F6E3D24213EFC62C581CC61BBDA65309E175365772EF1BC5536B432E2D217
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FF83BFCB41AF4C5232121A2B895076D4	15A4CD2F86917A0FB2C7059C0CB93E12D136302E	814E36B74791C4509432EA53611116F7083B35647B541496E9E4906DDC064C8A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2366F412C32C9D808FA754C84382C26A	CDA6C0BE6E23BE7017FA45D86608BAD9660BBF1D	052A1D61869BCA806D3E9BC312DFC861FF79B70EBCB19476FDA8BEE974603A30
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8047B62F78FE4A13D715B5BFC07B61D0	BC820BFDADDFDC78D7FA67E8BFB88898F084C3FE	697D842C51C7E5C694B3ABCD46F4FA1459FE6203B6BF06272A559E8B9967E2D4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D4CB2FC7E6F40991042FFC22A2C0563F	F64CA7173FA44084E80DD6A83C61F296E9099377	4259BB0D45EE1D50833E550F35D2D1A9448AE5998153C79A684385D555E0C03C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D7E2BC8BF33AE5F79FA8D23B9ABA62BB	3BEEC883DFCFE93DCAADFCF2EB7204CE35E7C4C9	94674226F5EA8BF783390827AD8C03390D5BFBC4DF160DFA5F39E296EA92064A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E7541AB96956CF7200261FD7282DBCA2	CFBD085EAF3ECFB5471AC516B5A162B7D89AF88C	71778F6086572C9B4473C40802D0B470D0BE6AD7043CC33F4BBAF4E8B8C57BB7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8B716A4DAED0DA9D11808AB4EA96F817	37A8B2FCDD52F7B58EE9BD05B291209F18D091A1	CB8849E2C2BFAFDC1071C7EE514039E065E43A306D6B54AE9340DD8BFCD03552
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CDE5FDB2D170725C15C6E3763F12D6D9	B8709F2FDED002CE3D69D061EC1B2E305FBF6746	1A2F27147FC7CDC7CD2B2A3F003AF237B10F57E83679DCD917AE161BECEFBA08
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EBF05C0AE55B3E97D0BE7611E6D0D1DF	2A8EF4DAF06F22C96F94D3DD997270A865ABDFB4	45D6A221EF6632266290E9ABE35F4AB505C95CBB8E61FAB3A3A1B7DB9E801301
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EBD94B0CDE1F395D9DB3F79F27CC4A23	1E707B588EC92AF5C52637E8E069530D0051755F	DFB551436F24581A65006D77E6F3E747CC2A6A537E0F04C7B3A488A08BBF4005
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	12855AAB153E73DCFCCD8A42679762E9	C2B8811F67AC2DD74DBB9FB77F8FAB8934B6E78D	03672270491242A4E938C599DC0080E5D858923C1B6CE3D8A0671B2C44DA174D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	478F9FB6600DFCDA327C7C9551159FF2	E7EF66B520CD4B0C9714A0B8E2ED601CFEABEACB	07F07DB61A9F11502C7861DDFD2806213E2F0C3A8F0E2257241142504186EB43
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4CF2E4626C91F153FCC006D990E765DF	B4D2EECBC0080D0D953B8DE685EC2767F2637866	4F6698E0293C81B9B0D6965F2DCDC44B243F3FE7DF65A326375C658EF5A8FA71
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kok-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CEC07C4735E8582368B3021F2D0CDFE4	A03E675214B693154E1B3071B5E04E882E9BA13E	623AC538517392DE1698CC9AA45E0FDB2C37D1E9747D0FD66547276C487B8939
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DF5C241EBCD19996E3E740B3AA9913BA	A520EE524F585C79CD5BE7C49A39FBB6B980A11C	B378E00C35847FF3F217AFDC225C18ECD01EDA59CA1DA5388990540A5DF35196
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lo-LA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	362A1FAE2832E1722E743E831BB5E7A9	0CF4AEF11D9BF7625D98EE1943D0EF6071951D63	01A80424E1E79F7ACDC754B6EEBD0D6864D9529336BF92A72239897FAD3D677B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	140DD169A47D58F96753DA059353DE9E	AD8A26A4667D1CBA61961F1C47FD23FDC7ED5403	91D60EE2D3604DE8BFCEA22FE9E05EB6A686D4FA3A690C15BA0681BBB9E85743
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	36A02ABF128A0CF65E29B26ABC8B7D0B	EDE20BCF3B81B8C63E3BB84A1D749C45FEC79B6D	0C415E18F159FF371DDD4FBE9E12BAA8533AF4B5C8A48C87AA9499568A2C19F7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1113C5E21247A9472D05713282890DCE	013E0941276B9B39CFC4163AA208679CD18D37F3	3B6E34FD7DD65D8D8F6A729E09EA36362E8A3AC30E46EAF545DBF7261564CD18
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EEDCBC2289AFC5F89B36656CE1C5F3D9	7EE3D37F4A77CE814C791F0F3E2B7777BED7B6F1	49186DC08A87AC5C0ECA2C385461C62D7CC8D95CCA9A00BC06794E5107102CA1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mi-NZ\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9C9882404730845AA0200839B5F9F043	238794DAA9D93622BA706A8AABB0E434EC1B1C0A	2BAB0FA37627B8AB84BBBD32507D5BF91FD194B838F2BDA1AA9624F9B65D169D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A847AC2077E5B95B2C2D1FDF1CF1917B	EF4BBEC0733685081FEB217C58D7682E22AAB816	4453D9F896220AF9B816A9ACE207042559D40247183D6393D2D94484252641B0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ml-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FD653788B0396E1CFB185C3C61182BF1	AD9D45BBAC94D7FEFD12F1D3FD89CD25946E9BF1	B3B56DB7F508D265CEAFAA5B1A82E5F7014323FCE929BAF04B1B858CA49B8DA7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9D28975991F5C3A36FAE6A7D750D5801	2FEA3D806578F36ADF448F868178D028513D0199	66F4D03C214351FB9E869BC8331C541DCB22961DF8ABCED141B781955927D0A4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mr-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EFF81DB7D28E2DA361B51C45A32DF999	B66546959F2CDE92B000EFA8CC5DE66A7053FC7C	995D582EA7AB6D38C7417E720E0D2CD314F85B71ADB2D240A8BF99A759E68806
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ms-MY\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8AE755038C65556258528592DFAA4C4E	15C1A7DA18906B6F2412929C903B34A13A5339DF	8EACA9F795F5BFBC8DFD567F4AFC5C637025ECC012AE6C412751BD5DC3EF02C8
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mt-MT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EFF81DB7D28E2DA361B51C45A32DF999	B66546959F2CDE92B000EFA8CC5DE66A7053FC7C	995D582EA7AB6D38C7417E720E0D2CD314F85B71ADB2D240A8BF99A759E68806
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A39CB846321745730BE81308926DE843	6396A210C720E763EE50203983D0467F1DF64A74	D80CAC6554DD463026BBBEC79182ACB8E905E85E8044A0437CF52E2E61D8FB9A
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	637F0E0562FF230A41C8EE21B5A9C67B	60C853ABEDE8ED98C27488CEDBEBC8E456718AA0	8520E9C841E0971B3282B6E909F6C2AD5A28C81799432EF57A2B564DEEE23C46
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B8CA39D7B6DFED04D2D4F61E11111D54	C139592BAACCCE10B3145C33A8B83B89D94E4CF9	2197D69B5C630483DD7D044C3AE017390E5C521AAA2BBB0A20526A3AB58100F1
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ne-NP\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EC0FB804143ED63145D255B8D56A794F	874FD7719C7490E12C845A71C93509D4BA62F557	5FACB3E39747AD9AC1F81DBA2F75F62528FD49220CF8BA3B12E6436EAFCCF2E2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	67502286BCC819DFAAE300A55E76FAD6	7C4E08D33953278CA4D3EDBDCAC90F93B291B637	CD9E840EC9AF643D0ED476EAF536D612C8CDFED54C68FC61AE215DC82F5060EF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	51572C317F0F73762622BFF10BBC2666	3168CAE6AB3B57D6DA674557D5C052AE5D9808C2	AB260F57448B93EAC43B5094DD147954383BF93D693A6ABD0989DBD9AD60620F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B52B419DA63824EB1478DB0F2221BCA1	C482B946B947E2AF7BB77B4F656C15883933BD39	F14E80D5880F403163AE20B5A8AEADE2E4F6F4A07A9FDE683403B104A6F78636
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nn-NO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3D379F0E12250B4FA1D865CB96976B42	89112EA0341C7CF4A9A4ECC7859B4FF7FE5DD2B8	E12885D95EBBF4293594CD194EAE8FEBC38BAE00FD134FA6502EDB200D06D4A4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\or-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EA262804379EB080196788857CB0C78B	A02076EF41055F20B7ED3A8C412542F14139A72B	7691C874CB9899B8F14AB695CEE68101F3D0D42B8CBE0F5031536302818B1A42
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BEB9E1F15ECB998C565F307445DD1BCD	6A6049B5296A0534B112AEBAA3C56041175BF834	D59EE6506FC217BEABB16EBD41A830D52518BC5B8EF3A6966E5F05085302738C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0DFD18523A2655FBD64FF75C4CE110EC	4D23952E18FD8187D9D1FF495E88008F72B140DC	F909451F15F9F57D2643496479438E9D8AD8A7ECF6FF7468A9ED42D0E2E5C004
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CE9C466D3E95DB403247C06A31FCDFF3	47F5B7286228E440B5501DE556EE9508A01B265F	937F903C275D215FD59CC0BE62AFCFCE62D3607F5E10D8B7E0811526F5B5FBFA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9D38F9E001FFC565E9F8A80008BCEE64	96065FD6FBF7338660C2A97673F7F7A28026AB11	1B8A304457C5D60DDDE1E4742FEEC8F52561BDD568221067FF9A3BEE448901E5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2B13E2A14BB074973CFA7992AC2D2E84	7DF06E7DE5A021484D882D020DFFCFFCBA121EA9	C548824A23851C75A6FFFD47E2B8E8BAFBE9A827B742AB9168AA5D82311ACA8C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0FAFC1CD6DA7521D8AD47543F11F8935	FA4DF84962E1537A02EF8945A17A8E21C8AB9E35	277BC8D3F0A7ADA2807CE834AD750A7BAE3F60203A95FE35A0738B88ADBFD21C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9D81CBB1951B462F1CA2F80B4DCC7D40	4B7A14E689CF6681B5FB6FBEFC643B889639BCBC	7E11191C5C942A644BA3C6DD3922DBB0AFB47DFAC14586329D1C37786E4FC5BA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F030572928CE7AE84231B2855DA41B96	C5806B7E0BB065C3351FE7E6CEA9563B31A2AEC5	194BD8BBFB3FF815CA623E7352053322BB617AB7C072284B42F72C8469D97271
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	300BEB1F5BEBF880CCD119BCC93C7EE1	59A1FC3EE7E6E47F8B3B920109424EE3574A4DE7	CDB7CAF4E12F0B303E8F1EBEE0BDCD93EDE9353E7CBFA9FB041CBA9C6FE7EA0F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9751B7F5B41DE18EA2CC4E54B7AB1E41	0F71D7B3309DD4C1FB52C1BE56DD3098FB5CFFDF	89166D3CFD4DB523C56B54966A20D0D3BF35E33522EB71C80968AE584D047B32
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BADDE371CCFF158D8E3B50B3C46AFC34	C4E0CA1AC823C51D63D8AC20F23E6F15A76A94EC	8FA10AC23A373940FCE45CB6FC5127AA596CEF012BA64263F1904B55E154668B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\quz-PE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CD5B9CFF27A76ECC7583981FD4F2EEB8	EBB8BB32CD4A8FFD130653441E4835D946B7FC5B	EDBCA2F9DF5103527A07D1EE85069438065009AC462833E533876EA7504030E3
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A15B0497C76524510A5C0CA21A335D76	EED2C9EC9B5ED27C48F893F1E389850DDBBC7A3B	985668FC8B79AC0D00D566C3F78380F6E788EFBB2F3A4058DE2D11D9E9507A70
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D68CCD622B8B177D6DFB4671D485D13E	32A74D9D2937329FA36BF07A2672F50A73FDD307	3D606635006983A0B078AEFCCDCA550EDC6F218E199853EF3F3A0A984C06E4CE
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	30155E88A0E0274BA333CA065E3F8692	4424FA7ADE847BF44D46D7271C887CC87A8C7701	A6135A829BCBAE21EDBD0F640942120639D854D48C7C254FE3019325BAA28C02
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	813F118144D115296B0E7D7D5C63ECDB	A5E2F3E94E01790AF256CDB34F5F46189AAB55B4	6DFAA7B36332373D1F3985BF34A736540B343760049DA4CA6BF3236883FD3417
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DA1063DECE856403FC74AAE5F9379A30	04CF90A9D36BA55EB1438A9613AE3597498B7EBA	EE19794CCAA6CDF571CFBE6B003326F4BE3E67093C78A80A91D267DFB8A19EAF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DC312205E7BBA5B7F11AA0A07FB9FE3D	6B5F541DAEE54EB875D57B5DA49B8C0300B69FFD	4E9CEE89FD198AE7AA795AD85FD5604660E27B1CFD830579BA4980C156224548
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FC900168C4A81319BDBA8EA9889CF9A6	110397F7D571A3FD8F3795B22A9AFCF36822E564	1A11A0ED8527356FC1B917995913231E7D3D3636F178A6B32F10EC22E3733C1E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7471C650753537A11D88492232979AE7	A73EEF54F9A4956BE84DA96E7EC98A1DB0C1AD01	BF138915566C0A15CFD9A664743CBB4DED8725FE0181B972B1C1B534658E1D46
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5E7761D8C566608688177AEA570FA911	232869B9D6326F4522D041FA4214428B51159CBD	8E036CE131F1FEB44710597E647551C5301457F49389AC70433C8A16DDA9BCF6
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-BA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C27DEE46D0E25C8E2BCAC58917A404B0	3A9CA4E864BB9BE861419470DBD6324537B445D5	96708221E86A34EAFF2C9C65A26E7309B8470889934F1672DA984527C3387A34
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	99E4CDA39DA5DC0C0BC15349479D9CB9	5B8F34D353EBF665B5173F1A4500B468416C9C76	7A33EBEF922BF9D6BCEC804361DCA0EAA0FB27174905F083B0B037D92CB40A0E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9A2E782621C20716A0B4F720E0E45B06	B2CC41F6FD46EC036A7E2FBEF8F60ED8E1DECAB8	9F0AF9F74EAE066A1F69A16EE964BC693AA98FC59364C408618AB7BD90D1A5FA
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A88EF6D079A240BF64582CFE9C473E72	7228B717178CBB56B44112EA9C841CC3236DE23D	25BB6ABAED5D4673496E6BDA0A673F6E87AD3F023A065A593FBFBF109CB65E7B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8BE7FCBDAA4125E341D107C8F07BE7F8	7DC2862A72C52B4A0E871563C3B794B037A5B189	8B3277A10B50C5B8057B4B5F53673B9FAB2FF54EF6A9026BB02341CE77C6F840
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	86637C4CFB5C777C0DA5BC1CE0AA123E	A9C91998CD9529D64913059379BD4FA80EF53DCB	A001577E41601045EE724B30EF34FDB84DF6AA54A0CAE595598FE555722AB367
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3E522142C32A7572B5C263A3D2FBD4AB	5D6A4BB6410312B43792FB6F2B2DA0D59E871537	8E383FEC1C64103026045D5564178F563E70DEAB22A80D0E8F5A63D5269D3224
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BEC43B6643053F06C46EFCEBED55DAE2	48FB3F73B11BB0ACC045AB17677A29E0740815AB	F5FDBF3FE62957392EAE4906857D78303AC4C34671015B1D9214EF1F6F6CDE39
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\te-IN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A78CBD01A9AACF762415E9A13A156C3F	4ED0DE756C7C1322E478F10104EDFDBC65D65B80	3EF67D07F8B6BDAE565ECDD315B2B258A52B477866314DA524FE83E1BF36C1BF
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	60BE77B979544EFF8FC322AF580F311E	AF9C6210EE975964BA133D9ADF51A216AB21623F	6A8F47430F139A59487794DD55D08C5DE7E94CC4112A13FABD9FCB6B244129B5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	032BECE7758652E1D7DAE808D013D1B8	F1D25A05B524EC22385E777B176CEA4A69E30CC4	E31085EB685674668DEBE267E74216AC552311AA28A62805D0DF2C051C810591
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BFE59EC85DD6960B63DD279B2BDCE82D	B7AA4170A33C415C2647BECAEAA7E266060E93C8	A782007167AB1D64EA8E3F8147BA22C449CC2E32CC30E57F2DA1660B73BF2823
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	08A5F5B3D6B0C411D67A2653DD92CC7E	DA540850D3BEBDCB77429E0D56AB7C3CCC94DA8C	40FE524E285BC770162365C3C5EB8947CE41330854109270C783AC34DB86E262
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CD090519ED833D6C5DBEC66973931E4F	B8A1DDAAC5E411738F3A3C79C157F0EF31C162B7	11FBDE8F47D7B89367E90798D7365576B3A66220A41C4A088E569F6FEC0A347D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tt-RU\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0BDEC20A92BFE430D5CF07BAF202715D	1FCF03B597308BFD64DD885128FBE63F1C98B5E2	A36DC9264C4F531D026A1EF3C57F9782268994BA9AF6CB195BFBF36820B0427D
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B5914908271DEFE6928660CEEAB6AB6D	788E49D1256DCABAE443D7B393E557923281FE84	2673D83B586CED0B7F0D1396AFD19F7E88EC923E46A9D55A78B50358133BD22B
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AFC339D9F5FBB14229F9FCB74FCB465F	E96724FEEAFECDDD62CD0F51C99C16DA0BE2B73A	B051E64EA34AD1E31DC792D1CA22BAC141ACBAAF99B3EBE10C2D4040DB7D536F
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	135305CFB6CB4B23C26832B3FDA8E0D0	14EEC1B39BF8017F90235C057A6F93517F16925D	6ECB2F04A95675C706B53BB4C4162E73F9C69C81D2CE0210965C6230AE6E870C
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B44C57583EE48CF6E106B37C3F0C49BE	E200D9FAB6BBF32E78E80C57CD225EA9514083B3	35701826788F1F0CEDCC7AE0D36663FE12223A6514EE5D1C2EBB8B9CF324098E
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C85C9E32EE8698DD5CE5C9E9E5474B9E	79F08C5EA5D62F6707218263342C5277B9D7AC62	56EB5191C01832497607453E234176C1D9AFF9B0162C63224ADEF11552AC6C62
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	65832A0A1112E1316153452F519A2160	A0D872A94ADE6CEBC4C0EB73BC388A3181D7AC9C	8650E101EC7B82FB0E9D16B74FD0E27492F7AD25E7C981D98F14E1ED64B66F10
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E9526E5B430F6CE8E98EFBF7483D6975	EA5C821AE7C8AE56CC5BCC0FE940FA16A7EEDFB0	23C922D5863C5E051198A5646BF3218897A6052F01FD23ECABDB2C7B6149BDFD
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	081D1DB4BAFA0D22F5BFD167C5ADCB77	ADD53AA6BBA9C7CA9C11EA2BD5610EF286A55F38	B843D8BBDC5230D1F3B5CC8D1EC84F66C8081F453C796DF9DB00C58E42F2DA95
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	369E33B1300CC4D4319435F367287B5A	234A59B34F220A3B5A234FC4390ACA43D787F41A	B2B975F607F060118FCDB8076B0FBA424317CF9A1EBE3423162DA91069DEAE51
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E49C79677E4867EF200C937C648C05E1	8607A0CBBDB59F35352DC7E540EB966AACE664BA	DEC11E5ADD529D0F1382373969CD48A6BBF5F23B09608B35CEC7670A1129FF95
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpAsDesc.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4B3D0D31C4BF903F3B56325BCBB2D8E4	B37936DF55324400CA0037BFDCB9EA896205105A	DB1AC12A50EC7C36B145C3B77B8951CECF59E6F93EF99B8D3CC48A58A5846D01
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\ProtectionManagement.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	77C3B930336B430AE38528AEBA1E2C56	2E5E71BD7E704942EA3D386F5EAE6A89DE1B2D45	EF89BAB8C543522DE54A427E12C5153E1D6D42CB5F7AB910D564761AA6893E32
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5D2A4F9BCEE7757238347E5FA4099003	B439F28242BB784CEE61E6EA66029B6FEF9B4167	44ED2AD8C08FA94F256BF02352CFE37DC056FD337F1E7C072034E1C5B0392F7F
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\1A4B1382-EEB5-4D59-B0FA-B93F83A518E1-0.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	231EEF2A33D7FA8B55EB72BCBF3A134C	1B816DC001F75D17AF9B059DB72860D015C30BDC	3BE9657A6A6A92CD99F5008A17238D77FFAE9E53B6B00CB23CD3263F302524FD
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	992EB5C41A8BD2D235707952138C966D	600736F133ACEDBFAC9971AD8107089BCA366F08	78B3E74D0CDFB8ADBE73C6C73A62B83BB21BCF32C31167DBC62F35B266672D6D
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9429396DBA1AD0B5A1B696F27966FAB0	3641BEEC9B57834558ABF6DDDC54CCFD21524D12	573E0DFC9150E9281CDB49F7A04E34828480B0C471100583435E5ECEB9A552B4
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0BDE9245-0887-4D0E-AF72-3F842A887930}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6EFDA0D77491500C893BDF538D2C7CE7	CF94A69D6472F1384DFB82D387FA99DDE57F0C85	A36A8316F9BBA0356DBB849BD8C82C1A4E6C02E24C08BFE9F9E40E7976AAD110
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{12B0E5A4-D79A-45DF-838E-AC01484FC2C5}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F17F75472B4E0CFC42A49DF5E000D3FE	44B66296B186AC6D857FF01EB0D5620CC92820F4	5D63A40263CFF86F62E2E99CC7ACFFCBEC46624DB0EF2A51256B6D345972ABE3
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17206FD8-D501-467A-8461-D4CD16DAE0D9}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0A3B994D55BE8FFF17B31E7E741223F4	ECD655689FA2CDDC5BE13BF215669BC31C41E77A	EDB37DB55AFE72B54BC772668E4DE7AF52A36A1B5A3D1D104D934C4424B60437
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21998843-E48C-4F95-BF9D-1FCCDB76BDF2}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	40DE95738BD772B12A25AF5A4BEE0D34	8B17498D8922047A5800FBB7574B924E30C7168B	3C6E55B517C0CFE773B41A53216C0FF29F52170E737D56034195D387BFB7E18B
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{27AA0E46-67D6-4248-876C-119B366B0CC4}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8154E408997BDFD2E33EC09EF7167EB5	EE61D97A37000481A6148DFC72277283754B84E6	CB8283EB31BFC242B1FD46681879C298DD0B9B6DD9C4F54AC13D25E672A26345
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{298FA87E-B950-4D81-A5D8-7EC2DB6559B3}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F67041DD8D6C6802F733B161E4427814	478E6639C26DC56E311BF067BAD92CCD1D6284B6	6FC202990BCA482CF076BEC57434E00034BBD369FD052419F8ECB96ADFCFFA1E
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{31A74449-CB37-4ECC-AFE0-BB17DBA5F0AC}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C08C263B622129EC0FDA5CF39AF98FB9	7BC3C8247C96781E72267492768B196F650A008E	98489AA1AF54A4FA5BDC7EB732CDB36C878CC35DF9FC4483B4A91798BE292EBB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3251831E-957E-4C11-8C3F-80159E63BA37}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0BFB575CCA99233C6154617210E46781	C1ED647653287FD4F32749A53080A2FCA1A5B704	7A8F6523E7726F89F1DC80605F09DC8AE5C54773B4898644A557D8472BB84CC6
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3658DEA2-07B4-45D2-A78D-DA364921E14A}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F2C4A0EB3E0CB84C4797CC032B29F7D0	D83862545704B3CB1D5AED6A534D24D29843CC18	3F5C5D5D13E7A7B7EDA2FFD84D926997D2FF2E630498DE354AD76CCC2B0E5C57
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{37985AB5-E7D4-4674-920C-57A10432DE6D}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3F5779182B103E5DE170FF2A82735D4D	AE46D598C68C85BBFAF5A78189E58F5D47DD3E61	E78CDDDD3E947C7795924813699569F53CBF8B24665A37D9CAAA226C8FAE7DAB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EDA3810-3491-4E83-A2AA-7EFB12171CF7}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	860B3433F0A7B0E8F385342E7126C3C6	8EFD37504604DFB1F2865884DB7ED8FDC9C6333F	4E1BD647E4B0775CE37B8D66773B5824FA93CC1D3043247344FFD2B602E5226E
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{483CFBC2-FDEC-448E-BE7B-F72AD070FECF}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1A658405633201F8F69D80056E88E5F1	D99087CC4FB7490DABFDCD004ABBBAC949A7F1A5	80105EBB957A6216895DB919078D8FF9D9C670E87326CC273F133297F8E1E715
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4C7ED29D-4CA0-4B8A-A1B0-8771A4123396}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C9DF9CEB6EC7D3981C051C8104ADCE70	4C36BA24AD81BA96C46416D15F0579ADE0459612	8450C456EE14C54839E65FB2DEFB6BBC465BC3DE2FF8A8EB663DAF88466E07E9
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{51F47079-4C5B-4BCE-8B60-6ABDED8A93F5}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C0D589A47BBE842C822F6017575297BF	1659D4DB6CD1476EC9A9458A83B4B7030B694163	AEC50E9CBD230F765AB063B8E3DB7049627E4C00FCEB4497A2E4625D6EBE9782
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{53DDC43E-344A-49CD-ACDA-043ABC13F1FF}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0E5E4BAA4CC4CA2813BA6B5B7B632611	8D64A2C2F2A0BEAF7C63A8CB5F1F45F1B839B80D	CEEEEBEAB7B923D5C6BD6BA334945A90420C918FE72B62A61176EE85C22A17DE
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{599816D5-203B-4199-9494-22E61188AB58}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C4D70103B9AF506E44C1324B611C9401	A8BE759D46824E540AD8C29B391BB1B4BFB1F5D5	5405937DB26FB276E2456904CF2C9ABDFBED80947476D9E07307974CD204E570
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6CD35735-DB6C-4841-B376-FEBE51AD17BD}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5D8F68FC8BED83E71AAC9ABCBD04D930	0FB49FF9A8BA5D4A08504EB4B003A4DD27360012	593F453B373BD63F7E0E84F9A3877A5C03DA1AA449DD2A7069857E2DFE63E933
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7DE9C20C-810C-4780-AB50-C177DC64322C}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F8F4D190709CF003389FA96ED1383C7A	5744FF0D531FF24D2E2B17227A648E0E8BD10556	B010B30296B5332AC25F94338F8CAFF7C25D8F326313FE794A1FC7FDE12526B2
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{858A509E-DE26-4DF0-A1D9-851F87E9EE9D}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DA677B9415A33CFA0BC1E3CCB22B8B20	49942373635537D5CC08031751DFC70EC18B2628	4012C69D9A7D189EF715CABA70BA98042F3474A1B3D241109A171B9C736F0055
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{94DB5E4F-5EEE-4E34-8316-B18D9F37D7EF}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	17495952800CB623895C6ABBC8683098	3DEBFECB798AB1FB04FC2597ADF125A296DEE0D3	3C015976863A46CB2DB29850A0B2E5049609F9DC7E7DDCA34D2D749A2F78A97D
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9A7953A1-9662-4E5D-B006-4783161530D8}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2863D3D8C4E5D0B7D0A9C3981FA3CAE9	D4C6E4FA3D5D8EEDF086BD7F30AA729F0C3447F6	4D3ED9C015CAE996703D92475B791D5A69B872ABA6928F77BCA07F946380BFE0
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A82079FC-3F2E-4ABF-8D04-E3927BD044A9}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0287D0B2AFFA0A5C17363F27F7CE2A5E	80925F3A4368B70CC0D959AD6B95AC52207A87FF	F70C037E0EBAA18373DE1A9156867C543DF8085D82FB10E9B4BB401EE1C559E1
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B4E0C99D-A1B5-451C-8C4D-2FC579C5B5A2}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6AA8C76592B8E647D66D96300CAD48F7	881686D33947136E67581F8358C5094D159B6EDC	0115DDA0C87E74698E34EE01FC7FCD494120B225FA46F5D9A2C5E561538995E1
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BC4BE93B-34FF-4463-AA89-69BFD3D84502}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	403286E3E04A4911AA73B67130913D5F	D1A3EEE1B10C3D935B525E9532253CAFDBBBEBF8	58C7C10AAE8BC0CF7F4C97DA6D8F63EF620A49B9301A1A5BC46615DB3F43C2B5
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C40F71FB-A0CD-46D7-A5AA-0E57C9BA9E1F}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FCE9336349025C8976230E1818C6064D	16595A9F45EF681BB399A4FDAC3BD1D192A0E1D6	FA2659A7B2A611AD5D7285B8F4F1668713C1E7902F47FD36EB110A5C2880FC40
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CD57D4D7-887A-494B-A386-6BEC95671675}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2E87B01651225825EF1E4C905E3B6570	061C60E56DBD3B5F1D116576245E56457F681A8B	EFF4B8234BE6ED383E843153D5E230E0004E8737DA7114308B41CE830347B138
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E2C80A90-4D8C-4F08-A24C-F5E7848A4E51}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ECD453FF57889ACABDFEDB131B762608	5A20CAFEF6FC38CFDB84C0987248C578C6B557F5	7F25FF11B7EF72476B055027215603DF7224DC13EF0D242B50A342BDDDC7C471
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F15AA7CB-B4A2-4646-9E16-EFA5C568D9AF}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	44DBBEEE260C26A52609E5AF5DF82CDD	A1FF2E08651CEEEC6D126A28571DE53B96AD6634	25C5B9A72B229C0D34553E456107722D1E36055ACD970326E1690ED3E0FA12E5
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F360F1F0-1516-4749-8FDA-56C0D526A6A0}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	568E0A8CC5850F83F3720F0E98CB7418	D012F94E972054A3E55A077C5776EAE6CE46A8D6	D8FFFA105860B873C749FAC3534B826CFBE80F38D544CFF64BFE480DB2C765C6
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F78E9FD5-0E57-4E0A-A258-75A481ED8C93}.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FDCA04016920B4CEFF412FFA50BC28C3	F9276A5B815EB58F5D86EB0E2FA686BBD74A0742	CF3AB9B380CCA3182EC290401DC58C3CC62BBDD15078281FD6B0FC7A61BAF2F3
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\9328EB67-F254-48BB-9DA6-3F76F41A0E9C.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9E572F537F6B06D2F3BA0F3489CC4552	B650822104AB3726AC02692D8B6DC1B4387FDA61	F85DB8C8CFDBDD5E6D28AFEB647EF3F8D2BE35A7ACC70DE1096B4814CCF2B5C2
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\837E475F-211F-4DAA-A7EF-B29AE54D6A99.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4699C5DC10649BF0AD70CD6FF674031C	21D6C918098598732E3AA08FACEB52B4A9F9BE9E	BF9D08C8FA9AD5E372AADBB0D64C79228191AC4CC908EE4BD31957EA8C38B6FA
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\0ED1E367-1E22-4AFD-A208-D0061CB0CFDD.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E6476E564492D6F5367EB734AB0C62CB	FFDC0B691FBFE84EA62C0C02CB1C48115933881F	CA2C261F2557D895EBC87A3BFC93CA40FA7422E75645E7B19C0A418B382138C0
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\89028913-695D-4F8F-BCE6-1E5C836C197B.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	19BE755C928DEEB695F78354E945AD27	9D33B5F90EF3718327A95A077EC0256C504F8392	AE9C723ECBE41155C84FDFCF4925B5E4256481FBA6AF632392BB5A01FF279DD2
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\6064F839-A1A6-488E-98E6-64026859F62C.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DC8F7EE0A50DAD2091D904B5DF3773AA	A1E9E31DEF27DBC794011C8A31EDD927F47957BF	082830389B390A538BB9101D52EE00C424C513ADCD78D2A34A2110E0CAECFDDF
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\CC950129-487E-43A8-B5DC-2A23C6222934.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8EA18757A431FC9D0A44ABDA3949CC42	C7B2F0AD7D0600DAF9ABC4754D31B67937E0BC78	E81D32F3563F5030BE91D9DD25463BC09B84415A750DF125ECC85C67D24D3459
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\FD83A2FA-E662-485E-9726-D8D117B311DE.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BEF3DC75B11A41E7B4AFF608778A9C9B	45DDA99E215DED3E51CC5E138A4B3516D374CC08	B504609BE0053EDB17A6EA1741EC8E62F6F3576A209FD47042E42756A80BD188
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\7A3F9868-21FB-41DA-BAD8-070F118AB9C4.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D45D9CD35B6DBFBC1E5DD56B02BAE9C7	1F4503B8195AD4C5E67416469D328B02D4998412	CF4725531C87CBD055B69D59D1643E89B6CA4CC83612B9F5440D0B7D9F31A2E6
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	397EAC78A2444486E2C631C7E85CAD8C	0DD5F062A20E138AA01E0FFC1296BED65CDBA833	376C6F815F8A13CADC5EFF5AB5A6FDA560FB45E12F3DDD56734AAEF67E7E27B3
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CB888C16B77AD7339D2A2EB5315C586A	91A39D8D9EBE35313BC803EB3F44994EEB1022A5	DF43BBD2249F8BAFC899A97AECD23DBA37E9189597BED9F1E8F31C76180D5678
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B296A44C76EA41AE4666F643827EEF57	BB41773981D95B8B3C8CE58175F38EAC825D6231	A968FE2BF622A5B4B32D081A5246C1095F184D5D50682A2EC3C47E6B92F1872C
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	684B0F0B11A38088F59D45FE86C6D7F4	AA82D6270BAB2B0120C3C23C47D7E49E73E3061D	64ABF203C54EAB3AF3B13D7529A87A0A452B8D7868313FEE1AF0E48E2F67821A
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	649670A025378F9D383FDD946A58A384	FDDC7BB9E4221D2329A141F132DF46726F0B90D1	5ADF5278E4683DD15AA7CB99302BE09D83CBFD7B2136CE99C1261DDD0CD66FE0
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5631AF6A0A0115A484289526C6D3532B	90CEF72485373214528797EC3B1E712D58A6024F	5533C076D4221A9DA97E732110D0E7132C390DC0AB2E34AF8DF2D8D61AF09ACA
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9980F54ADE3AF6C2739B8F2346722AE4	2BCFFF479EA6DA27C7D3E0381AB3FAAD3881CC63	415F7B4CF952498723EEBEC07D559E110DBCC28D30D074E0C7564FAF08F0CCF6
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	58E44AA3373F12B1CF120E4828DA82F7	F758469AF916AD466EC5E9F21EB541E5B922C652	AAB9CF26023115F5F73BF5A6B81BCED24CF6BDF50CEC111F0C8ED0A0FE82D772
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2B6B736293287122586BF12D5816934C	2D38A7803801FEB15EC2389FAF17C5B90726D5D1	C69B44CD99DD979F365786FEA0FFFC7A496C9FCB0F54AB5AA522F1407A922ED8
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7F3061B7DDEB1383FC8E4EAAD6B543A3	67B7443638FD12FE70DF3CDAEB20A930DCBB42C2	A034918256F43EE446153C45B5B33A572867A0AA840547ADCC59D25C1FFAAB47
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\A0137882FC829131E8629036339BD1FB.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C29D7984C9A2B4746A956F5307304DA7	2D8065D043181894EE9AA7A0CDA29493097C1F08	E9231DA0B99E914DF73394C68673D395E2CD33AEDF9A9B84A644453A1C8D51CA
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5F49675BAB39D8850F695701D3BCB1E6	7D7529A902FEA67F08157A41DC4C69B050A8580B	1D6CEBD0B6F7F71E53FEB86FE7475424510882E9403C6E5320AC9C411085591F
C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	56C978948FBB4726D3950282DA373A13	8DF0925CD3DF5376B0392ADDE4A5447A83425924	E98CBC3502427870A91CF6BC08BAB7591C54128AF8E7E895DA38F10E623882EA
C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\b7851b46b4e32902708f1f5391c2e1bef58802ce.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4BB33F433D40E6B874B49E255EBF2608	83BD3014C08D4BD23D37D2519A209BC23DE12950	DD7AB84B573EB3030D3BCE737C66678D151A4DC0299F19FC6A3BBC7D8DF35B43
C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\b7851b46b4e32902708f1f5391c2e1bef58802ce.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CB7E14BF1D795DC6BD2AB2EE78C0BAA6	A37EED44B35C5FA12005CF6F688163CD69D1B750	9E66A9CFC91020D81953FB0FEBE9930D61F4909AD9F6063DF8DA689D590F0D42
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.01.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	48AEC0287E968F4CEE345634FDEB798A	7D88BDD333703C962BA831577E1DD4F917F4CA4A	9C5F2C96790474FA74A37DB55FC64F7DBF1E480E20E3AA172787BC27962C05F1
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.67.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	13092EFB57CE4C95E58B68E8920C78B4	952E553BD822825BF5CAB6FC7D936F863F0D3E0D	67D42CA607EE9233F27E2AA63314B1D3184B5F33098AD4EC0EC146EEB54CE3E7
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.6C.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E58A21A6DF06DACB783AE12FD186B7FE	76D0F961EB9E35932FBBE1ABF0BB1C47F233CCDC	956BA786E7A581F6B26E493768AD57DD97925EAAFB8240AF9F273FAAF8296F65
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.7C.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DBFF6A3A4149B15EF63108232499F28F	215E25FBD3C09C85BF1C38C7ADB8F8CB4AC7E4E0	2B6B26B05472276D960A167F6E715D23F3166BA8CA59B13175E471D33CF444EC
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.7E.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9359D18C8EFB736A75454022002669BC	CD11550E15DD691219D037D59A4D4AC01E07AF3E	A8F1C03B1BD4A7B3A4210F6E52CCFFD96A3974B27F9D93B3EF3BF4064F4BCBB8
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.80.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	39F5DAD3D47288BBD124CD64678670B4	80A92A40993293137FB01B1DE2A76D24E52EDE54	88E260224C3283FA621CC0489071645F9606EFE6D4328A359FB9DE6BCC7D68B8
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.83.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3A36797B60341207039353849AC6AA6B	4EB687AE18CD9841D6C7C13CF710C42769B70198	023D7D6D5AD348DE3B748B7BC7038B436AA37E180F65A76269467F151536034B
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.87.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CAC4D9C6582B1FEDA10756D17B2C3A34	C751BEC251E9E9C88C442121D1E238E5A9ADA100	22988943F96511A861A9847107D5B924F58D418D03D54999920362AAFF8C4F2F
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.A0.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	99C266AA278E8329EBA7C9CEEAE9FFBE	29823B2429090DF82D101C7F215F5C554F6EDA8C	19E1EC53A640E7BA208DDDC03BED9D0CDA0A83CE34597FCD35F260222E409C1E
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.DB.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AA516D34821A461569F53F88CBA7BBA5	57226A96C1F49E9CECA768EE313DA1107992E5CF	C702A221AC2419147A29F1EBFBD9CFF9DCAD29446424B4168782C3AA7F1A7777
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.E6.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E0493183961D85DA00E1A7C47CF54AB5	C367B22B44BC9F7F99DE6CB8617AB4DFDF6D703B	7485F411BF8B84595EBE5F4A22237F222D74FDDC63681DCC4F3956C4CE6414AC
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BC064C387FB07F21BD56A9E629554EE7	3FBE721B93818FD463D1452886A053BE024A37B8	97412469A4BE4BCB1FEBCC435504945E4EF787CA6DC11F850F800CDB4F50AB85
C:\ProgramData\Microsoft\Windows Defender\Scans\mpuserdb.db.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E8921C416E940C2DE5F16C53CA3DD7C5	3CD48CA23BDF47679361B420CEF1C8B957FA0CE0	C12FE7673B454A98650F5DE7F4A9DDB9CB45C706C3C47C47A320C74991B36581
C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	78DAD0910503B2D6322A20446687B7A8	0A719822AADA52E6D23F9C47501E3B44CA691F84	B10D653C252EEA20147062EA41D09FD3BED778881CDF3B04CA00AA01621BB3AA
C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DFABE7271E86267177BEF25501D84036	9ABFC6CB55087D8AA3A748ABD10A48B7F545E704	3269C584FEAD14343B50F4628A06FC725E80C4CD7E230C36FAFC2BABAB881ECF
C:\ProgramData\Microsoft\Windows Defender\Support\MPDeviceControl-20231003-122002.log.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	953FB82D3DC845894FA51C6EBAE94084	95C7B70622CC90EB2228892F353E7EF8248BEA41	0DC698AB0F7EE5DF1D4CCFFE7A2A198DD19F22E49E5F63F1588B46C90C0A43B4
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-085557-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6F586244CB9D2205CA7C8EFFB798FA8B	F82B0633A6D964107114FBAC3FB20D8DF1F57DEA	175EDCFC50E024F99B51BA7360EACC938DB6E215FF126B87C4E6698B50048C28
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-085715-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C58AC2279F0E8FED9FFD9DBCA48461B5	2FA53E13016E4983819F9EDB03EF2ED3FC0E2098	4725DFA2BEC4596A7A98D0BFD94DCE2FEA177ECCCD893A7DD2E70A1D660F83E3
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-095933-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A0384F26B7BEE1289AA36704AACD610A	4E7CAAF208EC0EFE6557BC4284AA318C2F95B601	ECA8544D0EB1B3EDB3D91EAC2A8D18616972FA50E4E81CD425AEC3A2C5CDBFDC
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-100619-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	69AC82B88076BBA009DDAD74E177BE56	8A54710868C93D30C919758628E769C425F8EFEA	950C1E12C80A6FB24D6E67A974731C98342030FF69890157070C00AD5722E89E
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-114524-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1032612E962FA92EFE176FDDCFDE3E75	A34BD03B83B6913FEA4BAFCCC411C91A29ADA74A	30D72DC904E8B966F6AF7891498183385EBC371A0FFB6A832A3FB0B937176187
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-120928-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CB0B5D2280FAABA492C6AB71FFE209D2	F3A2CF6F0A9EB57057CAAF28D3460CDF36EA2AD4	FCBC6A3EF78C4E5B81AC94EBF94529189291F96FAFBDDD82241D52A954B80229
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-122002-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A04D5B973A52CDFC43743A6FD08D1BD5	828962ED469D5AE33B791E6AA9C9215F2C3F96D9	7FB5171BA21779C9F53B8F611E1E517DD6254B9669168C28BB427C831E220523
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-122008-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0842F4A530778E5ADB63133E0FBF35A5	B8A167499631D12BD3AFF3DA1DDD0EE9D8BBA67B	D6EE1C11340714B3AB371914BC79D1F0026A6D81D708CEC7285B69A6932CD8AA
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-125143-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DEF6CB0930FF5A97C7516DEBA82E2E62	36B2503E8B2F716619C5B693CA95F400F3A3B1BC	B465F60A109F263F5125F423F8AEF8A1C37AA300712B36E3DBAA18CAE9A86635
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-125718-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BF5A2FBC49B11764B26756951B726874	ECF4F32D738C2B7DC2C94373C55FEE8AF6AC6093	05A3230BE051180B4E1B2F39EBA43E25394C82F6D218B8DD8F2438110E06A9F5
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231003-131119-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C9F8939542CAA17D1C1F446BD357A3D1	7914DD07E25B96052B4E1F82DC93028C079C697F	87B781FB6E1F526FAEBD01BB457176D9D51A3E04642C5F5F5EAC927E92C3CA3D
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-092824-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5F01932B4629A0E053FD7AB48420E5CC	0A30B74701159650B7FE432E71211C13318FC58B	3C8ACD9E2C448204A4AF19E9DC45BDAAEF792711234C030D10CBEDF93BF8A4D5
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-092851-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1DD8DB4BE81F60FE5A6B8E6F048F842C	3C896F60ED71D2728BBB0F53E594831D4BC46170	8BFC3B4630E1E939D25E8E99783484D350C41D88466215EEF9E8C14CAA2E365F
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-093351-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DF259457B988326F84AE388FDD0E04AB	1A39AE07005DA2F6D5981E4201FC9EA56F3BDB57	837A6651E8AC6255AD8E9C03FA7D2CC9868E25940C7A9F19FECC02F8F5BD0D94
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-093638-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2F077DAF230C502EBEA97A4AEF345EE6	6301D2C7B2C0C6838DE07A0262DF15FD4CC91542	69BF2CDBAC1816B5AB78F374E8302A7DACC2728CA077DB8B9709D3E44DD4542E
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231004-100144-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	949391C72AF74A66BBD32AD0EA78075F	E34E857FBA62DD19BEA8C496696E0CA00F52D60C	7CC748607699D77EC0AE1AEF348D3D26089123B755DDD3FA3EC2DD0FADB9A531
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-071309-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0C59E07C47A391C78EC8817712C91741	E1CB40E7D4492BB0CE671154BE7C617642ABD760	E29CBCA0EB0D5801D5D9F02C4C78555411EB90AC72CF65E531742B28E8CB9C42
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-071726-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	31E4D2A4A58D34C47A6FEFD6BB5E14BB	59CCAE5741708EEFE8D41B768EAF0C1D2B4F55AE	F4C3914D1B2D12A08A1968536794AE706581B904110E6A6A6323976D2635C1F0
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-082259-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8301BE66BE005D31E4080AF030B91DA3	4C5033905327C5B1CFFC11FAEA59F1183910AA72	890C57AD3BA6B40296E113597E4C6F4C5AA9E333188D728C1C17ACC4A0E3EB14
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-082301-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CC1C3C95B1994FF42D25857DA8EF701D	368B2B5F5C8B42A249C429036CD3D785D66964DF	50D5347759CC95141A206F383B4766407849AF8EF29D41CB5A233DB6B0AC39CA
C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231005-083136-00000003-ffffffff.bin.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	873A872BE4A59A379CD8BA94CDFEB22C	00A6962E181B94EBB46B7D66A7D809E22FB5CDD6	23E4058780B7242BE55405A02516390BCAE507804EEE62CDFD7F0E559A611473
C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\confident.cov.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C51D8A6612146571E9BDC7B47383C0A4	96F9F85A7B3156AAD2ABEC626AC6BA34C441657F	48F4AAC5C68DF272D97A9D43DDC5BF3503F96151749633225E4941CCFC0E55F0
C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0DA8F5C76414BC2ECECE73FF3343E6F8	EA3674A8487B6DF87E3D35CE7C8FA2A280E73B16	1843F706A26DA62AFF9EE0D36FCE897EDBB449AF67A2EB7F3122408B3F1799ED
C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\urgent.cov.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5815EE4339682A9042DD47927CF7E1F7	7D587D68C8CB65D510D7BB045F5EEA8C11E5B43C	02B51BC365F6AAE820BB3A43D2093634C1FCBB550144B8BDE228F616708E27BE
C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-GB\WelcomeFax.tif.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C063DDD8A0623C6B5DDAD80D2FF36907	3EF25B52036445FD62FD53037A2D2B9A4D2BAA50	777BA80454B56177C8A33493A569D8C2F7C97D4E2ADBA19B3B9DF7694B64F54D
C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	747584F33FC410C5AF34BCBFC5822FA1	43E255F674C897E9C1EA49C4A9822B04008BAFB6	313B2A254F204BFC9B4A53996440241101367EDEE6F81D1B5F8142EEFC425853
C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E3E11595A8D4B83E8FBB1E0BA60C215E	CCC695D84E6569DB0DC0F75755118AA675C357B7	CEA571299C05B15EF331EE6AF5A49F41A3BD38CE6D08B1C3575A7638DAD4EC61
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BA5F849708485281FDD459D1C0E424CB	A32A49DB942309FE949AF892E934176CCF8F07CB	E067FD2C3EBEC343E630981932772DDAD26F15CFA6A21B233618EA2EAA9E0141
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	96DAB72A5400E03A1C1AE682D1DCCBAB	D7AE22E6892562F0373EF28BC4E9C88D4749BF0F	E6E41CC24B3C14B73B9C3803FD04B7FEE8F8B8E641715193A4B465CFE818A358
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F2F9A2FCA822744C082BB4AD725E0F2D	8AFC5BE435E0BF2C62549EF5E0AEF1F715E64F43	B0299FAA150CAE3F29EEB4014574DC1D006AA5BD7467CB4DDD95E84FF85E11CE
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2B241D5810E100A4E4D5507AE98E8A1C	573ADFF8C0D67B834867FC04E208028B2B6A7B04	CA64B07381F2DD1E26DCADF040F6423CF97389E5CFA4981CF372DF88FD5E3419
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EA87369DEA9EFB998A1F2C1DBA72EB06	EF7775DA071E186119E07B4CD475D73FEC9F102C	166E7BCA56518780E79D378761713A53693E07B3C2157322D901608D56D0F59C
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2F0729BF57C644A1A537F845102A6C79	0B37703520D77BFB7BD4734C5BB77BF33BE9E705	5E2F81C1A5CF680920862B86FA4780F0CB1BC9625EF00262172A1C5B69ECE53F
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BFA1C49A7956DD6B1B5D66B916FDDB8A	16F3D8DE4433E1C85925D2838B33404C5049F716	82A0BF576FF54CF2FE908B9A0B076F503FC2E01D19AAF10B88ED5C446106AFD0
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6EEE2116381CD73252DB2C5414DACB00	7538D48FDBAD34DE3D486F79085047AF6685EF80	D126683305460F7742F2EDBF2412111153EA3E39E92149E4B31BC081EE52A8F8
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8F226A8C842AFAD678FD9C5C5836968C	938BB6D0D8A7B1E6181555597C4A03F5EEFF30A2	3395594526AC12662910E2960B94FF2216FDC88332A29FBE85308FD7D158AFE6
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7B75CAF3B69A2156511F80777861CE55	B4E82AB9FECC2CCFA29FAAA92901CE9A1E044750	E2EE9A077235BA22312AB3A9C77CA8E78A570ED480770ED5D92303E4B3B4F890
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ED000EFE21126A9BBEB1EA634C54DB9E	6CCD9B3BE3C2E265874987C4CD4459BA89FA5555	ECC0347B3D3C56BB422B77D204341AFBE9C05E7E8FA976CF83DB88F177A47DE1
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	707ABC7A24BAB55457EA18ED866AF2C7	C4EF783C7B03B8585A6EE7C06ED12252CAC453C7	44E0CE0FBB2147308863E4DE60DA98E45BD43D95437FD2098890B43F0E4A50ED
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	507F04784607EE5FC594D394777A951C	CD622E517003CF30742FAFAA8880913A38F2138A	BD97F79BDCDDB8A33A30BB6F3D7B243E9ECC53DFC2E6D0A3EA58EA128F6307AB
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1E715B7C4D65F32B2732186660D75123	B8CFF7184853C3E8F9FBE585BC3E2974F528C269	904386AF226A447FF046E4592E545CB4F603AA3AB205850464C91091BC9B3800
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	98204C92C4A7860DF168AC7571403825	D6C52C7FDEFEA63B4B5C9ED3848E59853DB59593	252F0AEC619CFE6F799DD247D255042B037D63EE088B63C6BD1F1FC02C8658FA
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	71F8145DB31F6F22B06AD274D2270EF5	F2DE7B13B0A7F6011034459E0CD24113EF0B2964	2615AF37E3F1C79163BB2166F7F294FD4A29D8762A3860B8301EECE49FFEB221
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\26943e1f-42ed-f190-2895-3bc2b8c4176d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E5BF5B21DD92C5552A24EA8AD3EBBE3D	CE798808F815C7A08D7E4AEEC6DEDE097E23908E	FEA68B29462671E85DBB21138A26348F032B87356A2C7DB5CFDD055437D6F805
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\280b97f1-1f94-1458-c842-d18e2d1e05f9.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5483B657BCFEF00005DCB9D6F2FB7E49	0FE605E6E25613BF6380361CF507CC927D55D58B	15B0B9ECB1B8FEAFFCD6A5B4C8C104DA238CA25AFE04358378E47B0CE4074EFD
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0AE3CCE97438743D6B922406A0F4ADF5	3A3FBD48C82382F0CA4EBE67A58B9204E9278A64	F9180246430CE8CE87302F363D225E4BAD1409ED50F1C78B9C02BEF218AF628D
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EC387F7CE6777512AED0B7326A7DFB81	591503DDAACC13CF62B74C421CCDE76D85D28EC1	40B446BE843F625D0D5A8CFDCCE3A929B857A18D42FB6EB1B9E1696EB5435C95
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	77EA82167651AFE50F7CB1FCB61425B6	8C7E7FC16C20D3DA38CCB34AE18EAC9BE3AC85BE	20EFF955EEA6640754E454B88E4EDD427CB3DDE5F25BCDC93613583DF048E80E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\292d761b-1fa7-9c70-1afd-c2e4040b6577.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6305DA6BB324291CB37E86D07368DC52	92CC2884242058D2BFE132E1990706B18358A575	9FD586F0C3EABB59D8F3567697A894B9A5D2D48F1CE77B9F30645A8709EE24E7
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EB4F925F1FCD90979A75BF5219CB9D71	29EACE6D30B58F0C6B083324161795F662BBF319	22DF912D693AB22D388D2C8E95A816FD71FEDC41B2168DFC3BE78594AC8EC1B6
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7549907084012F29B509692B773FA071	2A95AFF450858DA93457938CAB1969D44444933F	692C352C501B509002F18B66888F671E2B70179C8516292844F3E89389C7B3A9
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4DFE4FD0D16671CAD462676E33C18241	56F75A520CA281249295219AB390C374E5C25C69	BAFC43F41BFBB0B0C1AD9431A8C4F372D5C76A4E03CAFF6860614DC03FC89C09
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	78F20FAD2ECC2ACCA5819F948F6B77FD	FB6A8ACD66063743397433A33B3454EDFE291A24	B75310B7273A4364CC87AF6EEF7109E52CC69DBAF660732452A63620770AB500
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A48CEEA4BE42987299C4EBD110B771F0	95909085442B37E38C7B6FC8C0F52DC8E787C1B7	DB72AA5D829018F22F138002D4F3BE025C2975CD417CE702FC20807722E81D21
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\42180d93-7e2c-7efa-09ed-dfdffa034b8e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E55D05947A6E6250F65710F261BA8073	517BDC997654712009FD0A31C84A07CC9E9F2172	2E3C43EC97B3D489180CB120827386492982866E9223777ED0B5D4292B4788FB
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3F264B5F95644914A6745CCF3F5002D0	6411BACC0146C9A504CA166607D602E3621ACC0C	CA1D6389569579D1FEA421415835E4A17CC0CBFBE32DBFE730A9A4D77E13EECD
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A4E1834EE6F80EA15A8BB4F626E38DE5	86509F23003035CAE6FCA3C571D9227B5764BCC2	3F7665FE1219F8738F5FD5ACFA4AD2DAB334697C7283D65DE0C8E3F496EB6C19
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9FA0F99419F5F4FEFD22B08D041CCF52	5C7A5A778F4DEDDB3EB2BDD8B4A62AD1CA144E8D	3C68EE9746FE558AECE9A6A082D3A5EC32DE7AED26C6762370ACDFAA36C864CD
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\517cfcaf-138b-1796-2cea-62892204250a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	CC7085A1AB5EF3832490F7A7F54DC049	5F6B967A182B534C8BB1E1FBF8F07C9433AD8D08	96CD5CAB89F5E527AB31D440743B35203AD0424601C532BF716F236BD797F648
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B015C5EDB650525203FCB62570202F44	F115E5375F317743897AFF429146079B8328261F	F56522AE5C0C07A2078A6E21B97AD59BD8085E08510EACFD1B070562B2A4A110
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	48B5DBD8E60CDCDFC93425E4F2311542	8D53BC50F86508E3DD1EA50D40D0ACBF24CEBAF6	13665C644CCD50ADC13738825B303600A45A42B15186DF0E96B2DDE737373F25
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\5c834b0b-64f8-6383-854a-915ac7ddab77.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3F81EE4E03940E0838769E656C51EF7F	9EAF1CB35388ADF77CE18D269B323D16E8D61AE5	3ACE8CC4BD0414AB7C72905EC5A440EE28DD3ECEE25936A447478AFE0AE5AB63
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	189CF2BC41D8704D813D87A90B8669D5	03F3544178C5E6CFB43C423DDEA9CCCED11711FD	EEF87A7689E1F3A25079E643C35E100CE8FCEDEE7B67C63DA1CE2A32C0C30298
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0FE3ACA0718C2DF00CCEFAE39A81EFF0	410F108EE74C85307171560574A7F2E29FC095E8	14601811F158159B95B194D5B054753B8220CD12C83B7D032EF1E8C9F5AD1637
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	70757521AE2C0764001E521827F0E521	1C5933F01BFE544FEAA59C5A106513A0B0411537	5917C517DA8B54873F2D718800CA6A8906E23B34FA6DACD0C6DAE03BDE8FDB3E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D3B3F151BE914A9194B1F2CEA46CB001	3EBC57324597F5AEEDAA1EA7C8D56FBC660C5084	D593574BB2049720A945072495247D4D25DB2740A18E95BEA923F6AE33BD34DF
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A391BDFBA697C4AB4046762F0B18F47B	36D0E7B2985D9C829FDAA16CB24024710E43F3E9	0DAFC86D12E590AA7F67B0FDD56820E649C39A417E6D041E9DF2D0C0EFD3BB71
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A4D6EBF07D6231776345CFAA3F4531D5	D74CC1727FA5D2B82A8C9E4B8AB632B9F719C778	5F68B1B5139534C7E227B2287534D8DF2F24D319B6E65A21D63D8D119D20441B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ffa25dc-c89d-3de9-3601-df09bae65a75.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	96B61D1FE92D25D123236E2A9EFA4FAB	B400CA156CA4803BE01669EC3250195413EF2A13	3FD3CCFD65ED50C3213483FAF5D0B2B0F4E149A9C1DD973037199345E8E28CCE
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0037902AB94AF4DFAB0153E6C0613845	BA424AD148EBAF52C7C06B8E85045717942C782B	EFF1EB7E694288E23887475C1636FDB46DC19B84A57F8D355F5FCD1C6BD76411
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1D3FC6D7ADC06073F0E7D26EC8320AD9	FD91F9E1ECFDBCF2AA96B57F2DAA74E477A0841C	CD88661D1C2B0A48B7BD1A9B1B4876D29B1C5533B486AC9F9E893BB55CD9F84E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FA5E1869FD55843D781526F0424D4952	C45DE2C4B76FBC703B0C2C2FDAC4DDF54EF5CEE9	B0E87189705A0375DCE6FD7B7DDF204890E973083EC4504F70F7F4B0A541621D
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A0AE074DA7BC15A21960BD5FF8DDC080	DB888B1CCA12F6902A3F0FDDD2FDC27369BD430E	429735783B7F76ED9FD4191D288BAFBECF422D6FDC1B06AE039E74A1622C9889
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0AE35EF1ADDFB885EB8F9593C4E2F7E5	FD48AC417792830197A25AAF7FB392F8016CE681	E0E1D7FD8CD7EFCC29ACD810A8C152A4FCDE83320668A9DB8EAC563CFCCFA859
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8EE4797785F686076A1F8458275B2A84	093E8CFE5EF4F8C9809A6DC4FB697A56DF057B07	8F5D2ADDF0D4A608F663528601C713EF15B2D49D53C534B53AE50DEEC7DC6150
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5DBF8D5360A6F5D699FC10879A2DAD17	83C9B225A7C2E8B7D6D8DE2849E64B4C098DFC05	C5F63611FFC134DB54A20FDDE889D6337FA6500073769F8940E68A6CD0536649
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AC9278752A1DD44EB063ECE2B324AE30	59227ED0D4A4885B824BD86B03B9DF2D5F69890F	696E32F03D909052681506BF26DBB5921E24908D7407F89DD9E5466859377C3B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	911FE2E6796145BA97F6CF75B35EDA76	CA3BA9D46ABBE8F00F43257227892B902A356F4A	C962B095A7A575D49314138BFFE99322978E780C9BA30EE7755401EBEFAD9C23
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C8521F9B743C5C72C1BB8711494F77CF	C6FFCF9AB91170A1DC7CCDE3CFE4CDA251C4C2D4	F155A145771C2E9A7F554450F54E881615FBBCE999EA2222B01528F204EB503A
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F765322D8DB123E269A0291D37DCC89E	BA3884DB6A7D618FD9E72ED2EAB060201197F8EE	FBE419B8BEE16F78D9264E44F04935B874EC3EDED5EBCDBDC37C7DD03FE83F6A
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D4C83B10EB6BDA118B626F4987B2AF47	F7D6030D6028A0D026241ED7E6F1BEADC5F9317A	A3F684BBD6DBCEA9CCCB2D6EA8B3A865BF8B79734BFF96025AE04E1178E5FE17
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	563D874790B0805A0007E124D14547AB	77F679D561DAC725AE03BFB003F9158A1342CA65	E89F49CE33880DEEF1231225EE5DDAD2B25A966BEA00F984975953E4B1204E4B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E528A4043FB0D03E4A0A6041A8E1C448	19425CD5F3E9F28759B07F963D13DD377AC5CF9B	0558898536DED11058B670FDC1E619B521F716D63D2DFEE7C2552E4CE3BC3F50
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6E1951C115C1508280F239054341016A	A5ABAA9A9C8C2561D5D2A0745775A770A6FD5854	499424D0370C699D53D5ED263CE3162B3BD2FB8AD9B571A1CE5182C359FB04D7
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\91a5b4c7-29a8-ec80-4321-fbecea906705.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DCE6461137304F67DAC9A2DFE664C901	51B59BB96EDB58487BB928F9426ADEE1ADD91F8B	584ECB99FF7CB2C9A691E1D0DEB09E353A908764D94365DED693D89DCF06E078
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2AAC15C5DF541D6923C4026C4B9EE8E4	696458EFD87237421126AC7D8E3911B27B0D1D36	71F0302F748E767BEF51443E855043774A6A3780F08218BD31048C50DCE82E4E
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3B58CFE88C0C432B3BDE6DFCB8EE1719	0D8CA6DD8A91A6BCA3F184ADF535B04B0C5E3E49	3074FEA69491343C423E02D2691CC163773127E8C485B1FC7F44B7B314BA0E41
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4BCDFECBBB6EE0305D2FC821AD9E4636	999AA89144D4F9E0D99974C08C0325DB683412FA	FE4CD5A5B7B57CC6B1C947AEC5E32201D06CF5041ED7897F5F68FB3149BF833A
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6EBA7BDD6E16EBA70EFECD5EF6FB45D8	6C6DC3FD62B3D0F52A86CC4946916B93794C3665	11C1EADA477915676F76E203E0736F4FF0B59532772DC64EBE634322C1E4E211
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C53A996112A914F3E68F99A344944562	C20447FC9627C11CA65DD1D7AE72442FF31488DB	DE73FBB8F06DFB184643D47833C594D325C18B053F5733E0A663EC1CEC17A23D
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3534D967114AA8C98ABAD040F142184D	2EB0302E2F641FC99581121D9881DA7659FB7B41	A028634F2C6C24F2D3B00A3FF446D7EC8BBD159514923BB0AEE209AA4DC242A4
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E99EFA8B6F4EC9E0D68BDE241FC98ABC	B29F4D25071015EECA65EC89A19B475DB31D205B	9E1FE17024DD42651FCD550B4EAD9EE06F8436964BAE42D87EC8355FDBCDF754
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E359294A436DEDC09F1AD231CB9493C5	28AF87D94B9B84861D86CE2D2FC689C2A8AD4C49	6C16F5BFBFD18C7ADEC4A62B5DCD1F6D0070BE5803D2D45C7D3DE4C7A7E021A8
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FB5E19FFB2DD4D39638084D5167DCD46	6635BC9A3054181DF2DB925AFDE94A6670069337	2BD72BB5B36C3C07F2DAD0DD36DAC52E0FF28FA444DC1CD5A78B0826D2E2DCAC
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	63A7C6E7EF6FBDC920A90B91A2DE3BEE	89EA4F84A31AFEB7EE6C907DC6BD739E005679D6	E6B85BE51DAAC1CFF9B295298596BADF5C426908B79EDBAFFA41BB5354B91E18
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DBCAA3394BD34BA3DF2F910764BA9B2B	00DAB141745286BF14800D4A5FE0692749D8159E	34B78672DF61FA762A17AE0DFC2AF376F89B42F09F0FBF98DD93AD6168BAB1B4
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C0BCC93BE5D4EE92BB7FE472B7B5901B	CC878E095962E6A31E8A7BC9A865C65D0F37006E	18C086F8032B9F29A6903D903B2311857777EB9F87E9E23111E1D6261069D184
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3916BEBE2CF40D236252578B8D5B100D	747028EB1AFEF00C7727BE29E558D0A08C78E7B9	87E5209FBE41F5B8EFEC12280F0E9259491D56311E7C7E3FB63F04CA6063E26B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5F982AE1506B4A2D61B5D8DD4316EE6F	DFD6A7AC86AE692B293831772F3C586D1E2E43BF	A0CA0E1B5349900E463ED120FCCE039A0B5F19048430901858F3A19C09C0A1C4
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C4E42D29505577AB56BDF9D51B64B8BD	D1D4588FC351781DFE51998B5CCB44E57BCA646C	AE5A4E67B0422B72689DD06C12C26995886776DDE58BA5A71A7A4F17D1316B09
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	386FD313F45C91ECA55B9D4D3FF4FF0C	F07ED596766271485DA9E29630EBB368CE446938	AC0A33DFE38D9C8D1AEB113CD87FCF2E9DDD6643C75BB12B3DFB63795F4BBE3B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	39C1C820C4E34102CF8C9E0960A9F2E6	779CA3085DAE9F016A77C340F6E3C8C9CFA0D2EF	7C8D0C5A555E3B3AB6CC765315A9B37BC38D45D064B64B77AB0EA2BC7584B1B2
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0D73865A196E6C1AF0CCCF5280A59428	CE22A267B5BBBB31266907E204BAF2A603A45D60	F4E131E54361712729763FB204D6FB1B1EC90AECE771E296D9CEDAEEE969751C
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F00B921EF2AC728EC749152C0999E691	88D1034BB81137D4AC387BC13485E1E0C81100C4	5A117BB0F3F59F963AEBB96256DD6B942D7EDF7B3103A43D3B6CE419FC515A2B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	14BE1ED07D7592A25284141FCEEE096B	8B3FEB0F2AC9922D99A5E22AB0578CE8D6D40B18	F2314BE2D4E5AFDE6EF9BB33BD9CFA0D9D0C12FF45B9656EF2B7F306431913EC
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4EA1F7436EFA7BA479AF753E63FEFA1F	5550F3F25A47EE5175E3D7E7F9FE02C859E53592	62A12003B0BFA8C79FBECBCE75AF6AF546278F1CE27A5D36B945958EB2EE2AFC
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2AB9CB342723703EA506F0CE94BBD812	6BA8412DD3B0BFE05281B0F647435E2DF4B889E0	0C7AD5775BF701067E1D83E9546497AA041B02DE2E919949041654A01B32FF4B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	83605388A902FB7896B3AF9333F1EA1C	BAE561A69E462A07C078A5ECFC516A4F0703F894	B45564E23ABFE611099EDBD4AC29A3DE33076433146A0A820185B8CC2032C0FE
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B4CE49FDA3F14CD787492CA0766CA6E2	B31ED0945F65937BD475970316893EE549203AA2	4E0118E058F54661F9A362F211B9000DBE9A71F13E7F6763241BEB1DF00DAFB2
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4E673FA4A9532B0446E692FE53DE421C	04C01AD363BCE533A075192FD43CAEBA3E1CA0FF	C751AED7543A8C45E5F6F56023C8169A5E8278CA6DBA9563AF101E9234680DA1
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	841E72F975E797686F13C4503C273057	3BB604636C7E34D51303EBDF5F3CD66BED2E7285	C73D02ACC44A3FAF75B5CC5858AE38DD81BFF2FDAA49584D7D2E156037BCA5DB
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B5A5A8FF50654A4AE6BE12C933F743D7	F5C02409F3D60151846D341E88BDE769ED3F0A2D	FF19D7C17032CBA2A852A5A52358982FA55DE79E2DF78F0B2CB1EFB59B1FBF84
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FC2D838F13F1454BF7290AE9BD847D80	E7AC49687825F43664AB7487434009C18326EDC6	D19C784DB0F5604120414D375C05AA48A2980E89BF8866F2999AC6A53BC3AF2C
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5DB8CC9FDA4DFDBB079EA68FAD58A60A	04C0246142D40BF4923419E4FE7AD2E6B2D21C60	71F49971E2D2794F5799C35DAF81A55F9D2DF05834E432C5921E6FD6B506F1E8
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D93C5E480E18F7D31C248328F3256D85	AF1AFE3E69459D4960F14F84C78C1F84708BC1CC	1536D7463CFFB75A483CB1E0FD4EAAC9FA3B1CDDC24533FFCF2372CC8F2F0EFC
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	505DB5EC35C51D19BD77A7C1BA288343	568AC9F55BDB5C9F18E5E83AE3BDAB75514BB521	85373FF77E36318E439E1E5F2CAF4ECDBABA5626A2ED697D1BE7264BE3095B81
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ea39969e-9808-10a2-23ff-be783a132fea.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5302A315901510B2E14E3318E32D8B62	061038C01E227A828E509C1EB8FAD74A8805AE5E	D2A0532BF9F7DFE2EB29F1E03FCC56E8EB21F55F6697158BD233682ABC7A8201
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	984C05533091C022014C8059B864396D	D32B97D05A7B1BD89CDC84771DB51C5CC3FE2DE4	B15BD17EC2B400F95ACC681615D6D2946AAF4F6D2620F60FED4782B35C7BB567
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AA2F2D33AF48EB5B34F2E3CF67BAF931	5F355014A295F5D0DAD95961C80DC198DAB622AB	7F5413965496CC2086295AD20CE4403DD878C877C0A6C12148AF888B0C9F6D0B
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FA5AEAF1B6FDDB807CB167A4F93079CD	EC0F18686D827898AB391559AEAC92341390B5B9	70FFF00D46901308AC86B1E6BE305B761C9BECFB4DDF655C37A454585FA9DEAF
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	783F78D0303654648A5BCDDCAA307D0E	4F1F4503DB274B73C48B904AA9E360A465D4140A	EDA26DE434AF8CA26A3C15C5911F27229BB508D224019A1B365564E56DE44B72
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	28D50CCA3B5998FBD11697E5762B694D	680ACD4B2DF03EE52F15DC0B3D1330904569D24A	DC6D5534F7CAC139C0672E0EB56BD76621165A2A664372685B9E145210C74F50
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\KeyHolder\61afd6a2-d7c3-8d25-36c2-0c2c47e3aca8.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8D7CE41A416220793BE1422C32386BE7	109133D745611FB7559ABB53A7B185AF64BA8D01	1F5D01413AB7C1A92E899ED8B3080FED64A6363E5A61E98C91B5AE9CE85EA298
C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C5AECEEC85ACCE5A29A8215F7DAEA6AD	C63D09606D7C66770B69E6EF0A05B260F859A85B	848279DB3065E6F5818E02F6E8179624A06789788F51CC6428F4B3D3FCB891B9
C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A138604447BC9363969DA39E1C08D8D4	068AED11ABDDDDD760BBB7A161658EE75DD581ED	30E0A43AD3458923D1CD1E6ABCC700F35BF5D0F29F787D0D9DD9300E4A1BD9BD
C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5DB01DFD79EB2384E3937234FE59AD82	F7C85ECFA782AF9AF779442E666705EC849C613B	46B84A47076589B20551A89E921FAB55CBCA475C2AF0F6D9D8059E0F1591BDBE
C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1B1DEB4DBAE1CA61FB67A7012957A43D	CA13FE301414F687D18B53723223E95581964BF0	C0E20B9DEE27E4B14FFE4A057536E6ABE56ED7E9F7E3E2AA4F268E3F69B5D67C
C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	381C7B725C1DEF01EF1AFA42BD64CEA9	2CB04AE5ECA6E642BCE33F1767A17BDF727224B3	459DE352C637AE9A7A2C822C2A6B9904EDC8372D4973F65660284C00121E2733
C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0BF9D650E43A461CA6F7114078745768	94797FB3BA93259361622063A3B5A835FB1DCD6E	90A876AA87F5C12E9CF6A33C17E52EE4CF606602556E49649A70287F28C17296
C:\ProgramData\Microsoft\Windows\OneSettings\CTAC.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	09C56E4BBDC5EA1AC288EAF08C82A311	CEC38733ABD0C1129F5852C54AC90FCE83BE6F84	C1D9464C91BC61271AF1CF8A98D03823C5E0B3A0D14023B6EF6691B77ED309FF
C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D181E7C9FF15E6CE85556322F2AB74DE	1D9E17A5D0F3EEAE5CAA6105B7BE2861D73A0678	6F69ED26272021D06F7826C5990AFC7208FFC5A1DE548EA7912E9C95FFDB2F06
C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9DAA83CA64101E8A5815B872899F5899	0FBBED93AF3921CA3BA11657240B3F36FD285FC6	77242B731BC7991890C05E44F1FACAA6D1E0C079803836BE803E82320A03927D
C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A116F2F12E1D089D65A1D2C357CE0366	5302C407D63D60E432F276CF3D12DF6F3D4BD2F2	66547642D6F8D71E1CED8F4AF6673B5971A68180F1995868E9117445FCB2001F
C:\ProgramData\Microsoft\Windows\OneSettings\FeatureConfig.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	64AE83DF6F53E6B341BF8E8D69B38BAB	F696BBAAFA078877A9661AA3F471C67BD240B0A6	B59ADC28CD313EEF2ED3CFC002A41B4107E7A94DB42BA0FFAF4451D18B961999
C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	764DCEFBCA036E391B374C4319BBE2FE	17324F653CFB2380DDC9062EB18A18A08289D2A5	B3061A5C2DD8561E922409995EC5D0ADDFD8A238A45F3F3BB26A7C2F8049D1AF
C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	499AFE2BFB2516D7FE932C8FA1A53D91	1B0A49008D5FCA6EAB347BF90CB288E234A4B6FC	9C7710767E6D583354932AE8C46620DB1B5DD97D925F6EADD902140CE5C01CC8
C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3724F7E7BF69117EB182F15D80BEFA95	0B9C7A9500D4B7C2FF0F4FE3BD2C5054A8596F8C	6218DEC0F2B721E29A836EF2C73DA18D4A872FE326A57F6D6B3308B4D319234A
C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BAA77BC5F75C7F12F96BAA8BDD0CF039	1B6459A484345A590A8B1A924F7736DEC443F4E2	72E62C9B9A5D4762C24E8E68E3CD923FBC8919D9EC75BBCF40E47EE893CE11FA
C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4F9FFD464F160D5B4D1C631CAF802767	CA48865A424E1E982B375DB09A7ACBB6F1B1B307	150168236E43AD76B3A30E5B66A7915589F0CB044ABD66CA2EB0C3524650FF09
C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	79995DA4B2D8B2A6B280B1829800C88A	CE6D6C2F149422859497AE893DD825B2290915B3	E350AEF0DDD8E00B94B3B81867060D47783BE7A656A07D790DEDA8678D7AA398
C:\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0B75076FC6A5414A2BD0800EC8BC2B31	8D2B16F776AD249DC27F055642D6605FDD340E1F	AD05F755E4AB7D8AF1C3CF1EEE49B3BB092822DE9722427812FF8F519F77C1F1
C:\ProgramData\Microsoft\Windows\OneSettings\config.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EF84EA03303071FA48EB49A2AEDF75C6	E130E1AF64154A20544241D5CCDECE490FB81683	793479C57943281D598441C7868D510B1EE557AA0FB4083BDF59201EE863438E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F8244FF4C4B208246BA7FB13A274CAB6	35B16EC2700E5982E436E66447DDC61354C5FA3C	53F930D67A3753374E1F1F1EA17FBDF619802844EB70C936FC194D52C8084667
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A69072582409CC860CAF9F798855B7BC	C03714A205CC6DECBBCB8143069D67698D9B8DBC	00F5CC356533F1F9F62F36B6BF70FCE4DC9FE94BF55EDDD1F54A11F826165B19
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	16B9977745B4032A8DD068B1BC5C8383	410E6F2B42258300C810F8596CFBD40918386D1C	38314163806130FF6FA0BFFD9956E6C4454C216E94424F153B1AC340E6775E35
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3CFAC859F8168E47D7E281C1487C2ABD	D7E679DF5315FEDCFE9D7A212DC5DD93FFCA1DF0	3842E51F89E89227ACDF25C94E0F84BC47FFF0AAD3EA9F8358F0AF4F714FC408
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1E1C141463AB1801747B1ABECF63EEB6	4E8D25451C6C3DAB05FB3DB2953ED4190A287710	86997493AC3892EE9E7F08D61717A708ACFF4B47A179C619A224901A7D047929
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0E96852CFAD17B97B7FD5AAD0F5A91EE	A568CB0798BCD7AF92DBD3B14274D998552F6545	F7AB01EB9B5C5D37F7AC74F8A61D6ACDD318F0E1BACDED13D0AB37D9CBDEA9DF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7EF84BA3C66478EA9214F6F6554903FB	10332C2398467AF5B711CA63D2A4816871D4A5FF	BF02F05D8FA38E7C579169264EE2D5B459F2BD7B12C3CB377AC115FEBB924D45
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AD5B159876B393739A777635E712E38D	375BC337C02B044C9557E532D2D643220231A7E2	9206F01048F13F8B1A171A2A5094D3EDA6847FED1D63967D55972F5FA3E70AE1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E8D9D2670606323F937C1DD79AC9E8F8	F41197CD93900C4B39CEED13B25E00B237C9483D	B2D2E8619AD704D1FAA5E1D0E5F76C0E127A484DDE1499AFB352446FF0144D86
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	613F21D37F6F147D96ECB3A131A4F5C7	3F4D68973239938082267A84DA89C9E46BF328C7	50B4AB90D6CAC56D583DD0024D65C9F1A98F143A209396FC9D37BD0BFEA8CCB1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BE41E5B806D30ECDE4D82BA21142EC1E	86DD667DD3BA4BFCE7BDDAED29C6CAAAD725D6B0	AA1F99FF381BCA0B0F3E02A4DB02F29D77207D295FCA0DAA5ED6A3EF5473CBCA
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8129B9B718A379ED51E58BEE19ED269D	1F0E270EFA15B11730E57285BBDE6615143938B3	02E63A24D20FC2211C20F318E60BD00A25B393EA366E05E7C141C1F4F65C4C66
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	226319504B94C6ED358C46E1251F33C1	41D2E61F54F60FEFF5024B5185CDD7E0B8DBB394	929BCBF16CF5C80EFE0151EA1D4E163E0FC08985158122914282658754415836
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B5B47D49E1B12C54E96FC3B9C1990F92	E6CF69D57F72DE526A32BD6CDF49F1DFF4488C8D	DC3033BA077ED2E05EB31273079752181DADD810078E5CCC1FF900C000D8B232
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AF87DA3B7B62C709F4DBDE741CA87C69	4AFA973B21F3C25C7B7EDC6C45DAB28CB1BB79C0	E607EC69BFCC89916763825B1F5D51403D1DCEB79D15A9FA5E26540D9B1CFFA8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E8BC0FA0261CB8DB9A94E39DF967765D	5A73B9990111919A6AE41A791DB48AB82A1F1C92	A23DFEE91F26FF7C1A038BC18D0F94F3A9AE022D38AF51401AB2856D1E4FE033
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	980B280CD76BF9E3E3CB69CF827DBF5B	652F6C9C1D39E785825E9869EEB8ED909941FE92	FC35552FCBC102CB6D2D6C8AE1E524DA8ADBA18BD0DF499932D1CF238283B1F2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	16FF7977123AB4B4309450EC99563A44	B7C0CF1A0F55DB107F15A43F2F0CD16A5C8D2AA7	600511B7544BCC053205A31ECE0F4F8F015A17B1495D0A1E530F36061AE53A8D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	770F6C29DFE23964500229327000F7B3	6502361E185DC17583E56A21881E6D6A5FDA79A8	D79CF6B59A466B64317F42D4766AFC58145416967A5F5ACFEC27E4B35DB3434D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3E7287A723AB4D9B7B155AFC8C98E5E5	6CC55577E9EF78C1503B8A27EE58463B02FEDFF3	604B3A62D2A1D63DE2A140E8A86114B859C282DB1E646BD3F3C04B4D878DE49A
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A854F282B93B90E2861D7094AB6BD961	05F32B7DD238B9B2499AB61248CF847B2424B28E	90073E5A0AEF890C87B9FF5A78F770FF34E5E014A66EBE344BA4C073DFFB5AC8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E7B378CE319F6FFD3D627A6857AFC499	FBBCFBF17A7F0231561CFAD88EE575ECDC24681B	86668C9452E7E6922229C9CCDF2249772C672615D747A99802D43ED8B07E5360
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	14888DB7DFE172632917391C82076694	F6A4B91C54D7C07E88655661D4B168CEBA367986	8DEE442EE7475FFFC975FAD7E7B6764B894A3C4595651DB725C19E28AB54ECCF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	47285CBD75DF7EA43DCB4C7FEEE130D7	F5A25C932D6B27CC9CAD4D69EBAA7B491C9E8443	4969FD9FCC40E34CB9D03CFE0AB414374454B4F5372EA0B2B32233CBA3070341
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B5393FFD6D65F575762B2078641EA1CA	CBE73C960FCCD7CFB6E9554B601A5C9350D80048	5D07AA74CF94D0E5B443444F75DAEE57C1BABCDE22BF5C147B76D1B48429A15D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4BF305B876AFD3761A467B72E29E9914	44875A6997729746516005448DE6CCF04C930C85	17A24DC5E68A05A88AAC977988837201202EA34A559E3F741124D3C918B8A589
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0F71BD5C223F5AD424101ED22B88A986	19C33F5942FE8D3DC74AF001C55AC46FDDB15F32	C010FB018060697AC737413F4B7C207EB0934AA19C4D61512C680BAAD1290643
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1E2836437178A9B0A372193283EFA4DE	A41218B9708037278D2F3702E403CA6D6B2C9F1F	5F7248775E268FF486A91BEF0E5311DCE32668C262DBA09F10D2CB46F0ED0C77
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	68D992C5B2F4C488FCAFE792FE34F33C	1DAB36CB781FB2C108E560AEA7BDCDAB9AB47ABE	79CD93034548FA72C80FEE3E18A705406ECB8DAC331C8798FD2206ADB44C7929
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A644F1ED483AAC63F6A43AF9D9A74B2C	DA6F14DF5925CC14A0E77CEB2B6023270289BEBB	B04D5EB53F8482492B96A03A2DB080EC46BFA4F23AB2A9CEDC3F4288C45D175C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	126F7BAB5B3BD30BC1508D6EC3CCBFF5	D521ED1AF5FEA6F20E0EB8F2A5DF38D3698719BF	401AC1C54366651183269980434E9A1A6D025B5C40A9BD8E810D2C7C06B45FE8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	631A6006CCE9EC3E92A449A38660AA21	302B264BD7A9F6628A9077799CD36D37408D4090	2DCF26006B017B0B295F336B577985E60C6E5E48E2B04BA5149E9A829EA3C5C3
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	201696CA406C5D48688741E2D0D912E4	AA2BD9562738DF07BB364F2B09882403A8930ABD	9374C37232C5ED3EFD027619008978125B97A0E5635B2E0153C45B84CBFCEF19
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8418065AD02E207DC2E3A6E36CDEC85C	3A854B0309FA084495BB58E868FBBB27EB854416	419C2073A467371E00258929368DA5C0EF6A2DE273C013A70BEF0AC6BCCAE3ED
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	189B3F1BD0B1520FD4F2BCC1FAAA1FD7	CD8B7F24F0A43C84762C92592E8A3474953DC584	53E8C3147BC8516F7644A6AF4F2F27E4754BCA6F1FDBDCA1B8476F2C62B86A4C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7870CD2477A9253C652A378575DE201F	57842C2C2E33A11E21745721427AC284A004C898	1A03331EAF2DB814CEC959E609D2EAFA8E454E2E4B7D73D56C5C83E8F1CE831C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4A1D8CF3212AE57368859CA6F28B59E9	6855EBA930463C8CC6A42A3865EB7B4BF8A04787	A56D7267A7A02A5DEAC309D5212E491E27A845B52A3EE69D7BA188FCD30EB671
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1BA67D9A852A15AAE340D5534ADA24DA	EE4E50B7D476FD15F5A25471B9A365275977DAAA	9E6732977521B8E556F95D17441DB402480A1770064C40058D0AB79FDBB7DD29
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F7E5AAFE19C424171FA54A44EB4821F1	0A0D881650C934296622B7F8898434AA2426A408	8586AAF7135B65CE6970D9D00F7B550EAF7E2481CCA6BE8A73074B88DE0A79C5
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2A23FC6506BDE94FDC7114F06AB44981	761CA647CAD15F89359F4F640873094BFA0ED71F	A2A08EA052FE5CBB2BEB7439B3EE4F78AB84CC00B45CF48F8427EB6CB55A79F4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	388D8BF478CBC0B9D57A63D49A32F789	B19E930792A5819B05308BFFA31411C3662D416E	381D23FD1384E278D9588D20300160EB9DD491F43B2C6DB2E7CE1B076120CE81
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	663AC7FA9E3DB02E79CD2D9E8896059B	C861DF90DD70B468A1E9B3702646B7EB1BF36248	E7E0943F7DC899B3454A53183C2B889DC8914CF680F3274D049E6B52E654D958
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2FB6DE6DF5F72A25E305346C5CBD8E49	3687B810BB295D203CA2072658D68DE83DD79E03	C720C5B38DB98E3A5F1446296FAD249F58A72D988C8663522443B4BE1B6BA2DC
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6DCC8DFA60C603BACA0EF1B46DBCBCAE	49798F525B3229DC8964374FC963BEDC10A67FBF	FD84C02DD90964711CFE951F854F53DE0DED60C517C842EAC9BDECDEAE6A30B9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	854441787DCD7803CC10C7B3F7237EDA	7B60C051F23E70FE630088AAF7EF537D7B708B4E	E9952ED260E2F96F9EEB080ED3E79026C92E16C9EAE1B08D99E4203130D7E858
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5014CCD68D03CB1296E6480B8B96440F	24C7F0235E47AA20E414A028CCA8E1577EE978BA	3E524D366D660C435CA3F9C63B7F3696434DC591E35F0EA22F01A700FED99A14
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EDBB0D439074D22CF2FF47CB9A85E810	7D804AC3E3575062479F4DCA92BA4C16E9C73E0F	E3D3FAF0159AD421DCBD5E7C6A1ACF7C66A054D7AB003D68F3CCE6450B0ADDAC
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A36CDE0A9657EE5E2C3979D55FAC62BA	ABE9654B99B47BE238EFEE8C91497FD280F592C9	61CF1977A927FB0963F26034C44A07F4AD37214307ACE576077E4A4E448E722F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	911C1C42A205F7F1A8E4A6B9895FD38B	1BDA5A50310CF5D79313755E961C6A80E79F55F7	02230ADD239DF9EF7C8C74B977984210AEC387BEFA9F7FD42678832749C5FECA
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E9172AC50826B4C4E30B11D1CA8A5CFA	2C8EA6918632DFC2868BA6FAB02F8671AC802EF6	3C6714EAF54364694C6E8875A38EB127614193360518E158C87F79373F8BC526
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	331043576047873DBFD1E8B3918AA103	6BEEE025161BCCCD26B6C41C9076ABD98CCE9F68	2EB4E2D6F82B6C42B7E0AE8C9DB46DC32A2E2A7F7667A19F50D21BC7FE64F629
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	AFFD44380F45EA16D6CDD7B6AF6B766E	E67D42F001AA94028648B8A3ABE84EB38414DB3C	6202D5A9295695462261AA3A2CC6B30CAD7D2DB0AC5135D935DF2F5925B325BF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B5C34585A033E00CB03B808E25585FFB	0A6FF71888226BCDAFBD7B9C54C672E4EAD21A1A	A7C800D22ECDE816EAFE1A4263AE3F0C21C32DE3FEA395D7170193112941BCD4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3C84C8DDD7239346BB95442E0982DAB1	4709BEF844085571C3C8178237A0F61479B15F09	9EC74ECA99A7F6CC37406EBD28FFF0F88E1C41E08F8C3E3CFC3A3BE9A8404D23
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8DF2CACC3A41D9A58624E02481486004	677560AEFA0AE73FACFDBB0E29F047C185F5114C	52C7515D085356AE037CB12B03262CDE6B5A96A1B2A8941DAF38A573EC7D30ED
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B95FD74C37F41793C138B778CFCC0D97	AE0E58FC7D70DDB906460AFA195E7B216E2530E9	E57D3BA06EB15D03259EF95DC94DD36A733E81A9A34092EFEF976A9B7B4EBCC6
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	FDFFB01B6AD85CDDFA82EE92E70B697D	3D2348354713CF6E425C51071A3DE8D245CA5BCA	0821DD7701F28E2386788BEB6F5B27E10C09816C86D94E29A65A970A98746444
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3CA3BD3A2AF1BC0E58BB3F6D1FDFEB54	A73513E6F220C425AE57E72DCE85965662023840	8B2D8F387C8160C3487AF5FA09D36DC6823F78C2B4F25DB0843015645C3C40FC
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	66969ADF811CE678284490A26A557800	A9134A0B4586B2FED46AAEDF6F625D884CAF8885	3FA4CDD57B8C90D6CEB57B97AD5E1CCEEB9CE059F8BC44733474DEE104B33FEB
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	25DF877FDCFAA22C77DC666DA51C443F	5E80A17BBC9932D0A387B81CB3C1E8C408CC9901	1D8559B71BBA8CC7C673AB7C285C6CF7D128BD86E03DF710BA4350B15D11E806
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D65ABC054FBE41C9181D8EDCB7D10056	5CF84DCB48F6453E00347C842F6FE0F1ED5D4158	B72179B4B531244B1A8634F6DD99AC1D9559DF14E2173E093F55D39581518818
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D342618B8183E9D2140AAF766002F55D	196ED0C7E99A040BC1E60F24A26C24C666F8AFBA	DACE1C756EB94161B0D4CD424AEBA4B24EB9C127B860CFD76D95429473D46302
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8360051093FA0D458A1B8FB052AE7B9F	11DD162C69C2867347ABDC7C56D719E81D1AEC01	63CD06E44E5BE973BA06E9A9FCA84385340A241D6ABF4A02A3931013CCE275F8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DCAAFB2E506E1F2C446F2B67F2DA9546	E5DCB273410F373B987A511B1417F6DEFD414CBF	C95BAF7ADE53C79E143C2B5FB0AE46FCA56F9C0C1985155533975182B3D18315
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8436A5463FBEE6179AAED72A8599BC01	67CE7A6A41F3DDB91B7F9535448B6359354CE536	176E2880A068B0FE8F15A1837A8D2537F8C1F7A03AC197B1CDE282F3AAD9FD68
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F3BF563AACD9533732C4585E208C643F	626EAB032C1DFB60D3F8E792A7F06959D8E498E9	D0083EF29341AAF09AEB183250B05B0EF55AA2DB5FA59AC351FF3C3D8C54C883
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	615E3D3D0891E24E89FC58AABD17ACF6	527A597F02669724AA327A2D85E931FF3222CB16	D8FE04B6146889FBC7B29F3AC50BF9A3FBBB482CF221E80F6269D141138489C2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	81B2752E13AE12EEA385C6005F65F1D3	6C39A3B5F5748E7EAC7A58A3AE57FF6147434AA6	BB80197A372BBA0E3A9A8CF6FAF7F0335E5216E26469D6DCC286714C41598D9E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7DDB3DB3A2051296CED6DC52C248A639	872337E2257CE23ADE4F4B3C0DDB1DD7A6C50CF0	E62D8F6A2D86B878706EDD74CA622959CF65FBE2E38D68C9A9E543EAD8BD7C28
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	836C241613A28C13F44DF9165FFB5385	AF5193955056E0D610C19574E4318664D89CB864	AEFFFFE82E16F4AECA4B14B784D275CAB530B5D7356DD985CD2562BCC285CEFC
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EB21137A5E5CC717B50263BD5FC43427	C4B559D24B2298BD6AC92401698020A27349C82E	987AE3C0F1E750831AE601264FFA5119FAFBBE638B02747A9B8DC81443C29A6C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A5228C83A391846C2C711B5589BB9C5D	1D45087A3C57D8310DD60DE9456C465F75849BAE	1459FE60BCFB410132AF880BC336912C08862A9C03A3F2005923D2B9947291C9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BEF3C9902DA3611BCBF6D75A19D2F338	EA62F6C266BDDDC9D1071918A0F87EE8D4A9A27A	9129E1AEC21F3D6DABC384CC09BB94ADE190296EDB1AFC5B52F80301427806A3
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	289D779C3D5EAB134D669803A644CE6A	3C5803AAB2FA07B0D5D4357F1614E4A363991DE2	79E02677097ED627750437075371392322859E8AE418B3E5F326485D0B33A80C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7190F15AA67ECFFB52444BFE59EA9D4D	9E53E2754EE4CCB204B303137D7F56116ECF3586	196A1B404E760C80B4241F96CCFD67ABF901482749905F5DCCE1A0FA0FA1ACF7
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6C7C32B5AB0C8A1A6FFA78A3A54BF7D2	782C9B84737DBB3C78245D8340FF817AE775441A	2BFFDF1866412E32AB08121A3059287AD5A15F9DC4C88E67EE37317C0EC22C22
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DC7EC2A1ADB4C57A111E3A697690C8EA	9F78C29EBAB67EE0532402BFBFEE9443FBBDE63B	4E297EC3C40BAFDA889ECF57DAC46A7D03C40B3D3E2E68B0853D9E5BB14FDDDC
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	68F1B194792E6B22D5B1CFFCE21CE0D5	A5A556AE252069B5A7A2F0887386294A8CC3FCF0	24AB8ECBB48A7A29AD3EA5856D4CDFC92CFD79E65A0DE9A5BDF57D5F74AF7E95
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F18EAC447C5EA6FCD641F0E470A77D46	8DA35C2EB6D57A2304FDCBB4C366C67E7EFFFC39	0FF0787A9AFAA6BFACD73949CDC34593E186A3166330D4CEED97089B44A88509
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	561530010FCF82042603B1FDD7123CE7	EBEC3E0D9DCE278881B3F2598E26D1A2DF2B5ED9	6EF345B96E5C7E198BD2479995585A3240C2CE5D970C635688154C2C4969F659
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	160A871CDB35271333E70BC9DCB97EC9	4CF7D3DE24C32392191D5646F09A372BDE6E2AB8	4F81693C2998933B6F32737BBB3954C1AB17C95B058ECECA0B8E924EE589DEA8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	95ADE903970C6F6579609017CB49F79D	21FEB425999518198D67FC2BECF3B4EB7CF47D66	298348B5CF008B21A012BB39B50124959EFFE2126E52A2DC6A5D89817CA9C99F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E739BA756D748524A1AB596DBC97F410	8D8359A00C09EC905574FC334E00FB40C498BAD9	F977A9F46B5B69EF3A0B734FA50684E5827455822FCB34F7EBB39D8903A6C546
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	187AC720542B0264B249A8ABC3D47D5A	1573BFBAEF2F3C35851D7AB0022B6BFEB52FB6F3	26A919B3036940B1B2B17671E1F94BFAA40CBADAA07BBE56D0213BF15B68275D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A673F63CABB5AA5ABB8B5A65291CC762	CA2309ACBBCB0D9F4E8B25081AC8E8CB854812F2	1F7288C2749FCEC5DAC3AA21E77903D9A3362031E82667787AA549FEB8EDE263
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	499A7D7084F40A475F1EE909195847D7	FDA7E7C7986B2F9584AEEEDE062117F91FFDCB08	1AD8EFBD6A58302CEE6526595965F417B4974B312D700419C75D414964D85D44
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8A9499FB3EAB20817157117E2A86D881	354DB917595E0A153453D418FF0BD0448F391C58	FFFC1C0379DC68205253928F44210DC7679F46AED0144EDD41D6B43CD29FB4AC
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	05C7473D4E65FA151F1A8412F9395056	F0619F158388D279616D0C6A7355E23AA3B4A917	6D28F2D416C261D709BEC7F70BBC1EC6E3BD018979C3BF217CDF22D7A81CE565
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5BAAB87E29C8C36EAEC4C1A2C2876863	5CC6682CDF6287CC37A48767E42FBFB1D2DC35D5	E9FE856E66FCFADF7946A743AD5DD183466AD59037C0CA827775C32E10093481
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EEE023B61A84E7737CE4008E1DBDB999	EF5812660F509B3058B17408372D0CC5B26BF89C	5C2F040A65AF0FB4BDFB6AFBE81E57A316E529C2EAC4440339A00C7832076CDB
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	1AE72474D83D4D65A4F7A690542925EF	90BADB3ECABD2A6628E50DF2EB340DECDB057761	062ABC3C0A197E0873A2C681668BEB72375DBC7CA0B00E083ACDE7C1D548206F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5270FCF8D73FFB25CC007E7AE4408856	34B376B3CC738D54B50DAC318AEFB77F5A4BCBCC	2280D5A4427BD85EBDA265C86AB71B9330E3DF2C33ECECC2D90CAEE444D513D1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	699BAA045B709681A8E34FDAE367E66F	3A025880ABD58648E50630A4DF840BE03C7D6AE7	E9D564F4BE91F35F6826241B6900CCAA16A2D69BF3CA729EA6C97736B282175F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0ED140FF4F5D522FF2B8C579FE14F02F	E97C5543A5014CCE1DEAE5CE508227DB0577204B	0D3ADC0440DBE318FA90B6E31197F43ECD849D919B15B3AB966300727BABB7FD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	75C589408775AB8D7D91A277C6199608	A10BF6C717B11BBDE396FAE5C63D29F64F0D7159	768A1835FA0835C93F9626D7647D07324E9A8B5EDA9639F284A51E2E172A14E6
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B5ADB21DB5FAA27C3A9AA93AD126D47A	C8C3A5F7E68D68905DCD23A25DB174F5F2FADF70	EEDD1972D0DC68E78FE913667A7A321C6AB2F789B25A43E1C7AB1EB33D2E62C8
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8CFFEB379A8586997308FB3F2BB33451	3E8DD16BEFF8FB29782B567862A43135EB46CB57	5EADDE5A034A105CD0122230924D7067D6A8D5FB10AFC0650AF455494F95511C
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	67FE747506F26CB3D0DC455F26065DD1	56C5AEA5F401FD9873C12D41B2AC8A032612F873	91310282DE8AD01A94C239DE79CC5A358512FB038BB465D2B72C9339678BE52A
C:\ProgramData\Microsoft\Windows\WER\Temp\965c09a6-ff8d-4ab0-8c44-dfc6cfd8416f.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D5EFB657C3557115BB11C5FBE2B8D103	906213907DEC3625184AFC74A395AA165266005C	EFBA66AB8FA0060D00F6D2CA3ACC4F87AA71156D0497FE74EBB13CCF436EAC33
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4AB.tmp.WERInternalMetadata.xml.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E4001632E759C0F5EEBF8E4BDC142AC3	ACB51976B5C22FBBD5AA2FEEBC88EADF924745AB	DABBEC6C805A28B35E613BC270A61A85477C6007E4A9A570E5B103CCE005F7C1
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4AB.tmp.WERInternalMetadata.xml.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	875650465400EA2DDF1DCFFC6A20780D	EAAAD60CC6C91D376E1A53E7B24B281314105E6D	62CE826FAF4B0A2F3873D5D962B505BDF68D8030DB8451C3C2773C7BAAB0FC33
C:\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	864A64E166DCBF949E29A4C525CA6EE7	EA586FD0C1C590ADE7CA65AA96AAB9E23DDA3FEC	BD1CEDCC2CFFE22803C2853C588E14809DD08E4AD062EE12F3F677A455B2DC96
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-308046B0AF4A39CB.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F217BDCA079080892BF4666D3B409562	065AE1DB88D20371926389D6EBD8736264C3C0C8	38A245703A07C7944A2525E52E7A7F7D44F6BF8A0E756B7BEFE5655307B36351
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	C9917D6BC24F64B376C735948899F418	C360F86031D88EA35451FA9C3F7A87813346BB9B	B63DFA3D681FBA68C43296989615A157522B03F1685477F9D0857A6A2D856E29
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	423817C1DBA3661A170A75E0BB5190F9	8A19C73F3F562CED5F1AC909ECD81AF7B31F84A7	4D55C979587B2880E40E7875A7594A708802740A9BACD8AEA0D82A3AD806E919
C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64\cab1.cab.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E86CBBE03D7149A4D6ABFBC570D9B909	DB46A613BC286EE59D250208177931B42721D404	8BCB70EAE856A36900A0088FCF08756EBF4CBF6E953D6F4502485F71CE25BE18
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D1BD7E6781DE416EB49790398F0FFEF6	4A71B15B4123FE2C3CA11304004A1ED90CB4E281	B10D92864F46E8ADF4F72DBB6F30790B0346B1C2A0A961CCE9CB8294CB4152A7
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	761A8240A7986C8D4F6F8AD6FBF70859	3ACFE772EFB0CCA21D6DCB53B4B07A98DE9ED75A	7B6D11A0C5A020F096A60B6F737E97BE8AF746191C0EBBD1B57B8E387BC40F47
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	50FD97834B15D705B2C193BD370E2FB2	D7535F7D500B8B94936B5E8D7BB3CDE28881F0C0	B1A7DBE2CD01604DC2F186F812F21BE2A882D41BA99AC3920A810796B29756F9
C:\ProgramData\Package Cache\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\packages\vcRuntimeMinimum_amd64\cab1.cab.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	2E338D5E8D66566E0EC99F3D55CBAE3B	6399AB75F5CF3419E02EBD63B5E526EBA8187A1F	2B93CBAA21C246A6BE78A2C34049E66F4B27FA9AA0CA6C16C84BC63CC945A1DA
C:\ProgramData\USOShared\Logs\User\NotifyIcon.07248d50-97f1-4932-b7a8-3060c262dd55.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DDACCE752FD45B781F01A44E07FD2271	635A0BC2D4B4D83F2C09C5FB8AE6AA07C9512617	856F9C3238023978F2473E7A719000FD134936CC44D289623882FE66150F9CE0
C:\ProgramData\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	447E1D0B07CF1FE79BF8674369EAC8C4	F3A90328D0B3AD238041FCB7E8A93E3C9C8BD96B	F89F5D1BC6E05BBE8F3191BC830F92022ACCD1672D4F6EEDCF06AC48439A95DD
C:\ProgramData\USOShared\Logs\User\NotifyIcon.809ce127-f5c0-40ef-bf85-cecccac2ef33.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4AC2D9BE1EBCF7CC28BDBF10A3BE9887	FEB3A501132CF8789063675377D1F5BB6E091470	BC995C1B269AAE21D8B21039C72FF2733C3A31D1E3F028A090A6EB8B699A683E
C:\ProgramData\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	99732807E45427D0AA1B746BD9B5226A	A27BB9D8AE5461A6DEE0537F87401398D53F2CA3	B898875D4E24BF3F6B8BE6BAA2361FAB4551166791FDCEF2D793C9B5B8F945C2
C:\ProgramData\USOShared\Logs\User\NotifyIcon.ba7c6d46-fc3a-452e-b58c-88c0a5384d76.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0E866A35645E6CDA3D5F76AAA228B824	34E07C968FC2A39FCD68EF9A639427C5632BB38A	C24DE34275958CDFF2EE8D4F25477F03D89269185F5E8EAC6AE7052A986D39AE
C:\ProgramData\USOShared\Logs\User\NotifyIcon.d0cded3b-bc60-4eaa-b8ae-e2b969b977ba.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	EBEAC013D927DA998585EC2C27ED90F9	9AAC89FB459223E4F157B1E286E8BE17F3047E5D	A417346F1B27C04E4BAE6FFC5A22901CFEB7EA9C4B37587553DC0D3E0EE7ECFB
C:\ProgramData\USOShared\Logs\User\NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	5C8E3910D48BE938704C9E4A953CFDC1	592EE4EC3F7AD7E9F13D23CCD7572A72100CC6FD	64923C2B791CEF07A8B739509C22FB11DCA73738AF3CCAD3FEA141C9D16CF5B1
C:\ProgramData\USOShared\Logs\User\NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E816B9EEB1F0993AEFAACC62E86D17BC	719DF00F9659C1521E08CDC66780F9BDD359BB5D	0C67B69A0710C72034A5706169803330995D263D9BEF59566A8C35B55EA7F650
C:\ProgramData\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	91A55BCDB85739569EB1001026EDE41F	EE6B96EC708EB50EA2F1C1F465B68F57B1CD29B0	7C7BC4C1C9180CE7064D73E352B03853BAD09F6A5CC2A100E7BFF5256514A35E
C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6906C4B59D7D1C8B2718D96A56C10C76	7336427E6E2596C548A2CB057E1288FBECC88B71	323E7478C7D527D116C413ED6FE2763AACC594C37C18D22810BEC2E1094DB2BC
C:\ProgramData\_curlrc.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0D6D84B18CF93BD3511FAC88E2172DCA	263141F4D036D2E5F890469E4E748310A9E799AD	C25715D7CB29444E6D44A8B0604758B3755C69F9BE9599D3AB388CEB95865626
C:\ProgramData\_curlrc.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A9CA2C21114887821E6B60D0B1EC7180	84B7FF537DC5381F23A62CDDD19CD9A0870F2E02	36433EC2631DB46FAF96FA8154F4622077E5F7E660FA0FE6A83E69BAD7930388
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B67BE5734956413D517053CAEFD1E14F	67EF249C10068C797097A2D71E351FF885B66D95	86701F71DF2DD87A54000CD50D366EF9A2276E4DB79FCA59230746AF6151F422
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	53F8D1607273EE1B5B16AD98BA434EE2	D2366D777985021A8E51FC43C1925E0AA5DF2F34	07DFAE1B04AC3198A64D03AA65740F8547D5BE0A6A28B8BF1CE9074689C7EEA8
C:\Users\Public\Desktop\Adobe Acrobat.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	6F331FEA9E0D0F757AA53BF115033CE8	057E6BD83A9AB151E99C4357A1CB0BCBEA424406	01CB8AEF4567CCA0332F899128E380C49A4EA7613CE1D740F24A33C272C2B7CF
C:\Users\Public\Desktop\Adobe Acrobat.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	349781EEE3AB716275291D595DCF6726	927AFFAB351537FCC2680AFE973929363E880D20	43A7A37938CB595AF4E341AA0F11414205165B84C0F03B73D0BE64CA45A2C2FB
C:\Users\Public\Desktop\Firefox.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	0D002469DECF14994BDB5A23441A9D84	EDDC1AE78E9891706BC086564CAF68EB3A4832A7	E72CD3FEE1CC582EF5A8508E30E1ECADEDD1B03C1FE90637685C0238808A34DF
C:\Users\Public\Desktop\Firefox.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	E7D590501C13B83931BECB2091C5539E	490E426A9CCA058A074BD21BC844F15F0CA15979	FC598C9C606FCF95E915B414E5FC8E4D4FA29BD61C6C958A451595641491BF61
C:\Users\Public\Desktop\Google Chrome.lnk.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	534DEAA20D4C2DE545601471B462AD5C	95FB7822C26216A0DE429CD5B92C505AB1FD6FF2	2964CD50AE7258B77673689818504168896AB731A7004BF624B287BA76025E54
C:\Users\Public\Desktop\Google Chrome.lnk.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	4C860A1AA525DE48F03D708C999E88A0	52C69A260850797890589B1C35F6426BCCECC08D	422C21B9B79A2B663F193BE09B157DFB0581C6665BCF96BD38687F8F444C429B
C:\Users\Public\Desktop\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BE67E6AE8B6D970B7D249AD0CD3EF2C8	F4A8BBF0BE48B43BDB6A4B0E4DE0E459D2FA94A8	4A789B126C3BF56DA0822FA7BF409924E6E095C93C2EFC90124DCFE8D9E7D291
C:\Users\Public\Desktop\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D32113A1296C67B25183E578798E2B2F	152C8E3754E0226B8DF68FE84B68B686FB5CD301	90023C145E1D3F014A98459CB679DDF5F42503F454FBB4E6E28CAB5D4A06CF30
C:\Users\Public\Documents\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	7C52053E4051630B3BAB6752599F543D	D1B3BAD41471AD5291061B2CCD050F366F6F54D8	65B39F49956A1EB4A92DE2BC6A7A258E37169F71B7ABE895BD93E41A34C3AA45
C:\Users\Public\Documents\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8998196DB18424872ACC1F8381B6E939	BB93A278FEC27A58AD200306B43FE53964DC21D9	B063A355DD2CF75DA8BC2EC360080E9C6607FF0BE2DDD25FCBCA68127EDC6D30
C:\Users\Public\Music\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	D8DDDBBAC07F7B92E1D22CBF5E5BDD2E	58DBC63B6779276BCF034247C42227C990A6EE71	A5E9487C4C274121D6853F0D2179E6BCCA578C5E5D678306251F1DAD31E23A83
C:\Users\Public\Music\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	831AA07086962324C9689D6A303C9849	1DE3AFBB2D4A806D5A57A28142A816747674F02A	A292A1AD7AF4F1433414EA902C52B55376534C6F48D8A19708F3876BD8221463
C:\Users\Public\Pictures\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A73BE8C53B274D6D19717B1142FEB3EF	36E3FC444C297E7C83C8F1BC01D34F9A8C8CF6E3	A7D8FB564377770012DB4E5096355B5B228B250EF94929F4300A34E58B95B790
C:\Users\Public\Pictures\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DCDDC8FD9FFE78A494A517E6608FD154	69A9BBD58EB300E6F1A22B03D91694E66073CB83	59AC2E1DF41691414AC1812B4FC3011E7813A582FFB39957C6EB161FEB22015E
C:\Users\Public\Videos\desktop.ini.exe.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	BEC1C160E87543001A11E4BA2BC3F2B8	D145BBCB8EFC873FF01DA4BD1E61BA57E2483A20	6DEEAB9AAB2CAAA5C42A67BC13391637E507B3E5082E80E75A063E7363B0A143
C:\Users\Public\Videos\desktop.ini.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	B40558094F42D0425B4071269B2EB7A1	09E7B2FEFC4CD4D77EDBF52DC3EDA304526049CC	667FE82486A02F066893E9D0FC021F7CE6E96D6F07F0634EE5D9655C13FF45FA
C:\Users\user\Desktop\_ChocolateyInstall.ps1.exe	PE32 executable (GUI) Intel 80386, for MS Windows	7249787293711BFE35FBAEFA9493B2A8	F180822CF92100DC1449131FFA0E0605CE3E98CB	E7A45531D6C057CC2C373A9448A8085029027DB51EC4F5C31B7AD895819F43BE
C:\Windows\SysWOW64\Zombie.exe	PE32 executable (GUI) Intel 80386, for MS Windows	E77447E219FFB7E6F66EF4C98C646906	0C64A3DA22AA1D05EDD31F64017539B1AA6F4719	B7B38DC2670EA1367A13854B3DC034E3AEA28EEC5F16B345A3C60607B96E2857

ID:	1417306
Product:	CloudBasic
Start time:	22:38:57
Start date:	28.03.2024
Sample:	5JPwmNu0eD.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b503c3727555bb1d97b96e58032f4f22
SHA1:	b5fed92483584600ca9cf8f719c53d88a5db93f1
SHA256:	c10ab9645fbf16b897e602b348c3479ce9abfe82a41f5e69fe0a6a196e691ef7
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
5JPwmNu0eD.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report 5JPwmNu0eD.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
5JPwmNu0eD.exe