flash

1Edyk9e6oL.exe

Status: finished
Submission Time: 25.11.2021 13:41:21
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • BABADEDA-Crypter
  • exe
  • signed
  • Ursnif

Details

  • Analysis ID:
    528554
  • API (Web) ID:
    896074
  • Analysis Started:
    25.11.2021 13:50:03
  • Analysis Finished:
    25.11.2021 14:04:17
  • MD5:
    6a8ebc295dbde6256299d4236732cbdc
  • SHA1:
    6975e7c55935f838401f9682480ea3b6749f7307
  • SHA256:
    04595c3111276f02b6dc2ece0778cb5829c086484aeafa24e0aac3d8479deb4b
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
54/100

malicious
30/67

malicious
6/35

malicious
16/45

malicious

Domains

Name IP Detection
get.updates.avast.cn
0.0.0.0

URLs

Name Detection
http://blog.rewolf.pl/blog/?p=102&replytocom=47722#respond)
http://blog.rewolf.pl/blog/?page_id=41)
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Click to see the 97 hidden entries
https://github.com/rwfpl/rewolf-wow64ext)
http://tux4kids.alioth.debian.org
http://blog.rewolf.pl/blog/?p=102&replytocom=47431#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=56#respond)
http://www.inkscape.org/)
http://www.iisc.ernet.in
http://blog.rewolf.pl/blog/?p=102&replytocom=47413#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=62459#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=48075#respond)
http://www.tux4kids.com.
http://blog.rewolf.pl/blog/?p=102&replytocom=50#respond)
http://blag.oxff.net/#2sapnfkthvpzjscp3xwq)
http://blog.rewolf.pl/blog/?p=102&replytocom=44440#respond)
http://www.libsdl.org/projects/SDL_image
http://blog.rewolf.pl/blog/?p=102&replytocom=41474#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=51#respond)
http://wordpress.org/)
http://www.ffri.jp/assets/files/research/research_papers/psj10-murakami_EN.pdf)
http://blog.rewolf.pl/blog/?p=102&replytocom=31582#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=47375#respond)
https://www.remobjects.com/ps
http://blog.rewolf.pl/blog/?p=102&replytocom=47660#respond)
http://blog.rewolf.pl/blog/?page_id=679)
https://www.innosetup.com/
http://blog.rewolf.pl/blog/?p=102&replytocom=47756#respond)
http://security.szurek.pl/)
http://omeg.pl/blog)
http://blog.rewolf.pl/blog/?p=102&replytocom=47661#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=33151#respond)
http://github.com/rwfpl)
http://j00ru.vexillium.org/)
http://blog.rewolf.pl/blog/?p=102&replytocom=30002#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=47957#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=47662#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=62454#respond)
http://lync.in/)
http://gynvael.coldwind.pl/)
http://blog.rewolf.pl/blog/?p=102&replytocom=47365#respond)
http://www.libsdl.org/projects/SDL_mixer/
http://blog.rewolf.pl/blog/?p=102&replytocom=31630#respond)
http://sourceforge.net/tracker/index.php?func=detail&aid=421508&group_id=12715&atid=112715)
http://0xeb.wordpress.com/)
http://blog.rewolf.pl/blog/?p=102&replytocom=47392#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=51989#respond)
http://rewolf.pl/stuff/x86tox64.zip)
http://bura-bura.com/blog/archives/2005/08/02/how-to-compile-an-application-for-102-or-103-using-xco
http://blog.rewolf.pl/blog/?p=102&replytocom=54#respond)
http://blog.rewolf.pl/blog/?page_id=859)
http://blog.rewolf.pl/blog/?p=102&replytocom=64853#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=60901#respond)
https://blog.rewolf.pl/blog/?feed=rss2)
https://github.com/rwfpl/followers)
http://blog.rewolf.pl/blog/?p=102&replytocom=48#respond)
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
http://www.galuzzi.it.
https://vul.anbai.com/43355.html)
http://blog.rewolf.pl/blog/?p=102&replytocom=64490#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=48030#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=47723#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=1934#respond)
http://www.libsdl.org/projects/SDL_mixer
http://blog.rewolf.pl/blog/?p=102&replytocom=33194#respond)
http://gdtr.wordpress.com/)
http://www.inkscape.org/namespaces/inkscape
https://get.updates.avast.cn/
http://blog.rewolf.pl/blog/?p=102&replytocom=47373#respond)
https://github.com/rwfpl)
http://blog.rewolf.pl/blog/?p=102&replytocom=62478#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=64489#respond)
https://www.corelan.be/index.php/2011/11/05/wow64-egghunter/)
http://blog.rewolf.pl/blog/?p=102&replytocom=48008#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=65057#respond)
https://labs.nettitude.com/dll-injection-part-two/)
http://blog.rewolf.pl/blog/?p=102&replytocom=47645#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=424#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=51969#respond)
https://pwningmad.wordpress.com/)
http://terminus.rewolf.pl/)
https://twitter.com/intent/follow?original_referer=http%3A%2F%2Fblog.rewolf.pl%2Fblog%2F%3Fp%3D102&r
http://blog.rewolf.pl/blog/?p=102&replytocom=48072#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=47964#respond)
http://creativecommons.org/publicdomain/zero/1.0/
http://tamaroth.eu/)
http://code.google.com/p/corkami/source/browse/trunk/misc/MakePE/examples/asm/usermode_test.asm?spec
http://blog.rewolf.pl/blog/?p=102&replytocom=51972#respond)
https://jrsoftware.org/ishelp/index.php?topic=setupcmdline
http://translationproject.org/extra/matrix.html
http://blog.rewolf.pl/blog/?p=102&replytocom=47991#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=64845#respond)
https://openclipart.org/detail/188214/eraser-by-crisg-188214U2
http://blog.rewolf.pl/blog/?p=102&replytocom=47969#respond)
http://www.libsdl.org/projects/SDL_ttf
http://blog.rewolf.pl/blog/?p=102&replytocom=48079#respond)
http://blog.rewolf.pl/blog/?p=102&replytocom=47992#respond)
http://blog.rewolf.pl/blog/?p=80)
http://sourceforge.net/bugs/?func=detailbug&bug_id=131474&group_id=12715)
http://blog.rewolf.pl/blog/?p=319)

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\is-5B16D.tmp\1Edyk9e6oL.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-CL8E8.tmp\1Edyk9e6oL.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-D9HG4.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\is-R4E5D.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SharpDX Direct3D9Utility\SharpDX Direct3D9Utility.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Nov 25 20:51:08 2021, mtime=Thu Nov 25 20:51:09 2021, atime=Wed Oct 6 01:36:38 2021, length=6905344, window=hide
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\ABOUT-NLS (copy)
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\AUTHORS (copy)
UTF-8 Unicode text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\COPYING (copy)
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\ChangeLog (copy)
UTF-8 Unicode text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\INSTALL (copy)
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\OFL (copy)
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\README (copy)
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\TODO (copy)
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\TuxType_port_Mac.txt (copy)
ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\howtotheme.html (copy)
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-10PCM.tmp
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-7BUSD.tmp
UTF-8 Unicode text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-9HB46.tmp
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-A4NET.tmp
UTF-8 Unicode text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-DKB8H.tmp
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-F1A0H.tmp
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-I63UE.tmp
ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-JKD0P.tmp
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-MTM5B.tmp
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-S5ANL.tmp
ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\is-U3QQK.tmp
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\doc\lesson_scripting_reference.html (copy)
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\fonts\Kedage-n.ttf (copy)
TrueType Font data, 16 tables, 1st "GDEF", 26 names, Unicode
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\fonts\is-FKQB3.tmp
TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2003, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\fonts\is-H8GRE.tmp
TrueType Font data, 16 tables, 1st "GDEF", 26 names, Unicode
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\fonts\is-R7I1J.tmp
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Macintosh
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\fonts\is-VV3AK.tmp
TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2001, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\fonts\lohit_hi.ttf (copy)
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Macintosh
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\fonts\lohit_pa.ttf (copy)
TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2001, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\fonts\lohit_ta.ttf (copy)
TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2003, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-3FHQG.tmp
PDF document, version 1.4
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-8I9B6.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-8ICQF.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-9HHB4.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-BB30O.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-DL2UG.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-E4UP5.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-FA52M.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-IKHRO.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-IOVRI.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-IQQ0L.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-K16NE.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-K9D4V.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-L6LQH.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-M842K.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-N1KLR.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-O8CLQ.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-P09CL.tmp
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-QKKTN.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-SNH0L.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\is-T5J2K.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libchromaprint.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libfaac.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libfaad2.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libffi-6.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libgpg-error-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libgpg-error6-0.dll (copy)
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libgstapp-1.0-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libgstcontroller-1.0-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libgstfft-1.0-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libgstriff-1.0-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libgstsdp-1.0-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libid3tag.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libintl-8.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libmms-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libnettle-4-6.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\liborc-test-0.4-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libplist.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\libtasn1-6.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\mi (copy)
PDF document, version 1.4
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Bears.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Bgold.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Blues.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Borders.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\BrownsAndYellows.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Caramel.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Cascade.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\China.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Coldfire.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\CoolColors.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Cranes.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Darkpastels.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Default.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Ega.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Firecode.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Gold.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\GrayViolet.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Grayblue.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Grays.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Greens.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Hilite.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Khaki.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Lights.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\Muted.tpal (copy)
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\SharpDX Direct3D9Utility\palettes\NamedColors.tpal (copy)
XML 1.0 document, ASCII text
#