Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 04:11
Drupal security adviso...
11.14 04:11
Blizzard Brings Back O...
11.14 04:11
GitLab security adviso...
11.14 03:11
Amazon Labor Ruling Ou...
11.14 03:11
PG&amp;E Project A...
11.14 03:11
China’s Trump Cards fo...
11.14 03:11
CVE-2024-43451: A New ...
11.14 03:11
Making Sense of Real-T...
11.14 03:11
Zero-day vulnerability...
11.14 03:11
US indicts alleged Sno...

Dropped Files | ZeroBOX

Name	2ab24bec9d5958c8_security-spp-component-sku-enterprise-vl-bypass-rac-private.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-RAC-private.xrm-ms
Size	5.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`c439642b4f3a12d7d7654fb830180acb`
SHA1	`54af63e93d34d9069aa60bf5add7491372ff0fd7`
SHA256	`2ab24bec9d5958c8b583d23b7c02b5d506ea9a5bc8f25eba5ef928233ec9fe0d`
CRC32	`56FB152A`
ssdeep	`96:+m39tpLYLuLmL5qeiNgigQL2GNeoQtQJbUZ5Et6U4WCwYWmXtwSN5J6ZY31tetoY:TTlmE85UgteVela0ialDfamLoT`
Yara	None matched
VirusTotal	Search for analysis

Name	58347e70e3db5627_terminalservices-remoteapplications-clientsku-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Enterprise\tokens\ppdlic\TerminalServices-RemoteApplications-ClientSku-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`64c9ef528365fa88c242788284cdee52`
SHA1	`d9ef36821b43259c70c9c073b686b359834316a7`
SHA256	`58347e70e3db56274e60c30f85b4eb6f07b12e6febfa11a0e253a23991399845`
CRC32	`5C7B4AC8`
ssdeep	`48:35lYkHG3zflF3Ov39mcRHDt6b6shtY+gJ79WfEtwSN5J6UY3pq2flv:JlTm3zT3i3UYEXQ96uwSN5J6UY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	88c73f28b888a7ec_wmpplayer-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\WMPPlayer-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d0b049f0a759818178a86b8a8ee85a56`
SHA1	`f4f2da7147ff4ec991c3dc237b71d769054f3a43`
SHA256	`88c73f28b888a7ec4d757838ea8ee192e5825c71fe90bd716fd1df60663865d8`
CRC32	`52ED444C`
ssdeep	`48:3HkHG3pflF3Ov39mcRHX6b6shtM+gRlC19gvztwSN5J62Y3pq2flv:0m3pT3i3UYqX4C1KvJwSN5J62Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	c6a99855abdbe96f_bootmgr Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\bootmgr\bootmgr
Size	374.6KB
Processes	2196 (A.I.exe)
Type	DOS executable (COM)
MD5	`a6c02ef64bb268fb5182483291c2fe23`
SHA1	`219c71ba6f1854af2335df3d5ba679c01e0c9fc7`
SHA256	`c6a99855abdbe96f35b253a000261fa91b5faf525f05f79ab267bcf4329190ef`
CRC32	`6324DC2D`
ssdeep	`6144:+ScD/zDc0zNlM1Gbs7wzsoX5NmmSpS67WemiX6kM+EjSkW2lVE7FjHhSx+:3WzDc0R6ob80sAIg62k61EBjBSx+`
Yara	None matched
VirusTotal	Search for analysis

Name	2923cd708713ac2d_virtualxp-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Enterprise\tokens\ppdlic\VirtualXP-licensing-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`dfc4b7581d4df4d903c54ce7c74b784c`
SHA1	`276c3126131f65d8ac8a103e3eef2a12da7246b4`
SHA256	`2923cd708713ac2d3b098e25fa9e8f7be5d1e8f826970a92b52faf314daae81e`
CRC32	`D70A325B`
ssdeep	`48:3PkHG3OflF3Ov39mcRHZ6b6shtm+nNWgvjk7twSN5J6dtY3pq2flv:Mm3OT3i3UYcX9NWKYBwSN5J6DY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	044b0c82d24f6fbb_security-spp-component-sku-homepremium-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\skus\Security-SPP-Component-SKU-HomePremium\Security-SPP-Component-SKU-HomePremium-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`595b12b16f607144eb6f610f2c856ddf`
SHA1	`1e2bf16b245483d2ef0158c457b54c0bea762b59`
SHA256	`044b0c82d24f6fbb16d14a3378016e619fe6e8a35847012d92790e6995280c6d`
CRC32	`B91232BF`
ssdeep	`384:btfmKtm4svZEvrfoGBD+mE87e1cFkbBXcNOfo6J:l/n6cuG6`
Yara	None matched
VirusTotal	Search for analysis

Name	8d313b9fd972ca9e_themecpl.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\winsxs\x86_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_60d6493e5ec01332\themecpl.dll.mui
Size	9.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`3724cf41d5e93e4e688bfe0bd811314e`
SHA1	`17abcbfe43da30ab54dcbd0b25c42cd22531793f`
SHA256	`8d313b9fd972ca9eb7c340ea746217edb303a6d43917a5b42d278689cb0671ea`
CRC32	`C52F2351`
ssdeep	`192:Zg/TaY96j36Fo23GDXypPBI+vwIZd4y9i1q6WznYWg:i/TaH6FocGLCvwQm1q6WznYWg`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3d060ea07a8d356_security-licensing-slc-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\Security-Licensing-SLC-ppdlic.xrm-ms
Size	3.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9e7e23572d1e530910c88ecba0b1a679`
SHA1	`3e141555ba74c9ee168c545384b637874f35b0df`
SHA256	`e3d060ea07a8d356498a9287ac89a4a17305d1243b9e10ee1f3c46e972e606fb`
CRC32	`D7B84179`
ssdeep	`48:3LkHG3IflF3Ov39mcRHCv9hH6b6shtDN+0eLwzlOtwSN5J6aY3pq2flv:gm3IT3i3UYiv9wXrcwSN5J6aY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	ffce29cf6c6e71b3_targa.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\TARGA.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`ffc003594eb6d9e4455a3dfced5640b3`
SHA1	`20eccd99b5ae82ad46067d715744c2a7976b1b83`
SHA256	`ffce29cf6c6e71b315c9baa448621a54f049aa7bc4074559442f9e2f58cb1a9a`
CRC32	`F3FF0D29`
ssdeep	`48:c5kHG3VXX6b6sht6Ai+axHHtmPSz3mubm0u9Y3gflYp:Nm3VXKXMASxHH8PSKub49Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	2fb989ffa9b86431_shell-multiplayerinboxgames-checkers-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\Shell-MultiplayerInboxGames-Checkers-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0e11804000bb4463ad0a073cb793c79e`
SHA1	`1341bb5ae535d2f532d490fe49fef6a1dc416e52`
SHA256	`2fb989ffa9b86431547444e6da5b2532d8e29dd40c2b352ff58dc889b3487301`
CRC32	`65169923`
ssdeep	`48:3+kHG3j0yflF3Ov39mcRHJ0v6b6sht2o+UXWMVZZtwSN5J6nY3pq2flv:Jm3j0yT3i3UYp0yXhWKwSN5J6nY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	8a05876cc8dc6b33_samsung.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\SAMSUNG.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`f833bfdf2c027822f25c68672bb531da`
SHA1	`1f549ba326900765d2505fd6e70a0659c2100ea8`
SHA256	`8a05876cc8dc6b331f67a9ab61d2d405e8c6dedbf026bc25b169eb2714aa1b27`
CRC32	`9810248A`
ssdeep	`48:c6aFkHG3xh6b6shtpN+9i2Vt2ycnVGSz3mubm0utY3gflYp:2Km3xUXr+i2VAykGSKub4tY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	0db143131f70cdbc_omd-api-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\ppdlic\OMD-API-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ca5077b401e98a144924175e0eb753bf`
SHA1	`bf402dff736c087309f6697a0f4533cc448bbf2e`
SHA256	`0db143131f70cdbc66abb3ac82909476b172c09fb1fdf02167e85394d845dbd6`
CRC32	`829535CE`
ssdeep	`48:3xnkHG3xflF3Ov39mcRHO6b6shtt9Vq1Pq+nPwEwVVI1twSN5J6BY3pq2flv:hkm3xT3i3UYHXpVOfNGenwSN5J6BY3p/`
Yara	None matched
VirusTotal	Search for analysis

Name	c195f6130e3755a0_shell-inboxgames-minesweeper-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`05a0c02123cc650bd6dc70c256262d2e`
SHA1	`1f18b25b3eeff7cc87de9f224e332db428f7cf4e`
SHA256	`c195f6130e3755a06cb63c1ba16be99f0579b160018c9b6731e4d56d3d8ac7bb`
CRC32	`297B4C6B`
ssdeep	`48:3TC0kHG3vflF3Ov39mcRHS6b6shtgl+uRR0MPXRUtwSN5J6YY3pq2flv:Qm3vT3i3UYzXcz0AR+wSN5J6YY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	6204106d9744b056_iaslicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\IASLicensing-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4280e9e5bc22508620a384c43817e75a`
SHA1	`b894b6ff5cd8eb750de50c66d33c8b02107f80b2`
SHA256	`6204106d9744b056950c05d8eee1367e1aad1ec6a8a5a597b26a29ecd121c6a6`
CRC32	`C945CB6E`
ssdeep	`96:Mnm3HT3i3UYW9OXnJRFMctwSN5J6vkY3pq2t:MUHroU7MzMofKkmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	5171ba59889c87dd_mclicense-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\MCLicense-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`262348c4ad09e66f2f6241000a99b66e`
SHA1	`b206e39352f27e06bbefdbd0b0fcb6ad7ff14a1f`
SHA256	`5171ba59889c87dd3669d4544cfa5ec9d4eaae5cd4804b6d4beb2369a42be807`
CRC32	`3BD0A82F`
ssdeep	`96:EDm3PT3i3UYtPX4LdMgGwSN5J64Y3pq2t:RProUrdMgGfnmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	9983178b8b4eae23_msmpeg2vdec-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\msmpeg2vdec-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`6adafaabc9253c5354c1748a2977c951`
SHA1	`de10eeab98dccec26d406011541e4b6dbd1955a1`
SHA256	`9983178b8b4eae23bfa1394e98d6956ade1fb614c2e12bb150a274ad85ab53b5`
CRC32	`747B2050`
ssdeep	`48:32qpkHG3n7flF3Ov39mcRHW4D4Z6b6shtT+nh4XdsjaUtwSN5J6HY3pq2flv:ym3n7T3i3UYVXguXCG+wSN5J6HY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b6a26ca8c65c52dd_cert.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Cert.cmd
Size	1.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`3af1c4f9d44d585f355e5318723c10e7`
SHA1	`04007e5ce63db89ef43afae6d75e131f3b66e4d8`
SHA256	`b6a26ca8c65c52dd04bc99d27e9b1d70773bf2ac9db3596b9b9a4e798d21ad8e`
CRC32	`6F6C2AB0`
ssdeep	`12:XzCFsvK79SXX9Lq5XX9nnMT+kWS4PxKFfJqeDouWJZTHoRNVyta:DCFs0oNqNnnMCVxKljDUVid`
Yara	None matched
VirusTotal	Search for analysis

Name	8d273af54d410d4e_shortcutpatchr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\ShortcutpatchR.cmd
Size	6.2KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`d1687a78e7ddd5fbad902281af356992`
SHA1	`4c8e244154006a5c5ee08f4a088a304d4b6fd853`
SHA256	`8d273af54d410d4ebdf6d1440bc720026f9ac840b64cd8479f131b464ddfd4b4`
CRC32	`2C279C36`
ssdeep	`96:mPmaa6K4a+FSkjkv4mwSBV46s6+SqyHZBZ2qP2+L26AxWKkFk4ANKKgZA6f6kKFs:Imaa6KmQuu+cHZuM`
Yara	None matched
VirusTotal	Search for analysis

Name	c80a41fa817edec7_option.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Option.cmd
Size	11.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`715d8743eaebd6355824770528346594`
SHA1	`f2c6673a6b1cf328e6fb45a7558e814ce61ca2f9`
SHA256	`c80a41fa817edec7e068b948932ecee22d12ef2018e14b5d80d0d26d3acbfc4b`
CRC32	`D18A2382`
ssdeep	`96:5oLxLl/e4RPnftYRGfRGQkkZEiNiXGAxk4bgsIiEdy0h0Y0YU5OOGCznw4hEcwLQ:5BoiElsIr4mT4Lbn`
Yara	None matched
VirusTotal	Search for analysis

Name	97bee76be679c70b_security-spp-component-sku-starter-oem-nonslp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\skus\Security-SPP-Component-SKU-Starter\Security-SPP-Component-SKU-Starter-OEM-NONSLP-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`268a3186310d69ba1e3159d6bd5e10d9`
SHA1	`a7828bd1ca66c64c14b1d6e48ede64541cb29138`
SHA256	`97bee76be679c70bd7a16614ef9d1cb6f8cbd935b3f9c520833eb1fddcbb0aa2`
CRC32	`5B1C37C2`
ssdeep	`192:BwfhqXvpgL4sD820Ifim+5mAN+mE8dmitex0UHMj9L827fime:BwfCY4sD+If/+B+mE8hte6U8e6f/e`
Yara	None matched
VirusTotal	Search for analysis

Name	4998938a70d61ad4_medion.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\MEDION.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`55481347425ab08c8f602046a0e32d3c`
SHA1	`a24f2e9012c71aa27b5a3cf33a5850b922a69b47`
SHA256	`4998938a70d61ad44dd7390f7cb78c2925078d8d5baf0bef13a199b4070ccf7c`
CRC32	`5280C146`
ssdeep	`48:cTkHG3erziT6b6shtMF+H9h3CWI2MuSz3mubm0u0Y3gflYp:rm3erz/X6wOWtMuSKub40Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	0cedf3dc47a11fcd_compaq-hp.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\COMPAQ-HP.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`e134ac253676f0f3db64d8ffaa50936a`
SHA1	`04915306155983f6f098d31347c55e0b86226a3e`
SHA256	`0cedf3dc47a11fcdd05595d62c2bfdd410ea623e01b9554e8604df61efed4838`
CRC32	`2FE5FA14`
ssdeep	`48:cDkHG3PT6b6shtNJ+PFstibQ/zj5bBSz3mubm0u+Y3gflYp:Tm3WX70s429bBSKub4+Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	58bc96e14a3c9aa1_microsoft-windows-networkbridge-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`89707824f9eb5d4c6bff43c24b8b67d4`
SHA1	`265ac3821adb755387235457b4edf6c18167d575`
SHA256	`58bc96e14a3c9aa192853ab26e3e9343b3660d82be997ae557c4b1f37b8b0832`
CRC32	`2D9667F6`
ssdeep	`48:3m2kHG3H+flF3Ov39mcRHa+46b6sht6v+TPImHGtaUzuNbtwSN5J6/Y3pq2flv:2hm3H+T3i3UY9JXUiges6hwSN5J6/Y3J`
Yara	None matched
VirusTotal	Search for analysis

Name	139eef75ace69384_readyfor4gb.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\ReadyFor4GB.cmd
Size	3.4KB
Processes	2196 (A.I.exe)
Type	data
MD5	`b0a4944b2c76c93cd34e6058b2be34b1`
SHA1	`e86bfa68bc14685837cd2839ddbde6cedcd78982`
SHA256	`139eef75ace6938440601f7cfa3564c04602ba65fa0308c166acfa94fe26f06d`
CRC32	`64410605`
ssdeep	`48:iTnMqvxCa/FQWBFcIKCb9Tl/SEXNYcmGY0cmGYAnV8lM3zyU1zzMccve0344nXwr:izZlP/XM8i3L5zdae03XnXwr`
Yara	None matched
VirusTotal	Search for analysis

Name	fa032636eb89835c_slic2.1sihidden2.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1SIHIDDEN2.cmd
Size	5.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`425f12eaf17dba6ff7d0e662007f9f2a`
SHA1	`ac1de3807b5bed66772be9fb6c995661b56a0d81`
SHA256	`fa032636eb89835cf15d2c96a199083071402ebcc40489ff19c37306e0dd1eef`
CRC32	`CDA544A6`
ssdeep	`48:uFer5rzrw5McVxa4cAqMiLzn82eQPCbNVXd6gTD0S7/BrlVx+8NnuVvtRtLeWhdl:eNa4cAqMiLzn8VLZ3ZrlrsVHr1t/gN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	f6a02b2a15d4473d_microsoft-windows-offlinefiles-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\ppdlic\Microsoft-Windows-OfflineFiles-Core-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`21806ab759e66a52e8e6dd8ed1dc3272`
SHA1	`883af44a404c461d318040a36607cb50f63dbcc1`
SHA256	`f6a02b2a15d4473dfb7d69c362b2789418876c0322008ef857f039aada5a1c04`
CRC32	`B9444A62`
ssdeep	`96:fm3HTT3i3UY9TqXjbTdNfPLewSN5J6/Y3pq2t:czroU3bfTefEmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	0d5b56ac00281713_restoration.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Restoration.cmd
Size	5.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`50e90ab040ebd5330409550508e7b75f`
SHA1	`d2cdb65d616ab21b08c4f4ca16fdd0ec59e37307`
SHA256	`0d5b56ac00281713552754da71057f16d9dd76f87787b253344a3fcbbf14e545`
CRC32	`999734FF`
ssdeep	`96:JKcpUOvEmts1Imts1x5zG4HfJfdV0jO6R0ihfOzDTu8GA0BL+:/U6zG4/Bw0jDT5fc+`
Yara	None matched
VirusTotal	Search for analysis

Name	b7db5194e3ad2c91_slic2.1st.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1ST.cmd
Size	3.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`09a8cd942fabcf55135f2da78cdceba4`
SHA1	`3b5801ab56f00b7dfdb96598650d141fe63acaa8`
SHA256	`b7db5194e3ad2c9128298e7078ba427dd6d6064e652362c8f38e3148b1769b79`
CRC32	`DF46C71E`
ssdeep	`48:yu/Il3s45ZyDmMYxwXMi0UNoojyE41ye4sAIMqVx7wn:ydSsWMy6uyx1ylsA20n`
Yara	None matched
VirusTotal	Search for analysis

Name	77d1625cb7e49d7f_peertopeerbase-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomeBasic\tokens\ppdlic\PeerToPeerBase-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9d211b0d0f167dff803e7f3d91faf882`
SHA1	`ba0b3d1ab7bb8c0e9421549fe576f3d0145c0d9e`
SHA256	`77d1625cb7e49d7fea84f77800c75d84eff42e51095ad8b947cbbadfd2bdd421`
CRC32	`5FBC8C21`
ssdeep	`48:3WkHG3yflF3Ov39mcRHeqs6b6shtq+RQV/yjtwSN5J6oY3pq2flv:xm3yT3i3UY+GX7MOwSN5J6oY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	a69b95cda6f6d099_alienware.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\ALIENWARE.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`389b71d2f9f1c20e129a498dfb73a9a8`
SHA1	`0113405bd930f59a552e022ee9c47c54bb7103be`
SHA256	`a69b95cda6f6d09923ac28ab66eaa576f5d66ce49a01eb9166855e7ef2eae8d6`
CRC32	`693DA724`
ssdeep	`48:cckHG3J6+ht6b6shtKtH+Q//2fRSz3mubm0upY3gflYp:Em3J6y4Xg/eSKub4pY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	240942b86d2d82e5_grouppolicy-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\GroupPolicy-License-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`8aa272b295a648066b2a4ed3ce735cc2`
SHA1	`5fad7788cffac50ecbdf06bb3cba1e0460528b02`
SHA256	`240942b86d2d82e5244c7a30cebeb53f9648fe8d3bf04d39c01340c715170aca`
CRC32	`9318F8D3`
ssdeep	`48:3UikHG362flF3Ov39mcRHUV3f6b6shtJu+CLtCZ23ttwSN5J6mY3pq2flv:EVm3nT3i3UYpXXVZ23PwSN5J6mY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	882e5f99fac15f10_security-spp-component-sku-enterprise-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Enterprise\tokens\ppdlic\Security-SPP-Component-SKU-Enterprise-ppdlic.xrm-ms
Size	16.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`eaec7e4a3e040bb6e5a5a7060c4ea03b`
SHA1	`485fa3647dda6f22534681bc381ac07ed701d204`
SHA256	`882e5f99fac15f101e70aecd6c0852eec94e2de0c222d7e1b51d8d248c6a6965`
CRC32	`1605C861`
ssdeep	`384:Gurox0cbcKvA5xVCzkTvN9HIUAox42gJ7jJISyfAjt:RdxVCzkDIba42gJvbBt`
Yara	None matched
VirusTotal	Search for analysis

Name	3025fafbe0f3c9e2_restoration.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Restoration.cmd
Size	4.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`175dd5bf250cd1a23c47885a94f191e2`
SHA1	`e43b093a26566b5b079ea3f4cb1bd0c5e95a503f`
SHA256	`3025fafbe0f3c9e2c4093f0fcfbf4ed7be301c9568ee5ebb3bb39d89daf7a8f2`
CRC32	`B30D8B25`
ssdeep	`96:YKcpUOrEmts1cmts1jxDGRfaV0jO4H6oZlOzDviEAAYBJ+:eU8DGJN6JDvDR2+`
Yara	None matched
VirusTotal	Search for analysis

Name	cfc8875004e4a1c8_security-spp-component-sku-starter-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\skus\Security-SPP-Component-SKU-Starter\Security-SPP-Component-SKU-Starter-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`04eed29af22b04840e5b302c93aaa464`
SHA1	`18c5c949eb2a53c8d923dc4a0fd4c1256230ffdb`
SHA256	`cfc8875004e4a1c8e74d4a0e029bca117b722174f067a6f9173c3e2d245586e1`
CRC32	`4F70B06A`
ssdeep	`384:kyfv4ukCNrSDym0ML5KG+f1mgQYgmE8/eORfsB2f1Ya:HnBWym0ILXvBy`
Yara	None matched
VirusTotal	Search for analysis

Name	45f5b246cd69393d_slic2.1sibootmgr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1SIBOOTMGR.cmd
Size	5.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`4077119a7c626cec95eb1017f2ef07b1`
SHA1	`ac34dbb62c71b52f3a597ebe6df26d751c9491b4`
SHA256	`45f5b246cd69393d69473a5827e49cc91b4ea07c8dd27ac3603e4e542dde2e91`
CRC32	`79D42096`
ssdeep	`96:eqD1hCj9cAqMiLzrTKLZ3zrlr8kVCrwHgN+n:pD1hAJp3zrd8kVDn`
Yara	None matched
VirusTotal	Search for analysis

Name	acc5c5b9d1845aa0_terminalservices-deviceredirection-licenses-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerEnterprise\licensing\ppdlic\TerminalServices-DeviceRedirection-Licenses-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`c446b03359b9d7c16545fd35c40d6e1f`
SHA1	`da4efb3594ec69bec631258785939668271519fa`
SHA256	`acc5c5b9d1845aa070d2aa2b2c36a7b50c7d3ff7d7f67dcf4469f26f3f50eeed`
CRC32	`4F170852`
ssdeep	`48:39kHG3EflF3Ov39mcRHi86b6shti+rTjkLKtwSN5J6UY3pq2flv:im3ET3i3UYiX16IwSN5J6UY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b51b85509e4a3da5_msmpeg2vdec-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\msmpeg2vdec-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2c351b9ceca7dea93b4772a3c3eb152d`
SHA1	`55deaaf89b7bccd62edc04c79102706757fe6eef`
SHA256	`b51b85509e4a3da50bc88670f52bf49cdf9266fff27b68d31eb7566eb607bb5c`
CRC32	`C7AAED29`
ssdeep	`48:32qpkHG3n7flF3Ov39mcRHW4H4Rlmxl4R3xl6b6shtJ6++GkbTtwSN5J6vY3pq2t:ym3n7T3i3UYbXujbpwSN5J6vY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	2dcf3d6aafa93ae0_systemax.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\SYSTEMAX.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`55c1b96e3630d79ac50c7ebeb176b260`
SHA1	`abeccfe24ea11593fca2731c53fd0943a64f4450`
SHA256	`2dcf3d6aafa93ae0322ed1c4593cfec8aca3019b161f651de90deb8e6cad091b`
CRC32	`1BF8422E`
ssdeep	`48:cKOYkHG3azpN6b6shtB+5S/iMsg44J0Sz3mubm0uNY3gflYp:Am3ipYXOS14W0SKub4NY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	53ac636fc713925f_tabletpc-mathinputlicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\TabletPC-MathInputLicensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`463cef6d4ee583223d79548204873d06`
SHA1	`5a2aae3225a3298b58baec51e343efea4ed6f50c`
SHA256	`53ac636fc713925fb4d3262b03d3adfdf66c06aebe7d3754d95cb7d3166acc4d`
CRC32	`1ECEFA41`
ssdeep	`48:3GS54kHG3yflF3Ov39mcRHL6b6shtrUb+tv5sgDfatwSN5J6wY3pq2flv:D5zm3yT3i3UYGX5UaEwSN5J6wY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	5b238560cb8d43de_7forever.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\7Forever.cmd
Size	7.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`7dbb0b0c6c2196ab01f2102376301e95`
SHA1	`59c03bb967554e1012870ca4382b95f4add7aa7e`
SHA256	`5b238560cb8d43de6404b757422eff3d2aeeda70f7cd31d1206874c3f9c4159c`
CRC32	`8D61CDF6`
ssdeep	`96:y22EfLts1d6zG4HfJfGGuXKVs7vCogqLv6oWqIe0ohyOzDWubIG/y:BzG4/BivCogqLv6oWql06DWGZy`
Yara	None matched
VirusTotal	Search for analysis

Name	60b101a031d2447e_security-licensing-slc-component-sku-ultimate-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\skus\Security-Licensing-SLC-Component-SKU-Ultimate\Security-Licensing-SLC-Component-SKU-Ultimate-OEM-SLP-ul-oob.xrm-ms
Size	12.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`10f6883f900287f1cd92454c50ee0dfc`
SHA1	`7860dbf02e45b8782f914db6b5e8d2779aba2f58`
SHA256	`60b101a031d2447e4fcb357d2df9d5359a35d8845136d66bb02a29370ee4e10c`
CRC32	`E935E520`
ssdeep	`384:Ibf6x4sUfJHnzjmE8WTeNE8/xKPOqYfJD:l+nJuiQ`
Yara	None matched
VirusTotal	Search for analysis

Name	9f691e04bdd47408_shell-inboxgames-spidersolitaire-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`21beed946490bc6c16011840bf5073a5`
SHA1	`e1156a0e883f7682c09f3688b9e4113726320b7b`
SHA256	`9f691e04bdd47408c75aa6136017a30d18021e2a3fe88bc822c1aa0e5b69097c`
CRC32	`C48A35CE`
ssdeep	`48:3jfkHG3iflF3Ov39mcRHmNH6b6sht0+CCklAMtwutwSN5J6sY3pq2flv:wm3iT3i3UYZX6CZMtw8wSN5J6sY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	9ba0f7091f9886b1_security-spp-component-sku-enterprise-vl-dmak-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-DMAK-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`eb7d431d1d28d5449d3e29a389a12d2e`
SHA1	`27a7e681d06296500b6755ea5f2fbc45739fc09d`
SHA256	`9ba0f7091f9886b1084cfc3534f569f6edd5d7f81849694a66e9ca53ecb4c195`
CRC32	`A7638CED`
ssdeep	`192:MRcfh4TvpgX4sUwfLmhw0794OwC+mE8dCeNkvooAb6XLMfLmC8:WcfUE4sUwfiW04C+mE8MeNQooAb6ofih`
Yara	None matched
VirusTotal	Search for analysis

Name	47eaaedddb17699e_msmpeg2enc-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\msmpeg2enc-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d9d9326c1cdb916f0f5dad154611c752`
SHA1	`ba1dfdfa982bf3141f190470f61c106b4a5d41c0`
SHA256	`47eaaedddb17699eeea36fcc08aea8c0e4c63f4298efda9fbf8a6fc01673bfe7`
CRC32	`E52BF32B`
ssdeep	`96:6m3nNT3i3UYfX+B+TEeKwSN5J6E9Y3pq2t:HnNroUN+TQfnmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	710bad1361bb24bc_dwmr.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\DWMR.reg
Size	404.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`6b2893547779dec00241377b007cb8af`
SHA1	`285e4ca1398a56b8a42d39072ee6a64e31857ea0`
SHA256	`710bad1361bb24bc11dc48c03a10bc5df95681e3c21419a47c574141f07ac0db`
CRC32	`096F95A6`
ssdeep	`6:Qyk+SkWCiiCRroZ6IJl5qIlgCVlEEoWcHWn+Sk6yGj3yCJlUAG+DZKHWn+Sk6yGb:Qy5hVZtrRNEEaW+7EyceAxDZaW+7EyA`
Yara	None matched
VirusTotal	Search for analysis

Name	ff095bc9e1d1139b_removewatermarkx86.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\RemoveWatermark\20090331\RemoveWatermarkX86.exe
Size	19.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`8efb3872acbd6900d627e3de87a9757e`
SHA1	`f2732f39e1517cbd14c284132e3e1082213d1002`
SHA256	`ff095bc9e1d1139bfe969f12fb8e9715ca5986b7140498ad03fcf49bf3257c3a`
CRC32	`B7AE62E0`
ssdeep	`384:9fljuoGHWE2t7MnK94Ezp+xMxr8rz9Il:1ljuooC/94Ezp2Mxr8/9Il`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	24a022f96815efa1_r2forever.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\R2Forever.cmd
Size	2.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`29794c6f7ca05a9668043c9a810ec36f`
SHA1	`93aea9fd029729887d81b3c98b2089a248e55944`
SHA256	`24a022f96815efa19c130b79aa20ab8fc752dc22d4459ac93667c61659fed7c8`
CRC32	`40343F32`
ssdeep	`48:yDn5M2xx8Fogtts1+bF/gtts1XAQ/qTaLASqTaly:yDLoomts1U/mts1QMLA0ly`
Yara	None matched
VirusTotal	Search for analysis

Name	9991d9ca5161ca58_security-spp-component-sku-homebasic-retail1-pl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomeBasic\tokens\skus\Security-SPP-Component-SKU-HomeBasic\Security-SPP-Component-SKU-HomeBasic-RETAIL1-pl.xrm-ms
Size	13.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b27a28976c1b073ca435bc19a72982d6`
SHA1	`3ea24eea0ff1b3f3cb3aac15c1ee1da2bc41971d`
SHA256	`9991d9ca5161ca586717bcee33aac4728daabf2418cb94e214769630a719be80`
CRC32	`4CF3B7A4`
ssdeep	`384:KgeykflZMfUIMjmE83ze3KqSssq5+f8ifUR:PeemSopj`
Yara	None matched
VirusTotal	Search for analysis

Name	8f4b9094b1f2b220_security-licensing-slc-component-sku-homepremium-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\Security-Licensing-SLC-Component-SKU-HomePremium-OEM-SLP-ul.xrm-ms
Size	11.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`060a7ddcd88fca3095f5611b774ef9e6`
SHA1	`d7f77aa1e20c8ea7b1b66a98e87ea154e3731a5a`
SHA256	`8f4b9094b1f2b220beb7392d635514f0b183fb28c66dc5d9060eb8e47797f3fd`
CRC32	`822B6E03`
ssdeep	`192:BTfRjTey5pK3YbfkmzhNevGwmE8d9dIeuzKTSprhy0lQipGwfkmVP:BTfFBp6GfJzhbwmE8JIeXTS91fJVP`
Yara	None matched
VirusTotal	Search for analysis

Name	8e08c21b85443829_fscpc.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\FSCPC.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`4d2163df9cd43c9a82b5ba85283436b5`
SHA1	`a55970f3bc02ab270f8fdae4e6c1cf9a62e734e5`
SHA256	`8e08c21b8544382902deb471c59027fa8a4008f7889f39f07bcd879ea78c3e7d`
CRC32	`6D1B23DD`
ssdeep	`48:c2skHG3Jjs6b6shtI4+Touc86V6CxrySz3mubm0uOY3gflYp:bvm3plX250TnxuSKub4OY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	56eebad199b24147_security-licensing-slc-component-sku-homepremium-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Security-Licensing-SLC-Component-SKU-HomePremium-ppdlic.xrm-ms
Size	17.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`6c2d412936dfd6c26fc62c1de84deb22`
SHA1	`391aa95d29c77834de79aac2ea2812691eb963db`
SHA256	`56eebad199b2414774a7cd465187481ab36492d87559015017fd0a3bba53096d`
CRC32	`3B2E7D88`
ssdeep	`384:qSroSQ1bQOEpcC5k8Oddi54YJwX1L2CrhchtZDPNe0fijt:VVcC5k1dibK1SCr+htudt`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0e3c1c84f2c834bd_security-spp-component-sku-professional-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLP-ul.xrm-ms
Size	11.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`fa5fdbe829bf022704da587ec7b59109`
SHA1	`2a3029048063f0afe216922bd002c9c99a6994c2`
SHA256	`0e3c1c84f2c834bdf3448bc6bbafdacc8df11115692c6492e389115e489b669b`
CRC32	`669C6702`
ssdeep	`192:4hfR4xeyrjGYfRmynKcGFmE8dYe1rowc4ezEY9fRm3:4hfstfYyIFmE8ae1roB5QY9fY3`
Yara	None matched
VirusTotal	Search for analysis

Name	3de26907cc1b1e96_security-spp-component-sku-professional-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a24752ed428782e57a0ccec6beb7411b`
SHA1	`3055f7ac8f316dcc6e0b6797e6b8aaf977d75169`
SHA256	`3de26907cc1b1e96660c87c14ca98b9f51d46973a0c068bcaf3e4fbbb787cb81`
CRC32	`4F8269E9`
ssdeep	`384:EufH4ukCNrSDym0ML5KtofpmV8gmE80Uei/pIFMdQfpYg:xnBWym0IiHL1`
Yara	None matched
VirusTotal	Search for analysis

Name	222ca340535748f5_security-spp-component-sku-professional-vlkms1-pl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-pl.xrm-ms
Size	13.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`d14c0a060cb60c083e25379a7218b16e`
SHA1	`d3a5a6ba37d7dec86991cd11c8f8ede21f1a766c`
SHA256	`222ca340535748f505909c458952c161816bbd2cd39af85ad3af4df4cf7ecee6`
CRC32	`6E57055B`
ssdeep	`192:sgebFsLUDfqgf2mfmE5LArjmE83LsDe2X7DFMv7N17S5EAf2mr:sgeykfnfrfvUjmE83qei7pa7Mlfrr`
Yara	None matched
VirusTotal	Search for analysis

Name	f188be045a388b2c_slmgr.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\x64\System32\slmgr.vbs
Size	107.2KB
Processes	2196 (A.I.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`574e64a8373ee84bef032e205725527e`
SHA1	`4e3f5b2f3330f3735cd019f764ef856f5208ac13`
SHA256	`f188be045a388b2c028592cd61399d6d082099c35c05b620e396faa5a20ff04a`
CRC32	`3E2F9677`
ssdeep	`1536:jX9zD2Dv4q24t0ODmqqtCCe9bKwHtVAtqyNRjDvQiiQ:jcjl2470CH9b5NVSqQRD4iiQ`
Yara	None matched
VirusTotal	Search for analysis

Name	b7487234ba94e6d5_sppcomapi.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x64\System32\sppcomapi.dll
Size	226.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`75341574f21e766748732bdf530c74bd`
SHA1	`02fb56f273657de7378f019155ceac0d0db31bfe`
SHA256	`b7487234ba94e6d56e682860075aaf72a1319604863326860d2781c8af936d85`
CRC32	`C1F82DC5`
ssdeep	`6144:eLjE5dYG4z6XIzYnnFpRKoEVf654Le75UTya:LdYl64zYnnFpRR4L8UTd`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	748f8e14e24feb16_tabletpc-uihub-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4d57c5079a9fcdfddb150aefb3284851`
SHA1	`687d4ad9fd88c4ff66d61a455ccb6de81ef628ae`
SHA256	`748f8e14e24feb16bed27a345dcb1ecb2a01bc799a34124152aa7a6cc878d9cb`
CRC32	`876ED3A0`
ssdeep	`48:3gkHG3rflF3Ov39mcRHT86b6shtWL+5EjaQkPxPtwSN5J6NY3pq2flv:bm3rT3i3UYBXzRpwSN5J6NY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	250fe0d2a00bd949_makegrldr2-2 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\Makegrldr2-2
Size	13.4KB
Processes	2196 (A.I.exe)
Type	data
MD5	`156cdccdcbf5896c95d311a4dede217f`
SHA1	`640e6815a1e253869623177d7a0df09eb510abc7`
SHA256	`250fe0d2a00bd9490481b1083f85a414eac4d0e0917d90965905cddce54c293e`
CRC32	`E78D88D1`
ssdeep	`192:1+zFTQ0uaBtIZnzpEGVagc6YySqmH/kha+DE3PXs1njTNcJsz9NG/PFLgskh5:Mz9H/QZl9AJeaf3PXinn7MhgskT`
Yara	None matched
VirusTotal	Search for analysis

Name	7dc85b3a6324c3b5_shell32.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\winsxs\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_87d8dd2ca2437111\shell32.dll.mui
Size	288.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`1ffdf30fd8c8a747fd9add1497530072`
SHA1	`63954a4f3703a07e126a4dc345ac6ea1ac090d77`
SHA256	`7dc85b3a6324c3b5ad8b5b6be9ffb87b7cf15c6f0b0ff2376a8fa1242e791208`
CRC32	`DB04DC05`
ssdeep	`6144:oWXJrKxAqwlqgZqJlCt/AZf2V2b0mGgs0G:oiG2vKlCt/AZKP`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	f985c0a73c389675_securestartupfeature-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\SecureStartupFeature-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`fb00bd2aa76c1748699f472d350afa54`
SHA1	`12f070619c275a42728fa4c6cb64acafd8b3997f`
SHA256	`f985c0a73c3896757456bc27dded4be78815685798130c431b98226128e085a9`
CRC32	`A3828339`
ssdeep	`48:3I0kHG3SflF3Ov39mcRHBT6e6b6shtN+3TERtwSN5J6RY3pq2flv:6m3ST3i3UYhwXM4TwSN5J6RY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	3bb8d823a302baeb_tabletpcaccessories-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TabletPCAccessories-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a54568d2080a09e540a890c904bb7a78`
SHA1	`5a33815318e3484f57facf0a201c3a13019da358`
SHA256	`3bb8d823a302baeb2d5079fec8dcd51947487b1a6cfad629edbbde086313a085`
CRC32	`86EE4575`
ssdeep	`96:Um3xT3i3UYcXcvcK5F0awSN5J69Y3pq2t:txroUacKPfSmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	19f434de6e514f97_security-spp-component-sku-ultimate-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\Security-SPP-Component-SKU-Ultimate-ppdlic.xrm-ms
Size	16.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4d24edb585cd787b29146a32818bf1dd`
SHA1	`52e06e729d8be61c4564c3abdbe99b91412ef5d8`
SHA256	`19f434de6e514f97945ec78df35c8e4914e0c569ca525507f2aede4351e13740`
CRC32	`1782D9A9`
ssdeep	`384:nmroFGvNvcbcKvA5xaCzkEUAoyzkKQgJdjJwLfKjt:mpxaCzkEbjkKQgJ5Nt`
Yara	None matched
VirusTotal	Search for analysis

Name	93439a9703836715_shell-inboxgames-hearts-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`391bd2a7cc60929d685db240330cba2b`
SHA1	`fd802854cc759635c0d7b7caf036a57fedc7a944`
SHA256	`93439a9703836715414b6f8b7e763d88f07d22f9e8f3e9a158ac1d40643c5654`
CRC32	`0F6D29CE`
ssdeep	`48:3cpkHG3MflF3Ov39mcRHIV+Ml6b6shtp+zEGNmWtwSN5J6+Y3pq2flv:smm3MT3i3UYgAXBGNpwSN5J6+Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	a0da8e58c6759951_udwm.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\x64\uDWM.dll
Size	335.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`558d92fd87d093eacd50a3cbf565c450`
SHA1	`f7d2d1bd5cf0920640d91c24f8f775652c496ba4`
SHA256	`a0da8e58c6759951257b2088004c8b94eff0012d7c5176d4e4db0abe647b0d5e`
CRC32	`EE4D5811`
ssdeep	`3072:pPM/fOLl6RVDjcHupLiU/lXrKGSIsIPXvwuAJpl1LtmHSPZgjwUtC05izXMPRUi9:p2fOBk40r1S8wuWrWj7c05/PRxZJzLg`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	eca4606908cfc161_foundrfoundrpc.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\FOUNDRFOUNDRPC.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`a79335a9f30fed1756fecdc97f761272`
SHA1	`765d1100323bb8caa45774a6bf6099bbb5bd4db1`
SHA256	`eca4606908cfc1610756c67c70585de43e320637c0ed002fcc71b42fb7a0a1f0`
CRC32	`0BF06502`
ssdeep	`48:cgczkHG33wv6tcskDP6b6shtiFH+pGL0gKNKSz3mubm0uZY3gflYp:XcIm3Pk2XsfggKNKSKub4ZY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	e92b09cc9bc9eb19_mobilepcpresentationsettings-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\MobilePCPresentationSettings-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`78150da47691689042f84d8ab0a8c9f0`
SHA1	`40a04f083a946e2805b02590833ce8d1c4d386a3`
SHA256	`e92b09cc9bc9eb194dc003479a90cd8cb8b48b9d04edb370428b3ae9eb99a405`
CRC32	`ADBD044D`
ssdeep	`48:3+UkHG30flF3Ov39mcRHPk46b6shtae+HueFrwv3ltwSN5J6DkY3pq2flv:Onm30T3i3UY2XIbFgHwSN5J6DkY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	fe603569510d8cef_slic2.1stvfd.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1STVFD.cmd
Size	6.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`47902293b6dada9e749533e172c9c744`
SHA1	`a24788ebef358a19d17c6d344db7d80101de2c8c`
SHA256	`fe603569510d8cef7e5d80eadbd141252c84415ab6efb4aa49ee92033955d933`
CRC32	`E1746B2E`
ssdeep	`96:eGS70jchMiLzrTKLZWZrlrS45TBrCt/lN+n:Q4FpWZrdSqnn`
Yara	None matched
VirusTotal	Search for analysis

Name	601ae72309e22ddc_security-licensing-slc-component-sku-serverenterprise-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerEnterprise\licensing\skus\Security-Licensing-SLC-Component-SKU-ServerEnterprise\Security-Licensing-SLC-Component-SKU-ServerEnterprise-OEM-SLP-ul-oob.xrm-ms
Size	12.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4d49139db37c99aca2c76d92c4b07958`
SHA1	`4da3a147e24db5ccb374c8bec7ee9139249b1c5e`
SHA256	`601ae72309e22ddc287b71f9e5de8b9d005e7399717cbc92140768cba65721f6`
CRC32	`258A1B40`
ssdeep	`192:1nZfhb1vNB4sgfDmFyy2w2mE8d1xe/U2k6UIWR5igfDmHI:FZfzn4sgfqFT2mE87xe82k/5pfqo`
Yara	None matched
VirusTotal	Search for analysis

Name	e370444271395587_directexperience-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\DirectExperience-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`45e01af8a6dba520b69b9741eec236e1`
SHA1	`dd35aaa8379dde2562ea9c9a4a12edbe59c4fe53`
SHA256	`e3704442713955877e6bcd695e4cfd01f71d0d2276faf05c867e724c6ae7a0e0`
CRC32	`ED8B85DD`
ssdeep	`48:3WCHkHG3XflF3Ov39mcRHa+O6b6shtA+aYwB2SHb4ojtwSN5J6aY3pq2flv:HEm3XT3i3UY9nXqFso5wSN5J6aY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	3d502209493ac230_security-spp-component-sku-homepremium-retail1-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\skus\Security-SPP-Component-SKU-HomePremium\Security-SPP-Component-SKU-HomePremium-RETAIL1-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4b9d41c9a95de5bce031470ff0cfe84f`
SHA1	`3f87d174dedc9f15455af69c6edb1da3b93a88ba`
SHA256	`3d502209493ac2300df6c07b348f81eefe4b8d168ceba3e70b07e2d08e99d380`
CRC32	`343C9C7D`
ssdeep	`384:hDfn4ukCNrSDym0ML5KI6flmUygmE8neoiikB/0KflYM:xnBWym0IeaXW/N`
Yara	None matched
VirusTotal	Search for analysis

Name	83f7ef0bf97331aa_directexperience-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\ppdlic\DirectExperience-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`1228499706dbd67ef64e2655bcf1280d`
SHA1	`daabba98af2270775f02de2a76494a6c48ef8754`
SHA256	`83f7ef0bf97331aaccc884266dcdb6be2389fafa16afec0ff22c1cfe2ba52421`
CRC32	`988B7AF0`
ssdeep	`48:3WCHkHG3XflF3Ov39mcRHa+O6b6shttb+nm9Ib/Z5twSN5J64mY3pq2flv:HEm3XT3i3UY9nXDMm90/9wSN5J64mY3J`
Yara	None matched
VirusTotal	Search for analysis

Name	20f7421a9c164087_terminalservices-remoteconnectionmanager-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms
Size	4.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b35a8385d0c28beadf4837e3f7d668a8`
SHA1	`ce2d7f9994b5f80d57a63c44d04f4d2cf61bcf21`
SHA256	`20f7421a9c164087b9455d0e33c19e9baedae6d2e8b8c608579fec645c2cf1f7`
CRC32	`4CDBCD23`
ssdeep	`96:Nm3kT3i3UYwNPE+XjuahJL/VwSN5J6UY3pq2t:ekroUXhEOJ3ffmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	9cb59b8b5aa71f1a_slic2.1sihidden1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1SIHIDDEN1.cmd
Size	5.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`5831d24585786d3d05449de6307ac090`
SHA1	`6c0c11c484de4c4cd13fb8f99a80896b68a412c9`
SHA256	`9cb59b8b5aa71f1aa081439947c6c22a793eaa873bf5e30bb6ed8087dd8249cc`
CRC32	`CFBA89D2`
ssdeep	`48:uFek5kzkw5McVx9vcAqMiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8N2XVvaRtLeWh0:eY9vcAqMiLzrTKLZ3Zrlr0V+rwHgN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	cb2dbd84148e08af_capturewizard-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\CaptureWizard-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`16c897eb67222266e7fde3e66b9f334d`
SHA1	`d2e7939f11c5f2cd3c3d4732538b36a4c9afe445`
SHA256	`cb2dbd84148e08af51b628031b1a61c1b32350ae606c86d539734b4161f83770`
CRC32	`97E02D8E`
ssdeep	`48:3PFjkHG3NflF3Ov39mcRHZ6b6shtfZ+jWCZttwSN5J6ukY3pq2flv:Sm3NT3i3UYcXNwwSN5J6ukY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	e537f313b1d3d1b1_windows7optimizer.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Windows7Optimizer.cmd
Size	5.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`3b286070bd3612911b2eb079e865880f`
SHA1	`d66b1be904009d1bb552387484ca04f8f74b4207`
SHA256	`e537f313b1d3d1b1a3cd6caf2744aec472a6d3332b2cedf93b448a5610689a2b`
CRC32	`ACBD2D11`
ssdeep	`96:Md9HcmtsduXKVfsrM7UdAqGdNRFHl7kV/n:Md9dAZHwn`
Yara	None matched
VirusTotal	Search for analysis

Name	3786fb34be48230b_r2forever.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\R2Forever.cmd
Size	2.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`f94268a88aa53cea2024a31639f82d35`
SHA1	`74aaf4b24a8da92ccdf756efbc167f8501b422e1`
SHA256	`3786fb34be48230b9c0d0fdd9974ce7416235916cfffc068b4c574c2b08c7e2d`
CRC32	`7F3FE815`
ssdeep	`48:yDn5M2xxCFogtts1njF/gtts1lAQHqTCLASqTCl2:yDLSomts1x/mts1qWLAYl2`
Yara	None matched
VirusTotal	Search for analysis

Name	be04eeb429b856f1_terminalservices-remoteconnectionmanager-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms
Size	4.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`1348977aa0487a60d989112b89ed4926`
SHA1	`500739204eadd01ff053019460403f49c237e8de`
SHA256	`be04eeb429b856f1b08de942c3bc8eac8158ceb308622ef6207f36634b99935f`
CRC32	`31324ADB`
ssdeep	`96:Nm3kT3i3UYwNPE+XDZPCLSJawSN5J6fY3pq2t:ekroUXhECZPjYfkmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	3a5d2084ae0b79d4_microsoft-windows-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms
Size	3.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b206c05031dda75f4eafdce12553547a`
SHA1	`722ac92fc1d39be5afa2e0284ba79305d22090ed`
SHA256	`3a5d2084ae0b79d4f362049d5eb163264fc8058acb6ffb561f41a648926ab154`
CRC32	`4E246895`
ssdeep	`96:3m3HFAT3i3UY9FXF5FkFWFTF4F5F+FWXmEYS13wSN5J6DY3pq2t:ElAroUYVDo+pkDmRMf4mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	c461a40e31088e25_slic2.1sihidden1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1SIHIDDEN1.cmd
Size	5.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`d1b956481102687e0cd85633c07d88b2`
SHA1	`f801767e6a3d321067e121da31f8254a59cdbfde`
SHA256	`c461a40e31088e25534ab873cc2c30673c6c29b04cf872df7cdfe9c11da90b61`
CRC32	`DF1E09BA`
ssdeep	`48:uFek5kzkw5McVx9vcAqMiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8N2XVvaRtLeWhQ:eY9vcAqMiLzrTKLZ3Zrlr0V+rCt/gN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	06968a852ea2d989_grldr Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\grldr
Size	167.1KB
Processes	2196 (A.I.exe)
Type	DOS executable (COM)
MD5	`801d70b3909bd7f00037a68b358457e9`
SHA1	`ccf28f459d222eb5e523630b2d4e51f28cba56e2`
SHA256	`06968a852ea2d989b1321ac3a90262de1f15854684a4b51f8511e89bac3a0a9d`
CRC32	`F311522F`
ssdeep	`3072:Ik620Eju6qY87t5vTlx3PEA6P1oN56o5n5qbLjhVtU0h3cSS:psE66qHfvMP1oNAot5Ojh8U3xS`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	a40725024e549d19_tabletpcaccessories-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TabletPCAccessories-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`cb31813f2805d3698ca7bd55d99092d4`
SHA1	`85947a0e3b794dc16984b883f3b3993eaed7dfad`
SHA256	`a40725024e549d1979e18510190f9d02ec088ab7ed3178e2db4069b901042e34`
CRC32	`3875A3B2`
ssdeep	`48:3Y8kHG3xflF3Ov39mcRHgA6b6shtm+U3PEP6WXwYtwSN5J6yY3pq2flv:Um3xT3i3UYIXu3PK7wSN5J6yY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b2912d080d2d4d42_systemcpl.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x86\System32\systemcpl.dll
Size	401.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e777bd47354f76cacf62fa193e510812`
SHA1	`08a9249d5cfb2c1f4273ab998c4c34d210620418`
SHA256	`b2912d080d2d4d4213846e48c902ceba6dd0b9a585fcbb05624e09bcd6633c02`
CRC32	`7A7A565A`
ssdeep	`3072:ZaHbuq0/DI/rmPHy77HW4FWxFO+lk0yQW5Gk0GH/qO7rpKCUwyvsPjJr:Za7u59PHZZqY/W5R02qO7VKC1z`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	1d214580018a4b25_rsimulation.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\RSimulation.exe
Size	522.8KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f63b6bf90413b3478f6b7dae3b4311f8`
SHA1	`c7aa4a6b08b0db2a195272bc4d915891151f046f`
SHA256	`1d214580018a4b25b13758e8273dcaa00da9d3946c599166aa0854c5a52776de`
CRC32	`ED0CF0A0`
ssdeep	`6144:a2CwawYs0rUqA0Afz0R4R1F6qA+8cU7VXmy0ATtC5IhfOtnzZE:a2CLHrVA0BRYuqMcUxmy0C+Q8zZE`
Yara	PhysicalDrive_20181001 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	2947d2d577fbbfc0_networksecurity-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\NetworkSecurity-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9481971cd87bdc78d44d3e83a8554ddb`
SHA1	`ec2eef49ef452cf6d0c5c29680e362ce714fd79f`
SHA256	`2947d2d577fbbfc08b0aa803c64da29983fad4351c6f9c24859057d574dbb55c`
CRC32	`EE2D6B4B`
ssdeep	`48:3lkHG3gRflF3Ov39mcRHSy6b6shtX+/Pyj+F6KGS1twSN5J6EY3pq2flv:am3gRT3i3UYyzXg3CSnwSN5J6EY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	1e77972ca7e38314_slic2.1dbasic.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1DBASIC.cmd
Size	5.5KB
Processes	2196 (A.I.exe)
Type	data
MD5	`4c70cda1e35745e9067465fd3f23d2b7`
SHA1	`aad82df10482778157e161a242673ef221178c4b`
SHA256	`1e77972ca7e383142eb95f5901c4ed43a7a654883cc4189008d515035f63567f`
CRC32	`238A7A63`
ssdeep	`48:Tc75McVxKscAqMiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8NR1O2RtLeWhdKHGvRv+:TcLKscAqMiLzrTKLZ3ZrlrlrwHgN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	d5da3639feb52143_display.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\winsxs\amd64_microsoft-windows-display.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_c9a77b62978c68da\Display.dll.mui
Size	10.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`e464d1fdc66822c41d4cecf164b2d348`
SHA1	`71e243bfe63dfc3bcd20fee633342972b7921406`
SHA256	`d5da3639feb521430efd8f255987503fa66bf9e8c2332fd16dbdef07c8ce3813`
CRC32	`88D33981`
ssdeep	`192:O8xUFGmdX0d/3plO5sRDz3rbb7k/TWQLEWs:OfFGyX2/3jO5sB33GWQLEWs`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	17cb41f03b0a22fd_security-spp-component-sku-enterprise-vl-bypass-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`98c0e65a76de7d9a4ebf16279a76d72a`
SHA1	`3b1ab7645dd34e5b9f894d77c0baaf0fc489e569`
SHA256	`17cb41f03b0a22fd96cf53678dcc36e1c0ca549163ad6f505192a05db678a494`
CRC32	`06A04BB4`
ssdeep	`192:icfh4Fvpgx4svyfVmO7oID+mE8deEeePDEAG1epAkfVmT:icfuy4s6f0OX+mE8QEe861eptf0T`
Yara	None matched
VirusTotal	Search for analysis

Name	3aaf88d0d10da70e_msmpeg2vdec-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\msmpeg2vdec-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`dcfc82b2b18c7f8fac95243f76f0eff0`
SHA1	`7081fbd481377f9bb268550355e5d47542a64552`
SHA256	`3aaf88d0d10da70ee393cbe0a5c66f27e9ba3779a3592cb61c6b8400d605f18f`
CRC32	`7C972B49`
ssdeep	`48:32qpkHG3n7flF3Ov39mcRHW4H4Rlmxl4R3xl6b6sht9V+2SMYX5GYeftwSN5J6ci:ym3n7T3i3UYbX6X81wSN5J6cY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	d5479badadc8f290_slic2.1dhidden1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1DHIDDEN1.cmd
Size	5.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`52dffe52841a3ab0179c7cb6feb8eaf2`
SHA1	`f8cfb26bb2cefc7823b919515442be8aea732503`
SHA256	`d5479badadc8f2902d0ec7fd8c1d47c2942eb9dae060f14d3b12dc8f3b718ba6`
CRC32	`E1322357`
ssdeep	`48:TeF73mMSVxdvcAqMiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8N2t2RtLeWhdKHGvR2:TwodvcAqMiLzrTKLZ3ZrlrJrwHgN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	3207135e32e024a5_optimization.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\Optimization.reg
Size	454.0B
Processes	2196 (A.I.exe)
Type	Windows Registry text (Win2K or above)
MD5	`12a86d51375eaec1f0f2ad87f2ed58f8`
SHA1	`6a0f2b9d7cbe40025eb7c3caada3ea1b5b2043a4`
SHA256	`3207135e32e024a5dd552729015795862133107b431a835594baf675d981331d`
CRC32	`351BC8F9`
ssdeep	`12:jBJ0SK0Aj8VjX6UbU57oaULn/wKVEXAcntn5tWe:jBJtAj8VhaUfOXF`
Yara	None matched
VirusTotal	Search for analysis

Name	12d9d6d044720d68_lsa-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerEnterprise\tokens\ppdlic\LSA-License-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9d7c5200b61f953120941ac7fcd7fcf5`
SHA1	`4049deefd1b74d426007b92142a4d0f0741744b1`
SHA256	`12d9d6d044720d681bb98ff805341c3db1144ea1dae7ca0c3455a898ba415ecb`
CRC32	`3170F803`
ssdeep	`48:34kHG3eflF3Ov39mcRHE6C6b6shtkQ+COsEOpMtCtwSN5J6XY3pq2flv:jm3eT3i3UYkuXu4E3uwSN5J6XY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	39a10724afa23aeb_shell-inboxgames-purbleplace-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0ee363e7db60642ecc603f3b1a738a46`
SHA1	`adb6166efef8b6e237ea433e0c019f493793f1a3`
SHA256	`39a10724afa23aebe57d792ed399a9c6fa81809b7e44872bc786b68d7fd8fa4d`
CRC32	`DC5CA964`
ssdeep	`48:3VkHG3GflF3Ov39mcRHmJs76lP6b6shtV++6mv67bKPtwSN5J6suY3pq2flv:qm3GT3i3UYpZXg46+wSN5J6DY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	090a331f4da4dc75_samsung.bin Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\Samsung.bin
Size	374.0B
Processes	2196 (A.I.exe)
Type	data
MD5	`6c792aa70b3d4615c896b73805b9798b`
SHA1	`127c507c57fa2c379fbd11a490fd97c0c9ef9a52`
SHA256	`090a331f4da4dc757ba7046a89b95cb9a2c3b8b779b8b72e88346573eeaae4e5`
CRC32	`CD08476C`
ssdeep	`6:4EkvkAEJrNw8M184y5CkWuKAT5cYflcaG+bWjIc6fTXeXOEbu9J6ueiURWVh:R5rN21y5CkWuXT51lcaG+KjIBeX9l4/`
Yara	None matched
VirusTotal	Search for analysis

Name	10f2222e151a052f_networkprojection-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\NetworkProjection-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`f2a41e4d7772032e195175a1bd8c3746`
SHA1	`5848d97b65d79a9c953f3ad4c0322c6de0e8c669`
SHA256	`10f2222e151a052f358fbfc4d55c20fdb177dd925a5b8228eb1c859417e373f8`
CRC32	`3EE18893`
ssdeep	`96:k1m3+AT3i3UYYCJ+XLHzO8wSN5J6HY3pq2t:H+AroUDCJ6O8fQmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	a371869b630001c0_tosqci00-tosqci.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\TOSQCI00-TOSQCI.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`6123b1d570b0333760c328f6900d2bcf`
SHA1	`4a22e046efd6b81e644279db3f5589372d909d7a`
SHA256	`a371869b630001c0b6f3324e2069e05e866d9dce36b738ccf78546e24329d530`
CRC32	`67C5A9B2`
ssdeep	`48:cIkHG3tmT8A6b6shtMPXH+qFbEmFtwKSz3mubm0utY3gflYp:0m3i4XWvjFt1SKub4tY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	c01663b9e078e3c4_shell-inboxgames-purbleplace-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b91e43195bc615767ecedbdf85b54143`
SHA1	`16a584129d42b4d382f733597a16af3f1a244b00`
SHA256	`c01663b9e078e3c48601963c9b7d18f8ca64b52f1dde0475e52ef6451bc6653c`
CRC32	`409DB30B`
ssdeep	`48:3VkHG3GflF3Ov39mcRHmK6b6shtS+q7+MrCepkVCLYtwSN5J6YY3pq2flv:qm3GT3i3UYMXCnr9LiwSN5J6YY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	02e2c5ea00ed10af_simulation.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\Simulation.exe
Size	495.9KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b9c4991a05192bc40fb72d74685cfe1c`
SHA1	`3fd2c24596785cf132e1e271b75782949b5b7177`
SHA256	`02e2c5ea00ed10af7cd723d127b7517b14178aa9ccbb3bbe21dae79d8130295d`
CRC32	`4C1A67D9`
ssdeep	`6144:G2CwawYs0rUqA0Aq9iMPKeLFcRVXmy0ATtC5IhfOtN7:G2CLHrVA07i5eLFcrmy0C+Qe7`
Yara	PhysicalDrive_20181001 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	dc4d24dffbe511fa_sony.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\SONY.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`0895b734fca0b400e9f98981c65e7f4d`
SHA1	`140131e0eb014931cf90acd410f2c98ea72a355f`
SHA256	`dc4d24dffbe511fa19e6f7fe4033fcde25eb21c0e223bf28ec7e45b1597d6c7d`
CRC32	`3DBE1B0D`
ssdeep	`48:cIYjkHG39sMrIA6b6sht1+PxXC+4Sz3mubm0uS+Y3gflYp:xPm39cXmxCJSKub4XY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	a0dc11d8d5ccdd5b_personalization-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\Personalization-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`6921b4d99f4c34f634f2038567a93ce9`
SHA1	`9817ae2eb0fef89c9ada80d8d7e2dc78c3bb18a6`
SHA256	`a0dc11d8d5ccdd5b81b0c07a5c408a8140111eb7c6556be6430c74d5a1445345`
CRC32	`E37BCF27`
ssdeep	`48:3skHG30flF3Ov39mcRHX6b6shtA+XPoepSKUk+uV6FtwSN5J6bkY3pq2flv:/m30T3i3UYqXzfSKUtwSN5J6bkY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b072bbe491a6a6bc_r2optimizer.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\R2Optimizer.cmd
Size	3.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`127b197ca7ff9cf47bba62f96ca87958`
SHA1	`09989b82f572e59ad3938564830212f3aa7d1c44`
SHA256	`b072bbe491a6a6bc847be75970a6925b41c0c4ab5b17363d238ddeeab1ebc27e`
CRC32	`166CD6BB`
ssdeep	`48:XDlvnDeieDlSUlDvRx6oaEgttsv0ue0up0uy0udt0udjDlvV+NDPnvSgqvWHQ/qo:xvDUSEEcmtsduXKVbvV+1nvSXvIM/n`
Yara	None matched
VirusTotal	Search for analysis

Name	75eba1859c4748bd_security-licensing-slc-component-sku-ultimate-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\Security-Licensing-SLC-Component-SKU-Ultimate-ppdlic.xrm-ms
Size	19.6KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9543bdc8698393b107f2af57abd92621`
SHA1	`a11f667680b3795150d865c73639ee733fa74dc0`
SHA256	`75eba1859c4748bd88b509e38df535ced851b57e0b4dbf950e4113da4b3b57f4`
CRC32	`691C5989`
ssdeep	`384:nLroFm2cbO8NdC5kiZdNvjJw0mYCjhiBuJ+Cs0Zfgjt:LndC5k2dNrv5CjhEapHOt`
Yara	None matched
VirusTotal	Search for analysis

Name	b1737d0bcdab04bb_adm.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Adm.cmd
Size	2.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`01663ec2d15224ac9e8ff049bd94cd05`
SHA1	`8889dff0c636585fc63ba9eda33f9ecaba86ea03`
SHA256	`b1737d0bcdab04bb2499fe6de9013b0c4946a54b3a20ec6ace24be5cdfb9cd23`
CRC32	`5DFAF204`
ssdeep	`24:ECF6DpNXIvHvpmvnnMAxxKl8cyszORL6sszOL44AqCGwKpxNjLpn:bF6Dp9jMAxxhszOYsszOkJqTpjLpn`
Yara	None matched
VirusTotal	Search for analysis

Name	fb29017f0d358a65_wga3.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\XPGenuine\wga3.reg
Size	1.1KB
Processes	2196 (A.I.exe)
Type	ASCII text, with CRLF line terminators
MD5	`b322cbf307dc5eadd4265b7d54299cc3`
SHA1	`808c86ef86b9d3e6766c021be6521f0abde3d529`
SHA256	`fb29017f0d358a654f22eed83733b50db71ada704e067c6b029fc179ac98b700`
CRC32	`7F138CD6`
ssdeep	`24:jBJtbIV2zYV6aIV25aKkCd7WICvIBubQTR7akHMO/n8U:9J5I0YjI/J8FCgB/dj9`
Yara	None matched
VirusTotal	Search for analysis

Name	f18e398d52168209_security-spp-component-sku-homepremium-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\Security-SPP-Component-SKU-HomePremium-ppdlic.xrm-ms
Size	13.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0523b168ca39c80789cc838d43c1f1f4`
SHA1	`dc1e4a921fa8b5a72a8403d685fe7778aff506de`
SHA256	`f18e398d521682096e7e71c6989675bac7420e8fca3966dd35af0e0f4c55a7c7`
CRC32	`917549A1`
ssdeep	`384:xJroSk1bQOaKvNuxWqUgwAnUJ1xyYJwXhrfbjt:jfxVcAUJDKhjt`
Yara	None matched
VirusTotal	Search for analysis

Name	4733d97b22c24730_tabletpc-tabbtn-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2083be4155fdb7c47cad2070f142539e`
SHA1	`487b82c0cad62039834c19bae4a38dfa3b82a4f6`
SHA256	`4733d97b22c247300cc0ed618a259827dc48401792fb8daa8244496ff04ab19e`
CRC32	`5D2F22D2`
ssdeep	`48:32Ri+kHG3BflF3Ov39mcRHH6b6shtfg+A08mzaAJwtwSN5J6wY3pq2flv:eiZm3BT3i3UY6XY08FwSN5J6wY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	0e28770796ba346f_kms.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\KMS.cmd
Size	5.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`f6ba892d7f0b14f38f3d24e8cee7bd28`
SHA1	`e00d84c5cc7733bca0f4447fab185e47ba1e2919`
SHA256	`0e28770796ba346f05cec3c705f519fe70dcac613c736e798fe8dfafc41bb650`
CRC32	`04DA64B7`
ssdeep	`48:ytQGMpxTo9FEuvBMFxmPcdSdEd8dwd4dMd6HBdCQu:yCTyroQcdSdEd8dwd4dMd6HBdCQu`
Yara	None matched
VirusTotal	Search for analysis

Name	282f16a32e3e6558_security-spp-component-sku-serverstandard-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerStandard\tokens\skus\Security-SPP-Component-SKU-ServerStandard\Security-SPP-Component-SKU-ServerStandard-OEM-SLP-ul-oob.xrm-ms
Size	12.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`506367f9fa33ffc535558fb5e437e677`
SHA1	`7ab2f554b09fb98cd4d4e63694e388347fcbdfe6`
SHA256	`282f16a32e3e655851d3ae771f18297b3a9c365d1ea935b87a4e627969161477`
CRC32	`92D9F929`
ssdeep	`192:vTfhR3vNr4sY1H5m2wyfgm2AyQV2mE8dmmejhtpaSefgmk:vTfPV4sYtnft2u2mE8ImejjpNeftk`
Yara	None matched
VirusTotal	Search for analysis

Name	48095e57661edf47_user32.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\x86\System32\user32.dll
Size	792.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8626f0c30d4e3564ffdd25c90f4426f1`
SHA1	`a42a6b0af9f6b6cc92ade441f13d8eb54405b75a`
SHA256	`48095e57661edf47e44f8315dbe6372757449493a84e0166d69051299e1873f6`
CRC32	`21F3A1F4`
ssdeep	`12288:SUMmzZo/qril3O9BS+wHFkEVhFYKXypF39r9X3MG5L+s5ENOeQiV1Li/kh:ZM6IleKizNrR3LeYeXV1i/kh`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	3bb9a3802f2a5aae_display.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x86\System32\ko-KR\Display.dll.mui
Size	10.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`7e74f142b1aaca35c3c6cf28b6a40b86`
SHA1	`5fb838b42fd9268f95769a301ea214519f144768`
SHA256	`3bb9a3802f2a5aae367d46d39d478f0cd15fd7b1208acbbb7fca5426fdc6aba8`
CRC32	`054AFDA1`
ssdeep	`192:/8xUFGEdX0d/3plO5sRDz3rbb7k/TWQLEWs:/fFGYX2/3jO5sB33GWQLEWs`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	dfbf74746430b32c_security-spp-component-sku-starter-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\Starter\tokens\ppdlic\Security-SPP-Component-SKU-Starter-ppdlic.xrm-ms
Size	9.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`509919a4163f8f917e1d3c274db35502`
SHA1	`601ba2e337e479081ba4644f5f64c0500f255d6a`
SHA256	`dfbf74746430b32cd031b7b395448bc1aa3f62bdee8d9eb126927d04b3c40bc7`
CRC32	`11A5814E`
ssdeep	`192:qvaroLon0Z0a4Iv91uwua0QnW/xtLPJ1x1P4aHXeFvIKfYmjt:qvaroLon0Z0a4IF1uwua0QnW/xJPJ1xc`
Yara	None matched
VirusTotal	Search for analysis

Name	62bb6eaaa6b94363_r2slic2.1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\R2SLIC2.1.cmd
Size	8.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`1ce95d3250bee24f750e1579fa822867`
SHA1	`39f7e7a4c6ebd4f61f09f4e6647eb7182020cc58`
SHA256	`62bb6eaaa6b94363e81a710109045f46a6b64a26d282d765deb3446c9fc78b4d`
CRC32	`9A191187`
ssdeep	`96:i0aGpbV/Amts1x3BSnA7bfbft8RRmts1xSnA7bfbfduXKVtvfJ3ERH2hnvSLdEnj:wUnA7zzxnA7zzTSLM9Nfn`
Yara	Win_PWS_Dexter_Zero - Win PWS Dexter
VirusTotal	Search for analysis

Name	417d10de53c9841c_moviemaker-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\MovieMaker-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`3960ef775202d376ecf06dbfeeea30a9`
SHA1	`51e42ad6bf4b4b2f2bb863e639cfa6d148d16c56`
SHA256	`417d10de53c9841c0ac9becf0c176e49530a4f1503c117c69684b3c5ff240d8d`
CRC32	`AB10A110`
ssdeep	`48:3hkHG3OZflF3Ov39mcRHjN6b6shtU+J2Sl9sXztwSN5J6pY3pq2flv:em3GT3i3UYkXNlAwSN5J6pY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	420ebbc3aa9c803a_wgalogon.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\wga\WgaLogon.dll
Size	186.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`976878bdfeace8ebc72705250ac85ff8`
SHA1	`984620e48b996f75dfec4200070ef1c9fd4b0509`
SHA256	`420ebbc3aa9c803aaa7cc6956cb62b5d3944f597bfd229bf3227703720f45c82`
CRC32	`CFA91F23`
ssdeep	`3072:QejsbqiE2kwbmWUSEMiGghh+gqcDy7j7:fjN4bLUSIT+iDy37`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ff27e84b373158ee_kms.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\KMS.cmd
Size	5.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`05970701dedb8a3c0164b7bee9b6663a`
SHA1	`833cf1ccee982a03f51c538e99718798dea19a9a`
SHA256	`ff27e84b373158ee7bf8f9fccf1fd932a7bd3179f341ebaf17110d2e99caa1d1`
CRC32	`4EF0A109`
ssdeep	`48:ytQGMpx5o9FEuvBMFxmPcHMHSHEHGH0HaH6lBHC0u:yC5yroQcHMHSHEHGH0HaH6lBHC0u`
Yara	None matched
VirusTotal	Search for analysis

Name	a935ab2696f16806_security-spp-component-sku-professional-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLP-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`3a760095671e60a8fa92b7788a0b42a4`
SHA1	`b9f0ca856a325ea538a3a79d79361491f2122f0c`
SHA256	`a935ab2696f16806ae2ea4bc6333460798557617afaabf21dfb90ddd96357fb5`
CRC32	`72D5CC3E`
ssdeep	`384:4If+i4sEfYN++mE8PedcfSkR5NdJypfYJ:GuleSkR5NmM`
Yara	None matched
VirusTotal	Search for analysis

Name	be6f503e27816b8a_acluifilefoldertool-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`07048bfce5c63df5ce18db9f2c3e7e5a`
SHA1	`758328d7c7ce4ed279b53dcf6de5aceaf1320b7b`
SHA256	`be6f503e27816b8ae07ec05788bcdf449d4317ddaca093d97587b1b19487de3b`
CRC32	`0B749CC9`
ssdeep	`48:3CkHG3OflF3Ov39mcRH9y6b6shtjW+JPBx4utwSN5J6mtY3pq2flv:Fm3OT3i3UYdzXF1P/wSN5J6gY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	7bdba8797631d873_server2008.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Server2008.cmd
Size	4.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`7e2fe9a1ada381974c65e87b48fded0a`
SHA1	`3989a9eec1cdb47c3720328931c157422d263c60`
SHA256	`7bdba8797631d8732e56e31499e3b5938b8270b21a83bdaf84e190626046c2da`
CRC32	`8481C39E`
ssdeep	`96:yXxrYLM5GiUtF1J3EsEgKddd+KdINTwQtz/a:0j5GiNdpINsSa`
Yara	None matched
VirusTotal	Search for analysis

Name	148c8a73904bfb54_peertopeerbase-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\PeerToPeerBase-ppdlic.xrm-ms
Size	4.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`aae505cdd6c07d13f45f61937791ccdb`
SHA1	`85c3ee3fab84d3ccf7e3008399118537f5acc9c6`
SHA256	`148c8a73904bfb54421e4d145242c3a15ce2234de0f6d87bc417a83fad5e8e03`
CRC32	`3EB2214E`
ssdeep	`96:xm3yT3i3UYoTMTrLXLhGqwSN5J69Y3pq2t:KyroUbTMP3EqfGmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	5bf2f6a7830720d9_winlogon-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerEnterprise\licensing\ppdlic\Winlogon-Licensing-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e043eada7489a167b0205e08488dad37`
SHA1	`1bef19c24475b5b3300e5811136d7def6d85d5d4`
SHA256	`5bf2f6a7830720d9113098fcdc384bd736e7fc1caf95bf8bd6842dc64e33bb3d`
CRC32	`9F9FB313`
ssdeep	`48:3mkHG3WrflF3Ov39mcRH8H6b6shtL++uZ6RtwSN5J6gmY3pq2flv:hm3iT3i3UYvXRwSN5J6xY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	a492f612b7149e2e_appid-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\appid-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`40443e2895c8d0af0802eb9fd8327d2d`
SHA1	`6305120b711e98f59bc2576f63aa038cc66278b6`
SHA256	`a492f612b7149e2e23ce1ee481c718ee5c11e6add36d5287b47ee8bef07255c3`
CRC32	`53CA0D96`
ssdeep	`48:3pkHG3yflF3Ov39mcRH3p6b6sht73H+lgd6SO6s0twSN5J6cY3pq2flv:Wm3yT3i3UYXsXggd6S8ewSN5J6cY3pqO`
Yara	None matched
VirusTotal	Search for analysis

Name	9b88c2a989dc95f6_forever2.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Forever2.cmd
Size	2.5KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`172e2c7ca4ea3a220e1652eeeac2e747`
SHA1	`e2c88cac22987cd3a78819712cf0776174ddb621`
SHA256	`9b88c2a989dc95f65a54c0abad1668a2c5a8579d924a473ab4e8243d1d381891`
CRC32	`48B71B77`
ssdeep	`48:T5DL5GE5HL5ETNfV1TFVSHqUNYQjdBGAqjdHzA6Qi+RP:dxX1qj1vSZ6ZPQxP`
Yara	None matched
VirusTotal	Search for analysis

Name	f4e094938e041d91_security-licensing-slc-component-sku-serverstandard-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerStandard\licensing\skus\Security-Licensing-SLC-Component-SKU-ServerStandard\Security-Licensing-SLC-Component-SKU-ServerStandard-OEM-SLP-ul.xrm-ms
Size	11.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`f1439e8d7d6ac317a5d9ff71855d3fe2`
SHA1	`dab42918b93dfb60bf3a8bba69ca673e9c9f7984`
SHA256	`f4e094938e041d915ed29d2f167ea77375636185f8650429b577ccf5886c4970`
CRC32	`94532100`
ssdeep	`192:BxifRHTey0fbmZAyb/9mE8dAexohW7ZfjipdGa6fbmBY:zifBcfyZH9mE8OexoQ7ZGpdGa6fy2`
Yara	None matched
VirusTotal	Search for analysis

Name	4da4fb4ae9d3164e_slic2.1stbasic.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1STBASIC.cmd
Size	5.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`db1e9222fa92cc03da49798115839f22`
SHA1	`7e909c37358892f70ddac45239e82dd4914ce8f5`
SHA256	`4da4fb4ae9d3164e572994fcf7cf815a1dfe8d8e83d8328f1fcb93cc49393b29`
CRC32	`72189348`
ssdeep	`48:uF8kdFs5M2xxjFcQ4MiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8NR1yO2RtLeWhdwk:ezMjFchMiLzrTKLZ3ZrlrY/rCt/lN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	a28d0a0c50d40c7c_tabletpcinputpersonalization-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\TabletPCInputPersonalization-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`05aae65b1ab2f93cfb302aa43028d8b3`
SHA1	`b69ef8d62a8c92d95ed9dcb5e1227d0f1f0adb9f`
SHA256	`a28d0a0c50d40c7c75ac61b44323ba3edb80862dfc2b85a8c63f18f8d9683a4e`
CRC32	`6A60DECC`
ssdeep	`48:3kZJkHG3bflF3Ov39mcRH46b6shtt+rKmSNtwSN5J6iY3pq2flv:0ZGm3bT3i3UYpX0+wSN5J6iY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	c58d4cd6ae42863b_dns-client-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\DNS-Client-license-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7756bb922ada3f52d1f50e8988246cb4`
SHA1	`958a64d5c9fe9416d77293cab4e8b098e9e85b73`
SHA256	`c58d4cd6ae42863b111f46869949e0467d53ca0eff04c4a7084d8d4d257f10a5`
CRC32	`83DAB871`
ssdeep	`48:3tFbkHG35flF3Ov39mcRHA6b6shtu+Astpp/3wAltwSN5J64mY3pq2flv:dGm35T3i3UYhXrtvXwSN5J64mY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	2858e41e44e98f4c_tosinv00-tosinv.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\TOSINV00-TOSINV.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`b44351e5aeb8bd27957f72f9f4b568ce`
SHA1	`82c2b91a19567e566861dadbc28666ae756c5459`
SHA256	`2858e41e44e98f4c3caf496a03bd76468eb5138892c52a3d6867be617fa08d5b`
CRC32	`8A294E81`
ssdeep	`48:cl81pkHG38mT8A6b6shtP+TCU5kKxkQYSz3mubm0u2+Y3gflYp:L1mm3l4X6WKJYSKub4vY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	31c85aec4d9e149d_security-licensing-slc-component-sku-homebasic-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\Security-Licensing-SLC-Component-SKU-HomeBasic-OEM-SLP-ul-oob.xrm-ms
Size	12.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d9c16551d7bc254b9dc6625a35bc75fe`
SHA1	`a412a02f7c81c3ba8064d176822b8c08c9fe3639`
SHA256	`31c85aec4d9e149db1ee6c953c3665f50d3015b84ad03bf41f4f4de89381cf12`
CRC32	`4676D2F5`
ssdeep	`384:LJfPy4s8x2fZVrwjmE8feFAhjRYUnzA4fZD:FdxirHY+zR`
Yara	None matched
VirusTotal	Search for analysis

Name	7158fe889d3a3cba_tosinv00-tosinv.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\TOSINV00-TOSINV.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`7369e2e4e0ac102da8082cec289809da`
SHA1	`0ffe944f4475bde76b32c5ee77bda065e6ebca8a`
SHA256	`7158fe889d3a3cba040bebffefcf7be672ec396bc2a237290f31e46325ce6bbb`
CRC32	`6E3ACBE4`
ssdeep	`48:cUHrkHG38mT8A6b6shtoS+NAvdmRlzLSz3mubm0udFY3gflYp:HQm3l4X6i8RlzLSKub4LY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	6966e9454940d3d9_msmpeg2adec-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\msmpeg2adec-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2d9db2e917b2b2516d4ca3b3075d9456`
SHA1	`8d66d845ebab4e88f9b8aec1892263001327a3d2`
SHA256	`6966e9454940d3d9cb21eea7559e24bff36a3d9963a6fd594564dffefd2a8fe5`
CRC32	`47AF69D3`
ssdeep	`96:jm3nwT3i3UYBXkN/RPFHwSN5J6sY3pq2t:onwroUjtPfnmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	e3358d23befe2c94_smbserver-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\SMBServer-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`bafff5458c6cd314f0f808d3135c5df5`
SHA1	`5e0681cecff791bf3a76143405aa996b93473419`
SHA256	`e3358d23befe2c94518263c9e066298138964d6d45c83bb4befd1bc29009e504`
CRC32	`9E60C9C7`
ssdeep	`48:3tkHG3xflF3Ov39mcRHsS0PrPNZ6b6shto+r2+Rtw8GtwSN5J6rY3pq2flv:ym3xT3i3UYvXi+uwSN5J6rY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	4534b96a098e98fc_security-spp-component-sku-starter-oem-nonslp-pl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\skus\Security-SPP-Component-SKU-Starter\Security-SPP-Component-SKU-Starter-OEM-NONSLP-pl.xrm-ms
Size	13.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4f83f30afd29fd5d0e9660e544f4a12b`
SHA1	`a7757ff7aa8b253aa447f8e639036f2052d39688`
SHA256	`4534b96a098e98fce254c24887a48f0dddcd01e97c6f2bfa584ed63dba170eca`
CRC32	`31C8D955`
ssdeep	`384:ggeysfHmyZUf/TVjmE835edSUWH1Sbe3Qf/X:5ehmyZgf+H1Fu`
Yara	None matched
VirusTotal	Search for analysis

Name	dd54243d115f6626_client-issuance-ul-oem.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\licensing\issuance\client-issuance-ul-oem.xrm-ms
Size	4.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4f3b2c9d1688f6d710989a01190f5f92`
SHA1	`2677ca7f18df9e26d1687bb320f60d0cd7d8683f`
SHA256	`dd54243d115f6626f0779ba2efd81125e2e075f4b180d62578d56e3c6982b57f`
CRC32	`8C8832AF`
ssdeep	`96:oLGm3nwSN5J6Z/SKub4ZaUiXX98buKPEWY3wkb:onfq/eyH88bTNml`
Yara	None matched
VirusTotal	Search for analysis

Name	8cb600bfed4a11f9_cert2.1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Cert2.1.cmd
Size	12.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`ab9fe9e4b6e0295177df181217b5e1e2`
SHA1	`43ff1a7e228ff401859afbe5906b1398c8a21861`
SHA256	`8cb600bfed4a11f980639465df9d226088ccf4ebfc9cd197544ace7f7cf4d446`
CRC32	`E198428F`
ssdeep	`96:5yCSuBaFRhSPhoHbsLHDJkDcCjmVF+wUrZ1/aw66K2qb7aOGEiHSWTbFzTght8yX:5yFF+SH2jJ4VfTKZcq`
Yara	None matched
VirusTotal	Search for analysis

Name	8f2e1f497198f2b3_security-spp-component-sku-enterprise-vl-bypass-rac-public.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-RAC-public.xrm-ms
Size	4.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`79d49739ae82b8ac83978c373a60ec79`
SHA1	`761cc4e68d3f9ec45cafd245fa6aba16d3e36b6c`
SHA256	`8f2e1f497198f2b3ac7a9923b6bd58d4c37757a67a22f96b6e1e8e52ec451a35`
CRC32	`32B3FFD8`
ssdeep	`96:Nm39dWZBqeZy6XOlWr6aNwSN5J6ZY3xz+6R:e/oBFW8r6gfamb`
Yara	None matched
VirusTotal	Search for analysis

Name	7f8b8669af4778c3_sppcomapi.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x86\System32\sppcomapi.dll
Size	188.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`58c94eae54bf0c5e2b80b2e5e7744d4c`
SHA1	`6ec5892289026635395cc05f5d1c652ac7147f06`
SHA256	`7f8b8669af4778c3bb6219569eb5aee4fb225863584ee82efea8db8d7f432989`
CRC32	`4DAEDCDE`
ssdeep	`3072:SBAP6rwOwT428Di29A7qx6PKdLrMyeyNUhBHUZAPhSxs2d654Le75UTyzu:iJrwOnDN9A7qx6PKdZHehBHU4hSld65B`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	45624e0344153ec7_volmgrx-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\volmgrx-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`730d31131dd455ff8baef77a0a93797d`
SHA1	`d1b9a4d670446d7e18bdd119d299a36d5d389396`
SHA256	`45624e0344153ec78f982ff0b53f5a7b2af92f309cea54ec874ccabf6bc4fbcd`
CRC32	`86F70B9A`
ssdeep	`96:V3m3LT3i3UY2iuiEiKaX7IqwSN5J6DY3pq2t:VELroUniuiEi3fomjt`
Yara	None matched
VirusTotal	Search for analysis

Name	b879a56786cfa555_slc-component-sku-ocur-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e18c40ca0cb2ec2e63950872f80d7907`
SHA1	`a287fdfbd54869fd23d46f5b07faabbdbc4a7f28`
SHA256	`b879a56786cfa555b679590f064e10c1903960fb51131ba6253b71415be79ca0`
CRC32	`114C18E6`
ssdeep	`48:3wxkHG3WflF3Ov39mcRHKG6b6shtG+S4dLtXZtwSN5J6OY3pq2flv:Vm3WT3i3UY0XZlLwSN5J6OY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	beeb3badd1b569db_shell32.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x86\System32\ko-KR\shell32.dll.mui
Size	288.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`388ab00bc5a69f77f6ed8d1fd8ace855`
SHA1	`549b86c3087e98c13cb7cf4b7e718c6fbb8e92cb`
SHA256	`beeb3badd1b569dbcf601d5cd02527c8a57ede2c5a9f6d42e1a6d02f8cb1c12e`
CRC32	`38D82701`
ssdeep	`6144:3WXJrK9AqwlqgZqJlFekcJf2V2D0m9gQ:3i62vKlFekcJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	47393fc6dfadd9d0_microsoft-windows-fax-common-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-Fax-Common-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5a612699592c4b55612f9a7564d5e8e7`
SHA1	`cac3ffac98ac5e78619bbe482fc23749059563a0`
SHA256	`47393fc6dfadd9d018a95c28b437af71cea1a0036408791d59ce527742c9f486`
CRC32	`D2C670A8`
ssdeep	`96:Ym3HKT3i3UY9lfXyRG5NKwSN5J6WY3pq2t:JqroU5Y+flmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	ab695861a93561ec_security-spp-component-sku-enterprise-vl-dmak-pl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-DMAK-pl.xrm-ms
Size	13.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4d26e13f6930e406f6d5588b48ee50a7`
SHA1	`1393e1886928180b3d4f8b1b0fe6a66748c799d1`
SHA256	`ab695861a93561ec36a7b912b5ddee8f225c816d8cfef8e5313aa44013e86d9c`
CRC32	`6F6EAFBC`
ssdeep	`192:uegebFsLUXfqEhfLmW5ujmE83LOie4HDh2ZPttjJizThORrpIfLmXjM:5geygfVfiWYjmE83pemh2ZXJs1O/Ifi4`
Yara	None matched
VirusTotal	Search for analysis

Name	0bf2ba919679abed_bios.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\BIOS.vbs
Size	434.0B
Processes	2196 (A.I.exe)
Type	ASCII text, with CRLF line terminators
MD5	`442a7029288a667fd95b552f17b2e3b6`
SHA1	`9902a99cf60d14f3bc9c579bf50ee037d4adc0fd`
SHA256	`0bf2ba919679abedc4a9d50ac025046c65a631b8d020900a25174b8f138d46a4`
CRC32	`DC1A5272`
ssdeep	`12:/Uhz3vAGMZPK/yCTknjwYlbFYweVZGvYw5N+q53G:shz/Ar7nkmNeQTV3G`
Yara	None matched
VirusTotal	Search for analysis

Name	4e927f83f15fdfa8_bootinst.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\bootinst.exe
Size	100.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`2c44c79619c51b4fa0e0b1f1982ac944`
SHA1	`ffe67a9735421d190268b54e113284f324f0327a`
SHA256	`4e927f83f15fdfa810a65d83fc274ad016bff7c60976a8f680b5ec2f96ec839c`
CRC32	`90573965`
ssdeep	`1536:AuVDngAOVU9gSPPSdeV5UQfdRvYxujuwt:V4U9gSLV5UQfjvUQ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	7101db13479f025f_microsoft.url Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\wga\Microsoft.url
Size	265.0B
Processes	2196 (A.I.exe)
Type	ASCII text, with CRLF line terminators
MD5	`f366f131176d81547462cd43dd7ea953`
SHA1	`0c264d3680063254df64414e709c960b340a842b`
SHA256	`7101db13479f025f39ab5450f4dacfda2cfaa7f5a800abc627499dd61bb138d5`
CRC32	`EBA439A5`
ssdeep	`6:8wm/r4TDXRoE54vVG/4xtOFVm/r4TDXRoFGpZ4TDXRWy9MB5y:8w7DBgVW4xtOFVmkDBBKDBWS`
Yara	None matched
VirusTotal	Search for analysis

Name	a24f35648a6c0482_security-licensing-slc-component-sku-homebasic-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\Security-Licensing-SLC-Component-SKU-HomeBasic-OEM-SLP-ul.xrm-ms
Size	11.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`08896c95a137e2e8e42da0e263f8ee00`
SHA1	`cb1b6584996276bd86085d7e0830a28d68088f38`
SHA256	`a24f35648a6c048248fc662ed216cd935f3de67b59aa880ba1aa5a2ffd1c8dcb`
CRC32	`917A1E04`
ssdeep	`192:kxyBfRfKTeyDojf9mW4NeLevwmE8dVetnnHbf2djsQWwf9mkH:kxufowfsWUwmE8reh7uvWwfskH`
Yara	None matched
VirusTotal	Search for analysis

Name	14a7ecc69ce048f0_7tokens.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\7tokens.exe
Size	235.2KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5	`f1b1f4620ac1453eecb7b4dbf8bd4833`
SHA1	`d6ec77af9d48c0ae1d2eaa721c7301e75418dc98`
SHA256	`14a7ecc69ce048f0bdf749f9c9bb7562318f693fb55bf2cfdd3f9286d42ad3a3`
CRC32	`DC53EDDC`
ssdeep	`6144:dUrqA3AheuswyPnCjZSNMGluCDfjBFjki:dUWA3Aheuswya+MGlZLPjki`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	0e29d5da8c9b7e34_removewatermarkx64.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\RemoveWatermark\20090331\RemoveWatermarkX64.exe
Size	22.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`7e066315702506401b3a9dc56be50b5b`
SHA1	`45696e12fbaf4b1c019db747781f158cac0d8236`
SHA256	`0e29d5da8c9b7e340e7b7e1749388a397b46a4284fdec29150d9217e9d3ae300`
CRC32	`A3F921D9`
ssdeep	`384:1yuy7flWoGMVDvE6pqNEm4uL2q+Nv5zq+hP2k5sXINIdqqYukja0Ijuk:1izlWoTxLq6m4UuH2e2k/g0ja0IX`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	546c958a2c3d2f8c_spc-generic-private.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\licensing\identity\spc-generic-private.xrm-ms
Size	5.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`508c561d5dbc4f40ed6aac3e2ab4bac3`
SHA1	`ffe0dab5fe841021defb799a6449afe62769ca16`
SHA256	`546c958a2c3d2f8c7433758e403a97f43f4954a5b2d813619e27df6f8e894c0d`
CRC32	`BE1E08F3`
ssdeep	`96:Fm3uLYLuLmLLUsV1YgQLqmMq/63JPnpb7oe4agEmXjANjwSN5J64Y3bHOn:mEmE8Ljv3efMq/63Poe5g8fPm6n`
Yara	None matched
VirusTotal	Search for analysis

Name	b71d521b89387ebb_security-spp-component-sku-professional-retail1-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL1-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5f49775db3937be7bd3481488c60b609`
SHA1	`82fb5fbf17e634e3679a39d1e3ef841be6c0e98d`
SHA256	`b71d521b89387ebbd1e976e6a5b12b6f0dfe3bac7a217dd880cd4caf2f75b22c`
CRC32	`7687ADC7`
ssdeep	`384:hufR4ukCNrSDym0ML5KsfemgvgmE8kOTe6LhiMtTbfeYT:gnBWym0ISTVLQw`
Yara	None matched
VirusTotal	Search for analysis

Name	f2de33d71fe50b11_kernel-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\Kernel-ppdlic.xrm-ms
Size	4.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`09979da0bfed5e0e1811886fbc9d9b67`
SHA1	`06f9d2da5fe50162af4cf098b275c22f91fee0a2`
SHA256	`f2de33d71fe50b113f6b84922fa6cc4358387c3005772b948e2d388d309608f8`
CRC32	`4B0DD726`
ssdeep	`96:jm3OKT3i3UYgs5G5c5nB26IeXlHXNuEefQ/gwSN5J6FY3pq2t:ovroUPDZEd6Q/gf2mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	5851aae51a4caa8c_mobilepcpresentationsettings-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\MobilePCPresentationSettings-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2ef9022ba4815e9916a2edf6452d7f65`
SHA1	`2075105dbfe63966124ca50d90197d0df71080b0`
SHA256	`5851aae51a4caa8c3a78fbe2c8fc0b449cc636852afe5cc387c0bc0df157fb48`
CRC32	`09A27538`
ssdeep	`48:3+UkHG30flF3Ov39mcRHg6b6sht2+73zGo13mtwSN5J6AY3pq2flv:Onm30T3i3UYBXhkwSN5J6AY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	f5bfa1cfe94b0470_microsoft-windows-desktopwindowmanager-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms
Size	3.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ad026fb805517c0cf9edda42f6ea4c7d`
SHA1	`4e788be07124ded88bdc05f5e31b14dea4d47e06`
SHA256	`f5bfa1cfe94b0470fc8a3ba18019d90f4225c9cbda196c10940e346d7aeb8240`
CRC32	`6F78C9C3`
ssdeep	`96:fm3H4T3i3UY9ruu0qbPX43+3wSN5J6WY3pq2t:cYroU23flmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	05a1a40cc28d2701_stickynoteslicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\StickyNotesLicensing-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`00ccc099688c09dd1b7871202a8888f9`
SHA1	`3ea7e5741bba4601965f942739070380aabb15c1`
SHA256	`05a1a40cc28d270161551ea904cd9f512bbd6be8438a7a55cfc276c0dc91b4b3`
CRC32	`4BD4315E`
ssdeep	`48:3fkHG3HCflF3Ov39mcRHZr6b6shtm+qZ3YBQ4lBmtwSN5J6rY3pq2flv:8m3iT3i3UYEXwZ32HvkwSN5J6rY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	ff7ad1fdffbd329f_7retailopt.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\7RetailOPT.cmd
Size	5.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`1676bf832ee006f42cd87ab665fc9c7e`
SHA1	`882acf5bd4ebc2a62bc54dbb2f9b2dd4239cc4aa`
SHA256	`ff7ad1fdffbd329f69e2092460dffb69749f20d50229f5297565b4a89ed3614e`
CRC32	`34E5B98D`
ssdeep	`96:Md9vcmtsbuXKVJemlMZUdqqX0QOmGn0l2hDi6z9ZsZn:MdyjdqkdN4yn`
Yara	None matched
VirusTotal	Search for analysis

Name	e46cb331f3b08c9c_cert.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Cert.cmd
Size	1.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`80e4a983533dccf11a1f0a1ffe278210`
SHA1	`e3b83e744f81ccade5e55f2e39b4b71305d1df8a`
SHA256	`e46cb331f3b08c9c6d0891a253baff97000630405c4bbf3f6582e3cb5b058236`
CRC32	`B6E85FEC`
ssdeep	`12:XzCFsvK79SXX9Lq5XX9nnMT+kWS4PxKFfJqeDouWJ7fHoR3wa:DCFs0oNqNnnMCVxKljDU7fIX`
Yara	None matched
VirusTotal	Search for analysis

Name	cfbec089392f2a53_wga.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\wga\wga.cmd
Size	3.5KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`652f5ad29659bc4007b7c89770dcf79d`
SHA1	`0eeb3e9b5d3ca08295d1b8e9913370cbdd61c199`
SHA256	`cfbec089392f2a5305458362bd1abbe3b94391356c77ab4d090f24eb0bb3caa6`
CRC32	`8329BB50`
ssdeep	`96:fPrRhQPzLPhG3NUMEqOYgEYgUvApTA3TFmi7FciWYT076u7HpSFKBNjKr:3rRhQPzLPhG3NUMEqOYgEYgUvApTA3TP`
Yara	None matched
VirusTotal	Search for analysis

Name	9918492dddd84384_vista.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Vista.cmd
Size	6.5KB
Processes	2196 (A.I.exe)
Type	data
MD5	`134d40ccce2ebd49398d799eabb3ea34`
SHA1	`edf4f966719dac3d1219d68223d8a5d1c05a3699`
SHA256	`9918492dddd843843811fc93a56c7d6f5de79f1ffebd026d944560e90d278b45`
CRC32	`25A80E17`
ssdeep	`96:ZvXrJLiSnVC88U6qUgAaQ3LbyvDnQv08cjsj8QvONTqjSp/a:pfnVC88MUPFLEDW08cYbONWGa`
Yara	None matched
VirusTotal	Search for analysis

Name	2050a30b14ec38f3_client-issuance-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\licensing\issuance\client-issuance-ul-oob.xrm-ms
Size	4.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`8979b6ccc37269937d0437ae205cbab4`
SHA1	`8b5cf366df019d199e05de99b4c96d26d8b5cd4d`
SHA256	`2050a30b14ec38f34ab62e8862fc5f0722d487276018553c2abe671ab00fb261`
CRC32	`0B856FEB`
ssdeep	`48:3OkHG3etwSN5J6ZG4Ukl4Sd6b6shtE+bdV2NALWT85nKPERY3Hkb:5m3swSN5J6Z7U/XXj6FyKPERY3Hkb`
Yara	None matched
VirusTotal	Search for analysis

Name	a5145be242db0a2d_bootrest.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\bootrest.exe
Size	100.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`ec61a27f790c3a2fa535f5c9a212f2cb`
SHA1	`a53853bea7cc7600cf8e8bdbafc014b4eb98bb65`
SHA256	`a5145be242db0a2dc76878b2e86a3e9ea2b4dc1cfbdafa59cfcf922c27a659ca`
CRC32	`59A06154`
ssdeep	`1536:AuVDngAOVU9gSPPSdeV5UQfd0vYxujuwt:V4U9gSLV5UQfavUQ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	07c4a27e28fce756_slic2.1u.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1U.cmd
Size	5.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`b90d1357a8684b0d9ec370cee86ce895`
SHA1	`2d7ab2e7410d0cf593cc3a2f406f93f1ad5d3ce1`
SHA256	`07c4a27e28fce756837fa5e1fddc0d97a482d8005757cd4eb27c7758210f0847`
CRC32	`AE478C05`
ssdeep	`48:yMXMqvxZPcAqMiLzlS2eQPCbL+d66Tc0h7/JJbx+57BMORtLeWhdcGvleZiv+n:yEZPcAqMiLzlSDo3dhJNCr+gleq+n`
Yara	None matched
VirusTotal	Search for analysis

Name	aa4d79b30522f0f5_security-spp-component-sku-professional-retail1-pl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL1-pl.xrm-ms
Size	13.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`14130425bdcee4d692e6e2a18814db64`
SHA1	`4e6fc7c7e6503497743e6a9b8a57b47643e949f1`
SHA256	`aa4d79b30522f0f5d1aae44b5e88db7fc0994e467e110803e72d03f242cf3fe3`
CRC32	`594D09F2`
ssdeep	`192:PgebFsLUDfqpFhzIfSmH5GjmE83L97hH8bePBNJkFNvyQaJfSm6:PgeykfuzIfvHMjmE83ptHgePBNWAJfv6`
Yara	None matched
VirusTotal	Search for analysis

Name	a8be33af4ede7009_msac3enc-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\msac3enc-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e2fc9086299d7a0c61da3ba2fea825ce`
SHA1	`ebdeab65c9ac48b6b54861352595e633fb2e87be`
SHA256	`a8be33af4ede70090349d33310c8b5a7fe9e8bee2034c82f8b30724aa2f9263f`
CRC32	`4B3E9F5A`
ssdeep	`48:3mSkHG3nKKflF3Ov39mcRHcP8PqVPql6b6shtgkD+/PB4V+twSN5J6vY3pq2flv:qm3nhT3i3UYAAwDX2BRwSN5J6vY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	7b72d97faed38d54_forever.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Forever.cmd
Size	4.7KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`4d3f9d5a1022616469d3b902fe5766cf`
SHA1	`6827b0cdc3b76b5720a25a31aaa055777350db06`
SHA256	`7b72d97faed38d54102fea04f1d02414e8f9247c6421ad5793191bc42abca579`
CRC32	`CC9A9F81`
ssdeep	`48:b535b5nL5Gw5X5n5rL5E7t9NfVZ1FTFVOHqkNYLuJjdBwAvuJjdHtA6UQEi+RP:lJlVzp5ZGt9jZ1FvxuJZNuJZlUQExP`
Yara	None matched
VirusTotal	Search for analysis

Name	523fb026facd292b_wga2.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\XPGenuine\wga2.reg
Size	1.1KB
Processes	2196 (A.I.exe)
Type	Windows Registry text (Win2K or above)
MD5	`a6dc0275e7e50e262280f3ac51f44914`
SHA1	`f3ae55098de42d0e00e48583527e3659ab390262`
SHA256	`523fb026facd292b067975a45aa36971a0270316d3879a216078fdd519dd1236`
CRC32	`75FF765E`
ssdeep	`24:jBJtJIV2zYV6gIV2cWaKkCsIBOMXB5HM7ISqUrCy6y:9JDI0YPIvJ2BOMfHi5CVy`
Yara	None matched
VirusTotal	Search for analysis

Name	2ab5ee0650ecf707_compaq-hp.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\COMPAQ-HP.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`c499842c20b2bc43853fecf7f982545d`
SHA1	`b1262055e8b7e1be23f68939e6de2d72fd4ce129`
SHA256	`2ab5ee0650ecf707ed9a92d3417160ed3c5fbacb202c0b4d9458a1b74372af3d`
CRC32	`573FCB8E`
ssdeep	`48:cWUkHG3PT6b6sht6P+hMoc7C5Sz3mubm0uPY3gflYp:Fm3WXTqW5SKub4PY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	9f90c918baa32cfa_rac-generic-private.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\licensing\identity\rac-generic-private.xrm-ms
Size	5.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`175de28a096e6a613c1af2eeb76bbb22`
SHA1	`c83487339eda28d1a435e73d6d8eeae7c258f225`
SHA256	`9f90c918baa32cfa4e24bd49ba9af27c883154ad9018db7ad14fdcd0273a16f4`
CRC32	`69C075F5`
ssdeep	`96:um3gLYLuLmL5qeaNEgQLclI4as9tQ3ruvmXCJ6B4wSN5J6KY31TrUR:jOmE85mNDeAI4as9tuqA2f5mC`
Yara	None matched
VirusTotal	Search for analysis

Name	77c386a0fbea5c1b_sppcomapi.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\x86\System32\sppcomapi.dll
Size	1.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6dd03008047432cd4192dd869cbbc485`
SHA1	`bf38c072d5e0a448aa8517bfda86a58f77cb12c9`
SHA256	`77c386a0fbea5c1b74b83377a91b9e948a49063eefc8a7a6e56a90214e8e4a14`
CRC32	`2A61844E`
ssdeep	`24:etGSNEhQaqtWjKIZW01HCmHYNVKFFlLu/ll35WWdPOPN8:6NrtpIZWWHCkmVIitd5Wwa`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1c3e122001efe808_7retail.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\7Retail.cmd
Size	23.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`a9a229cc0c9d118c9717c9c83301c1d9`
SHA1	`836424eb88bf74a0170a84440c964edd09d33a2b`
SHA256	`1c3e122001efe80861d745e3bac5e2793a41da22b70a9453829c7d99bc3c6591`
CRC32	`0252B32C`
ssdeep	`192:SUnA7zzSnA7zzR3DWJOJ8igOJciW4YBJ8igOJciWmJ8igOJciWf4J8igOJciWfxh:SUnAWnApbLYvbNbMub/bPbu`
Yara	None matched
VirusTotal	Search for analysis

Name	d46a1a8487409baa_velocitymicro.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\VELOCITYMICRO.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`ea91ac9a23bbb6d1d3bbcd8aa46b7a38`
SHA1	`e1004204e864393c9674b7789baedb552a2768b3`
SHA256	`d46a1a8487409baa14da585b66fcc2554a93e23e5cd7f607a390e21b53a78a63`
CRC32	`A1E85F5F`
ssdeep	`48:cYkHG3/N6b6shtP+3DtoMZLQ3g1TSz3mubm0u+Y3gflYp:Im3AX+DtRL3JSKub4+Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	e2ecb570c4bbfa0b_vistatokens.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\Vistatokens.exe
Size	234.9KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5	`62146e963c30c57cd9aa25525fb7ee36`
SHA1	`c0b420a583dd391b09c5f3214a1d1174662cae73`
SHA256	`e2ecb570c4bbfa0b5ada9c4438db298fcad09d5044c99180f9f10803cf88d0f4`
CRC32	`421A38D2`
ssdeep	`6144:dUrqA3AheuswyPnCjZSNMGluCDfjBFjk1V:dUWA3Aheuswya+MGlZLPjk1V`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	f883eae678734948_microsoft-windows-networkbridge-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`8710a5c32811b2d81364094902e987b4`
SHA1	`7dfb0986dfb65e1f641d1a7bf8b2295300eb7389`
SHA256	`f883eae6787349486110046c1cc7d5045ddab819d825eaba2fe59578daa8d962`
CRC32	`9E4A9F2D`
ssdeep	`48:3m2kHG3H+flF3Ov39mcRHa+46b6shtuH+CutFVYHtwSN5J6UY3pq2flv:2hm3H+T3i3UY9JXntzYNwSN5J6UY3pqO`
Yara	None matched
VirusTotal	Search for analysis

Name	1e44dc19aed5c919_windowsanytimeupgrade-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\WindowsAnytimeUpgrade-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7e64d7348def778ca013ecbbf73e8cf1`
SHA1	`b01f21edd8f7b069c1b6f484a059603635cc5b37`
SHA256	`1e44dc19aed5c919c0a50e6c4455cf90c4522ab15bdd9d191062ee1ab49ce6fd`
CRC32	`EFB5E786`
ssdeep	`48:3EUIkHG3JKflF3Ov39mcRHjGf6b6shtT+AN6tK15TYtuE0twSN5J6GY3pq2flv:Fm3JKT3i3UYDGCXzhfMoEewSN5J6GY3J`
Yara	None matched
VirusTotal	Search for analysis

Name	357fc36dc2fd3dec_security-spp-component-sku-starter-oem-nonslp-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\skus\Security-SPP-Component-SKU-Starter\Security-SPP-Component-SKU-Starter-OEM-NONSLP-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d644c6cc825bec3dea03c38b03149f56`
SHA1	`03be5c1ff1e3d3929f64e88d88fac50863f28528`
SHA256	`357fc36dc2fd3dece9267b6d57bfaa9355c51e807e78ef5bbb2a7fe43f524160`
CRC32	`2051EED1`
ssdeep	`384:Cyfi4ukCNrSDym0ML5KzfsmvOhggmE8VeTJRWW6fsYl:cnBWym0Ih5Rc`
Yara	None matched
VirusTotal	Search for analysis

Name	00ee5e24b88ccbd5_forever.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Forever.cmd
Size	4.3KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`77b0f1e825b5332b191e2bdac218774a`
SHA1	`09f877c273334df8fe314416edc26fe636f5b95a`
SHA256	`00ee5e24b88ccbd5a7127e18f9b3425304aed6b0d3ae69110e6ab9d38b7288db`
CRC32	`FA14CA19`
ssdeep	`48:35F595pL5ww5B5x5rd5Er9t1bVrLLTbVojqMvaLuJjdBIuJjdH3O6UQEi+RP:J7zPbvf/C9tjrLLNpuJZCuJZlUQExP`
Yara	None matched
VirusTotal	Search for analysis

Name	26271eed367732f4_shell-inboxgames-minesweeper-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0c447b7bd0c9e11b7e8b6cc7aff24f81`
SHA1	`bb024361afce85473470048812b378a02d9a3e01`
SHA256	`26271eed367732f4794b6536c717872cb9857a32f347e2c448693ec92dea8a63`
CRC32	`9DC92429`
ssdeep	`48:3TC0kHG3vflF3Ov39mcRHS6b6shtw+tqGuDWKI0twSN5J6EY3pq2flv:Qm3vT3i3UYzXph5pewSN5J6EY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	cf2f6215e5dc36ed_networkprojection-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\NetworkProjection-ppdlic.xrm-ms
Size	3.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`85cc4685813cf776518084f72b2a3ad0`
SHA1	`c87b1342cd9f180f8900d9d98c90eee1577fd55f`
SHA256	`cf2f6215e5dc36ed5257f32f8ed1f874a9769c1c9c3452e0cdb2e6aa3d13eb62`
CRC32	`709BA490`
ssdeep	`96:k1m3+AT3i3UYYCDkcC7qe0UXYR20YwSN5J6FY3pq2t:H+AroUDCDkcC7qex0Yfqmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	4b4df9e05a82f4e3_dwm.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\DWM.cmd
Size	4.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`01d41d19c80ca848920003c07011d746`
SHA1	`3e550218f7edf7c9201531bf2845429d14b3404c`
SHA256	`4b4df9e05a82f4e39b8abd3a3f31a91f619e252f834df8f92a77c82a8c585b49`
CRC32	`06B2FDBC`
ssdeep	`96:y7w9Gad5C67Yf+KJPFad5C67Yf7VRtad5C67Yf+yJMad5C67Yf7tR5X:rd5C67a+KJcd5C67a7VRMd5C67a+yJ3M`
Yara	None matched
VirusTotal	Search for analysis

Name	0fd10296ea6d1440_rasbase-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerStandard\licensing\ppdlic\RasBase-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`718e97ac13cee5902e3fdbc8e5c07b75`
SHA1	`fe7e2ed1afc21ad1523a44333516b01839e45c10`
SHA256	`0fd10296ea6d14403aedb51a8c03046cdc7a5dcbf9dec86f774d3a8598f06c23`
CRC32	`406561C0`
ssdeep	`48:3qkHG3nflF3Ov39mcRHC6b6shtI+1yNDh0btwSN5J6YY3pq2flv:9m3nT3i3UYDXuuwSN5J6YY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	fea3634da38ec48e_restoration.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\Restoration.reg
Size	458.0B
Processes	2196 (A.I.exe)
Type	Windows Registry text (Win2K or above)
MD5	`81f3675e308ad5d17505857ed6c463aa`
SHA1	`bb848508b77318ef06a77e9c6d323b44bd617054`
SHA256	`fea3634da38ec48e447aeb7bdc380b05cbb32fffe2821501370b9ce26d6f8367`
CRC32	`BE705379`
ssdeep	`12:jBJ0SK0Af78VjX6Ub8oT5kLn/wKVEXAcntnGtWZ:jBJtAD8V63fOXd`
Yara	None matched
VirusTotal	Search for analysis

Name	99be3013e4281a7f_microsoft-windows-sensorslicense-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\ppdlic\Microsoft-Windows-SensorsLicense-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`71469ac8a38b3e7563ddd50509ed09a4`
SHA1	`546e55851e1201bc91f35ea8546d89e203deabdb`
SHA256	`99be3013e4281a7f7a7337abd3c22b2c705756014fdcb086b527d2d27900fd35`
CRC32	`E8BCDF2B`
ssdeep	`48:3qwrkHG3HVFflF3Ov39mcRHa+VJf6b6shtpH/8+PFMeDpxLGtwSN5J6ZY3pq2flv:avm3HjT3i3UY9nCXvHBGerLEwSN5J6Zi`
Yara	None matched
VirusTotal	Search for analysis

Name	cbd99db274416f8d_printing-spooler-core-spoolss-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`28d53b28c876f76f3f8d65ba0738ea86`
SHA1	`8fbf7be305794623bb80f79391485f0fc6cd8532`
SHA256	`cbd99db274416f8d392c2b4fb06d584a672a14093e1e0f7f8f7ce29edfccec19`
CRC32	`9E2A11B6`
ssdeep	`48:3hYkHG3FflF3Ov39mcRHe6b6shtyhM+HK/LCtwSN5J61Y3pq2flv:tm3FT3i3UY3X87KkwSN5J61Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	3ce0917467b3efd5_tabletpcplatforminput-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`186016555b75261bcd0f9f14711417c3`
SHA1	`cbae3243fe292e9c4787c26ea62c904260276430`
SHA256	`3ce0917467b3efd51e1877e2837df2341b95d25d271217fac16d0a2d743be5db`
CRC32	`BB5E8E8D`
ssdeep	`48:3s2YkHG30flF3Ov39mcRHfa6b6sht++AcwJNzaVgtwSN5J6QY3pq2flv:cOm30T3i3UYjX7wzwSN5J6QY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	9622176b54121191_shell32-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\shell32-license-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`f4ce1175aeab77a6ec1147603b2c6231`
SHA1	`a044f65d109805b784a8a48c3edbe8be19d70ea7`
SHA256	`9622176b54121191ad63a74484b64ad506860d7afd9781134dbc929ddc9f9de8`
CRC32	`94EA81D7`
ssdeep	`48:3lgkHG3JflF3Ov39mcRHdNT6b6shtR+ZjktwSN5J6aY3pq2flv:Vrm3JT3i3UYbeXFwSN5J6aY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	8e75fc21dded5212_legitcheckcontrol.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\wga\LegitCheckControl.dll
Size	1.4MB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`ed791c5a2d564e333cd730b1ecea80aa`
SHA1	`c9abb05a5c2372731d508c21e2b87ec91ef11a38`
SHA256	`8e75fc21dded5212b10cd28234fec9d3c3f063fd674f329144e04b5f249b1884`
CRC32	`F54036FA`
ssdeep	`24576:YDE2THapNJSeT/woypKKzBypTL8lpUJ8sN0CMY9QV:Yg2T2JSs/wtpK1pvYU/N09/`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) DllRegisterServer_Zero - execute regsvr32.exe Malicious_Packer_Zero - Malicious Packer anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8b65bcfa2957fa85_windowssearchcomponent-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\WindowsSearchComponent-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`006419122b2c2c2a655a9edbd11cdc89`
SHA1	`5afdd2940abf8aadfab394032b428dc05542e18d`
SHA256	`8b65bcfa2957fa857597036657d02261234c8076233ac7a2572b4f98fc77f201`
CRC32	`C71F9377`
ssdeep	`48:3TkHG3aflF3Ov39mcRHC6b6sht+lnq+DYFV4BdIJVtwSN5J6GY3pq2flv:Ym3aT3i3UYDXIlnjYTwSN5J6GY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	33dd1f53221d3513_tabletpcinputpanel-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`76df706a75912ad4a0848db1fe7dc828`
SHA1	`d0a7a17b0f5b23082b112d24dcf2940240f3a9fa`
SHA256	`33dd1f53221d3513bf5b29b8a5903ee4250032c5439e3358cd47bf905d2648a9`
CRC32	`03D0070F`
ssdeep	`96:jIm3xT3i3UYJKvQXb+ME1nwSN5J6uY3pq2t:dxroUiE9fNmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	20935b33839cfecf_microsoft-windows-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms
Size	3.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0f3f2fee079142ccb1b47b9ce7fa8c27`
SHA1	`8d1b2331241bf8f950f3135704f0683726844667`
SHA256	`20935b33839cfecf508eb0750f8f6316ef05691480c97a70749a1259455e036f`
CRC32	`E73B254D`
ssdeep	`96:3m3HFAT3i3UY9FXF5FkFWFTF4F5F+FWXot+b2xwSN5J6zY3pq2t:ElAroUYVDo+pkDm1tTxf8mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	cb19f9d4cf3951f2_securestartupfeature-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\SecureStartupFeature-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`204b8cddf69c7eea0503b5004773f680`
SHA1	`72a38aed067a95fb25f6d219022d1d523742e84e`
SHA256	`cb19f9d4cf3951f2b0cef27c8c59501692d2583c3b1dce711b25ec1e4a5f2bbf`
CRC32	`23D7AB0A`
ssdeep	`96:6m3ST3i3UYhwXZgXulyiQwSN5J6OY3pq2t:HSroUVQiQf9mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	5359683907fe6b96_security-licensing-slc-component-sku-homebasic-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Security-Licensing-SLC-Component-SKU-HomeBasic-ppdlic.xrm-ms
Size	11.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`3e26a725ffc081002d491c7791f2db26`
SHA1	`f4cf45e6e31f9e7943930d117b825d0f73d2ff36`
SHA256	`5359683907fe6b96406595c9a63faeeab83e403d797315ed0dad0ce0b9499d21`
CRC32	`E1BA7C2C`
ssdeep	`192:SPtrof3291bes9ptDDwadLeZxjxr/MU+0qKfEmjt:SVrovQ1besdHwa50xjxM1bKfpjt`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	a703d297e59844ee_key.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\key.cmd
Size	2.1KB
Processes	2196 (A.I.exe)
Type	data
MD5	`a1704473940931d311cd9e342fa16bcf`
SHA1	`9b418aaa483ff864221fb6e4571671265673109e`
SHA256	`a703d297e59844ee1eaffa2f353eb242d61bfed5e6510de38236b7d83b36c217`
CRC32	`1EA20058`
ssdeep	`24:Et99qxYjIcxjOxA5x1ymxS6hFxnnMNxKlWJ6QDCtXXbBtYn:ygOvq6FMNxZ5mtXrsn`
Yara	None matched
VirusTotal	Search for analysis

Name	178790a6e16675bb_msi.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\MSI.xrm-ms
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`1c4cb92b37a7a37b0059b4282f7776e1`
SHA1	`0ae508c5e6a9bb9a771f72417c92cbecc725f5d1`
SHA256	`178790a6e16675bb2e8f32cdb339348a44326998341b79cf6e15dc89a9656750`
CRC32	`F10F096A`
ssdeep	`48:cRN0kHG30rC6b6shtn+Zk+gHoOinJreSz3mubm0uSY3gflYp:Qm30rjXDHoRnJqSKub4SY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	14b9ac43dea58001_autob.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\AutoB.cmd
Size	4.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`79b4133c6758c0ba13da559f97bb138b`
SHA1	`3bf52075a33bd7f8a2973b557cbefadf63c9305a`
SHA256	`14b9ac43dea58001be07717e2402416b919555a67a2202de35e02d7f46b77388`
CRC32	`78E89FC6`
ssdeep	`48:N4cAqMiLzn82eQPCbNVXd6gTD0S7/BrlVx+8NnVbRtLeWhdK2vKn:N4cAqMiLzn8VLZ3Zrlrhr4QKn`
Yara	None matched
VirusTotal	Search for analysis

Name	c6de9449971090c3_microsoft-windows-internetconnectionsharingconfig-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`004edc151be054f27529bac1e91075f8`
SHA1	`b79428ab8a224619f8d8dbae49268ac9406ac6f5`
SHA256	`c6de9449971090c3afa9a1de1e3e112a5e1b9227f7301b032ceaf9eb1b1e4458`
CRC32	`0A4DA9E2`
ssdeep	`96:im3HXgT3i3UY9XnXuXfqOgwSN5J6lY3pq2t:fQroU5qOgfemjt`
Yara	None matched
VirusTotal	Search for analysis

Name	2987933fd6b8b937_kmsoptimizer.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\KMSOptimizer.cmd
Size	8.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`2279ed30f4df3847c35176261dbdbbe7`
SHA1	`92e077849f0c39093247f01cd43ae2c309c33240`
SHA256	`2987933fd6b8b9377ef0f088df0d34e6ced030d7d08966ec76806cc0fd5e728d`
CRC32	`829E325C`
ssdeep	`96:Md9J+mts1Sv0JTsezN5V0jIg+DZiIkYVkT0ktlI9VO5G7yQvyQkt4uXKVL5I+lF/:MdFcxseFg+dnk6kT1LI9cs1hn`
Yara	None matched
VirusTotal	Search for analysis

Name	f8487b9b24b961f5_tabletpccoreinkrecognitionlicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPCCoreInkRecognitionLicensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2f1a66e0ed3b59db9922e65d8bcb211e`
SHA1	`df70d39269b1ef4fad2e743455325782d2bca41e`
SHA256	`f8487b9b24b961f526cc12384cea446675f234cba34db13d9146ea7c4352f82f`
CRC32	`C341927D`
ssdeep	`48:3lO2kHG3bflF3Ov39mcRHP6b6shtH+0i+evtwSN5J6pY3pq2flv:0hm3bT3i3UYyXXi+eFwSN5J6pY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	a3a26a2b138e5e0c_slic2.1dbootmgr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1DBOOTMGR.cmd
Size	5.4KB
Processes	2196 (A.I.exe)
Type	data
MD5	`373d1b64d549957496e8db95dac7439d`
SHA1	`a5d44e571be91f186ce111f0161d91a219819377`
SHA256	`a3a26a2b138e5e0c38bf6e7af008fd15e7ce4f89f5fb610f45d34dcfebac639d`
CRC32	`8AAB1B8A`
ssdeep	`96:TqWEjry8cAqMiLzrTKLZ3zrlrfkrCt/gN+n:+WEj7Jp3zrdfrn`
Yara	None matched
VirusTotal	Search for analysis

Name	b2fd7d6361693b58_grouppolicy-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\GroupPolicy-License-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`33b91d1d83c99f4f172a80792de08696`
SHA1	`ce501b6e91d96e0dea94be3900dd337ad48e0b24`
SHA256	`b2fd7d6361693b58f7cd5264dd9dd8ae46007d45b747842047959ac6ad513ed2`
CRC32	`3C4BF1DF`
ssdeep	`48:3UikHG362flF3Ov39mcRHUV3f6b6shtMk4+NIKWd/twSN5J6KY3pq2flv:EVm3nT3i3UYpX/IKWHwSN5J6KY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	ee9ab91cd3afceef_forever2.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Forever2.cmd
Size	2.3KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`c31628e039dd63aeaac2ac42dff5acf8`
SHA1	`f20a4c17a5f38379b3df06b6e413ce3f0f4d9c2f`
SHA256	`ee9ab91cd3afceef0285fc193adf99542ac7c6cbb6c3c9313cabf720e852cf15`
CRC32	`84642FB0`
ssdeep	`48:X5lL5ws5Hd5E71bVLTbV4jqkvaQjdBLjdHXO6Qi+RP:p7TzijLNGZFZFQxP`
Yara	None matched
VirusTotal	Search for analysis

Name	24f7ca36c7e6ea35_a.i.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\A.I.exe
Size	11.3MB
Processes	2104 (A.I_1003H.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a0b79a9ae1ffd0bf789cf232feda543c`
SHA1	`d35ae72f121be3f785e2f2485d2e22ffd7beb955`
SHA256	`24f7ca36c7e6ea35c239aa5a0e584808287997d13ead21860a62058399f2ac50`
CRC32	`64E1259C`
ssdeep	`196608:6xmNUHnMa8w2PsKp1p8kI+Ogkn8sheTjc9wPFi7D9uxwxHPDi+/U:6xmN2ewMsg1p8kZW9eTQ9wAMivez`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	ecf0b2cec5bef25e_tabletpcplatforminput-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`54041a042559f0a5278d47bca29bb0c5`
SHA1	`2ea883d09377e43f92de80412340d6b64b1fb768`
SHA256	`ecf0b2cec5bef25e335d6374e18018731e6cc7f40ccac088f2d61f242fe12671`
CRC32	`930325FC`
ssdeep	`48:3s2YkHG30flF3Ov39mcRHfp6b6sht+/+dW211PqtwSN5J6uY3pq2flv:cOm30T3i3UYkXgqWS1QwSN5J6uY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	dd4596903ccdcf9e_security-spp-component-sku-starter-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\skus\Security-SPP-Component-SKU-Starter\Security-SPP-Component-SKU-Starter-OEM-SLP-ul.xrm-ms
Size	11.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`f3b082eecf06b60d0237f88f30cce06e`
SHA1	`3354e29c907a0e5f4a25172209eedbb5112109d0`
SHA256	`dd4596903ccdcf9ef9fbba69769c0140fcbff60930367b1791bbe5cb85c41654`
CRC32	`77414A83`
ssdeep	`192:evfRiIeyrZaZfYmE5KGrFmE8dZRweEkoIx41TmAAlh0+fYmy:evfjDZmf1ETFmE8fRweAA4lmAAlhFf1y`
Yara	None matched
VirusTotal	Search for analysis

Name	f450bbe72e5aa5b9_microsoft.windows.servermanager-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerStandard\tokens\ppdlic\Microsoft.Windows.ServerManager-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d23c0ec4b28aef5ffda3faad7e5b7eb8`
SHA1	`7a5bcd049201cb1e27bea127fc344ca4e5f3595e`
SHA256	`f450bbe72e5aa5b9f0ce0ec8d08d8afaee26aac3b28d3cbd1c58ae650a89c7a2`
CRC32	`76FF991C`
ssdeep	`96:Um3HDT3i3UY932TAKmXMBnwSN5J6ZY3pq2t:tjroUbBnfamjt`
Yara	None matched
VirusTotal	Search for analysis

Name	a57d5de90613281f_windowsanytimeupgrade-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomeBasic\tokens\ppdlic\WindowsAnytimeUpgrade-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b43b38745dd63ccd94f055ee5f2d1f44`
SHA1	`e9cb3554a4b80eae5ec806c28dd6c5914b08460e`
SHA256	`a57d5de90613281fc13571fd0eebcbd87768bf4d44f226d967826add07546cfb`
CRC32	`431B8891`
ssdeep	`48:3EUIkHG3JKflF3Ov39mcRHjGf6b6shtqTl+7vbV2s79VgtwSN5J6IY3pq2flv:Fm3JKT3i3UYDGCXUUJ9IwSN5J6IY3pqO`
Yara	None matched
VirusTotal	Search for analysis

Name	394fb47151909a1b_workstationservice-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\WorkstationService-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`375e1cb4b6181fcda2ba1d59d016702c`
SHA1	`51ab370796234693c705b2886c1cea63e812abc0`
SHA256	`394fb47151909a1b5012effa4e5442ff6263c7c4e11d8f61a8d561babe1d265b`
CRC32	`A9E6E3C8`
ssdeep	`48:33kHG3ZaflF3Ov39mcRHz6b6shtol+zcieEaItwSN5J6+Y3pq2flv:km3wT3i3UYeXqmlaSwSN5J6+Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	d7bc8a195e650b51_shell-multiplayerinboxgames-common-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\Shell-MultiplayerInboxGames-Common-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7697679362e88ee6d230172ba820f673`
SHA1	`33b3c5383ea99561ac056f69085e00b520274a0c`
SHA256	`d7bc8a195e650b51b293df07e6ef3c53d97244195279f437bce3b01f5ffd87bd`
CRC32	`F59F6EE5`
ssdeep	`48:3EpkHG3j0/flF3Ov39mcRHJ0g6b6shtQ+p4gG29sFtwSN5J6nY3pq2flv:9m3j0/T3i3UYp0hX6bZwSN5J6nY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	da3762ce5ab6ee26_removewatermarkx64.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\RemoveWatermark\20090117\RemoveWatermarkX64.exe
Size	21.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`496107ab57a2cb8b6c861cbf43371d96`
SHA1	`c0fcb76e1af082999851de2182a3eeec40506a36`
SHA256	`da3762ce5ab6ee26b967c289360944929bda74eb473897c7e5f43e485133efa3`
CRC32	`35D80036`
ssdeep	`192:SxuFV4rGzkEStBWGu3uFd8awPTdJ2t0XKwkridIsiuqLO3j4hdP0ZMwIAnspYS0o:RmWGnzwpotAjkrnuLGbEspYrgn0IsS`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	cfae1dbf75786a9e_mobilepcmobilitycenter-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\MobilePCMobilityCenter-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`cb874bd0f86e812c8587572127de38ed`
SHA1	`0052e718b64be27318741ec115a8deeef2e96bd3`
SHA256	`cfae1dbf75786a9ea73f92a9baeb67c03faf3efb0c055d008d9522cb92dd3671`
CRC32	`865E5A2D`
ssdeep	`48:3GkHG3uaflF3Ov39mcRHO6b6shtyl+EKNqs0twSN5J6vY3pq2flv:Bm3uaT3i3UYHXInXsewSN5J6vY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	6564e70b47faee61_kmsserver2.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\KmsServer\KmsServer2.reg
Size	750.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`3c18814c20a97aa77c25e0ca798f2c6a`
SHA1	`8ab1f55bac013aaac6bfe6507b14b95b72661a37`
SHA256	`6564e70b47faee610797e99d1fe167ede45f8368909449f2a44d447b83eaec4e`
CRC32	`DF944841`
ssdeep	`12:Qy5hVZteAxDZaW+ZENgUOtYiO25AUOgeAxDZaW+ZENsEg6e9UOtYiO25AUOU:QChVTessZENgUNi56U/essZENsEg5UN6`
Yara	None matched
VirusTotal	Search for analysis

Name	ca1765057559b80f_photominfeature-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\PhotoMinFeature-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`006e064bb33f73a6da08c6b3dace55e2`
SHA1	`f497a9b53369ddb2af9f1247a042e843a3f6d514`
SHA256	`ca1765057559b80f8aeb738bf4743741ced4c9cf94e6c459ab84a30f0ebdc205`
CRC32	`75B7141D`
ssdeep	`96:Km3JET3i3UYrlVXTyXHzwSN5J6bkY3pq2t:3JEroUglsXHzf/mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	d9a2871b6a85694e_autob.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\AutoB.cmd
Size	4.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`577adf00499afb33e7421b48ace83805`
SHA1	`b336a5f25b1dad799e06cc645f7f3f504fca9bc5`
SHA256	`d9a2871b6a85694e6390ac1530754b824e264ea7f6e15b099b4d0451c5224a79`
CRC32	`53BEDFA4`
ssdeep	`48:N4cAqMiLzn82eQPCbNVXd6gTD0S7/BrlVx+8NnVbRtLeWhd4tTvKn:N4cAqMiLzn8VLZ3ZrlrhrStTKn`
Yara	None matched
VirusTotal	Search for analysis

Name	2b05d5533faa9a5e_printing-spooler-pmc-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\ppdlic\Printing-Spooler-Pmc-Licensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`cd75b066cd6327ba7962cd3bfb6b1cff`
SHA1	`e06bf103d126518e06bfebaa3f127d9a6b258b00`
SHA256	`2b05d5533faa9a5e621eba4b6d75e719a0e066920ae055215f61db6facdc0743`
CRC32	`6EF4C1EE`
ssdeep	`48:3mkkHG3uflF3Ov39mcRHp6b6shtbJk+W48YUia0twSN5J61Y3pq2flv:um3uT3i3UYMXB/aewSN5J61Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	f7a778f16aa72e03_security-licensing-slc-component-sku-ocur-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\Security-Licensing-SLC-Component-SKU-OCUR-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ea4c9e3d065289f99b75cca7e65ec0c5`
SHA1	`e377f9227b35dff577da363d102603ed6e5c445e`
SHA256	`f7a778f16aa72e03c588582fd6b28a0d9fb4969fce083ccf4c2d8f38dba924e1`
CRC32	`DB49AE39`
ssdeep	`48:3rkHG3lflF3Ov3elmcRHMW6b6shtee+0kAUTbllPtwSN5J68Y3pq2flv:Am3lT3i3fYsXEQkVlzwSN5J68Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	2f89b8ac1656010b_temp.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\Temp.exe
Size	109.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c95157ff195a4d4a718b69efd44e47a8`
SHA1	`e3af37b23bd307c220b609eef7e4478dcd922e3e`
SHA256	`2f89b8ac1656010b3457725c1c51d5d42481a6231dfb9531ddd6e43b32ff2bf1`
CRC32	`76A87253`
ssdeep	`3072:ASRCwaG1Ys0rUqA0ADM1+9HZ+8F7zZps5FHNl+:A2CwawYs0rUqA0ADM1IHZn`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ff62580e0397432f_personalization.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\Personalization.reg
Size	6.5KB
Processes	2196 (A.I.exe)
Type	Windows Registry text (Win2K or above)
MD5	`956c44ccf299945860664f72c9aa1168`
SHA1	`a4d7380c857181ff53954402e2e752a2e5831d17`
SHA256	`ff62580e0397432faced6e5d9f4c9cc74687900fd12a9a4f234b1184892e96c7`
CRC32	`DF5B725D`
ssdeep	`96:Ph3cCed3cvtSfWGwqCpmqZGofPjILhfWGwqZp9qKGHfPjnL3uj:PlwPpHGq`
Yara	None matched
VirusTotal	Search for analysis

Name	4baff1a7eba3d755_help.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Help.cmd
Size	2.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`eff5821e2fc5f360641568b10f35fec6`
SHA1	`14985bfcef9f999561dedce8c8535794ac514ddc`
SHA256	`4baff1a7eba3d75571b746780276912e2ac75c9e9ad7270725d945cc13319c24`
CRC32	`D5FFE2EB`
ssdeep	`24:Et9qGxF7rURqURUkRs1RnnMytxKl9m6nPQAXbm38Q/zDQrCzQ+SCwQ+n:yZ/prvrMytxQIAcxrUrCEFO+n`
Yara	None matched
VirusTotal	Search for analysis

Name	6ead232a0dd098ca_display.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\winsxs\x86_microsoft-windows-display.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_6d88dfdedf2ef7a4\Display.dll.mui
Size	10.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`548cbb6849115185bd8275f0e65203e6`
SHA1	`b5bf033959fe690e10839112049cd8527624ca30`
SHA256	`6ead232a0dd098caefbbbde6d517fe4b5c81e0b442338ae4ce80eda3d22d5acb`
CRC32	`28859CE7`
ssdeep	`192:/8xUFGmdX0d/3plO5sRDz3rbb7k/TWQLEWs:/fFGyX2/3jO5sB33GWQLEWs`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0030e7d8e2126105_vistarestoration.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\VistaRestoration.cmd
Size	2.5KB
Processes	2196 (A.I.exe)
Type	data
MD5	`4c92b67913eb940c7b9b63cdbc5df0b3`
SHA1	`29df6f90af7b2d831025aaf58f01d0e3a2ffe719`
SHA256	`0030e7d8e212610502f4ccf661aabb0fe291a3bd25747b3e2cdc10d99fb0ebb0`
CRC32	`9DE5442F`
ssdeep	`48:pxguO1Op/Mpx4stm5n5GiQsfy5dfdClcem3ga:nKspU46c5GiLOfdClLGga`
Yara	None matched
VirusTotal	Search for analysis

Name	7f756b1da060d576_user32.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x64\SysWOW64\user32.dll
Size	813.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e8b0ffc209e504cb7e79fc24e6c085f0`
SHA1	`51ebce522386084840199cffdf3dd6ac30fb9f59`
SHA256	`7f756b1da060d5764c81f8d099e34265186b7e5e6b0fca08e7fb3989ef4ed0e4`
CRC32	`E462ECF7`
ssdeep	`12288:jGJQbCfvseE2rB+NR3mPOENHaXtbPtWWI5L+s5ENOeQiV1Li/km:mRNrsR3lFPtWJLeYeXV1i/km`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	cff3bad326a43041_tabletpcinputpersonalization-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\ppdlic\TabletPCInputPersonalization-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`3664c73e277dd5ca2f8ecfa5dd0f530e`
SHA1	`effca8435427555f4bf48d15eb5af9f4d5bb0922`
SHA256	`cff3bad326a43041f8a96aac91fcbf1847336693a6190df5ce681c957e5a4564`
CRC32	`609D0B90`
ssdeep	`48:3kZJkHG3bflF3Ov39mcRH46b6shtk+A1vh2Fc5twSN5J6uY3pq2flv:0ZGm3bT3i3UYpXcvhHwSN5J6uY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	3db64f4f11696ec4_security-spp-component-sku-professional-vlkms1-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-oob.xrm-ms
Size	13.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`13c6d5f25d56de0d900d3ab6fee93ddb`
SHA1	`0cadfbeb882695f4914abaf7ec928238bf80ad67`
SHA256	`3db64f4f11696ec48eb5e3ab11c024229fc685f10e66f0ff535923e759eb37f6`
CRC32	`E79DDD78`
ssdeep	`192:aIfhOWDvpgWn4smef2mqMn8jz+mE8dGe6S1X5FTJhHf2mTQ:aIfjjZn4sJfrqM8+mE8oeJ1X5F7frTQ`
Yara	None matched
VirusTotal	Search for analysis

Name	94bc67307a019a1a_slic2.1stbootmgr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1STBOOTMGR.cmd
Size	5.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`8bc1f3bd61bd89f57212fe840ab2b4c8`
SHA1	`0c6f85ddb66ac449e7c3b9885480ac66e78a0f1b`
SHA256	`94bc67307a019a1a15979ff061f00ee454f55cbb298dc4a57c2d00c24582dea6`
CRC32	`0A194A41`
ssdeep	`96:eqG1hCj9chMiLzrTKLZ3zrlr8DwrwHlN+n:pG1h6p3zrd8Don`
Yara	None matched
VirusTotal	Search for analysis

Name	6b73137feb78496a_wga.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\wga\wga.reg
Size	6.1KB
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`9ebe4646eb9853b04711496b7cbd6ba9`
SHA1	`2e2e677c040a3a203a37a3d50bc098455036f13c`
SHA256	`6b73137feb78496a9c43f535149f27e286dd200151cebdcaa8033aa69836d532`
CRC32	`B25207FD`
ssdeep	`96:ZVq+T+2Ck5+N+bpBClMBPcn6ICYfZfbK3dNzv+P:OULq4BC6BP0pfZfbsNzGP`
Yara	None matched
VirusTotal	Search for analysis

Name	3f332d43eafbcbcb_workstationservice-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\WorkstationService-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b847bdb96f62f612d78430a38763be54`
SHA1	`590f1220e464c61cbdbcbc1bc11d9e9778643c17`
SHA256	`3f332d43eafbcbcbaba7561bc6024484f8722fcc2ee5b6702a155d5700675d0a`
CRC32	`09FBDB80`
ssdeep	`48:33kHG3ZaflF3Ov39mcRHz6b6shtw+5W8pfIxAtwSN5J6TY3pq2flv:km3wT3i3UYeXFWufBwSN5J6TY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b868de8c43182b36_samsung.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\Samsung.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`fb67f0410b3ace1e281c647a90e72276`
SHA1	`0252450a29ca6bbde6ec06bad5bdf7bb287cfa68`
SHA256	`b868de8c43182b3670cd957d1a4a2e465e5ce3e412ee2b69dec094f13b53929d`
CRC32	`16024737`
ssdeep	`48:cekHG3Pbt6b6shtrl+PkwKFSz3mubm0uMY3gflYp:ym3Pb4XB6QSKub4MY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	87854baada6515c1_kmsserver7.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\KmsServer\KmsServer7.reg
Size	730.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`441a044a71492e69604aed05ddf989f1`
SHA1	`fbe5ba061d6855be440c17bb7cdf7e0a01f61f14`
SHA256	`87854baada6515c130893568655efc086a03e4f4d1c76eca63bb7789d7d33247`
CRC32	`F3D20648`
ssdeep	`12:Qy5hVZteAxDZaW+ZENgUOtY4FUOhzeAxDZaW+ZENsEg6e9UOtY4FUOh9:QChVTessZENgUNuUqessZENsEg5UNuUC`
Yara	None matched
VirusTotal	Search for analysis

Name	75195247851ddb49_explorer-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\explorer-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`60030670e554b1b0819541540757c7f0`
SHA1	`df02d1e3d5bb6cbf6bea6de3e6563418914e4bec`
SHA256	`75195247851ddb4916f6964e0dfd3776b980a29a78358ba3a7641d438e706a0e`
CRC32	`0DE3D1BA`
ssdeep	`48:3jkHG3pflF3Ov39mcRHt6b6shtCAs+3hFJzAtwSN5J6ZY3pq2flv:om3pT3i3UYYXoATGwSN5J6ZY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	44b83f38059ad417_systemcpl.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\x64\SysWOW64\systemcpl.dll
Size	401.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`82e679d6a609830a09b2fb6511b543d5`
SHA1	`6072ac3deb1cadb02977533bb31aee96815e6a2c`
SHA256	`44b83f38059ad417a580050266adb572bff501ad959df42b8d9cd318c5029870`
CRC32	`C237B5A7`
ssdeep	`3072:naHbuq0/DP/rmpHy77HT56WxFO+lk0yQW5Gk0GH/qO7rpKCUwyvsPjJr:na7u52pHMvqY/W5R02qO7VKC1z`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	97b0d12d1637ec0f_shell-homegroup-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\ppdlic\shell-homegroup-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5e8913ab7fbaf4bc9be6012e91911b6f`
SHA1	`16138d3b92b402a7e425e18a36c88e2cbea265f8`
SHA256	`97b0d12d1637ec0f8a3e317c1f2a2ce7b766dc4e160882f36db497034824c316`
CRC32	`517F16D6`
ssdeep	`48:3WXQkHG3RflF3Ov39mcRHW6b6shtf+F7pO/KWkltwSN5J6JY3pq2flv:mLm3RT3i3UYfXQmkXwSN5J6JY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	4a4cc15474c7c424_themecpl.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\System32\ko-KR\themecpl.dll.mui
Size	9.0KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`1aaa376218d884fc1215596a987e7031`
SHA1	`d466f30dc91ee403e4f2cedbc56baf55063ed459`
SHA256	`4a4cc15474c7c4244dd5fde37af3506fa43db720256ca2446425369d45686bc7`
CRC32	`A3A86C8E`
ssdeep	`192:cg/TaY96j36Fo23GDXypPBI+vwIZd4y9i1q6WznYWg:d/TaH6FocGLCvwQm1q6WznYWg`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	61cd8a718d22726a_slic2.1sibasic.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1SIBASIC.cmd
Size	5.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`62d2f4622e17af1188baa03c626037e7`
SHA1	`b99e00393851bb7bece0dfc0d33ecb144a63a90e`
SHA256	`61cd8a718d22726aead33f9fae3d6a4fbce72318bf3a98d17daca62451b2cb7a`
CRC32	`4D6D9983`
ssdeep	`48:uF81dFs5M2xxjFcAqMiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8NR1OVFaRtLeWhdK:eqMjFcAqMiLzrTKLZ3ZrlrwVMrwHgN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	457aca849d040b80_client-issuance-rac.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\spp\tokens\issuance\client-issuance-rac.xrm-ms
Size	7.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`28d16d106c6b9d049af4629a07319f07`
SHA1	`6e9ffa015822b34600fd3ca28459bbbc871dca21`
SHA256	`457aca849d040b801e12b15cc6d49ffadf8699a9792e0c7b452ee3a0e1d3e8a8`
CRC32	`F4ECEB42`
ssdeep	`96:Tm3gLebLZiwSN5J6ZSLs/bXiKYKPERY3lkb:4gLebFifqSLs/mKBimY`
Yara	None matched
VirusTotal	Search for analysis

Name	120f766acd09a3d8_security-spp-component-sku-homepremium-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\skus\Security-SPP-Component-SKU-HomePremium\Security-SPP-Component-SKU-HomePremium-OEM-SLP-ul.xrm-ms
Size	11.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`26bee3202bcfe5729e2a3d8f29020eff`
SHA1	`f032b270642322e059a7d4bf72e4e3db4650bc9f`
SHA256	`120f766acd09a3d82b1bd124bd4d4bd01788bbfbf487929a16a0b5b3adfa47fb`
CRC32	`2B821A8E`
ssdeep	`192:EmfRvUeyXl9ZOfDmcmKvfFmE8d3NqeJeQ0bMdY4j8hefDmI:Emf2TEfqcjFmE89NqeJeQ0IY4j8EfqI`
Yara	None matched
VirusTotal	Search for analysis

Name	af865ad780ccdeb1_security-spp-component-sku-professional-vlkms1-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-phn.xrm-ms
Size	16.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`f6682f4f5f1d2f0feebd6797dc3cb979`
SHA1	`79a2810d508d6541b379d3ef05438432e85f79b4`
SHA256	`af865ad780ccdeb1fd7aa521b1f090a993f6bdfd2e39435424ed7fca50da527b`
CRC32	`812ADFCA`
ssdeep	`384:Nguffn4ukCNrSDym0ML5KOQ1df4muDlujgmE8oeRlX/gNzKc7f4YbHQ:7nBWym0IbQ+uvgVZQ`
Yara	None matched
VirusTotal	Search for analysis

Name	1dd6685d699cd527_security-spp-component-sku-homebasic-retail1-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomeBasic\tokens\skus\Security-SPP-Component-SKU-HomeBasic\Security-SPP-Component-SKU-HomeBasic-RETAIL1-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`46a13ec45919e4d4f92a4d5ff7455d5a`
SHA1	`2ccfabdc5963ec59b4075c9e3c69817878a4e721`
SHA256	`1dd6685d699cd5275df69c9e7a6c4e2d95129dd738b567c478f545be9bdd3162`
CRC32	`CF56205E`
ssdeep	`384:6efI4ukCNrSDym0ML5KC07fFmrBgmE84ezS1K999/fFYj:WnBWym0IcI+kL9S`
Yara	None matched
VirusTotal	Search for analysis

Name	764d273ae12c6287_slic2.1sibasic.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1SIBASIC.cmd
Size	5.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`42654a2c05a789c78433991d00bdc6f6`
SHA1	`bc9df2bb1cf81d2a7f36f6c202d3097e246872b2`
SHA256	`764d273ae12c6287f8f8fe28a4bf7739d3421f11e52e3c4768a9d7f7309b6a6e`
CRC32	`E0151899`
ssdeep	`96:eqMjFcAqMiLzrTKLZ3ZrlrwVMrCt/gN+n:jSJp3ZrdwVDn`
Yara	None matched
VirusTotal	Search for analysis

Name	ecd1c6eea89c8dcb_security-spp-component-sku-ocur-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Enterprise\tokens\ppdlic\Security-SPP-Component-SKU-OCUR-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0f19b20c683c2345ecaaee07461e1f20`
SHA1	`f5d35af2f61e92b8003d41a0aee7a7e78b78bb4d`
SHA256	`ecd1c6eea89c8dcb10991c1653fa30d92e3054a45f0cf0d46f6265e6d6de11c8`
CRC32	`C5BED3CD`
ssdeep	`48:3ykHG3FOflF3Ov3elmcRHMW6b6shtf+BzdfiHGXctwSN5J6JY3pq2flv:Vm3YT3i3fYsXVOWwSN5J6JY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	def11a1ab9180f23_iaslicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\IASLicensing-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`145bc852020a15cbf1c266f227d24175`
SHA1	`90f7d299e3eed3dc508f35e008896c08169137bd`
SHA256	`def11a1ab9180f235d2233afdfff1b95d3cd9d5861560cce81876e7b2f463012`
CRC32	`00F4F25D`
ssdeep	`48:38UkHG3HflF3Ov39mcRH29j6b6shtgi+UYLeBcitwSN5J6DY3pq2flv:Mnm3HT3i3UYW9OXCGlwSN5J6DY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	44590268cbedadba_virtualxp-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\VirtualXP-licensing-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b340f86f9186ba629804b133d801f67e`
SHA1	`7fa7d5d15ae3aafd8b1393bcc33972b4a84f5db1`
SHA256	`44590268cbedadba9f11f65fc2183d29b9dab83a5ffe6c32bd7ce526dfc5c578`
CRC32	`164C0B65`
ssdeep	`48:3PkHG3OflF3Ov39mcRHZ6b6shtsl+UnLJmRUgRtwSN5J6BY3pq2flv:Mm3OT3i3UYcXG1nLJmRUgTwSN5J6BY3J`
Yara	None matched
VirusTotal	Search for analysis

Name	5ba1373011aba23c_user32.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x86\System32\user32.dll
Size	792.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`34b7e222e81fafa885f0c5f2cfa56861`
SHA1	`a73e33c0262054df9bb02c165bb63c84f95807ee`
SHA256	`5ba1373011aba23c3fce3a9ff8dc4bbd5ce6889212200153c79a749cae0c17b6`
CRC32	`F5A646DD`
ssdeep	`12288:6UMmzZo/qril3O9BS+wHFk4VhFYKXypF39r9X3MG5L+s5ENOeQiV1Li/kh:hM6IlSKizNrR3LeYeXV1i/kh`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	6fe15c0b8253c18c_r2optimizer.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\R2Optimizer.cmd
Size	3.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`75589dd130102fa4fb39c5e826a6a8ed`
SHA1	`0a2b42a22b68b3262664bc761187514cbebd59e7`
SHA256	`6fe15c0b8253c18c442af42e7999ab7f93855cb5c8302037511a13b66b55eaed`
CRC32	`8A5A1D84`
ssdeep	`48:lDlv1DeiyDlSUrDvRx6oaEgttsv0ue0up0uy0udt0udhDlvV+nDPn9Sgq9WHQHqw:3vJISQEcmtsduXKVtvV+Tn9SX9IW/n`
Yara	None matched
VirusTotal	Search for analysis

Name	177e7f31284593ad_wga1.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\XPGenuine\wga1.reg
Size	1.1KB
Processes	2196 (A.I.exe)
Type	Windows Registry text (Win2K or above)
MD5	`294f30a814a318a631f5a2e38ba6964c`
SHA1	`4bf9b8697ff64c3b4d380d5d0cde5220a6c77c5d`
SHA256	`177e7f31284593adc1a0e9bc1667341881398cc7caa8257c15341adcd5ae458e`
CRC32	`540DC5CF`
ssdeep	`24:jBJtJIV2zYV6gIV2cWaKkCJIBlXo58up07SfMTt9aYFpF:9JDI0YPIvJ/BUXMT/a8P`
Yara	None matched
VirusTotal	Search for analysis

Name	359f4e3328835c64_tabletpccoreinkrecognitionlicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\TabletPCCoreInkRecognitionLicensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0e6f9451fa44ae49a85387a2e1bcf1c7`
SHA1	`8835a95e78b6abcaa616ab9a4d437c03cb56c068`
SHA256	`359f4e3328835c64587f698ed6473def977f4d8872dc833c6796f1a923723681`
CRC32	`E3027487`
ssdeep	`48:3lO2kHG3bflF3Ov39mcRHP6b6sht0i+qYKCN1/AxtwSN5J69Y3pq2flv:0hm3bT3i3UYyXCSJCN1/kwSN5J69Y3p/`
Yara	None matched
VirusTotal	Search for analysis

Name	68d30c23ebc2429a_slic2.1sivfd.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1SIVFD.cmd
Size	6.1KB
Processes	2196 (A.I.exe)
Type	data
MD5	`6b5a4c082c20d89579df8772ecfdbc99`
SHA1	`f53188b0207cfedaff8d8b60c9dffd34e22d7cbc`
SHA256	`68d30c23ebc2429a1bbeef18f275b4d9d2460989fe743a9d76ff37ea979bfba6`
CRC32	`2B05930B`
ssdeep	`96:enS70jcAqMiLzrTKLZWZrlrSVK5ThrCt/gN+n:/45JpWZrdSVYen`
Yara	None matched
VirusTotal	Search for analysis

Name	52fe13314f51b444_feclient-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerEnterprise\licensing\ppdlic\feclient-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9e5648e9a5ed9839107d9261ad06868c`
SHA1	`2e9ad9cc89f5241686730aa20ed8f56d5529c01b`
SHA256	`52fe13314f51b444ec6f95f4accfc520851257123a0d010e7ff01a0f9bb5114a`
CRC32	`1E2A26F7`
ssdeep	`96:Hm3TAT3i3UYYH5lXpQFeoWwSN5J6hY3pq2t:00roUBDfimjt`
Yara	None matched
VirusTotal	Search for analysis

Name	1a79673ff6732b9d_slic2.1sivfd.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1SIVFD.cmd
Size	6.1KB
Processes	2196 (A.I.exe)
Type	data
MD5	`f195eecb81678bd26a7e636aef5b7581`
SHA1	`95824ca9257dfa8fcb5ea59cb0ca6ca802f5a28b`
SHA256	`1a79673ff6732b9d9a344d3b2521fac056159b2de712640b547eec19b3cc80da`
CRC32	`057F3D1A`
ssdeep	`96:enS70jcAqMiLzrTKLZWZrlrSVK5ThrwHgN+n:/45JpWZrdSVYKn`
Yara	None matched
VirusTotal	Search for analysis

Name	736da0a46142d2a7_client-issuance-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Enterprise\tokens\issuance\client-issuance-ul-phn.xrm-ms
Size	4.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`332947e258e1114c7f2d852bce62eb80`
SHA1	`75f2371b2c20b5ade740dc1b0d9e9c622135673d`
SHA256	`736da0a46142d2a7dd9b2d23442c0eba995e50e8ecef55fdc1ea58443970130d`
CRC32	`1E2C120D`
ssdeep	`96:vSm36wSN5J6Z9nUpDxXXnmVuWfKPE2Y3Jkb:vv6fq9UpD5j5mk`
Yara	None matched
VirusTotal	Search for analysis

Name	48053471ec5a7028_security-spp-component-sku-professional-retail1-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL1-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`07d5ee88d96b813660a9ef80d77b15e9`
SHA1	`bce1f38ac7e39a1c78c2770cd8c1d6d3cd6ca552`
SHA256	`48053471ec5a7028094c86a97981bb97f24657a3558387bdaecc6f27da0bda51`
CRC32	`04F2B774`
ssdeep	`192:EIfh8+vpg64sFiZeWafSmPnIkF+mE8dieW7w0Tk+08MfAZW8OENfSm6:EIfRZ4sYE/fvPv+mE8gesT6YZW1ENfv6`
Yara	None matched
VirusTotal	Search for analysis

Name	4bebeb14192dcc04_shell-inboxgames-shanghai-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\Shell-InBoxGames-Shanghai-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`545415c594045882a797bb1026150d87`
SHA1	`6b3fa457f8189db3d11e14bed207962ff424c188`
SHA256	`4bebeb14192dcc04d97ea86ce8e31fc9366ed2180fa2cd79ccced1c8042f49eb`
CRC32	`5A185EAE`
ssdeep	`48:3kj0GkHG3UflF3Ov39mcRH76b6shtH3h+T/foD7iL9RLtwSN5J6xY3pq2flv:0Wm3UT3i3UYWXxN8fwSN5J6xY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	26d95c2de97ebfa6_microsoft-windows-dot11pref-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a2ebd763803fda481ba8d78904b8e999`
SHA1	`d08c0e77af6bed634e3344597472015cef44a137`
SHA256	`26d95c2de97ebfa6b9bd62cc0dc3c7262f19cfa856d94e2d00adedf7c2d44d60`
CRC32	`67672265`
ssdeep	`48:3qkHG3HlflF3Ov39mcRHa+06b6shtg+5QSYJ2pZxtwSN5J6bY3pq2flv:dm3HlT3i3UY9dXpKJ2zzwSN5J6bY3pqO`
Yara	None matched
VirusTotal	Search for analysis

Name	8955949921543758_rasbase-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Enterprise\tokens\ppdlic\RasBase-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d35ede3c39d33b456bb69bf64e84ba0e`
SHA1	`84826fdb907c0c4df442c427d2d7b2e8c2a236d4`
SHA256	`8955949921543758dd86948927a29ca3a8f700164e108d9e19c34eefb94dccd7`
CRC32	`F90A6193`
ssdeep	`48:3qkHG3nflF3Ov39mcRHC6b6shtB+p3ge29QUq07cn3twSN5J63Y3pq2flv:9m3nT3i3UYDXvd7ewSN5J63Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	579f0601d56f76a7_hs.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VBS\HS.exe
Size	16.4KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`206bb9ecdd315d7fa002c05ef68dd5af`
SHA1	`b712d503a7066d112bb71d88bd9ff15b9608bbf8`
SHA256	`579f0601d56f76a7e4a7f0cfe30be586b8e2942d9e24882169f798b934dbc4f5`
CRC32	`94FAC469`
ssdeep	`192:8CMDebVWrjQYumZ74siixngzo/jyDaieEeKt5CHoWNuPsBqLt1nyMTCnYg2rHch:8zDebVWPQYRfo+sahNuPPqMw48`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	10e419e1461c1333_security-spp-component-sku-homebasic-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\ppdlic\Security-SPP-Component-SKU-HomeBasic-ppdlic.xrm-ms
Size	8.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`efa2ae48ff710aab4bcffab998e7899a`
SHA1	`3f292481c5d3036190b45b602fde06363ba416fa`
SHA256	`10e419e1461c1333704bc9b7c974765c7f12a86aeec882b61212eb9834e92134`
CRC32	`61FBE429`
ssdeep	`192:istrof3/91besaPhI4i27LKJ1x1Fmjff3mjt:iKrov11besaZI4i2nKJ1xvmjff2jt`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	c44082bdc1191ca5_hibernation.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Hibernation.cmd
Size	1.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`8758b085d9f837ee91a3c6fffa909428`
SHA1	`2cdbe9f49ac680d78b1ecb54aac827d49e982826`
SHA256	`c44082bdc1191ca52724bc14ac4b3de73e7c33f59b2eec1c34c7b3b835f795d8`
CRC32	`CB3584D1`
ssdeep	`24:ECFWz/vkvnnMAxxKlLZihaMG4ilJ04id5n:bFWGMAxxQyG3J0T5n`
Yara	None matched
VirusTotal	Search for analysis

Name	6e3ebd87d807618e_7loader.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\7Loader.exe
Size	6.4MB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f641ad26f99d5585867935b9a001dc75`
SHA1	`5f12b7504a0fab2877ac0e72d7c44373d56a5255`
SHA256	`6e3ebd87d807618eea8ec4a141301246fc8c035973dd0ed5b44fe7c932c71478`
CRC32	`CF237486`
ssdeep	`98304:MlZamI7ub0YmP9+kgHsw6wrSCnLe6sKMu:Ml/gAmV51uSYl`
Yara	Microsoft_Office_File_Zero - Microsoft Office File Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	008c0d674f98e263_shell-inboxgames-purbleplace-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d45117903c746a6f4482eb25bb579434`
SHA1	`61ef551971aaca0764a3dfbba819ba72dbbc77b9`
SHA256	`008c0d674f98e2634d99e708bb22c135ba53d151038b9892acd39fb1493e295e`
CRC32	`1FA1D646`
ssdeep	`48:3VkHG3GflF3Ov39mcRHmK6b6sht5J+mDtVKAmALtwSN5J6EY3pq2flv:qm3GT3i3UYMX7DtVKA/wSN5J6EY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	c7da4d07bf3cf507_security-spp-component-sku-homebasic-retail1-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomeBasic\tokens\skus\Security-SPP-Component-SKU-HomeBasic\Security-SPP-Component-SKU-HomeBasic-RETAIL1-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a11bb4b7dad420d94223ac1610789d9c`
SHA1	`61ff8246bd008567c4197f2c0838233cf69177b4`
SHA256	`c7da4d07bf3cf50780d06376bee0e95628adaec59936957289586ca8947ea98f`
CRC32	`02675E6E`
ssdeep	`192:nsBfh7CxvpgN4sr1egf1mY3NIzeN+mE8dneLjK3zxc/Nbf7Sf1mS:n4f8W4sJegfUYt+mE8peK3a/kfUS`
Yara	None matched
VirusTotal	Search for analysis

Name	1f51eab331bf1c95_microsoft-windows-dot11pref-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4b0b6942926577bd62e8a23445b245f0`
SHA1	`4b3e78e94d920c4bf8ee4e199651dd40696934e6`
SHA256	`1f51eab331bf1c95284b17f583b730a157517123af4e4ecad700007b05aa615e`
CRC32	`F1070EBE`
ssdeep	`48:3qkHG3HlflF3Ov39mcRHa+06b6shtS+wU0hB7r/2rrtwSN5J6DFY3pq2flv:dm3HlT3i3UY9dXCxnr+rxwSN5J6DFY3J`
Yara	None matched
VirusTotal	Search for analysis

Name	0d7782b4e67d3c04_haier.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\HAIER.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`399a0ac54a15f4cd106599c5c6ba7f13`
SHA1	`a0a52c0abffb9927a0bb57bc6c61cb6d0e32f9af`
SHA256	`0d7782b4e67d3c040236834a0f573673b927079331e2d447681af56d0a23ac2e`
CRC32	`C7FD71E7`
ssdeep	`48:cLkHG39sVqa6b6sht3W+k4Jt820P80sSz3mubm0u09Y3gflYp:Lm37XZ48t8nsSKub409Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	ae9254a92b482915_bios.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\BIOS.EXE
Size	726.8KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
MD5	`fde290b70b676171fac58d4954a75a6d`
SHA1	`ea5458d1cee50444c54fb052ab80e5cffb53e7e9`
SHA256	`ae9254a92b4829153473096015f3213f63723310828aafdb880ac1dd1e2e7aec`
CRC32	`55B8CA08`
ssdeep	`12288:eTFfLngEY/ynryXUo70KGEITaRUrX6+N03XtZnviMkuGtSyVuA5PdzheWLbxGxg:4F06neX/QKGzYSX6jdZnLkjSyVRdzhBX`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	84d44705537410d1_auto.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Auto.cmd
Size	10.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`8bb2289fe035cbbf79c7c549aec94f93`
SHA1	`46e41c2c7788f5e1c560c2d23badb9518b623ea6`
SHA256	`84d44705537410d1822b5b5b1a454bb5d974c92a5e9a6c044119415c54f75bcb`
CRC32	`227DF539`
ssdeep	`192:61JSIapsYpay1WY3SDADfWCVpEsX766d9lO/:kapsA2gY`
Yara	None matched
VirusTotal	Search for analysis

Name	e1e11e12fe7750d1_tosasu00-tosasu.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\TOSASU00-TOSASU.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`82ad9cdf21039ad3e429fa4492163df4`
SHA1	`964964bd163e3f41627de933e57653a26ef32375`
SHA256	`e1e11e12fe7750d13bd423815b53a2b3432bafa08798dac9aae2c89b59ed3662`
CRC32	`AE383D0C`
ssdeep	`48:cRYkHG3imT8A6b6shtw+NO5wykNFsJu9HSz3mubm0ujY3gflYp:GTm3j4X+Swu9HSKub4jY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	55a7ea80e6ce3558_registryx64.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\RegistryX64.exe
Size	688.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5	`e18f8f25e8d3f66c3a99bb8b256e26a7`
SHA1	`3f7555520bdb73f3f5dcc7699f6e4df4c61b84dd`
SHA256	`55a7ea80e6ce355843cebeb1e4993ee1d769e65c65acffb4d7012d8b7324221f`
CRC32	`9C0B7585`
ssdeep	`12288:U5OSbrkcG/sVaB7X726pvOIZTtuTEQV9kex4gI26jd:UISkbYyr26JOIOTRn4j2Cd`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	5b254b3ce1dd4212_directexperience-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\DirectExperience-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`23cff631f8385c5a3648636530765010`
SHA1	`ac8b583073a34042769333ce32d5478fcc2562ed`
SHA256	`5b254b3ce1dd42125eb5014eecba376f27cdfa7d8407832aba540c449b66dd82`
CRC32	`13540072`
ssdeep	`48:3WCHkHG3XflF3Ov39mcRHa+O6b6shtuyuhl+hh+AWXjNdlKLy7twSN5J6HY3pq2t:HEm3XT3i3UY9nX4yuvxQyBwSN5J6HY3J`
Yara	None matched
VirusTotal	Search for analysis

Name	cb7bfe722c9e1d29_takeownership.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\TakeOwnership.cmd
Size	1.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`8f625aed6d0a97e49381ede0120e5e10`
SHA1	`cbfae6436903dbac6a35902afe0693f51d2292df`
SHA256	`cb7bfe722c9e1d2909a9a8c4fb702f7fce909c2ea9cf3cec957a06a648eedd93`
CRC32	`A808F8E6`
ssdeep	`12:CzCFp/L8/zLz2/zLnnM92k0S4PxKFfJNAIue9bYuWJ0IA4fK2gWOPxA0+jKHYA45:ECFlev8vnnMAxxKlXGW4hOJl34hOJg5n`
Yara	None matched
VirusTotal	Search for analysis

Name	0a384355a0b4d391_windowssearchengine-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\WindowsSearchEngine-Licensing-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d812e4424e0e32644a86a8043a0e848e`
SHA1	`4fda14dc0c1b6de73b6940db6cb72f1463922332`
SHA256	`0a384355a0b4d3915479ce1f984c8a304431f2ab27d802aa709537141e250ebb`
CRC32	`7E0261EA`
ssdeep	`96:ocm3j2T3i3UYFq98XTWy6TdwSN5J6nY3pq2t:Wj2roUEq9XfYmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	002d486f7eaa123d_security-licensing-slc-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerEnterprise\licensing\ppdlic\Security-Licensing-SLC-ppdlic.xrm-ms
Size	3.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d7b8dfc105ad908dbf27b43acd527ca7`
SHA1	`dd25c96d0da9d8df9b3d58c7e1d5cf6ff85cc025`
SHA256	`002d486f7eaa123d612a27880e7b6718e480e4189d7382d2aef4f5df07c3b812`
CRC32	`4B149CF0`
ssdeep	`48:3LkHG3IflF3Ov39mcRHCO9o6b6shtfp2b+MyKgtwSN5J6lY3pq2flv:gm3IT3i3UYiO9ZXuV6wSN5J6lY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b1175e72a5ec6a2e_client-issuance-spc.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\licensing\issuance\client-issuance-spc.xrm-ms
Size	5.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2fdd484bc8e9c6119a2f82166a42f293`
SHA1	`6bc2a9616c4aec56007ac326699e98af41f73b46`
SHA256	`b1175e72a5ec6a2e3ba205a6ee00871ebb704198ff0f60106d3620d64d8c33b1`
CRC32	`E0821E56`
ssdeep	`96:+m3t0WqT7ZMVZiwSN5J6ZjXrOpnEKPEADY3/kb:Tt0fT9MTifqWplPmm`
Yara	None matched
VirusTotal	Search for analysis

Name	b29ed8f11288b1a7_kmsserver4.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\KmsServer\KmsServer4.reg
Size	726.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`43110ba4726d3f37a5ec881b68f7cc57`
SHA1	`fd7c70da827d2d8c40b9e67c417129e78eea3487`
SHA256	`b29ed8f11288b1a751d644d7bf1582a5ff2aeaf9f9a6007d073b2fd2f43e55f5`
CRC32	`642DD444`
ssdeep	`12:Qy5hVZteAxDZaW+ZENgUOtYoBN1HUOgeAxDZaW+ZENsEg6e9UOtYoBN1HUOU:QChVTessZENgUNo71HU/essZENsEg5UT`
Yara	None matched
VirusTotal	Search for analysis

Name	919c2f6324f5961e_udwm.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\x86\uDWM.dll
Size	237.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`1ed764523abd46779bba0e5b16c77a65`
SHA1	`2b8f994fa34f0c5197cc6a6fc1e6654880e5718d`
SHA256	`919c2f6324f5961e340450bbaaa8747a7b720c8152c6fe7aaaa4a2b0c70ae6ba`
CRC32	`8890A1AF`
ssdeep	`3072:JzyLLkso6c/kt1T1/CbfyiznjUVcRLjrTEVkEjei91CfNPPzSp/uRHcCR9Va4+Ii:RyLRmwhliLjUV3kEj/nCFPP+p/4R9`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	041f6d11a1c631b9_sppcomapi.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\x64\System32\sppcomapi.dll
Size	1.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`96119226320b3b2a80e87fdb9d446ba0`
SHA1	`6fb6e603542ada336451c0f8af79e791f65b51ee`
SHA256	`041f6d11a1c631b9868c52ca4b8636dc9ca443b3a786bcf13c3477bdcb8a0551`
CRC32	`FA026B88`
ssdeep	`24:etGSNEhBotW3KIZW01HCmHYNKJFlLu/ll35WWdPOPNn:6NPtlIZWWHCkmKhitd5Wwa`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e037bafa4dcca2f4_shell32.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\SysWOW64\ko-KR\shell32.dll.mui
Size	288.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6bbc2ca29605dc83bd8f86eee2a98539`
SHA1	`1e0c4b316426be15c289c1a9e486e9b3e3095f0e`
SHA256	`e037bafa4dcca2f458b91bbbb1b6eae0604c0ab89d2622dabcf06c8c2328887f`
CRC32	`CC2F6526`
ssdeep	`6144:TWXJrK9AqwlqgZqJlFGkcJf2V2D0m9gQ:Ti62vKlFGkcJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	95cbdb777c6deb81_slic2.1d.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1D.cmd
Size	3.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`17afe0e51ef3569aab6b8c06350cf33c`
SHA1	`fc8a70d4f5cbe5eb9673178018b125c34b9bd8be`
SHA256	`95cbdb777c6deb81db7297669b88bb67b323dbf73a32edf684b3ec13933b9f86`
CRC32	`88DC2043`
ssdeep	`48:yWtMwOH05MGxvd+/UOHeGN41ye4sAIMqVx7wn:y0qgV+8O+Ga1ylsA20n`
Yara	None matched
VirusTotal	Search for analysis

Name	b75e9b128b2eda13_asus.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\ASUS.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`1554e3a58b4d344db7f864d8612ec385`
SHA1	`c26597bfa66605b28ccf13638530c185cd52ff93`
SHA256	`b75e9b128b2eda13d9c338a34a0fb6a1e5946cfe6d407e69e5994ea98e00b9c1`
CRC32	`4E12DF85`
ssdeep	`48:cicVskHG3hMvaaF6b6shtD+a5MaRPGASz3mubm0u0Y3gflYp:yvm3DpXTMa7SKub40Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	edff96a84d3f506c_shell-inboxgames-minesweeper-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`07a40033b73e0f53a922252f6a3efe19`
SHA1	`c997f7b2babcfa586e98138d3ddf4fac950869c3`
SHA256	`edff96a84d3f506c101d38bfdfe0eb8a85dc713a38f755161615913c2a830e5e`
CRC32	`2FBAC58D`
ssdeep	`96:Qm3vT3i3UY92jXh8HQXMwSN5J65Y3pq2t:RvroU6QIQXMfCmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	c8b53762be3ff598_microsoft-windows-desktopwindowmanager-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms
Size	3.6KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7ac4a762939afa908557abe7ea3feb4c`
SHA1	`cec7f1d321f96760861d76b7d81d56a6ae1e3d49`
SHA256	`c8b53762be3ff5983cbf4b2e1e11b98b9e769f5e1619a0903bae007bab1059fe`
CRC32	`8A749707`
ssdeep	`96:fm3H4T3i3UY9ru00qPuNIXE9ycwSN5J6gY3pq2t:cYroUnrfHmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	406ff4a4d13723c5_microsoft-windows-fax-common-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-Fax-Common-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`09cd13025915befc7fd72dc661cca9fb`
SHA1	`8c0b95dc6e0328ad01231d0cf555ae649f969e50`
SHA256	`406ff4a4d13723c57008e3a50b61df94685f193066f63225c04be9c5c800cb81`
CRC32	`1D55F7CB`
ssdeep	`48:3zkHG3HKflF3Ov39mcRHa+S+26b6shtZ+yllnvtwSN5J6qY3pq2flv:Ym3HKT3i3UY9lfXhlHwSN5J6qY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	71586ac0d8b8f952_vistakey.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Vistakey.cmd
Size	6.3KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`c6af3cc9fd000b7763d8d204c430f9d6`
SHA1	`530f6986d33f3e82d55336d952628d2e932c463f`
SHA256	`71586ac0d8b8f952258ac33f895c859012945065888d0c62fa05649686a275d0`
CRC32	`8EAD2AB2`
ssdeep	`96:55dqi+j4Xl3ffFH8e8Jt2dUFpi1V+yj8tIoL+d47jUy:5rqiI4V33FPCgeFpi1VJRo++7jUy`
Yara	None matched
VirusTotal	Search for analysis

Name	63f19f882cdd7871_iaslicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\IASLicensing-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0821fc1abadb7004e66049a21c7b305c`
SHA1	`53e459663c2f8f13bbad30896fd34298c2df7742`
SHA256	`63f19f882cdd7871911562ec2f05d53c58ee391746de7bd9a97452615cd9ddf5`
CRC32	`4E688AB9`
ssdeep	`48:38UkHG3HflF3Ov39mcRH29j6b6shtok+f4liEXQtwSN5J6KY3pq2flv:Mnm3HT3i3UYW9OXlXqwSN5J6KY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	9f27d90b6095f7f3_asus.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\ASUS.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`195ba525f938bd06ce2f4844a16ddced`
SHA1	`5d3ae3e7f3d8a705678cb1c5830c55e995db332b`
SHA256	`9f27d90b6095f7f3cf4a83642e73dd24da091f14b75e51c729cb5040af3a0190`
CRC32	`E1948081`
ssdeep	`48:cokHG3uxaaJ6b6shtgt+8LAp+bbSz3mubm0uNY3gflYp:Um3uxLMXuWcbSKub4NY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	408b7c2cd82b13a3_fujitsu.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\FUJITSU.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`6e0b225c63badbe3206c80e7e49ece01`
SHA1	`39c3d4aa0f434c4ef60736b1cb55113e2baa1d6d`
SHA256	`408b7c2cd82b13a391d08541bc2906f5a4bf2412bad93128f70f19419b0a259c`
CRC32	`82D1945C`
ssdeep	`48:cVR4kHG3jfeRI6b6sht/+92njh9Sz3mubm0u2Y3gflYp:uzm3jfC5X1jh9SKub42Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	856111a95e0471c7_slic2.1stvfd.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1STVFD.cmd
Size	6.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`a336f38ac707e2e3375f615e22912685`
SHA1	`d5bd2b98cd3c688405ed1bafbdbd3ae26b08d792`
SHA256	`856111a95e0471c7cd9bd2a5f4ee89f89213e2395344c668e587ac73a696eb52`
CRC32	`4FA68335`
ssdeep	`96:eGS70jchMiLzrTKLZWZrlrS45TBrwHlN+n:Q4FpWZrdSqjn`
Yara	None matched
VirusTotal	Search for analysis

Name	370985a527e13af4_security-spp-component-sku-ultimate-retail1-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-RETAIL1-ul-oob.xrm-ms
Size	12.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a3009c9db7475fbdd09438228d0550d1`
SHA1	`9a90e3f8b54356dd4902dd91d7db0a34262ed33f`
SHA256	`370985a527e13af46beacb5fae3eb1237a4cfa2b4fcfe6582ea0a2613f60c143`
CRC32	`0B952BA1`
ssdeep	`192:4UfhkB/vpgBj4sd6cffBm1AvIcL+mE8d4eERayO9IsGIgB1fpfBmgE:4UfuW4sdBfIep+mE8OeTasGIgHpfIp`
Yara	None matched
VirusTotal	Search for analysis

Name	55225242298ec4d5_msac3enc-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Enterprise\tokens\ppdlic\msac3enc-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7571b605f7667ea2a9647d79b451254d`
SHA1	`f839bc40021cf75b67712b563bf73d9f92c98b5b`
SHA256	`55225242298ec4d5e08444c37c3620188ea9c90712997fa8f100258a2d4fdb40`
CRC32	`60CDF626`
ssdeep	`96:qm3nhT3i3UYAAwDXrwP4wSN5J6AY3pq2t:XnhroUNAwpfXmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	69ceb118bcbadb2b_ogacheckcontrol.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\wga\OGACheckControl.dll
Size	651.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`964a4192ffb663b98ec612c69fb7b4bd`
SHA1	`bb9aec8dda35818a7d7b24ac9751c8c881a64cde`
SHA256	`69ceb118bcbadb2b828855db26d53bc4cbb3b6c26b482ac9d0d947a3d3045eaf`
CRC32	`4D766510`
ssdeep	`12288:SwhdJd0HAjWjupoRBFvvsS9O6TEn2/kYbb7oJBLMyV9wa:SGdJeHoWj8n6In2/jb8M5`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) DllRegisterServer_Zero - execute regsvr32.exe Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	a75faf733fb9dc1a_terminalservices-remoteconnectionmanager-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms
Size	3.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d40c66c818895f073a3e617f3a466c00`
SHA1	`ad2f5da5155e8554378f05b307525de92e6c01dd`
SHA256	`a75faf733fb9dc1ae611cc8dcb951d849c2fb4bfca175740268e9cb2f9fdb891`
CRC32	`FCF98952`
ssdeep	`96:Nm3kT3i3UYwGEmXJ+eFQwSN5J6/Y3pq2t:ekroUXGEsQfAmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	79091aad7ff85805_security-spp-component-sku-homepremium-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\HomePremium\tokens\skus\Security-SPP-Component-SKU-HomePremium\Security-SPP-Component-SKU-HomePremium-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`dd3cd0423602699d888ee7009acca3af`
SHA1	`15dfb0ccfb9cecb25ab746265a2afc919bb00abc`
SHA256	`79091aad7ff85805a5ddc6f03466223ae6a08a5ded9058e5b82e6e563d0359e4`
CRC32	`76CA4913`
ssdeep	`384:ADfIm4ukCNrSDym0ML5KyfomKj2gmE8Oe1hJN9tLQ0qfoY5J:8nBWym0Igezb4`
Yara	None matched
VirusTotal	Search for analysis

Name	09ff8a1e9082a733_slic2.1dvfd.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1DVFD.cmd
Size	6.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`20b47ebd43452a4aaf15833e3a3fc66a`
SHA1	`0ef7570a1e361db236931d647753a5bcbdac00e8`
SHA256	`09ff8a1e9082a7337733172c7930482c88bb8a81b9df9f4d4c4b303a2cb7c68f`
CRC32	`870AFC9B`
ssdeep	`96:TW5S70jcAqMiLzrTKLZWZrlrm5TDrwHgN+n:qI45JpWZrdc0n`
Yara	None matched
VirusTotal	Search for analysis

Name	20a6675d156ff2ef_removewatermarkx64.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\RemoveWatermark\20090509\RemoveWatermarkX64.exe
Size	24.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`3d53354ae412f47e29d7b7ae2f63d05d`
SHA1	`531443c9ede3dbe02c8a7bcd1021087a68255bc8`
SHA256	`20a6675d156ff2ef95f4f21c457ccb43e20d8d04f4aa260781f61a82c0cb527d`
CRC32	`1E79D787`
ssdeep	`384:7flwDGy9F/GxONnTgk4bBDP2vIfHcbecjXqsR27kp5jKbIIR:zlwDf9FwOdjuRPQI0Cc9HTjKbIq`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	0d81115f703473a8_jooyon.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\JOOYON.xrm-ms
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`67028f3ea8e5d021d52d97220c16a36c`
SHA1	`437c4172bc771a7c9e9c4a6db9ddd5c915279b96`
SHA256	`0d81115f703473a8190e9efc3f05f4e1e498ed0664b5ec7b0c8a0ff2ce2d1019`
CRC32	`EC5E4B14`
ssdeep	`48:cxkHG36T6b6shtM+anysyb+Sz3mubm0uoY3gflYp:Jm3FXTiSKub4oY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	8a7b7528db30ab12_dwm.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\x64\original\dwm.exe
Size	117.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`f162d5f5e845b9dc352dd1bad8cef1bc`
SHA1	`35bc294b7e1f062ef5cb5fa1bd3fc942a3e37ae2`
SHA256	`8a7b7528db30ab123b060d8e41954d95913c07bb40cdae32e97f9edb0baf79c7`
CRC32	`C6C4E176`
ssdeep	`3072:i+EIisZcGeskKd0plOOcRYchcD26PS8dTJ2N:i+tXt2lWh9+dV2`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	9643d60a8b0715fe_shell-inboxgames-spidersolitaire-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`10022005d581ca1e4fcca2040d28148e`
SHA1	`d607186a0cf5eeb3ff830d2e2e1f496c913691b7`
SHA256	`9643d60a8b0715fe0d287c7a1aab8d15509a025b94ee7dc56d48c5c8c4552df9`
CRC32	`68D8D41B`
ssdeep	`48:3jfkHG3iflF3Ov39mcRHV6b6shtv+HeDatwSN5J6JkY3pq2flv:wm3iT3i3UYwXjYwSN5J62Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	05d69f4473a5fd0c_windowssearchengine-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\WindowsSearchEngine-Licensing-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`72e242413147d3716e27807cc17341dc`
SHA1	`375facb7a0fc464c976a916502d93ae81846a33f`
SHA256	`05d69f4473a5fd0c9e45f8735838d9c405cc056442021bb0ea4e0875146e2170`
CRC32	`A0ADF241`
ssdeep	`48:34rLkHG3j2flF3Ov39mcRHlEfe6b6shtOl+461WmtwSN5J64Y3pq2flv:ocm3j2T3i3UYFqXXQkwSN5J64Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	5d501528bc192025_windowsultimateextrascpl-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\WindowsUltimateExtrasCPL-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e004b8e2ea2f1687a0d2ce5e3646cb25`
SHA1	`15c9a78554e1b9e4e196df401150387a5d6655cc`
SHA256	`5d501528bc1920257de6c94d5c34ec52627ba7ff1aad94b06c70bec980dc9990`
CRC32	`8AFA7C74`
ssdeep	`48:3DkHG3AflF3Ov39mcRHmP6b6shtq+n7MJDLMwtwSN5J68Y3pq2flv:Im3AT3i3UYZXYRwSN5J68Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	298a0ff8e04375a9_feclient-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\feclient-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e59ca3198ea3b29db912dc4a992ea597`
SHA1	`473757fa56fc5bd35dd82677ee6a2ce947f00dd0`
SHA256	`298a0ff8e04375a903eaa53f5fbaf4c6bbb3713e4feb2a95a4bee45426a286b3`
CRC32	`397A322E`
ssdeep	`48:30TkHG3TAflF3Ov39mcRH4JB6b6shtTK+y1QXFAbpv8UtwSN5J6KY3pq2flv:Hm3TAT3i3UYYJ0Xc1wUvhwSN5J6KY3p/`
Yara	None matched
VirusTotal	Search for analysis

Name	deba7f6e34bf85ec_windows7key.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Windows7key.cmd
Size	5.5KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`bfbce0e4fbeea4ed38145550a99c90b7`
SHA1	`339587121cce49071f32069e0c3881d34b4baac3`
SHA256	`deba7f6e34bf85ec54af404295141c26a35ce1c26339365a841fe1c8be3c2874`
CRC32	`32CB2318`
ssdeep	`96:KH30tDM/ynaAJ8e8st+8wdG0bkEDmj3iBnH73CrVZ6wy:/M/ynaqFEDdYEDmDiBnH7y76wy`
Yara	None matched
VirusTotal	Search for analysis

Name	671263f12125b7f5_shell-inboxgames-freecell-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`90684bbf7770b6f733e1abce52d8bb79`
SHA1	`94d414f25899e958d107407ebab13fe5664e57fc`
SHA256	`671263f12125b7f597097a07ebd44bc2caa04bbff01b7a8330341a211e163577`
CRC32	`FD9B71A9`
ssdeep	`48:3BkHG3XflF3Ov39mcRHi6b6shtpk+4VAqn6COLltwSN5J6TY3pq2flv:+m3XT3i3UYjXgVmXwSN5J6TY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	0d2db4c5ad133713_security-licensing-slc-component-sku-serverenterprise-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerEnterprise\licensing\ppdlic\Security-Licensing-SLC-Component-SKU-ServerEnterprise-ppdlic.xrm-ms
Size	14.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`3b096516492daa223ff57c0feaa170c4`
SHA1	`0af53468c748ab5d6a79245ab0ce48a8fb23db3f`
SHA256	`0d2db4c5ad1337138f0679f9effeb8c908542b07d293c5ebf0d31f5bdcbf083f`
CRC32	`08724C54`
ssdeep	`384:nBroALQCLy5ZXxd3nXv5YrW+jjJsJFRdEhS19ifTjt:BJwr3nXvat6JbdEhYSt`
Yara	None matched
VirusTotal	Search for analysis

Name	05653edd605d237a_kmsserver5.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\KmsServer\KmsServer5.reg
Size	730.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`b7cb7cea7437fe3b897a6fd5b6deeca4`
SHA1	`71b7288815eb4a8885d12f02260cfcec7e1ad75c`
SHA256	`05653edd605d237af4d15d0ea2fe4a4ec5f79cb92cdc9a231e13bec996156409`
CRC32	`B4DFB0C4`
ssdeep	`12:Qy5hVZteAxDZaW+ZENgUOtYh5UOQaeAxDZaW+ZENsEg6e9UOtYh5UOQy:QChVTessZENgUN/U3aessZENsEg5UN/f`
Yara	None matched
VirusTotal	Search for analysis

Name	62d3ce7520761fc4_acluifilefoldertool-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0a17d8b4273b9356ca9bbaee26d34d49`
SHA1	`a10cd7dee5358c511858c2d1bebcd41f5fd8a75f`
SHA256	`62d3ce7520761fc4f637cfced0ed0f8578d32ca0fa7f2dfbd70ef3a03a3d298d`
CRC32	`9AC3F9C8`
ssdeep	`48:3CkHG3OflF3Ov39mcRH9y6b6shtucvm+gWE2xGtwSN5J6cY3pq2flv:Fm3OT3i3UYdzX8cv0W2wSN5J6cY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	2b08eb1825102326_a.i.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\A.I.cmd
Size	7.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`1ceb523d6e09473c41a65a3d8a2c6b3f`
SHA1	`0809cda8998d4bc4bb41d125d14740b9bacf7de2`
SHA256	`2b08eb182510232674be69fc3c493e5b93d3bb5898460c6deace0db42b3c7bd0`
CRC32	`F80D7D72`
ssdeep	`96:yJCfZDZJNApIPOhKdQ9SpwPEjMQ++wBY4LoC0zpCjzpCBJj8G4:t3ApQg7kBaP`
Yara	None matched
VirusTotal	Search for analysis

Name	f6c518992c5b2554_viewmem-x86.sys Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\ReadyFor4GB\viewmem-x86.sys
Size	5.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (native) Intel 80386, for MS Windows
MD5	`da0329fd615630880851cd26a42e7092`
SHA1	`a95de7d7e89f60acc39d1d61fd5704395b5ce889`
SHA256	`f6c518992c5b255459ae4286d086c092adfd8699be6f879f59b61ad815f0ac48`
CRC32	`1E7EA9A0`
ssdeep	`48:qrrk2EBeBnhCcrxc4QMnOQgNoS0RJGRsMeeETyFs+162rBo:2kxeBhCL4QOOQgmS0SgyFJ0i`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	148c5b2e4281bdfa_packardbell.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\PACKARDBELL.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`0e9e7897e329d78d9dbff171820b3653`
SHA1	`5df6ce03da61aadfb59d9c54bda1c68658516bc0`
SHA256	`148c5b2e4281bdfa6c13d9ad867bec3e34e5c7666231e6dd95eb17ffdbdd99dc`
CRC32	`DF9DF228`
ssdeep	`48:cHkHG3XAry6b6shtDh+RBKSDoYSz3mubm0uZFY3gflYp:Hm3XwzXmuYSKub4ZFY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	93d8fb79ee711820_shell-inboxgames-hearts-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d4d4c43acd462ee281bba31fb122907b`
SHA1	`03086696e0c16dad19e36c7d3057c96122cc752a`
SHA256	`93d8fb79ee7118203ddaf295a4cd5d5abf4d04a5f88d11c7c0a7611bde43615c`
CRC32	`1C0CB31D`
ssdeep	`48:3cpkHG3MflF3Ov39mcRHIG6b6shtbd+7m1V0m4z828twSN5J6EY3pq2flv:smm3MT3i3UYqXCeVP7wSN5J6EY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	c7c55a812067ae7b_fujitsu-siemens.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\FUJITSU-SIEMENS.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`d3b40bdfcd0af10aa8d495ac7d0f0f8f`
SHA1	`88862c951934f1e434f31aed71cd0c38c693b6c3`
SHA256	`c7c55a812067ae7b6b0c56338f9cad3a80968d842e9fc2a6b0bd707fd2aa6c73`
CRC32	`2F0B1D79`
ssdeep	`48:co1kHG3HGMUnw6b6shtuLk++iB07E/PyTISz3mubm0ukIY3gflYp:P6m3HH6RXgkqAEHy0SKub4kIY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	0af04a6e0d438d32_slic2.1u.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1U.cmd
Size	5.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`0f9025d3842109e1b74c83d56be37dd8`
SHA1	`2642a77a08fdd4fe6442d815aa00d6a8ed3db7f6`
SHA256	`0af04a6e0d438d32ed70faf38f71efc5e2509e8cd286426b40de17910ac90de6`
CRC32	`CD5257E9`
ssdeep	`48:yMXMqvxZPcAqMiLzlS2eQPCbL+d66Tc0h7/JJbx+57BMORtLeWhd+GvleZiv+n:yEZPcAqMiLzlSDo3dhJNCr0gleq+n`
Yara	None matched
VirusTotal	Search for analysis

Name	1e14ce835274e1b1_benq.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\BENQ.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`40dcfea8d3697851115b71edb613ead7`
SHA1	`da8c728e0617d28fd64b4f53c97405b65c7b27ab`
SHA256	`1e14ce835274e1b100775d285b0f5d7cefbd7fb17b6f79460b35a044b0356cba`
CRC32	`D2D1EFFF`
ssdeep	`48:cEYmkHG3SnpM6b6shtL+Ks+ia9ybeSz3mubm0uuY3gflYp:CRm3SnrXrZFGeSKub4uY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	594b712d9394627e_panasonic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\PANASONIC.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`eb7670803ab5a754a79e1fe6e86445ae`
SHA1	`9ada018808c21ca1ddd8337e67bfa43db098b2d0`
SHA256	`594b712d9394627e4044f7ee1bf12902d8b44503829b93568d95431116920502`
CRC32	`86B64B13`
ssdeep	`48:cvNkHG3KRR6b6shtsE+QkSNKeSz3mubm0uBY3gflYp:Fm3CkXpNKeSKub4BY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	28472e8bee46dcae_udwm.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\x86\original\uDWM.dll
Size	234.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2100560af3f7f2948f2676e44dfb4ecf`
SHA1	`5a475b45c173af1534533be6b2e6dd902ecb1cb4`
SHA256	`28472e8bee46dcae961c7afef71efd5675ecd05492a92631ccb4ef62dfd10f7a`
CRC32	`5CDAFE10`
ssdeep	`3072:bqNnoEHh+u0tZMvYFHSQiXrbTQMCQibZeY85AIwLgW41J9pIeJoS1ea4x6K:WhR10OY4QITfNzAIwLgWu/px1`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	a8e4c0375d1a224d_removewatermarkx64.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\RemoveWatermark\20090314\RemoveWatermarkX64.exe
Size	21.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`aaa8ae3a4ca06a4fbfd738366dddea8a`
SHA1	`a6bf68d49536a7cb31753bfa0de89b85bcaca278`
SHA256	`a8e4c0375d1a224d34a5b0e2cec952370f96ac84b78cfc9671b099d46320b7b6`
CRC32	`8D11E1C2`
ssdeep	`192:YW4rGzkEStBWGu3BYAd8awPTdJ2t3XKwkridIsiuqLO3j4hdP0ZMwIAnspYS0RCC:SWGeY2wpotHjkrnuLGbEspYrgn0INY`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	d0679623fe01724a_printing-spooler-pmc-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Printing-Spooler-Pmc-Licensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`40e5bb9b6cc27f0a2937cb0fd0643fc6`
SHA1	`801f75b947e471fe36f8c97b3bbc8af417c1ea3d`
SHA256	`d0679623fe01724aec3475162d6da3c50e942e4de7a04fb5ddc5bc43fe1fed5a`
CRC32	`CCB69B1A`
ssdeep	`48:3mkkHG3uflF3Ov39mcRHp6b6shtrN+BxV9twSN5J6zY3pq2flv:um3uT3i3UYMXxMTwSN5J6zY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	50788201a3667590_mediacenter-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MediaCenter-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`985a83a139079df0e948ef0d6d218545`
SHA1	`5bf99ecba5b9ab1dfc1cb1a7891522e38a27e54c`
SHA256	`50788201a3667590c706235eadc10b42402747547f855eece130d810616d3292`
CRC32	`4EB1949A`
ssdeep	`48:3fTEkHG3qaflF3Ov39mcRHj6b6shtp+JHADTFftwSN5J6SY3pq2flv:bXm3qaT3i3UYuXEHGTTwSN5J6SY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	959d5c6899d354da_microsoft-windows-fax-common-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\ppdlic\Microsoft-Windows-Fax-Common-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`254d4a7871d284c00755874ccf99303b`
SHA1	`b7ccebafc995ed9b7ff270ff8ef7c0fd85888770`
SHA256	`959d5c6899d354daccf6ebde5bef5171a6321dd5917ec71a3731c5a59db084ba`
CRC32	`6A597343`
ssdeep	`96:Ym3HKT3i3UY9lfX6LhXwSN5J6DFY3pq2t:JqroU1fWmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	91ef6ff201b79986_security-spp-component-sku-serverstandard-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerStandard\licensing\ppdlic\Security-SPP-Component-SKU-ServerStandard-ppdlic.xrm-ms
Size	13.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`26fa288f7a8d3c7a2c9eed97cd4a3750`
SHA1	`f235185f6b22d85b37ebff82d82115fa62b7ce76`
SHA256	`91ef6ff201b79986577c15d1de7fd2459e060c9aaf99f9f20252c547dd2708f5`
CRC32	`70222320`
ssdeep	`384:OXroevQOb44WG2wBrF/QjJsEs1xfzffrjt:SbzWG2wHI6Esffzt`
Yara	None matched
VirusTotal	Search for analysis

Name	07d9442031f669ae_security-spp-component-sku-homepremium-retail1-pl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\skus\Security-SPP-Component-SKU-HomePremium\Security-SPP-Component-SKU-HomePremium-RETAIL1-pl.xrm-ms
Size	13.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d635b5071f4a6bd5cf8dd55695fc1b6a`
SHA1	`38f27c1ffa573134468b833b21ff25df5112e715`
SHA256	`07d9442031f669ae884ba608911aeda51d48be19542282f6da2882e5ef17d825`
CRC32	`025435E1`
ssdeep	`384:+gey5fKfonfjmE83GHeS5JXX6CxgmJXNfoV:7e237/XtxgEC`
Yara	None matched
VirusTotal	Search for analysis

Name	d292fe3bb97222a1_takeownership.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\TakeOwnership.cmd
Size	1.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`e36b6e08718398bcd8b909054ee4a180`
SHA1	`7b731521b0c59844248497c2d074fd8ca57bb5f6`
SHA256	`d292fe3bb97222a19441a0ad920368a349a92511875394ff12ae776108df4588`
CRC32	`3C2E2FCB`
ssdeep	`12:CzCFp/L8/zLz2/zLnnM92k0S4PxKFfJNAIue9bYuWJ0IA4fK2oWOPxA0+jKHYA4V:ECFlev8vnnMAxxKlXGW4NOJl34NOJg5n`
Yara	None matched
VirusTotal	Search for analysis

Name	3697a8dba337359c_networkprojection-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\NetworkProjection-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`bf30e99805d4c77eb9dff61b46e149b3`
SHA1	`b3e899cea912a5c02179f7a3a93cfc9fd5581ee5`
SHA256	`3697a8dba337359c9fb2bd9788601cd25dd45f1e92d3ad0e94093d52daed1f5d`
CRC32	`9D871C67`
ssdeep	`96:k1m3+AT3i3UYYCJ+Xo0EywwSN5J6vY3pq2t:H+AroUDCJd0UfImjt`
Yara	None matched
VirusTotal	Search for analysis

Name	75db0a68a92f2623_lsa-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\LSA-License-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2ce388c6499b1735aac867d6b040c630`
SHA1	`7dd1a01e7be48f5c7de5ca8a9e59a77a6d926b53`
SHA256	`75db0a68a92f262316a7d1e8614a4ebed178ec8135ead5086b73f02a197b2a3a`
CRC32	`0FF86C81`
ssdeep	`48:34kHG3eflF3Ov39mcRHE6C6b6shtp+XWiOnotwSN5J6FY3pq2flv:jm3eT3i3UYkuXGWHywSN5J6FY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	dcfd08d3f83d0f39_security-spp-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms
Size	3.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`894949e794db63353c8fde78b8d36bd9`
SHA1	`63a63eaa27eb8aee50dc817af6277ce046400c48`
SHA256	`dcfd08d3f83d0f39ed3e02d32b172085b9b1a5251e96dfa73619254d17267511`
CRC32	`8553032A`
ssdeep	`96:7m3MT3i3UYWbP76X9U3O0+wSN5J6pY3pq2t:wMroUlJ+femjt`
Yara	None matched
VirusTotal	Search for analysis

Name	c5a9b4301f121e8f_pkeyconfig.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\licensing\pkeyconfig\pkeyconfig.xrm-ms
Size	412.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`055ece2b4cf659fb9ef6b0a526317c44`
SHA1	`1a9a4e2fccba0ed84037e4e4e343883271513d81`
SHA256	`c5a9b4301f121e8f811fa5c01b7d684c6f41c7af14d85f92bef418f5d430e2fc`
CRC32	`73942376`
ssdeep	`3072:/N0pFFrv/DPr6M2qI0C+0bZ0tf0uivYRxGjIGk1EWvgtGWd4lNy9ZRAHaECSqN7P:Vj+05X4qzkp4EFY8pcHgnRu/mg71oRwR`
Yara	None matched
VirusTotal	Search for analysis

Name	526f07768471f445_dwm.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\x86\original\dwm.exe
Size	90.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`505bf4d1cadeb8d4f8bcd08d944de25d`
SHA1	`a3ea58d117bcf0a7719b50249829c778f12e5b24`
SHA256	`526f07768471f4457cbeab7093af0b0242044c89a80a347db47f44ebadeea68d`
CRC32	`C50BFCFA`
ssdeep	`1536:8eCVTd5dCDHDOnq3h9DtcjXIrPzc4pSttMTiQHApfdhtp2ZjNyI6:lAdMqqED0I1ttnjX29Nyd`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	945356b86090cc76_security-spp-component-sku-ultimate-retail1-pl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-RETAIL1-pl.xrm-ms
Size	13.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`170fa7fcba2045535cf3c8ae165baa46`
SHA1	`1674c44e9efcd75682b516d7521038fd7b22de5e`
SHA256	`945356b86090cc76b0624a1e2c69852b8b3cb12cbcc6a48204ca582a1f0c5079`
CRC32	`B041F360`
ssdeep	`384:9geyQfKLfIj/jmE83bYeEDuy77i07o5KefIU:aeycrHe`
Yara	None matched
VirusTotal	Search for analysis

Name	fda5c8704ec12e40_microsoftwindowssafedocsmain-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`00aaa8cb8fbcb68a272c3b1d5826f88c`
SHA1	`f7592d84ce0f7bb77aad637c8af27cd3271755c6`
SHA256	`fda5c8704ec12e4040bd3935cf46d6cb66667109a7abdd090a530d1117594c3f`
CRC32	`D790E81C`
ssdeep	`96:Cpm3HoT3i3UY9AEsKXOejwEKFewSN5J6EY3pq2t:ZIroUSjwEKsfbmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	16c941b897beac91_tabletpc-uihub-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`20a5db3003e1ca92bbba0cde89aaf9c8`
SHA1	`2d3540d1551da7f6f34b67cb8b2c231ae3072f66`
SHA256	`16c941b897beac91a95a5f87246006a0528a48edcb38bdf95ae45a5d69d68d2c`
CRC32	`C909871A`
ssdeep	`48:3gkHG3rflF3Ov39mcRHT86b6shtwzi+saA3bTUXWtPmGtwSN5J6QY3pq2flv:bm3rT3i3UYBXMDSTNtrwSN5J6QY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	ef23ea9ffad3404a_kernel-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\Kernel-ppdlic.xrm-ms
Size	4.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`010255f2a744182d2e7de3cf62a04386`
SHA1	`3d62aa84dbb22854c16032e775d564f76ebe18be`
SHA256	`ef23ea9ffad3404a4ca42561cb400ee9a6e59fe8fa076d0af87e93c50371a0c9`
CRC32	`3BA2EBDD`
ssdeep	`96:jm3OKT3i3UYgs5G5c5n26IjlRXpTWlwSN5J6dY3pq2t:ovroUPpZpDTkfGmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	e66c0de107e1cba3_parentalcontrols-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\parentalcontrols-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`8e7bf19a3009a50f455906bfe095ecaf`
SHA1	`96de559c2c951e85655fc46778f0a629e9f1f4d2`
SHA256	`e66c0de107e1cba37a354098343d4857df21eb67190034bf2953d28708e1b87f`
CRC32	`981C35EF`
ssdeep	`48:3SlkHG3u0flF3Ov39mcRHoH6b6shtQ2i+spdVb14DEhL8ztwSN5J6FY3pq2flv:Cqm3u0T3i3UYIaXC2EjRiEhywSN5J6Fi`
Yara	None matched
VirusTotal	Search for analysis

Name	4b327469a7bde48c_dwm.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\x64\dwm.exe
Size	120.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`33990cac4e033995d49c87805ba35d42`
SHA1	`f5b14a3d08dde250d396cd4e70d96be6813b5560`
SHA256	`4b327469a7bde48c74c1be63dc5deeb5e9ad29168d9f69634b594b8d1c09c6e5`
CRC32	`DA3F058F`
ssdeep	`3072:94iuiOxP+pfAp0Ya7oSzg5PaRhZ+ZXtHq58B:94+YlhOhyE8`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	3b94f2a097c1ad75_security-spp-component-sku-enterprise-vl-bypass-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-ul.xrm-ms
Size	12.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`8a6ba6439d5e628eb9f624f54b4e1a45`
SHA1	`08ed4604aebeae1e0a7851f6153910837eb3871c`
SHA256	`3b94f2a097c1ad750d505c4ad3168f0263e0eccc82b254c8e4962b4f8f17e343`
CRC32	`3B5214FE`
ssdeep	`192:7WfJ6zfJ6no8OfVmZ7ogHAmE81je8nPes5WVfVmW:7Wfwzfwnif0ZrAmE8ReCPIVf0W`
Yara	None matched
VirusTotal	Search for analysis

Name	fcc271ef576855fc_peerdist-common-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\PeerDist-Common-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a9fede8626926b5f589bb25405882391`
SHA1	`068a99eec8577135dc2b3e633071860abb6d577e`
SHA256	`fcc271ef576855fc8bf82944a427e9ef650d70cfc03b5960a7476b89cd148a49`
CRC32	`0E2F723E`
ssdeep	`96:YGm3tAT3i3UYHMpw+Xhzm6wSN5J6bkY3pq2t:YLtAroU8Mpwwm6f/mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	539f25239b8abc69_security-spp-component-sku-serverenterprise-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerEnterprise\tokens\skus\Security-SPP-Component-SKU-ServerEnterprise\Security-SPP-Component-SKU-ServerEnterprise-OEM-SLP-ul.xrm-ms
Size	11.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5dcc9fbf564956c201cb5a137838abf6`
SHA1	`a0bcf414833be308bae41a695d683026905991be`
SHA256	`539f25239b8abc69f15bbce37fad7c4005c3bec2d159de26b85f319bc4cd4f95`
CRC32	`68759A09`
ssdeep	`192:C0fRtTeyFzvcfCm7yy5z9mE8dQeoXDJlcTIF/cfCmt:C0fvhEff7P9mE8eeo90IF/cfft`
Yara	None matched
VirusTotal	Search for analysis

Name	291ff6ae7bc28686_shell-inboxgames-freecell-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b7944b89503561196273c0d17502f030`
SHA1	`ac9940c544ea9abe85d6e9507cfe1c9f9eb27207`
SHA256	`291ff6ae7bc286866a51c1bf18871e0b5bb0b5fb614041315da4448073de23bb`
CRC32	`25F56965`
ssdeep	`96:+m3XT3i3UYhXcBFSdl7R10wSN5J68Y3pq2t:TXroU14F10fDmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	3f52bec95945c4e0_microsoft-windows-auxiliarydisplay-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\Microsoft-Windows-AuxiliaryDisplay-ppdlic.xrm-ms
Size	3.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`cfc8a17c78a832b037ef88df42e74129`
SHA1	`74b5d2857222e83dd8f2e55068388d3553cbc0f4`
SHA256	`3f52bec95945c4e015520df3f7d26d67067ac7ef207038d67d4486d2ebb676c5`
CRC32	`6AC591CA`
ssdeep	`96:Pm3HkaT3i3UY9WObfyyfHWhswUFXgcswSN5J6kY3pq2t:sEaroUWTtRafzmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	df012f56e3f06b0b_security-spp-component-sku-ultimate-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a8dce18053798ee4c829f1988ae4216b`
SHA1	`37d440e1d44e398a3daa453039aaa15768225182`
SHA256	`df012f56e3f06b0b47ebd949bfdd0d2fb972385cfc8821cb648653a8e64f10fe`
CRC32	`9E1E6D74`
ssdeep	`384:z2fC4ukCNrSDym0ML5KqfFmHngmE8RuNefX/VbWfFYO:1nBWym0IYPu`
Yara	None matched
VirusTotal	Search for analysis

Name	0094bdb31f236b07_provsvc-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\provsvc-license-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5cdb715a6db8c7d1eb87010f0f5cf9d3`
SHA1	`29f448e4b8ce39bb0810b5bb8bdbd52190b319f0`
SHA256	`0094bdb31f236b0732afeb81bb614e5b3ae5407d2a337d79b55c092eb3387e8f`
CRC32	`5D8E81BB`
ssdeep	`48:3ckHG3JflF3Ov39mcRH86b6shtNH++qhHQJtwSN5J6zY3pq2flv:Pm3JT3i3UY1XzfOHQ7wSN5J6zY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	c32a14c44fed518b_windows7optimizer.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Windows7Optimizer.cmd
Size	5.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`3f88d71eba0b8076828cb9f3f6892014`
SHA1	`e0db03e70e880db5ce6602cb8d1480555229e35e`
SHA256	`c32a14c44fed518b691db0b1bad62122c31b01193df895739cacb3214d70ea3f`
CRC32	`426ACB4C`
ssdeep	`96:Kd9HcmtsduXKVjK9MFydAqcJB3vhlPWZ/n:KdhdAVh+n`
Yara	None matched
VirusTotal	Search for analysis

Name	06b91106a4169ee9_muicache.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\MuiCache.reg
Size	862.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`91bd16ffa806694171e89ce6bf40ce5f`
SHA1	`4d776c6e5b565a2002f8559f77b5320fa8420b72`
SHA256	`06b91106a4169ee981a38915e694b6409f7c8cf11fef3ee845d218c32d71e509`
CRC32	`4B53B5CA`
ssdeep	`24:QChVOgUdxOojrrER3xOojrrER3xI+EllojrCREISREI7ER3xOoO:taxO2QhxO2QhxI7v2CCDCnhxOn`
Yara	None matched
VirusTotal	Search for analysis

Name	6409c88faead5765_omd-api-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\OMD-API-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`17f4a179c123be785e15e23c297a5e1f`
SHA1	`429245dbead98496d28e3d5dbcc7755795620ce2`
SHA256	`6409c88faead5765527a477aa4209cc51090bcc5f7d1092cb5977ac6c6401ae0`
CRC32	`47F8F41B`
ssdeep	`48:3xnkHG3xflF3Ov39mcRHO6b6shto+d2LI/7hx0twSN5J6FY3pq2flv:hkm3xT3i3UYHXZCIbewSN5J6FY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	c37112e0c8ac5c80_sever2008key.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Sever2008key.cmd
Size	1.1KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`74f3f721242d237749c8c63ed457ba9e`
SHA1	`1f1ac24dbf15daa040460286938127dbae9fcdaa`
SHA256	`c37112e0c8ac5c80eb87b0aa22b2aaa469cea321c4488e0c5a323ddb78ebb0a6`
CRC32	`79A1F5FD`
ssdeep	`24:5iYlci0dHuTnM2RxKlKL2zZsLr9dsLdQ9JBsLt9luG+n:5hhM2RxDzduj+`
Yara	None matched
VirusTotal	Search for analysis

Name	ccab610cf06e76bd_workstationservice-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\WorkstationService-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`6df66ac50014f40d220594cd28171e44`
SHA1	`fec82ad1ac3c85a9289be4b03c5e4caa7325ec37`
SHA256	`ccab610cf06e76bd7ba6dc1dc867425d75fd01dd093ed6dbc9c737e639d47e8b`
CRC32	`1BE93751`
ssdeep	`48:33kHG3ZaflF3Ov39mcRHz6b6shtWLSk+4ez6MU5aiktwSN5J6GY3pq2flv:km3wT3i3UYeXUSKV5aiOwSN5J6GY3pqO`
Yara	None matched
VirusTotal	Search for analysis

Name	267377ea0e565b37_user32.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\x64\SysWOW64\user32.dll
Size	813.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2c9cc9f492ca596b1b9fc1ae5e916356`
SHA1	`553a6b184f2c4f77a2483daf9ea027e4e35a1516`
SHA256	`267377ea0e565b378ee37cf862654cc8717a8d54fccee7ae8110e95981d2c418`
CRC32	`14FA277A`
ssdeep	`12288:TGJQbCfvseE2rB+NR3mPOENHaXtbPteWR5L+s5ENOeQiV1Li/km:WRNrsR3lFPte6LeYeXV1i/km`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	f6cd558710f5b472_shell-inboxgames-freecell-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b5026c3797f076f39a5fe301d9b63591`
SHA1	`160ad7cb661dda99e013c4e31f4e703ef30a4f92`
SHA256	`f6cd558710f5b472e095e469a9ee79231aa203a693ad003343097972ef416b39`
CRC32	`CE320A3E`
ssdeep	`48:3BkHG3XflF3Ov39mcRHi6b6shtTU2e+fW2tCA4wFtwSN5J6EY3pq2flv:+m3XT3i3UYjXGdMQ0wSN5J6EY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	2b39b2543459c2d8_microsoft.windows.servermanager-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerStandard\licensing\ppdlic\Microsoft.Windows.ServerManager-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`14ab0bef97fc9c2558d3724d1761b55f`
SHA1	`c22f0e66ae169fc94b38f15226f6f1358df2bb82`
SHA256	`2b39b2543459c2d8e1890a5a40db05f2747d0ea9de1430fb5b1ce406e2ad28e2`
CRC32	`E9E6E145`
ssdeep	`96:Um3HDT3i3UY932KmX4H/wSN5J6dY3pq2t:tjroUGfSmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	078e6f340c99aa73_stickynoteslicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\StickyNotesLicensing-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d975886ec992bbb6b985f4d5f54a5d8d`
SHA1	`e99984b91934f95590e15e9a0ca9f4d2f54f7247`
SHA256	`078e6f340c99aa738cc0d30a4eef148e83b4ff6aa6877b6dcbd78ca6a4352f29`
CRC32	`CF5DBDF9`
ssdeep	`48:3fkHG3HCflF3Ov39mcRHZr6b6shtt+rp5cdJcip85stwSN5J6gY3pq2flv:8m3iT3i3UYEX6pCJP1wSN5J6gY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	0a4aabe9d41cb451_windows7slic2.1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Windows7SLIC2.1.cmd
Size	26.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`84a62f20917dac7ed913bc0fbe4ad1f0`
SHA1	`e6a0544539e8f13f9b3d0ec2c57b31828a54409f`
SHA256	`0a4aabe9d41cb451106a43f26d1835c098f540f8f1047ad000862883147936c1`
CRC32	`D5C58050`
ssdeep	`192:eUnA7zzznA7zzyTBczOJ8igOJciW/fpIJ8igOJciW3AJ8igOJciWwsJ8igOJciWn:eUnAnnAub+fcb/b6b07b3bD`
Yara	None matched
VirusTotal	Search for analysis

Name	2cb66eb45ebaccef_dwm.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\DWM.cmd
Size	4.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`7f751fc6320b8f224e59bbb61653a937`
SHA1	`eb44ef364a9eddc2eb9b309b08d9df897ff87075`
SHA256	`2cb66eb45ebaccefad379e971d9e9dffe452e8f26aed188ab70f0721ba4a6fc3`
CRC32	`F8F6CDBD`
ssdeep	`96:y7w9GadngGByfywJPFadngGByfZTRtadngGByfy4JMadngGByfZLR5X:rdngGBsywJcdngGBsZTRMdngGBsy4J3K`
Yara	None matched
VirusTotal	Search for analysis

Name	62d300459b55a503_prefetchparameters.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\PrefetchParameters.cmd
Size	1.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`c7a15cdce02731d087c70f75ab547f8e`
SHA1	`78c5351ab6c47b0cd8f9621c191eb9de99ffafd3`
SHA256	`62d300459b55a50317f2e18c38b66af5868c7dceca321a36f8b2c9c57d8effd4`
CRC32	`C805841D`
ssdeep	`24:ECFgOLvsvnnMAxxKlTW/J5WFwRG4NOi/4NO1U5n:bFg/MAxxYW/LWyRGBi/Bq5n`
Yara	None matched
VirusTotal	Search for analysis

Name	de88752d7476804f_slic.img Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\VFD\SLIC.IMG
Size	1.4MB
Processes	2196 (A.I.exe)
Type	DOS/MBR boot sector, code offset 0x3c+2, OEM-ID "*V+\|LIHC" cached by Windows 9M, root entries 224, sectors 2880 (volumes <=32 MB), sectors/FAT 9, sectors/track 18, serial number 0x18ec2374, label: "BOOT98SC ", FAT (12 bit), followed by FAT
MD5	`c7d3ac0e0844fbf805b852a42db43bc6`
SHA1	`6d37eb061e16837ac7a5ae2b2f3c93d4467e856f`
SHA256	`de88752d7476804ffa50c0ca2409d4a7e15d07ccddd4e35da4403b51d59cdb51`
CRC32	`E5660957`
ssdeep	`6144:02E9HNq4WUDZZoOyH4kAdPj5rtLmdGG7zvkRo6GakeQMjBPUD7Za7rM5G7kG3jhL:0hcl+HrtLM7/s7QlI7rMoBNM4rSSPSS`
Yara	None matched
VirusTotal	Search for analysis

Name	a3ff40953151990c_peerdist-common-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\PeerDist-Common-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`307069cb761e8f9d9702679cfdd03424`
SHA1	`4f764f31aaae768ba23dd90d3f10998630d64be5`
SHA256	`a3ff40953151990c4be116c37c953f9791a15a45d66b202375fd6bfc79c49767`
CRC32	`C785F0B4`
ssdeep	`96:YGm3tAT3i3UYHMpw+Xp7wSN5J6oY3pq2t:YLtAroU8Mpw4f3mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	73caf41c40168d20_photominfeature-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Ultimate\tokens\ppdlic\PhotoMinFeature-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2c29a6d530948477d1b3e2c1fa7e284c`
SHA1	`90a16d314a050327ea7eb5f36ecf75e9d1cbc2ce`
SHA256	`73caf41c40168d202625eb50ce40c42bbcd0cd9cd2526f82ed2059a6f0300d68`
CRC32	`F0EDF12C`
ssdeep	`48:3EWkHG3JEflF3Ov39mcRHLl86b6shtFp+s29XnlHtwSN5J66Y3pq2flv:Km3JET3i3UYrlVX29XwSN5J66Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	2a1521888f636363_security-spp-component-sku-enterprise-vlkms1-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VLKMS1-ul-phn.xrm-ms
Size	16.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`7a149f078fb7ab410e7c5e3e96713acf`
SHA1	`f03f6474c308f864e60bed6f247653d02c51daba`
SHA256	`2a1521888f6363633330fa2b46b6e596e38c759497be20851acc027b367cdb27`
CRC32	`F9F380F7`
ssdeep	`384:z2fjn4ukCNrSDym0ML5KoxZXf+muTKgmE8eePvKVFCh/n0Af+Y6Q:0nBWym0IJMOvKVK0U`
Yara	None matched
VirusTotal	Search for analysis

Name	352d44c7ebe11503_printing-spooler-core-localspl-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`da8a60a14b7b3d2907cb85f04819677c`
SHA1	`042c71c67dd3b57232ecef1d10d45486cf16f625`
SHA256	`352d44c7ebe115034c6901c721d3d6ce9250b1af4d114a6ac7c76c8ae864a8d1`
CRC32	`89DC5078`
ssdeep	`48:3RkHG3UflF3Ov39mcRHD6b6shtS+PyTlLDOVsGtwSN5J66Y3pq2flv:Om3UT3i3UYOXauVxwSN5J66Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b5e04aa07b52f52e_windows7slic2.1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Windows7SLIC2.1.cmd
Size	18.5KB
Processes	2196 (A.I.exe)
Type	data
MD5	`c298c51782783493d7e08b8acdc39fbc`
SHA1	`25c4263d509f231a710a0d148f8ec447b28a2ca7`
SHA256	`b5e04aa07b52f52e009849e859892f5d6ae3cff320ce29feb13fb3a933c4a8c8`
CRC32	`A9520ED8`
ssdeep	`192:molhlZTBcpmJ8iAxbiJ8iAzKJ8iA++J8iAeyRjCThJ8iAvbTDcJ8iAUNFr:m8G4/a5pn5`
Yara	None matched
VirusTotal	Search for analysis

Name	dc11df1c1cadbfc4_parentalcontrols-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\ppdlic\parentalcontrols-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4c2025b14f08d643aa7465dea0470a03`
SHA1	`e1cbadeab3952878ea6b82b8afc6c7347d951f68`
SHA256	`dc11df1c1cadbfc49357abbf476128b5652a9f2880242aa27d7bc98890eaaa9e`
CRC32	`EDE8F651`
ssdeep	`48:3SlkHG3u0flF3Ov39mcRHoH6b6shtVg+hAjFHfj1twSN5J6BY3pq2flv:Cqm3u0T3i3UYIaXrODwSN5J6BY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	9d2fd0ad48117aea_provsvc-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\provsvc-license-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`57b763f840c415946380224c05303876`
SHA1	`5fe46b83879a96b0f2e1e9ada9d3a6f9db24de14`
SHA256	`9d2fd0ad48117aeabab29a185cdea02f149e99429322bd056414ad1230f143b8`
CRC32	`6102B96A`
ssdeep	`48:3ckHG3JflF3Ov39mcRH86b6sht/+10zZF0twSN5J6MY3pq2flv:Pm3JT3i3UY1XqsZswSN5J6MY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b4f3a53c9d882ffa_shell-multiplayerinboxgames-spades-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Spades-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`79e9eeb881835d448a6ddce929ad4108`
SHA1	`2d873cd9ff409a0dfb345e001e6624e86203ec95`
SHA256	`b4f3a53c9d882ffad11e13f2f14d060500a6630a5fa70c41810025ffbde47d55`
CRC32	`20F7DD31`
ssdeep	`48:3wkHG3j0wflF3Ov39mcRHJ0t6b6shtV+Aw/8Y3hj1R9twSN5J68Y3pq2flv:rm3j0wT3i3UYp04Xhw/8a/hwSN5J68Y5`
Yara	None matched
VirusTotal	Search for analysis

Name	e0fe3041abc7f72a_tabletpc-tabbtn-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Ultimate\tokens\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`1f810139b734d9eeeeaf38830098001d`
SHA1	`ce81976eab6a5ca23cf0fe2dc9698a7de71100c4`
SHA256	`e0fe3041abc7f72a6ec701bc37b1fb01bc8ada1cf63f6da083a143a5e1fece11`
CRC32	`AC82BA04`
ssdeep	`48:32Ri+kHG3BflF3Ov39mcRHH6b6shtg+hHfuoo2twSN5J6QY3pq2flv:eiZm3BT3i3UY6XNu0wSN5J6QY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	533567ffc3d0c76b_slc-component-sku-ocur-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d76bcd367483566b424f4be810a4851d`
SHA1	`9157f7c85434cace18cab040d7566d42bd01c2f2`
SHA256	`533567ffc3d0c76bc5d3aa3228a36e868337c69e09256b61ccdaaebb7c7a8073`
CRC32	`F2A084C8`
ssdeep	`48:3wxkHG3WflF3Ov39mcRHKG6b6sht7+8BP0ozWwQtwSN5J6QY3pq2flv:Vm3WT3i3UY0XZtWwqwSN5J6QY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	ac5c46b97345465a_slmgr.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x64\System32\slmgr.vbs
Size	111.0KB
Processes	2196 (A.I.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`38482a5013d8ab40df0fb15eae022c57`
SHA1	`5a4a7f261307721656c11b5cc097cde1cf791073`
SHA256	`ac5c46b97345465a96e9ae1edaff44b191a39bf3d03dc1128090b8ffa92a16f8`
CRC32	`84131C9B`
ssdeep	`1536:jX9zD2Dv4q24t0ODmqqtCyt9bKuvtVAtqykRjDvQiiQ:jcjl2470C29btFVSqHRD4iiQ`
Yara	None matched
VirusTotal	Search for analysis

Name	14d49431e6c7381f_mediacenter-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\MediaCenter-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d356fcea82a3b7a937e4375619683434`
SHA1	`f4ae7b38eaf1ad2b78c5f48695ce6c95f88ceca0`
SHA256	`14d49431e6c7381f2f3c39c14f6fff88a1f7039113907ceea0fc283d326b3850`
CRC32	`A7F58BE2`
ssdeep	`48:3fTEkHG3qaflF3Ov39mcRHj6b6shtf+O5lm6ptwSN5J6VY3pq2flv:bXm3qaT3i3UYuX35vwSN5J6VY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	cf5830a405a29bb8_slic2.1sthidden2.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1STHIDDEN2.cmd
Size	5.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`d7a0b06cd7dc8baef3c5028fa30e73b5`
SHA1	`a44cd106e2704acbd12dff5b5b9f04438674ca38`
SHA256	`cf5830a405a29bb856334af8afc94a12281258daecf23e69dd3802b8ecf46af5`
CRC32	`40411F35`
ssdeep	`48:uFer2rzrw5McVx84cQ4MiLzn82eQPCbNVXd6gTD0S7/BrlVx+8Nn+tRtLeWhddHq:ec84chMiLzn8VLZ3ZrlrErnHlN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	e0634f088316c0f2_rasbase-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\RasBase-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`cd898c26a1cb093c762dd5f4b4429bbb`
SHA1	`cb9bdf3991b099a15767318b8db19887d5cc7a18`
SHA256	`e0634f088316c0f2e00fd9ca67d846cc085ff6561f5cc5b63ccb348f18435109`
CRC32	`3A0934BD`
ssdeep	`48:3qkHG3nflF3Ov39mcRHC6b6sht2ut+jRFFtwSN5J6WY3pq2flv:9m3nT3i3UYDXs1rwSN5J6WY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	0d8cfcd901f8a76d_foreverr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\ForeverR.cmd
Size	4.3KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`59dec8af0522a89c5d2681b2e296d8ff`
SHA1	`86b37e2794ccd7a39ab946f88debb576c465cd41`
SHA256	`0d8cfcd901f8a76d7cd6f02565bf548e08797f6f3146d2a5f7cc72d6876e46a5`
CRC32	`89A2BFE5`
ssdeep	`48:35F595pL5ww5B5x5rd5Er9t1bVrLLTbVIjqMvaLuJjdBIuJjdHHOMymii+RP:J7zPbvf/C9tjrLLNJuJZCuJZzymixP`
Yara	None matched
VirusTotal	Search for analysis

Name	36213635fc3db3d1_microsoft-windows-networkbridge-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`fd33b8b79bcf5ced20915a0dcfbc9002`
SHA1	`093f08777c07698a32cea894481525caae82be55`
SHA256	`36213635fc3db3d1a357a614d89f355df0f04668c49257b888c6052a93de7d06`
CRC32	`F09FE348`
ssdeep	`48:3m2kHG3H+flF3Ov39mcRHa+46b6shtgR+rhfi/9twSN5J6RY3pq2flv:2hm3H+T3i3UY9JXx4nwSN5J6RY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	46421b737215b942_volmgrx-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\volmgrx-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`de34d3089970cb4f7cb6dc0984c9ef18`
SHA1	`313d10512563098c611cd34ef6538e345ecc0d8e`
SHA256	`46421b737215b942acb215c2f0490e2e1c26dc94556249f01777611894e795c7`
CRC32	`501D2DB0`
ssdeep	`96:V3m3LT3i3UY2iuiEiKaXfBetyJ/wSN5J6BY3pq2t:VELroUniuiEifw8Nf2mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	5827b134e980e68d_boot.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\boot.exe
Size	100.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`9f481e255a94a759c9d424882e144ff2`
SHA1	`37efb628926fa708decfd282ae1c2508ea588792`
SHA256	`5827b134e980e68d56854916fbcd1d2771caa4b035ccdee1dfd9aee027483e0c`
CRC32	`A55ED8F6`
ssdeep	`1536:AuVDngAOVU9gSPPSdeV5UQfdxvYxujuwt:V4U9gSLV5UQfjvUQ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	16a7169e9e38174e_shell-inboxgames-shanghai-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Shell-InBoxGames-Shanghai-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d58e0dbdde391eccd91e78247b8b0e56`
SHA1	`9153c00539eaf6a36d7cb2583ea3a4b6727eecc3`
SHA256	`16a7169e9e38174e26a2fbf6e1a0bf487ab5140f836b620f965dba32be58dd22`
CRC32	`1BFBD64B`
ssdeep	`48:3kj0GkHG3UflF3Ov39mcRH0Jmd6b6shtL+6rk1O9CWtwSN5J6hY3pq2flv:0Wm3UT3i3UYHIXM4wSN5J6hY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	8ed6918b17294217_security-spp-component-sku-homepremium-retail1-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\skus\Security-SPP-Component-SKU-HomePremium\Security-SPP-Component-SKU-HomePremium-RETAIL1-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5da1088d5df05448a9d5a7fe17a657e8`
SHA1	`a8a6cabf81c571e9c3772f08b0f6aad138c7aae5`
SHA256	`8ed6918b172942170211fb3629830811868f069f272911ebcaacb6cd2f388c2d`
CRC32	`2D2947D1`
ssdeep	`192:SLtfhdVvpgh4stfIm8mIXZ+mE8doeYzY/b85duptnsfIm0Q:Otfla4stfl8p+mE8eenGEsflT`
Yara	None matched
VirusTotal	Search for analysis

Name	51473e2df1db18a1_spc-generic-private.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\spp\tokens\identity\spc-generic-private.xrm-ms
Size	5.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`641ca55415f57b39fe99d3615219a32a`
SHA1	`1ad41523b1bd59107ac4aaa7447abc8cff0b1a82`
SHA256	`51473e2df1db18a1bd7e146612a69e64e1e001b35183ef21c216c635bfa6d61d`
CRC32	`7473BB09`
ssdeep	`96:Fm3uLYLuLmLLUsVR7gQLsTd/+cUuk/Q+/VmXqGUGjEwSN5J6zY3bHOn:mEmE8LjjEesTd/bP+vGvgfUm6n`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	3f3e50aaa0892342_printing-spooler-pmc-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\Printing-Spooler-Pmc-Licensing-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9c6de396627100ba3f4f6449101071c2`
SHA1	`3593b89ff1071d81b0b988733ae4a010c6a083b6`
SHA256	`3f3e50aaa0892342f5fb17d684a9b08c6491f4d596ba288e7b2147a3a1d8565c`
CRC32	`41D0D6CC`
ssdeep	`48:3mkkHG3uflF3Ov39mcRHKnn6b6shtQ+vORLB2HtwSN5J62Y3pq2flv:um3uT3i3UYZXqRLANwSN5J62Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	9c269dc23fc9db65_tabletpcaccessories-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\TabletPCAccessories-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7272640063120b9d540554478464b65c`
SHA1	`d1ec1f1a1a2e81a365e75c1110bca8a1fbccfe92`
SHA256	`9c269dc23fc9db6553a4b1fa043194d1392a1c29fc5a46635013140645af9360`
CRC32	`A20E6B0F`
ssdeep	`48:3Y8kHG3xflF3Ov39mcRHgA6b6shtE+SG1JkukstwSN5J6pY3pq2flv:Um3xT3i3UYcXp1XkmwSN5J6pY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	03f097fb38e78311_virtualpc-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\VirtualPC-licensing-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ac197f4e2878268132d7e20e5a612a6a`
SHA1	`f9e1ed7d6ff340df096f17cdc67b6c3af7b3b686`
SHA256	`03f097fb38e78311d03dcce3db55b0819a3cc10ce97b8ad7cde0e5e731c3f307`
CRC32	`32449F53`
ssdeep	`48:3ydkHG3zflF3Ov39mcRHk6b6shtvO+o+00nltwSN5J6BY3pq2flv:9m3zT3i3UYNXRlNwSN5J6BY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	14cec0bf5f625ff8_udwm.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\x64\original\uDWM.dll
Size	321.0KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`49e5753d923f1ac63b22d3dcb0b47e00`
SHA1	`ac1eb83199ad78259043cb63cd2e9f1d2c885716`
SHA256	`14cec0bf5f625ff839a8d79b4a6b7c4ac0cbb705fd197c6b7ff8617c6c3e34fe`
CRC32	`D004F1B2`
ssdeep	`6144:M8MvgHHsq+wjl8bi61Ao/ZkJUPsepg/Y:tMIsq+wsbZAe`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	79bec0da770265d1_user32.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\x64\System32\user32.dll
Size	985.0KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`e573bd9ab55c8e333c202b9e255f972e`
SHA1	`460bde795885134b48465dc73797db695af33e1f`
SHA256	`79bec0da770265d1a525330b2e732e055edde617bcc2848c2742492f9dbc881e`
CRC32	`D2138C35`
ssdeep	`12288:tpgR7hTWR9MooXZNVJk2ehQu5L+s5ENOeQiV1Li/k:U7xWRMZNVe2wrLeYeXV1i/k`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ea5b539c83a95fc4_windowsanytimeupgrade-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\WindowsAnytimeUpgrade-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`740b0f346ab31e4f354a44ac49e796bb`
SHA1	`d44771c67e08040aef486e2804ed4728453e34b0`
SHA256	`ea5b539c83a95fc45951c516f81e4cb3a702acec6965652deca8b5fce83fd0e1`
CRC32	`BE18EBFE`
ssdeep	`48:3EUIkHG3JKflF3Ov39mcRHjsGq6b6shtEJ+Bkov2ytwSN5J6qY3pq2flv:Fm3JKT3i3UYDsG7XhWAwSN5J6qY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b31b03781383c9b6_slic2.1dhidden1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1DHIDDEN1.cmd
Size	5.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`22f932fbc7a9da058b990c6c6b40d038`
SHA1	`7c2ca004722be106720063c3f7537eddb3e871e8`
SHA256	`b31b03781383c9b6cb2eb3eed2e27725469c4c295c7cfb4b782e936b543555dd`
CRC32	`8F6B8F8E`
ssdeep	`48:TeF73mMSVxdvcAqMiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8N2t2RtLeWhdwt/Gvo:TwodvcAqMiLzrTKLZ3ZrlrJrCt/gN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	7a9a5a6dc2f4944b_acer.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\ACER.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`d2a59a8f4c2280d45165363e377ced91`
SHA1	`6cf0a51fc0403d4dc02e3bb4f605d5da69bd94f6`
SHA256	`7a9a5a6dc2f4944b534a3f67dabbf036fd44be79ab34c7e84f0a01bf3b0a779b`
CRC32	`AD943C4F`
ssdeep	`48:chBkHG3I2tT6b6shth+5CgiFqSz3mubm0u1Y3gflYp:Lm33UXeC70SKub41Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	f74d967a81ecbb83_slic2.1dbasic.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1DBASIC.cmd
Size	5.5KB
Processes	2196 (A.I.exe)
Type	data
MD5	`1ea90aa780e594c6a2e67680a035e48b`
SHA1	`02c3eaf502d557b6d62385899f52cbcc61ee31be`
SHA256	`f74d967a81ecbb83652631cafada9042e12d18560460fcf93203407251359f66`
CRC32	`02CA1FA3`
ssdeep	`48:Tc75McVxKscAqMiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8NR1O2RtLeWhdwt/GvR2:TcLKscAqMiLzrTKLZ3ZrlrlrCt/gN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	a9015d49e457f0d3_windowssearchcomponent-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\ppdlic\WindowsSearchComponent-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`f7fd9d94e44f0214fa75d526321092e8`
SHA1	`bc4816c9aadc4e7581179f71d4a4d088bd45642c`
SHA256	`a9015d49e457f0d3291061749bf34be5cf0e3ebe319c6c9172bcb92a77057b8c`
CRC32	`945EBD28`
ssdeep	`48:3TkHG3aflF3Ov39mcRHC6b6shtOk+SNScQDtwSN5J6IY3pq2flv:Ym3aT3i3UYDX4MVkwSN5J6IY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	3d9b11867db9e66f_xp.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Xp.cmd
Size	4.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`6e4aaf2cf416fbd682c2c110cf545acd`
SHA1	`811bd9c0d18f7c285c85b653696d8ae894976d90`
SHA256	`3d9b11867db9e66fe55afafb8276b1cd725eb1cca9b1cecd19628c234c6120c0`
CRC32	`E5969E11`
ssdeep	`96:yIlYF2mxMu7aKYF2mQMu7abYF2m/Mu7a78sn:oF2mxX7GF2mQX7fF2m/X7vsn`
Yara	None matched
VirusTotal	Search for analysis

Name	2f0f7e634bfbe5cc_cert2.0.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Cert2.0.cmd
Size	12.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`ea810d5579bcecd1489d25f7f2ae4fb5`
SHA1	`020efdf6910084b74ab7b94a5bc8bed40c206cad`
SHA256	`2f0f7e634bfbe5cc977d246562eaf565942a451ab7a8c90b90289b9ac37b4aac`
CRC32	`0EC5BE2F`
ssdeep	`96:5yCRu4aFRhSPhoHbsLHD423tDcD3Mdtzs4L0BNeKDcFxJKvSjLIJKWXExi40Vu77:5y5F+SH2jV1XYHMJYq`
Yara	None matched
VirusTotal	Search for analysis

Name	1aaa2e2e84ece513_kmsserver1.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\KmsServer\KmsServer1.reg
Size	758.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`0ce7fd85f9ed2e1d74cfde218aa34771`
SHA1	`c14f05c0a3744b24a82460e602280f11c79ff0a7`
SHA256	`1aaa2e2e84ece51372251998b87d2279768467acc40ca990b8caacbac6abfdf2`
CRC32	`11CA2DDF`
ssdeep	`12:Qy5hVZteAxDZaW+ZENgUOtYo3EUOgeAxDZaW+ZENsEg6e9UOtYo3EUO0:QChVTessZENgUNoUU/essZENsEg5UNoj`
Yara	None matched
VirusTotal	Search for analysis

Name	38260b68e9bd8e81_makegrldr1-1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\Makegrldr1-1
Size	155.8KB
Processes	2196 (A.I.exe)
Type	DOS executable (COM)
MD5	`9a87a6e2da82708e06dd2a5d277139b8`
SHA1	`47ad50c29d0759190ba421e14cece9d7b7a83022`
SHA256	`38260b68e9bd8e8138c85b0265148710985be9682137e2c0c7ac5579e63c4b48`
CRC32	`BB90B43A`
ssdeep	`3072:DiP20xju6qY87t5vTlx3PEA6P1oN56o5n5qbLjhVT30h3Y:Wzx66qHfvMP1oNAot5Ojh1U3Y`
Yara	None matched
VirusTotal	Search for analysis

Name	09e728986beadd27_msac3enc-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\msac3enc-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`810ffadd2dbb2c1791d50acc5adfaefb`
SHA1	`cfd07c28d5f4824ac1eabba75dd85daeaea503a9`
SHA256	`09e728986beadd27b1ddc6c0cd35e85979c81255d99c010d5894d06dbcf5fd0e`
CRC32	`83E5B6B0`
ssdeep	`48:3mSkHG3nKKflF3Ov39mcRHcPcPA6b6shtnx+zMXOXAX9wtwSN5J6uY3pq2flv:qm3nhT3i3UYAgBXZLvKwSN5J6uY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	eda6fb2d79ff0e8a_slic2.1dhidden2.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1DHIDDEN2.cmd
Size	5.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`dabfe186f79d54e60fe0e2a3f2f5c7a7`
SHA1	`1fc4cb1de5dca9f361bce8baf16eb76f491e23b9`
SHA256	`eda6fb2d79ff0e8a6cd91b36d2b1e737624c987d25425a409081a68b629e75fb`
CRC32	`3E59281F`
ssdeep	`48:Teqk3rMSVx64cAqMiLzn82eQPCbNVXd6gTD0S7/BrlVx+8Nn+tRtLeWhdnt/GvR2:TeB64cAqMiLzn8VLZ3Zrlr4r1t/gN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	09d77e046ceb5ad3_vista.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Vista.cmd
Size	5.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`a4d6d94729c353195a7a616f1a0acb2f`
SHA1	`1670ae6f9b86959b0afe8e1527485a19070ad514`
SHA256	`09d77e046ceb5ad36276621f3c9529819a8db45494f6e76b31b00dcd9e1302c6`
CRC32	`7B97BE40`
ssdeep	`96:ZvxrPLM5GiUiyqUgA/K5LtAdDtKd08cj6KdONTwjMz/a:bo5Gi9zUP0LADS08c3ONska`
Yara	None matched
VirusTotal	Search for analysis

Name	bd7a53e244aa289a_key.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\key.cmd
Size	2.1KB
Processes	2196 (A.I.exe)
Type	data
MD5	`5d98e3f85563e9117ae98f926897ec29`
SHA1	`1ffee18a2b3265eb2db9b9e99d29008c512fb779`
SHA256	`bd7a53e244aa289a56e803e3b6f5ee707dcb3b5a9da390d4903a35730f17ad68`
CRC32	`A3DC46B7`
ssdeep	`24:Et99qxYjIcxjOxA5x1ymxS6hFxnnMNxKlWJ6QDCzFZBBtQ/n:ygOvq6FMNxZ5mzFZBU/n`
Yara	None matched
VirusTotal	Search for analysis

Name	7941b35cccde7dc4_shell-inboxgames-hearts-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomeBasic\tokens\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ad6f39bcfc3f6e83e98e3a3b76d7a005`
SHA1	`dcecb722e5109a0f5e12adbcb49157fdfd3b99d7`
SHA256	`7941b35cccde7dc4d029197a38d92542eb57c66a667dd300129f08a73d56ab1a`
CRC32	`7E38B67E`
ssdeep	`48:3cpkHG3MflF3Ov39mcRHIG6b6shtfT+ETx2J/twSN5J6TY3pq2flv:smm3MT3i3UYqXKTwSN5J6TY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	d3424c420b5b5840_shell-inboxgames-spidersolitaire-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`740a437dd1b2b21992e093cc0a2d5808`
SHA1	`19a224aaa96e20e967d564eee89da62f40ba1065`
SHA256	`d3424c420b5b58401d4b1c1c74e39ae1ea5098932ed8729ef8bfab57d817dbbc`
CRC32	`612B7844`
ssdeep	`48:3jfkHG3iflF3Ov39mcRHV6b6shto+eRV9/4twSN5J6vY3pq2flv:wm3iT3i3UYwXqRjCwSN5J6vY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	33fdfd165c7266bf_winlogon.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\XPGenuine\winlogon.exe
Size	480.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2e6632095fca9521f0643f6477820176`
SHA1	`a6de08eb57680a28b2c94d9bc42d589c5db11924`
SHA256	`33fdfd165c7266bf0a05bc82bbe8427a73cf43a0d0d58fd8209b7b0c90d539f1`
CRC32	`F5D8F7F5`
ssdeep	`6144:oYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcbFIzdFz/N5WjyfTNQ9:oVLBhic7Qy1vSneJFDNhp8z`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ae7624c118eaad81_security-spp-component-sku-starter-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\skus\Security-SPP-Component-SKU-Starter\Security-SPP-Component-SKU-Starter-ul-oob.xrm-ms
Size	12.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`1dcb6632390652cbe9de6a7476897e75`
SHA1	`2ad9009c7bc354a7c565a21efe64e709726e33f3`
SHA256	`ae7624c118eaad814cae5592ce8c1b19031b8d1e874b2476cf13f63f2493a2e8`
CRC32	`2D6BE087`
ssdeep	`192:ZwfhqWvpgi4sRDmfYmv5Iud+mE8dRaeT2mOSisVNb//SXnzfYmj:Zwf3p4sRDmf1vB+mE8TaeqPSisVNof1j`
Yara	None matched
VirusTotal	Search for analysis

Name	c231ca1b06c92acd_security-spp-component-sku-professional-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\Security-SPP-Component-SKU-Professional-ppdlic.xrm-ms
Size	14.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9bb03ff86730eb7a6ea7457bff13e6f1`
SHA1	`498f99e7e9cd7f8a149582f4476a10fcc05f4241`
SHA256	`c231ca1b06c92acd2d3005cea9aaab3fd82d6e101ee864b9644fad34b4956c49`
CRC32	`E5E0970A`
ssdeep	`384:er6roN4cbcKXxVCzknsNyCt9UAobSgJ1x6jJwcfcjt:eWQxVCzko9bESgJ+ut`
Yara	None matched
VirusTotal	Search for analysis

Name	e6106dbfa5297dbc_prefetchparameters.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\PrefetchParameters.cmd
Size	1.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`accf9c9b009c6e3a81cfb732c9ee1f0e`
SHA1	`f376cebf5b7aec1c058befc1b8ac9e1ac167a454`
SHA256	`e6106dbfa5297dbc2d8dc245e8e214055fa587a5700249a32a4e4c2b66c1f1cc`
CRC32	`4DBED448`
ssdeep	`24:ECFgOLvsvnnMAxxKlTW/J5WFwRG4hOi/4hO1U5n:bFg/MAxxYW/LWyRGzi/zq5n`
Yara	None matched
VirusTotal	Search for analysis

Name	5126a4ce725d6a80_shell-multiplayerinboxgames-backgammon-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Backgammon-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a9390f550087d8b66369ddceb8b7935c`
SHA1	`64f3c4e0d662993718eac173de0c3495f42e2666`
SHA256	`5126a4ce725d6a80dabc9bc3c2fbe0318e10f99f6ff13374d46f8f0de77a315a`
CRC32	`C9AFAEBC`
ssdeep	`48:36skHG3j0uflF3Ov39mcRHJ0r6b6shtr+LYAGWYW5twSN5J6JkY3pq2flv:sm3j0uT3i3UYp0GX4YAtYkwSN5J62Y3J`
Yara	None matched
VirusTotal	Search for analysis

Name	abcc57d5c4cb48f9_smbserver-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\SMBServer-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7443ebab04bfac164d28e5a246849540`
SHA1	`5fd4a8ba3a20c5fd5d9769c3c1fcd7193b2b1999`
SHA256	`abcc57d5c4cb48f99bab71d9855f55b05503b3e4362983e7ff05b9bc366a2322`
CRC32	`1F6B77D0`
ssdeep	`48:3tkHG3xflF3Ov39mcRHsSxPrP/6b6shtyg+q/mG7GtwSN5J67Y3pq2flv:ym3xT3i3UYwXA8f7EwSN5J67Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	9e4393351a92b648_mathrecognizereventslicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Enterprise\tokens\ppdlic\MathRecognizerEventsLicensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b8c5ae3dc47030cec78d84098e519227`
SHA1	`e19d21e0226cc18575144080359f10f6167c413e`
SHA256	`9e4393351a92b6482eab7ddc0f538bbb9ee10b462860dc5b472d6877f83b9351`
CRC32	`86302082`
ssdeep	`48:3VkHG3bflF3Ov39mcRHc6b6shtJ+SV0qK5c9twSN5J6aY3pq2flv:Km3bT3i3UYVX7Kq1fwSN5J6aY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	5877990852e0d86f_lg-x-note.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\LG-X-NOTE.xrm-ms
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`cc9492cc627b76a6f137f832f5ce3b61`
SHA1	`60037be46b8cf6743113172d8c0944a147b2f960`
SHA256	`5877990852e0d86f2e30f5ce1e3977933ce484d64970d9213d179a0c5921283a`
CRC32	`69A660CA`
ssdeep	`48:cCAkHG3/kuXnDi6b6shtZH+pR9aFUjUf71Sz3mubm0u8Y3gflYp:fm3/RXX+mmgz1SKub48Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	eb146a95a156309e_r2slic2.1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\R2SLIC2.1.cmd
Size	7.5KB
Processes	2196 (A.I.exe)
Type	data
MD5	`24361c90cab5130e4617535884555741`
SHA1	`f569919a7c61331b91edd6082524cfb658e45911`
SHA256	`eb146a95a156309ef4d294b632a5b85415f28857eb77f57dc389d98925a89809`
CRC32	`C0CD0F4A`
ssdeep	`96:i0akpbuXAmts1jBBKtfFq5Rmts1jS5FtfFuXKVtvfJ3ERHjHdSLdNHd9NFN/n:hol55FlQSLR9Nvn`
Yara	Win_PWS_Dexter_Zero - Win PWS Dexter
VirusTotal	Search for analysis

Name	6fc870783d0beefe_msmpeg2enc-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\msmpeg2enc-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`cce89cfb399eea5263fb314bbe8c2e04`
SHA1	`9db136e98df10d89112ca18b824e171d38e1374e`
SHA256	`6fc870783d0beefec80d7e9e224396c49899dfed97d93687cf41175922c7f6b4`
CRC32	`BCC7D88F`
ssdeep	`48:3TBkHG3nNflF3Ov39mcRHWgElEl6b6shtsj+zoapF9DkltwSN5J6yY3pq2flv:6m3nNT3i3UYgXC0n2wSN5J6yY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	32c8f011cf5adb1b_shell-inboxgames-solitaire-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ba449d6ad8326444846eed5bcfa21d1c`
SHA1	`5a4e18e3052f0bbe6bf11d19f7cc8d76a78d242f`
SHA256	`32c8f011cf5adb1ba9cca57ab57a70b405ce8653371a8f6df3d261420a38bb05`
CRC32	`732296DD`
ssdeep	`48:3Yb0kHG3xflF3Ov39mcRHY6b6shtqB+QacbLFXtwSN5J6xY3pq2flv:0m3xT3i3UYJXEh9dwSN5J6xY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	bb854855d035f758_makegrldr2-1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\Makegrldr2-1
Size	186.3KB
Processes	2196 (A.I.exe)
Type	DOS executable (COM)
MD5	`addb1c71d69e193db7b71d95b3f81e1a`
SHA1	`15b41ea52249b2f16ccb9df49d5ffaff6d69e6a6`
SHA256	`bb854855d035f758cfec0910976e33a224988568d3e49e346b92c3628788265c`
CRC32	`63BECC8B`
ssdeep	`3072:uJm1NpeDDRUx9znUiRma4+HRJx1vOMduFJJ1jELVH4EMeJ/9av0ZoZ:uQzQRs9z7ma4qxJQLKVYBefaIoZ`
Yara	None matched
VirusTotal	Search for analysis

Name	77caa1d763bc6a62_security-spp-component-sku-enterprise-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4437534428de9511706a3cac35b16101`
SHA1	`884e567eb91510873b9abcb4c92c51f34db807cb`
SHA256	`77caa1d763bc6a62dab31caed11bf7dfd8f2f1b56ff8e1a3f4057082cf98977e`
CRC32	`F36CA0BB`
ssdeep	`384:b2fG4ukCNrSDym0ML5KCfdmAcgmE8NuejdkMTCfdYm:BnBWym0IHPJ`
Yara	None matched
VirusTotal	Search for analysis

Name	e7aa58b3504e4a3d_slic.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC.cmd
Size	4.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`9bcfcd097449f477b4c1888a1b55721c`
SHA1	`a311b0b74c537a4f1fbfb8ad4c7b4e6fecf11e02`
SHA256	`e7aa58b3504e4a3df7ae868f78cf56303089cd686a55a715402f089edd882ba5`
CRC32	`E53A932F`
ssdeep	`48:9FiMqvxulucM6/UKMwjx641ye4sAIMqVx7wr:X0ulq6T71ylsA20r`
Yara	None matched
VirusTotal	Search for analysis

Name	b2ffe74876bc15ad_security-spp-component-sku-homebasic-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\HomeBasic\tokens\skus\Security-SPP-Component-SKU-HomeBasic\Security-SPP-Component-SKU-HomeBasic-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`03e9c8140c0efbf64c219cc7efd4f214`
SHA1	`358142d89ba1528f12b99a1d5e5b20e5e1be32f7`
SHA256	`b2ffe74876bc15ad8089f3aef9314d977dfe639cb528354ce76bd16ac358abfb`
CRC32	`06E472E5`
ssdeep	`192:lsBfh7C/vpgj4suKRf4tmc3NIzez+mE8ddeXi7jy2/5zRwr6Ef4tmy:l4fO04sFRfncT+mE8DeXi/9/ZGuEfny`
Yara	None matched
VirusTotal	Search for analysis

Name	ec513d9220e52b8b_wmpplayer-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\WMPPlayer-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`023a26dcd4cbea04daae9099c9c88d31`
SHA1	`1409534a9bf84cbf49a81369bc799c1eb9294f31`
SHA256	`ec513d9220e52b8ba9c8f6521ad9e6d23ff16dc38cfd04a84e8317b4f7ca6beb`
CRC32	`5903E643`
ssdeep	`48:3HkHG3pflF3Ov39mcRHq6b6shtdJ+0HNp/HqQQttwSN5J6GY3pq2flv:0m3pT3i3UYbXzotwSN5J6GY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	8bfaebda9189b4b7_grldr.mbr Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\grldr.mbr
Size	9.0KB
Processes	2196 (A.I.exe)
Type	DOS/MBR boot sector
MD5	`8acc8d50f8977c9863d8ab814ef9af8b`
SHA1	`be977c75d3ac26fbfe7144d05512e3373bc8a574`
SHA256	`8bfaebda9189b4b78eb7979f95db46d84eece22556a97dd0dad8ca5ed0c8a1bd`
CRC32	`884D44D5`
ssdeep	`192:J9cXKPYxzmZkvD31dLAHbWbcww7C1jIKrBSZV:HbPYxiZ8D7EYC7C1jIKrBSn`
Yara	None matched
VirusTotal	Search for analysis

Name	4b4e445bb6dd485a_security-licensing-slc-component-sku-ultimate-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\skus\Security-Licensing-SLC-Component-SKU-Ultimate\Security-Licensing-SLC-Component-SKU-Ultimate-OEM-SLP-ul.xrm-ms
Size	11.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9f6e21e22b291f46cb3dd00391fe833d`
SHA1	`20fa17be1b7f307cf7b5f346e4846295ac856fc7`
SHA256	`4b4e445bb6dd485a118ab5aacc93da15a94035ccd179e192fe338fd9a0e01157`
CRC32	`F35A6EED`
ssdeep	`192:CmfRkTeyUifPmd2e0/wmE8d8elgaURiNocm5vwfPmr:CmfqMifedawmE8SearRiNocm5Ifer`
Yara	None matched
VirusTotal	Search for analysis

Name	f6973c785339d35e_sony.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\SONY.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`3827728329e57a2794a7324138e29a79`
SHA1	`1ad4c4da6c1082ce60581b593fd50507029ed6e6`
SHA256	`f6973c785339d35ece11b50480131ee2228de25d5165078bcad347a9bc227943`
CRC32	`6F0D0E8E`
ssdeep	`48:cfsJkHG3NfYfEl826b6shta+JX4+IYciZH/Sz3mubm0uKhvY3gflYp:uHm3NfYfX/X42/SKub4YvY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	205f7d802460968b_dcpromoexe-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerStandard\tokens\ppdlic\DCPromoExe-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5e53cc4707433b61945f03c75163250d`
SHA1	`0c0378113fb012a1258f32dc66f521ef15b61617`
SHA256	`205f7d802460968b1d0153ed97c91b041059f20484bc6824181ccdf12edc574f`
CRC32	`943C0590`
ssdeep	`48:3qIkHG3GflF3Ov39mcRHh6b6sht3+vmdlxFsEldaYtwSN5J6gY3pq2flv:Em3GT3i3UY0XA2JF9wSN5J6gY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	c21dc674a518d01d_microsoft-windows-sensorslicense-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\Microsoft-Windows-SensorsLicense-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e7e89984f40ae1b27415296922b311e5`
SHA1	`9ce411c82befbb87e187454deb3d0c7ffab63f74`
SHA256	`c21dc674a518d01da57558351adedfab6afd9dc553bb0e3f0fd720ff88c1fb6d`
CRC32	`5E3C0202`
ssdeep	`48:3qwrkHG3HVFflF3Ov39mcRHa+VJf6b6shtw+TjsrtzZeo3jRtwSN5J6EY3pq2flv:avm3HjT3i3UY9nCX3OtMoTTwSN5J6EY5`
Yara	None matched
VirusTotal	Search for analysis

Name	39cf9a305c346d10_peertopeeradhocmeetings-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\PeerToPeerAdhocMeetings-ppdlic.xrm-ms
Size	3.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4482158fafcd71a2b32227da1cebb3b1`
SHA1	`80e462d2f364fff7305ffcfe66735553b584768e`
SHA256	`39cf9a305c346d102b0517f83453bb74f29a1405890b6050a9dac0cb62d14683`
CRC32	`4A8DA10B`
ssdeep	`96:hm3UT3i3UYGpKGWGIUX94pwSN5J6wY3pq2t:aUroUDp3R4pf3mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	20221cf9f7a59791_7forever.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\7Forever.cmd
Size	5.5KB
Processes	2196 (A.I.exe)
Type	data
MD5	`1f64c1ab04efaa0183cd9c75dedd5a6a`
SHA1	`fed75fde50b1122ec55b2561fb1e4274d35952d5`
SHA256	`20221cf9f7a597914606cce3b2e5d32395886345654dda51073c7569adca5d36`
CRC32	`4299E6A4`
ssdeep	`96:y2SkfLts1HQDGRfeGuXKVsxvCoAquGa25gOzDwCduW/2:hDGJyvCoAq9asDwOz2`
Yara	None matched
VirusTotal	Search for analysis

Name	7765b4c15476a35a_kmsserver3.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\KmsServer\KmsServer3.reg
Size	762.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`0c18af52105778800c8bcd9e9afa8b0a`
SHA1	`a4c1cf7bbf6f8a26ae0738ba1aacc54b039dd526`
SHA256	`7765b4c15476a35ad7a7a04558cfc04040540446e2c2161797b46e33864e5a42`
CRC32	`35DAAA06`
ssdeep	`12:Qy5hVZteAxDZaW+ZENgUOtYStoszUOgeAxDZaW+ZENsEg6e9UOtYStoszUOU:QChVTessZENgUN+9U/essZENsEg5UN+m`
Yara	None matched
VirusTotal	Search for analysis

Name	58a1f40e10e373d7_mediacenter-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\MediaCenter-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`1f484fb72630fd763240cde0ab54bdf2`
SHA1	`572fd6c9140e20c25d3cca3d002241105bb23f77`
SHA256	`58a1f40e10e373d7f41139e2764bdee19777ce8645d91a6abf03056d8160f214`
CRC32	`4E621305`
ssdeep	`48:3fTEkHG3qaflF3Ov39mcRHj6b6shtu2gg+wZp1sLBsMxKtwSN5J64Y3pq2flv:bXm3qaT3i3UYuX42g0p1sLGMxIwSN5Jg`
Yara	None matched
VirusTotal	Search for analysis

Name	92b80fd49f244351_shell32.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\winsxs\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_87d8dd2ca2437111\shell32.dll.mui
Size	288.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`28d04a18e93f1187e9735de3f403e420`
SHA1	`3e5c132c3fa95aebed080ee91ddbef4c1d062605`
SHA256	`92b80fd49f2443518fa61cf4ab2067414c64098f17f78423b54b781a89eaacd9`
CRC32	`E147F8D6`
ssdeep	`6144:oWXJrKCAqFlq/ZqJlot/AZf2V2b0mGgs0G:oilLwKlot/AZKP`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	48be90970533b49b_appid-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Enterprise\tokens\ppdlic\appid-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7097f418d4b83570c9b014fb626572a1`
SHA1	`5facafd5ac48ba31ce68c64e9d92d9977b427cf5`
SHA256	`48be90970533b49bb33ac8318ce124268ef92fd8bf828383cc0f359e8cfb5727`
CRC32	`89082C13`
ssdeep	`48:3pkHG3yflF3Ov39mcRH3p6b6sht4G+dUZ8Tn+JtwSN5J6bY3pq2flv:Wm3yT3i3UYXsXGKZ87CwSN5J6bY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	a6fd479ff612d294_display.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\System32\ko-KR\Display.dll.mui
Size	10.5KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`827d5f1094f6fb7ac4252dbeb193e9e9`
SHA1	`10e3b1eb59cdda5aa79f5d78dfc5269d1c8c15c3`
SHA256	`a6fd479ff612d294eb72597f434aed310ae06a6226de49368af077fe843a0bff`
CRC32	`A51C58C7`
ssdeep	`192:O8xUFGEdX0d/3plO5sRDz3rbb7k/TWQLEWs:OfFGYX2/3jO5sB33GWQLEWs`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	b41d903636d70156_slic2.1sthidden1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1STHIDDEN1.cmd
Size	5.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`275daf15eec8c6bd4a6cee6ee75d3ca3`
SHA1	`b517b70f78babc7177f07d729ef8e9bff19a1e47`
SHA256	`b41d903636d70156e163c21f45c511621c88905332dcb0793abd9bdd9dd75c2c`
CRC32	`6790BA81`
ssdeep	`48:uFek2kzkw5McVx9vcQ4MiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8N2l2RtLeWhdwk:e/9vchMiLzrTKLZ3ZrlrlrCt/lN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	7d261c3a6030f643_client-issuance-rac.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\licensing\issuance\client-issuance-rac.xrm-ms
Size	7.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d7b6f472c9382fefab49adc492927276`
SHA1	`39b8d809b74d1660d749cb2fb360687899cdf69f`
SHA256	`7d261c3a6030f643ebb64f9fd56a65e46ddf44b94ec34bdeae83e88e3d089974`
CRC32	`62AB893B`
ssdeep	`96:Tm3gLebLZiwSN5J6ZSLs/bXrycue9KPEADY3lkb:4gLebFifqSLs/XyY+PmY`
Yara	None matched
VirusTotal	Search for analysis

Name	cf5db87c483b03dc_microsoft-windows-internetconnectionsharingconfig-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`496c412bf6aa299d21e9a86898ca8569`
SHA1	`a38443d079cd05e93233750490383fe0df40dbd1`
SHA256	`cf5db87c483b03dcb1161673e60512873dd0c3c398641617f1d257b82a576c0a`
CRC32	`04959327`
ssdeep	`96:im3HXgT3i3UY9XnXuXPvMC1hwSN5J6UY3pq2t:fQroU9vzfvmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	efeee61f9896c84a_slic2.1stbasic.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1STBASIC.cmd
Size	5.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`0cdc39ccb02b89e70f39690d5e7176f9`
SHA1	`38339bff0acc34e838dd5d9e9535368fc48cd28d`
SHA256	`efeee61f9896c84a1f9da1fec0faf1704d9d0c60d41a0310ad4eb9dbc25b3e56`
CRC32	`D0B1E04B`
ssdeep	`48:uF8kdFs5M2xxjFcQ4MiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8NR1yO2RtLeWhdKK:ezMjFchMiLzrTKLZ3ZrlrY/rwHlN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	023a1489831da2a3_tabletpcinkball-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCInkBall-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`35a71d4b100317fe70d015de7fe2910f`
SHA1	`d3fa59725ea9af6586aea84b40deb4c1b3f7d95e`
SHA256	`023a1489831da2a351a236553e2c02ebfd41d4c30d2086acee76c9e8db4324d9`
CRC32	`669C54F3`
ssdeep	`48:356FkHG3CflF3Ov39mcRHR6b6shtsV+gJgI14QltwSN5J64Y3pq2flv:Jfm3CT3i3UYEXkv4QXwSN5J64Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	6ab66b1799484844_terminalservices-remoteconnectionmanager-uieffects-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`554e4edfb12c4760e1305c451c88d07e`
SHA1	`506ac0e3ae7de3932bb8d32976f18d2d23d51e03`
SHA256	`6ab66b179948484415e11abc06bb71fe2a5d79a64f1b07693d17281614d352e7`
CRC32	`A4F422D2`
ssdeep	`48:3ikHG3JRflF3Ov39mcRH06b6shtt+CeBTE/xgJGtwSN5J6dY3pq2flv:lm3DT3i3UY9XjZeJEwSN5J6dY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	ee19f5dcdd812df8_tabletpcinputpanel-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`64835c36eeb2331b56bfac153f5f6df7`
SHA1	`024f0d3e93d0563420e7364021606f18691216fd`
SHA256	`ee19f5dcdd812df8138b6de03a45a37cdc9f39a86f245338b0060c1964d18e14`
CRC32	`158D9A04`
ssdeep	`48:3LnzkHG3xflF3Ov39mcRHd36b6sht5+QPiWpOHtwSN5J6pY3pq2flv:jIm3xT3i3UY8XTEwSN5J6pY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b673596ef7cdb0a5_explorer-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\explorer-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`f7dc315ba4e465d20ea75b88d5c3a5f8`
SHA1	`a305757ccff94389969611ac01b630874fe249d3`
SHA256	`b673596ef7cdb0a59672c956929aaf5f390cdf7f87144d052adaba77d8292086`
CRC32	`5977C7BC`
ssdeep	`48:3jkHG3pflF3Ov39mcRHKF6b6shtD+6KUyumUsIdtwSN5J6KY3pq2flv:om3pT3i3UYBX6zLI/wSN5J6KY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	77859ebdebc5962e_auto.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Auto.cmd
Size	10.1KB
Processes	2196 (A.I.exe)
Type	data
MD5	`9baa79954c81f55745128fecfec66e67`
SHA1	`100c5f96aada7b4a4476a94307d458938d2ab460`
SHA256	`77859ebdebc5962e8b023516e9c7134a79fec55ed4ecb9c23a8dd706400c353c`
CRC32	`0B6C070E`
ssdeep	`192:orJSGAxCypOy/KQlSO0JZeanXAAt1C6bPDu/:GAxCyUpm`
Yara	None matched
VirusTotal	Search for analysis

Name	50ca9cc9d2625f34_wmpplayer-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\WMPPlayer-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4e989ea257726b8756d0a7c891948f2d`
SHA1	`9727b68a2f044751000afd25a6a8b167c49757c7`
SHA256	`50ca9cc9d2625f34b29d69fea5d5203948c08cbd0ff4cdb9fb0fb5a073396d5c`
CRC32	`7D720F2A`
ssdeep	`48:3HkHG3pflF3Ov39mcRHq6b6shtoh+0k1Bm2TnHgtwSN5J6+Y3pq2flv:0m3pT3i3UYbXmb2TnawSN5J6+Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	421f2e25ec589219_makegrldr0-2 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\Makegrldr0-2
Size	10.9KB
Processes	2196 (A.I.exe)
Type	data
MD5	`f1fd97aab0e7f047175b318a7b35ea28`
SHA1	`65083e125d0c4aa9ef7b8e7f5811ecfc4fe5780c`
SHA256	`421f2e25ec5892193c87be3e2930343d6350f79c2dd39cc5deb60188691e0433`
CRC32	`DADA553B`
ssdeep	`192:BQRFbnapa0gc6jf1zpbQJtsRrVr042CzFAVshVmzwhNrwj:B+FaEtLf8QrVr0az6mvmzwrrwj`
Yara	None matched
VirusTotal	Search for analysis

Name	cdd917b6a4e89493_kernel-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\ppdlic\Kernel-ppdlic.xrm-ms
Size	4.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2f271db1298e877eeea0fef3d10142d7`
SHA1	`6961cbc5d6ba29365fea56180beecaab8796a141`
SHA256	`cdd917b6a4e89493b26c295a5d538973d526dffe7bfedbf2e22359d24250004b`
CRC32	`646B6687`
ssdeep	`96:jm3OKT3i3UYgs5G5c5nB26IeXlHXEjUYwSN5J6XY3pq2t:ovroUPDZEU4Yfcmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	f3f1bdf5524cacb5_lsa-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerEnterprise\licensing\ppdlic\LSA-License-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`693ce90f47a550bad0ef38fa5597ba97`
SHA1	`496d58bb638d8d13174415841cb9138492bed0f3`
SHA256	`f3f1bdf5524cacb5f5b62f7d4e484757ea485b2a8463d1d39fe19fb7492aa7f6`
CRC32	`F3E5889F`
ssdeep	`48:34kHG3eflF3Ov39mcRHEq6b6shtz+3kiou0twSN5J6CY3pq2flv:jm3eT3i3UYk7X6kiswSN5J6CY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	019beca974528bfd_security-licensing-slc-component-sku-business-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\skus\Security-Licensing-SLC-Component-SKU-Business\Security-Licensing-SLC-Component-SKU-Business-OEM-SLP-ul.xrm-ms
Size	11.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`004e429790e00dcb2f28bf08d13ca0d6`
SHA1	`d28170ef32e3cef098dea7dd60611ac782221a3e`
SHA256	`019beca974528bfda0025339936eb683cef9480caaafb714b4fb99adb3860093`
CRC32	`F20A3246`
ssdeep	`192:+5fRHTeyeUfcmYDerdwmE8d5oeBJPiGUK7Jg9bfcms:+5fJ9fRYcwmE8roejlUKF6fRs`
Yara	None matched
VirusTotal	Search for analysis

Name	da20ecbbed297dad_smbserver-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Enterprise\tokens\ppdlic\SMBServer-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`8258842386390b3f224ffc5c95b158f4`
SHA1	`486248184a475a6a5da323b46d6f4680ea4ffae7`
SHA256	`da20ecbbed297dad750f83681e5684de7b263c62e2db19772725ac62c76c67ea`
CRC32	`2B8313DF`
ssdeep	`48:3tkHG3xflF3Ov39mcRHsS0PrPNZ6b6sht/+8DE6RxtwSN5J6qY3pq2flv:ym3xT3i3UYvX3DbzwSN5J6qY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	2284c61d783ff1bc_security-licensing-slc-component-sku-business-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\Security-Licensing-SLC-Component-SKU-Business-ppdlic.xrm-ms
Size	17.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9d82e13d75b2aefad83e5f67103d9355`
SHA1	`d6a0e5dc967a6a1562835875b61e37ec3b19ba53`
SHA256	`2284c61d783ff1bcc66a6e9c38cd5953c83fd58a876bfc81e4bc239d719a2262`
CRC32	`4D533D75`
ssdeep	`384:JeroeMcbO8NcC5k2i4DdojJ5i8aCB8spLmmfXjt:0tcC5kydgLZaCB8sLt`
Yara	None matched
VirusTotal	Search for analysis

Name	67996e41a5e7f1ba_security-licensing-slc-component-sku-homepremium-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\Security-Licensing-SLC-Component-SKU-HomePremium-OEM-SLP-ul-oob.xrm-ms
Size	12.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`8fc0d7ed14ee9654812cb92c1363cf14`
SHA1	`2b927ec5b7eaac56e0b71aa996d2ea57426546f0`
SHA256	`67996e41a5e7f1ba0bbe3cfc9c61105da6105cf01ff7619d75c92f37da92fe4e`
CRC32	`89E58D01`
ssdeep	`384:AAfSA4srn3yfedzcLjmE875eJKTgVCJLzfeqP:e43dzcY0ofP`
Yara	None matched
VirusTotal	Search for analysis

Name	166ff1fab4c76ea6_ibm-lenovo.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\IBM-LENOVO.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`4baa251d0af2e67eb5d7e231175e9e94`
SHA1	`abe28d29811d239567f522b6b99ea85eed911a90`
SHA256	`166ff1fab4c76ea695b57fb8ff902f962399cefb4b7df31c04ec4e8999b76317`
CRC32	`68351C09`
ssdeep	`48:cAkHG3bZNPa7o6b6sht4d+6Tr6wSMFhhSz3mubm0uXY3gflYp:4m3bkXGFr6wS4hSKub4XY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	1c1ae2b67538d878_msmpeg2enc-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\msmpeg2enc-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`83bf3834593dec83944cec2b4cdd4aea`
SHA1	`cc729e8be652d32eb9e81dff81b74f2fd43aaecf`
SHA256	`1c1ae2b67538d878fc33e7eff8a428ddd7c419b3331941ddb8a1c230ef1e9c55`
CRC32	`7294F91B`
ssdeep	`48:3TBkHG3nNflF3Ov39mcRHWgElEl6b6shtg+MK4QhRtCtwSN5J6cY3pq2flv:6m3nNT3i3UYgXxcwSN5J6cY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	7d386a80775a9235_kmsserver8.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\KmsServer\KmsServer8.reg
Size	730.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`41235e37da39ee27204d7ab933a4f72d`
SHA1	`c36074a169fad1041093a25e23f1bda27381f90b`
SHA256	`7d386a80775a923517c863383a821a80c913f2147b94b08afd9db999cae22245`
CRC32	`211AB5D8`
ssdeep	`12:Qy5hVZteAxDZaW+ZENgUOtYskDOUOgeAxDZaW+ZENsEg6e9UOtYskDOUOU:QChVTessZENgUNSU/essZENsEg5UNSU5`
Yara	None matched
VirusTotal	Search for analysis

Name	4b6eb0b0faa90780_microsoft-windows-auxiliarydisplay-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\ppdlic\Microsoft-Windows-AuxiliaryDisplay-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7102b57189ffc359989cd5c5dd848c0d`
SHA1	`4a10f1df5284b1d949ddf5a0f9788b76b6cc8f58`
SHA256	`4b6eb0b0faa90780658301f26a4b4fcc2ad95ff56dc264c13402c430ae13f48f`
CRC32	`3742CE3E`
ssdeep	`96:Pm3HkaT3i3UY9WYbfsqXSJFGwSN5J6IY3pq2t:sEaroUEbfzmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	1f47b1b853aa0261_slic2.1sthidden1.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1STHIDDEN1.cmd
Size	5.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`c87e92628eb6d54cb28142134a447e6d`
SHA1	`e527d5f826401fc69b0dbb0e67befe91d4e654dd`
SHA256	`1f47b1b853aa0261a4ceedc266abd2d5df60dbde8404b1f2329699b324989f0b`
CRC32	`B44FBE1F`
ssdeep	`48:uFek2kzkw5McVx9vcQ4MiLzrT2eQPCbElVXd6gTD0S7/BrlVx+8N2l2RtLeWhdKK:e/9vchMiLzrTKLZ3ZrlrlrwHlN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	aa02430cdb250655_terminalservices-remoteconnectionmanager-uieffects-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`13ac4873830b38c9b9fc65a3cc4155c2`
SHA1	`71c51b61e1dbef602e526e8b3c0050e344b220c3`
SHA256	`aa02430cdb25065564532a97b9979dc7189e747f3d09031326526184160785d4`
CRC32	`7A1DC900`
ssdeep	`48:3ikHG3JRflF3Ov39mcRH06b6shtR+rM1nZ1ZtcXtwSN5J60Y3pq2flv:lm3DT3i3UY9XTn4dwSN5J60Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	f8ce95ba013c8009_oganotifier.msi Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\wga\OGANotifier.msi
Size	773.0KB
Processes	2196 (A.I.exe)
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft Office Genuine Advantage Notifier, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install OGA Notifier 2.0.0048.0., Template: ;1033, Revision Number: {A07ECD82-C7BB-460C-A784-4E4F37202834}, Number of Pages: 200, Number of Words: 2, Security: 2, Create Time/Date: Mon Aug 3 15:08:48 2009, Last Saved Time/Date: Mon Aug 3 15:08:48 2009, Name of Creating Application: Windows Installer XML v2.0.3719.0 (candle/light)
MD5	`808a23cd73b2ed3edc50a4d764bd6068`
SHA1	`b5313c50bdaa8d267bbae2fe9b901901a9729727`
SHA256	`f8ce95ba013c800952047f9807ad3d48589a106c23d9981faf195a26dedacdf5`
CRC32	`F8DD27A2`
ssdeep	`12288:Q59585o7xmpT6dNuSvqCpUWcO0U6b4ElJFkyxx0jnNG5gf1l0QSI1E/p:G85oNRqTWn0DRX2g+NT0QP1E/p`
Yara	Microsoft_Office_File_Zero - Microsoft Office File Malicious_Library_Zero - Malicious_Library CAB_file_format - CAB archive file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	173c434b9a41aae5_microsoftwindowssafedocsmain-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e4f69b57907917207972fd5caa818231`
SHA1	`15f72cc0c21de6a39ee6185551b6e5c3e4b37228`
SHA256	`173c434b9a41aae5353a9b725e6c63c31b29906a08a12324d7bbe504aadbed8e`
CRC32	`9D90B929`
ssdeep	`96:Cpm3HoT3i3UY9AEsKXo1g7wSN5J6OkY3pq2t:ZIroUm7fsmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	f4ec66c62e86859d_security-spp-component-sku-enterprise-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`f32a413f1c3d59176da9828cfd048187`
SHA1	`bbefda8674fdb190b93a735fc60404bc58b819d7`
SHA256	`f4ec66c62e86859d2b7f32541c62dedc4fc4ed3d467e8400a656707b20f02850`
CRC32	`25EE9D3A`
ssdeep	`192:ocfh4Jvpg14sql5fQm/7I4m+mE8dO7ie3/rV1/bdu4wfQmF:ocfSu4sql5fd/o+mE8M7ievpNQ4wfdF`
Yara	None matched
VirusTotal	Search for analysis

Name	84f04a487c5b0fbc_security-spp-component-sku-homebasic-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\HomeBasic\tokens\skus\Security-SPP-Component-SKU-HomeBasic\Security-SPP-Component-SKU-HomeBasic-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`24629d7a1bfb96bf24ab289785b778c0`
SHA1	`344f92c8a09dd763045a22d6ff2139b1a5be43cb`
SHA256	`84f04a487c5b0fbcff3147c17f3bf63567b6b4437b86addc80b0766e38a54b07`
CRC32	`5E10AEAF`
ssdeep	`384:fefu4ukCNrSDym0ML5KqfnmX7gmE8zeG9GU2AfnYo:bnBWym0Iux80`
Yara	None matched
VirusTotal	Search for analysis

Name	b1590125dd0e2b97_personalization-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\ppdlic\Personalization-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`bced4fa9373aa95f46ace2f8330ee266`
SHA1	`4dec0deea10a2a905c0d7bea0e11951bdedff5c7`
SHA256	`b1590125dd0e2b97bca4826a28f51772469253ea809bf69afe62830b20ae1f69`
CRC32	`BC5A6076`
ssdeep	`48:3skHG30flF3Ov39mcRHX6b6shtcq+zIiF2KTtwSN5J6jY3pq2flv:/m30T3i3UYqX+TlwSN5J6jY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	1252b8acb817d94e_slic2.1dvfd.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1DVFD.cmd
Size	6.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`45690790b8cab46b7693b8d5435aabac`
SHA1	`3bf3b197ca58a1de4f95efbff9c15768079520e2`
SHA256	`1252b8acb817d94e439f8a73307d9653b7933a793b56dd2cc7c023e8141aa6f3`
CRC32	`397C8182`
ssdeep	`96:TW5S70jcAqMiLzrTKLZWZrlrm5TDrCt/gN+n:qI45JpWZrdcQn`
Yara	None matched
VirusTotal	Search for analysis

Name	e13f184fbde0a7ad_a.i_run.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\A.I_Run.cmd
Size	1.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`5509aed13013bde0ddc9a96568aeea6b`
SHA1	`5674ac6b87a887379695c3e3087ff4bdb53a31bd`
SHA256	`e13f184fbde0a7ad7eff8af4e566316f91e319c0723737edfcd7fbd72604a4ab`
CRC32	`A2C475FD`
ssdeep	`24:0nT8ZCbWXVJjbgDA47BZZ41bB1pacG4iE/LYP+Z410E/LCP8pmBDNH0N:kT880j/0BHOB1ocGuD3aDfGH0N`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	2dcc316cee3ca426_security-spp-component-sku-professional-vl-bypass-rac-public.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-public.xrm-ms
Size	4.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`76f90c58e4e9f8c21f5a4e006ca30f67`
SHA1	`55e0dda23b525e3878b499feb1e9c6d46e3c20db`
SHA256	`2dcc316cee3ca426e97e5dc01f658ff8c13af8bde4f3367529ca7e23755a4298`
CRC32	`8A709AEA`
ssdeep	`96:Nm39dWZBqeZy6X4B3PswSN5J6DY3xz+6R:e/oBFo3UfYmb`
Yara	None matched
VirusTotal	Search for analysis

Name	0821b21b789b4a6c_shortcutpatch.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Shortcutpatch.cmd
Size	6.2KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`7653cc1a701f869c7049f69fe0a665b9`
SHA1	`c272d4907475e03cc20eefae5a8f174db6a9694a`
SHA256	`0821b21b789b4a6c7028241ee140a0c8d9789e3e030423ff864f605501f9c3a7`
CRC32	`3D1CA36A`
ssdeep	`96:mPmaa6K4a+FSkjkv4mwSBV46s6+SqyHZBF9FaqFzFa+F/Fa6FsxWF+kFk4FsNKFm:Imaa6KmQuu+cHZ6h`
Yara	None matched
VirusTotal	Search for analysis

Name	58e92197a9b7c766_security-spp-ux-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\Security-SPP-UX-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`85f2950d444f7caf23e156c8ea699e23`
SHA1	`c16654e4539d4ba816c4d432feb06b78b3bc2d12`
SHA256	`58e92197a9b7c766379a65ec5053c60614a8191aee1b77dc10a580901b133edb`
CRC32	`8309F940`
ssdeep	`48:3obkHG3PQflF3Ov39mcRHhy6b6shtI+DKtwSN5J6RY3pq2flv:4Am3IT3i3UYpXbIwSN5J6RY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	f6dd46ea39a61bcb_terminalservices-remoteconnectionmanager-uieffects-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`72830612581636025945e1c460b1386b`
SHA1	`b0f6e67de9ca0062c14d372a883c5949ac673045`
SHA256	`f6dd46ea39a61bcb8259be6edeab5dc269c314e903ce95c91f0015f631b747e0`
CRC32	`E212B8F6`
ssdeep	`48:3ikHG3JRflF3Ov39mcRH06b6shtbP7l+ry89inJDNMstwSN5J6mY3pq2flv:lm3DT3i3UY9X97ugD3wSN5J6mY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	a8ef71bfdc0df01a_neccap.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\NECCAP.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`b3be3964022a33fb1073bbb19fb11fca`
SHA1	`c7dc8082eca713af5d25329fcb97cbd303384a0e`
SHA256	`a8ef71bfdc0df01a3e49edd4a9f2a8dac98e98652a36df30f7b455229afc94da`
CRC32	`2A1B56E5`
ssdeep	`48:cokHG3Tc7LT6b6shtv+fRvKOwSz3mubm0uaY3gflYp:Am3ALeXQy/SKub4aY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	8755cc2ccb87e9ef_sharp.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\SHARP.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`e15f99916e8c36851f4d557f660af9f8`
SHA1	`a7a70d7cede570008973f819b25f033a40c8fc7b`
SHA256	`8755cc2ccb87e9efd9d3ef9e3da7a071da4dd8d314db3f386855b2f80c760583`
CRC32	`F6DC7FB0`
ssdeep	`48:c1kHG3zpS1r6b6sht8+qpuadB0Sz3mubm0u1Y3gflYp:tm3oGXqpLz0SKub41Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	77086db8a98df663_makegrldr0-1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\Makegrldr0-1
Size	155.8KB
Processes	2196 (A.I.exe)
Type	DOS executable (COM)
MD5	`f9619583898d21d93c98753906c3f4a8`
SHA1	`6fb3a968384ce1749acbda5afe6a9de15860fbbd`
SHA256	`77086db8a98df663bf84464f7df4179ccc0b7084bf968467f86d5b406207a818`
CRC32	`455B07D3`
ssdeep	`3072:DiP20xju6qY87t5vTlx3PEA6P1oN56o5n5qbLjhVY30h3Y:Wzx66qHfvMP1oNAot5OjhwU3Y`
Yara	None matched
VirusTotal	Search for analysis

Name	19f7c0e437f0e1aa_tabletpcinputpersonalization-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCInputPersonalization-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`eda1a44cbfd4823ff729c0c2980f4b19`
SHA1	`d942ca57433e7b5a9b4897f3dae6e79c62a0bab6`
SHA256	`19f7c0e437f0e1aac79545259992900afb4e39bcfb4f0b2c262d106566e64503`
CRC32	`1D65D207`
ssdeep	`48:3kZJkHG3bflF3Ov39mcRH46b6sht7+xEIDtnNK0twSN5J6pY3pq2flv:0ZGm3bT3i3UYpXkEIDtnNnwSN5J6pY3J`
Yara	None matched
VirusTotal	Search for analysis

Name	dab3da69dff6c81e_security-spp-component-sku-homepremium-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\skus\Security-SPP-Component-SKU-HomePremium\Security-SPP-Component-SKU-HomePremium-OEM-SLP-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2bad7e2ed44cc1e85a91d88e40a863c9`
SHA1	`4f295c7d4a53e1afa087f3d1e48cad94530a76b2`
SHA256	`dab3da69dff6c81e239a60467442bb3130967b7f7b8a2b6187bbae6b447d6a75`
CRC32	`D5524584`
ssdeep	`384:0rtfqh4st9ffqalqj+mE8Enew47htpsfqKD:3Plq4l6h4`
Yara	None matched
VirusTotal	Search for analysis

Name	cb296c7714ad5b61_shortcutpatchr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\ShortcutpatchR.cmd
Size	8.7KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`aa1933de9e9ba829689ee996bbbf882c`
SHA1	`d9d8d0deff8808b0ab8c91956109a6c67da79776`
SHA256	`cb296c7714ad5b61cb8ba5b6cae49498fcf8fe69b6b3bd5cb1b76ee8585d8b9b`
CRC32	`0B091949`
ssdeep	`96:wQAmq4a+F4mw46s6+Hhn3XsxWsNKs6f66mmaqK4a+FSkjkv4mwSBV46s6+SqyH9B:ymqmu+H3mmaqKmQuu+cH9sA`
Yara	None matched
VirusTotal	Search for analysis

Name	84d9bb175bff5798_readyfor4gbvista.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\ReadyFor4GBvista.cmd
Size	3.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`fdc9b2a132e99e89abdbce10c2b0203a`
SHA1	`c7447f573fc5d33dd4e581f7a85eea750e261b08`
SHA256	`84d9bb175bff5798b661689d63a05b49512f28a4be72558c3ca6ffecd94d2e36`
CRC32	`EFD9A5F8`
ssdeep	`48:z4znMqvxW/TmWBFcIKCb9Tl/SEXNYcmGYAnVB+lM3zyU1zzMccveD44nXwr:zGWNP/XdEi3L5zdaeDXnXwr`
Yara	None matched
VirusTotal	Search for analysis

Name	9b857f2e5aa31d1e_vistarestoration.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\VistaRestoration.cmd
Size	2.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`0f84482bc0d307b4b338276b2eadf796`
SHA1	`c5792284476c12ffa0446f79636cb7d164c103ef`
SHA256	`9b857f2e5aa31d1e9a4b1fc2a5bc69495482933019b8be541157f25cce7222a3`
CRC32	`FE3DBB80`
ssdeep	`48:LxguO1fp/Mpx4stm555L5C88R3sfy5d5PWHik83ga:NKlpU46cnVC88KO5PWH94ga`
Yara	None matched
VirusTotal	Search for analysis

Name	dae9dcb82a1fc07a_changedesktopbackground-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\ChangeDesktopBackground-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`251b382de4f350addebe9202f5ac6624`
SHA1	`d3d4c736a2cabb8db0990e7ebaca2c6efef7f060`
SHA256	`dae9dcb82a1fc07ad6c9800143654634b6bf1e6240b40aa164d8e95c4a1f6b62`
CRC32	`AC0417B0`
ssdeep	`48:3tkHG31iflF3Ov39mcRHvW6b6shtp+vyEcSbUTtwSN5J6bY3pq2flv:ym3IT3i3UYXXZEVbUpwSN5J6bY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	350ed7b07948c716_user32.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x64\System32\user32.dll
Size	985.0KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`72d7b3ea16946e8f0cf7458150031cc6`
SHA1	`9147d119fe5b03b6547b3cbfb0115b531d0a99ee`
SHA256	`350ed7b07948c716d2ce51f324171942c534e875fbf5492250a5385b75176374`
CRC32	`95FA0345`
ssdeep	`12288:5pgR7hTWR9IooXZNVJk2ehQ/5L+s5ENOeQiV1Li/k:o7xWRwZNVe2wALeYeXV1i/k`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	7125bccd953808e3_microsoft-windows-offlinefiles-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerEnterprise\licensing\ppdlic\Microsoft-Windows-OfflineFiles-Core-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`dcabbaefad41b57639ab40f6549b092b`
SHA1	`56a16b2c5a4230fd064ab320ebe1595ad7fe1485`
SHA256	`7125bccd953808e3e41cb535e6fc41ac68e7131aff7812f2ffaab61fea5081b8`
CRC32	`1309AE0A`
ssdeep	`48:3MkHG3HTflF3Ov39mcRHa+i6b6shtGhq+HoJqL86/5twSN5J6UY3pq2flv:fm3HTT3i3UY9DXYx386zwSN5J6UY3pqO`
Yara	None matched
VirusTotal	Search for analysis

Name	39b1824c863f5435_grouppolicy-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\ppdlic\GroupPolicy-License-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`fa5086f58e8f932241c11aa95793e2c1`
SHA1	`13ded8cba00f73b61714ebc1522ee4ed76eb39c6`
SHA256	`39b1824c863f54359c7db73c3ab31f9f02cba1d7b468f21b017224dc8194ed1b`
CRC32	`48E722D2`
ssdeep	`96:EVm3nT3i3UYpXMSaSdf7wSN5J6YuY3pq2t:EWnroUXS/df7fcmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	f2b2e2ebd77ce9eb_microsoft-windows-qwave-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\Microsoft-Windows-QWAVE-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5133666a540e8d6b70240d2e44b39d64`
SHA1	`950ca68dc88d3f60de4689eb665a94c83e81e602`
SHA256	`f2b2e2ebd77ce9ebbfa0a2395107d8cbb469aef657bab90487cd5fa0dfd93daa`
CRC32	`4710535A`
ssdeep	`96:em3H/T3i3UY9VfNXwTo6wSN5J6RY3pq2t:zfroUOu7fqmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	bba087bc819b2aeb_gigabyte.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\GIGABYTE.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`0663a78919ee56cc93276d8d92b177bb`
SHA1	`e6039057b7455a468149207e95ad7576987283b3`
SHA256	`bba087bc819b2aebde5385af6ac52a6bb9d41d8e4404dfe34685f35b3e720ab6`
CRC32	`7843ECFA`
ssdeep	`48:cikHG3hYsgL6b6shtdc+UwZQFPvruS3SOUUSz3mubm0uYY3gflYp:Wm36FmXrBQFPDuSCOUUSKub4YY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	ba9c77b9155f418d_wgatray.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\wga\WgaTray.exe
Size	404.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c7dc4d4dc41ca1c5d9e25a43f9ba4dbf`
SHA1	`24fe0e056912e485adae04237bff74bf840c1e2c`
SHA256	`ba9c77b9155f418d287390f4813ccf41262e38a28b11ff63c27bac29d4710bca`
CRC32	`30A249B9`
ssdeep	`6144:fOUljHLs0lFbtnw6+IMUmRjB/zEzJL90Ta+it//r7Li7zLTbEHvn/n2zczqAGbct:BBHLLlFRnqIcRVKj`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	a7fde5613ba84613_security-spp-component-sku-ultimate-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Ultimate\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLP-ul-oob.xrm-ms
Size	12.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ab254adecb7784639ec0119ec0d3d724`
SHA1	`7c8e54e9c13e1fb9c73a852f68ef1fad80177525`
SHA256	`a7fde5613ba8461387bc8588636f1487161991ebbbbdc674c1990d5106698dfc`
CRC32	`6A0667F6`
ssdeep	`192:VUfhkavpgG4su1LKfffmMvKMq+mE8dNeAIgIIDXWffmH:VUfZF4sIuffuMs+mE8PeAVIiWfuH`
Yara	None matched
VirusTotal	Search for analysis

Name	d1ada3568ee70798_networksecurity-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\NetworkSecurity-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e91794915e8177dc67df9b4442138a3d`
SHA1	`ce17317d9ae13218eb636917a3f1f2ba72301c2b`
SHA256	`d1ada3568ee707984233d710dfe4fd59f9014689b207b183e8d5b4f9300bea2d`
CRC32	`83F00310`
ssdeep	`48:3lkHG3gRflF3Ov39mcRHSy6b6sht4AS+nBSWcTXpG6JSltwSN5J6HY3pq2flv:am3gRT3i3UYyzXGApGZ/JmwSN5J6HY3J`
Yara	None matched
VirusTotal	Search for analysis

Name	76dbc59193e29529_7retailopt.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\7RetailOPT.cmd
Size	5.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`ba236b8795a99d6d50e6055dbab8f6bb`
SHA1	`c19f677c5213ef3017783968b5fee827705e747c`
SHA256	`76dbc59193e29529c7ec615166abc90dfebb358ea08532d7403c4fc8de35c5b6`
CRC32	`DFAB2558`
ssdeep	`96:Kd4vcmtsbuXKVjecDMvydqqJ0OT+gGd0lMzDi6z93sZn:KdhFdqwdj1OUn`
Yara	None matched
VirusTotal	Search for analysis

Name	fbde6fb95e094c38_shell-homegroup-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\shell-homegroup-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0229e957d495c4244b7820a2893216c7`
SHA1	`f74e192cd1355d170189d667831ff73271406c9a`
SHA256	`fbde6fb95e094c38fd25661621a9da4dee09fe286b82d618cb407fb8fdcbd2da`
CRC32	`D2897F09`
ssdeep	`48:3WXQkHG3RflF3Ov39mcRHW6b6shtw+yrU2P6fgtwSN5J6RY3pq2flv:mLm3RT3i3UYfXerU2Cf6wSN5J6RY3pqO`
Yara	None matched
VirusTotal	Search for analysis

Name	f07f8e804c1c1f0a_registry.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\Registry.exe
Size	635.4KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5	`ad1322bc3d5c6b95705e7be82902ce7b`
SHA1	`2a7540de8a95e4beb70cd8aca29792de4d3ff125`
SHA256	`f07f8e804c1c1f0a8fd455b13f3671bc0c1e54b4e80c61796bced53d567eef80`
CRC32	`43A002EE`
ssdeep	`12288:U5O4brkBz2/wiQKijDhOON1iZ4xAN6sEKuMNwA34GEzAxvvi1Wmjd:UI4kBAwiQh3hOkheEKuDA33SSq5d`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	066f4bbb939a9976_vistabootpro.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\VistaBootPro.exe
Size	907.3KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5	`2c5f1dfa39c802eba5d41ef74079037d`
SHA1	`36265093bc7912a2d3e58653e583d1f37a3551d9`
SHA256	`066f4bbb939a997679b804183d97bb04ecaa47c3626c8a62536ee47e61d9cb80`
CRC32	`9B715B64`
ssdeep	`12288:I5ODttA4voA4vz0YDmbD/KMoiTouF4EyAC+NAFRTII8iz1GxpiQJ2AA4vo:IIZttvotvBwzr/8L/+ehSizFqtvo`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	a155b80e8b6b2b7f_client-issuance-ul-oem.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\issuance\client-issuance-ul-oem.xrm-ms
Size	4.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e892e1b25539c170cc01bd74a15ab962`
SHA1	`3e654148ab1c134d9767e91fedb2f5e7e831a98a`
SHA256	`a155b80e8b6b2b7f835cd558c099efc8317b981fdd72341e5f2437ae57f2d6f5`
CRC32	`5BD9A3ED`
ssdeep	`96:oLGm3nwSN5J6Z/SKub4ZaUiXX0dSKPEWY3wkb:onfq/eyHRf9ml`
Yara	None matched
VirusTotal	Search for analysis

Name	8bc9a456f845b879_takeownershipuninstall.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\TakeOwnershipUninstall.reg
Size	330.0B
Processes	2196 (A.I.exe)
Type	Windows Registry text (Win2K or above)
MD5	`92f2e6c00639416be0cf9bd1bc19abce`
SHA1	`b8ffd205a5c412f37a8feb3cacd3de8b21467fdc`
SHA256	`8bc9a456f845b87935d47b6ebb747afbcf448448d5200bca5c653304ca35c9f9`
CRC32	`010DB28F`
ssdeep	`6:jBJ0nMhRKLNKoQyeVLiuyeVLnkOSyex1JyexX1iOSyeXCiuyeXCnkOy:jBJ0SK0HjnjnFSr1JrVSNCnNCnFy`
Yara	None matched
VirusTotal	Search for analysis

Name	21297d3c498869b1_readyfor4gb.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\ReadyFor4GB\ReadyFor4GB.exe
Size	90.9KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`60bb38c5dacd52185a0ac1974584a2dc`
SHA1	`8454f6d8c35b7af757e0aaa638f440154f105bdb`
SHA256	`21297d3c498869b11477be5e2efbca309e940f6caeab33b322a271a4da3a7a50`
CRC32	`7027CC0D`
ssdeep	`1536:5b7Igo/e5GB4kFkg6Jo5lOnvImUu5lQE+6ABxqZ:l7Igo/2GCkFkgavImUu5lQL6As`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	c0a7ac81686469b8_peertopeerbase-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\PeerToPeerBase-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`29d1810e433e591b1cd239d94730ec0b`
SHA1	`77c7b952b2e391dc8ee0b7a0cefb5b7f8e2d6c4d`
SHA256	`c0a7ac81686469b8aa3714cf4c03d0d26b46745ebac30c558dd3dbb5dd94a6de`
CRC32	`7C70DE6F`
ssdeep	`48:3WkHG3yflF3Ov39mcRHeqs6b6sht1+dtz41TaXLlq5twSN5J6bkY3pq2flv:xm3yT3i3UY+GX+DlqrwSN5J6bkY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	91373d5f80a51e24_toscpl00-toscpl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\TOSCPL00-TOSCPL.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`daee3f455591f9a5196362874d3fbd4b`
SHA1	`547f0bc67b5005fefc4bea09e47404490e355265`
SHA256	`91373d5f80a51e244cf6f409a3ffaa9961c777d61f537850305308894c5957aa`
CRC32	`714A1F77`
ssdeep	`48:c8MkHG3umT8A6b6sht7+n3Ib5Cm3Sz3mubm0uOY3gflYp:Bm334XM3G5Cm3SKub4OY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	423dbeb2fcda8c88_snippingtoollicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\SnippingToolLicensing-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ee8c52fb55a856810f84cb650dad392c`
SHA1	`dc9cb74370e61c8740ad2ffe317f65fd7071a1b0`
SHA256	`423dbeb2fcda8c886d010f25f5602f4acc3886f5103107948bf0932a03aaa17d`
CRC32	`A4E3081B`
ssdeep	`48:3MVkHG3slflF3Ov39mcRHWg6b6shtH+T2PBAsntwSN5J6rY3pq2flv:xm3OT3i3UYMXeCztwSN5J6rY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	36247a9583ef9104_feclient-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\feclient-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`68c4a03617e4f26e0c0c9a4b24859e9c`
SHA1	`76304e5d962d327e8b1dc169ccee871a325911a2`
SHA256	`36247a9583ef91045c268cc43e6111d901043c977dc0357cbc0c1bce412085c7`
CRC32	`666F456E`
ssdeep	`48:30TkHG3TAflF3Ov39mcRH4JB6b6sht7+AevW8mba/twSN5J6YuY3pq2flv:Hm3TAT3i3UYYJ0XPe1mowSN5J6YuY3p/`
Yara	None matched
VirusTotal	Search for analysis

Name	266d64637cf12ff9_acer.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\ACER.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`f25832af6a684360950dbb15589de34a`
SHA1	`17ff1d21005c1695ae3dcbdc3435017c895fff5d`
SHA256	`266d64637cf12ff961165a018f549ff41002dc59380605b36d65cf1b8127c96f`
CRC32	`4B032EBD`
ssdeep	`48:c/XkHG3M2o6b6shtV+nefW/joXGDSz3mubm0u4Y3gflYp:jm3M2ZXo18XGDSKub44Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	451a8129c309b3c8_slic2.1dbootmgr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1DBOOTMGR.cmd
Size	5.4KB
Processes	2196 (A.I.exe)
Type	data
MD5	`b2ee94c5a917d346cca32d60e07f28fb`
SHA1	`536505aad74fbbe60f05fd47ad5787bb2f880db6`
SHA256	`451a8129c309b3c81c145fbadf59a1dcd60b828d1adf445e873f691c9f26f47d`
CRC32	`46E0F85E`
ssdeep	`96:TqWEjry8cAqMiLzrTKLZ3zrlrfkrwHgN+n:+WEj7Jp3zrdf9n`
Yara	None matched
VirusTotal	Search for analysis

Name	032562ca252cef56_acluifilefoldertool-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2b07d90c6f9b04ccb82191029609099b`
SHA1	`4d676fa6197b7511d60dd03816c5d72589496d4c`
SHA256	`032562ca252cef56ce818ca806df8dbd77b7e0896b7536bf387acd5f616034ef`
CRC32	`25D60494`
ssdeep	`48:3CkHG3OflF3Ov39mcRH9y6b6sht8j+IQV+9u9ozcEXWtwSN5J6SY3pq2flv:Fm3OT3i3UYdzXSbMnaEwSN5J6SY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	d2c463ec7ab6053c_slic2.1sihidden2.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1SIHIDDEN2.cmd
Size	5.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`5aae9fed3c61eee95f661ae91cd34ab4`
SHA1	`83e923d2b4a2c9489cc6f38b4b9415e7eb83d436`
SHA256	`d2c463ec7ab6053cf9e8f34f1cd14398d531a38ff443d587a8b417d3704c220e`
CRC32	`0946A5EA`
ssdeep	`48:uFer5rzrw5McVxa4cAqMiLzn82eQPCbNVXd6gTD0S7/BrlVx+8NnuVvtRtLeWhdF:eNa4cAqMiLzn8VLZ3ZrlrsVHrnHgN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	dca92aaea1dc47dd_removewatermarkx86.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\RemoveWatermark\20090117\RemoveWatermarkX86.exe
Size	17.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`402456a0e5990925fc04c7e270f917d7`
SHA1	`1735a019b5f88746bb1ecae464e2a627e2dda318`
SHA256	`dca92aaea1dc47dde93fa164c9690f3d03af46e5b630ff803a4af2f91c2fb355`
CRC32	`C44F8B5E`
ssdeep	`192:Xp3sPY72zUkStKGGO3C3a9lefeOtIko5H1WJdaLlRvis1s86EdCDHtUYKLrkSIrp:ZaGGj31tBo5H1Kyz6ku6F9Id`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	9bd7b658137b2320_themecpl.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x86\System32\ko-KR\themecpl.dll.mui
Size	9.0KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`c6e7e1674fd77fe944dc40ccf5fb8ab3`
SHA1	`70dfa87edeb19f11a4f8c423a32749c43df580b1`
SHA256	`9bd7b658137b2320eb25af1fdfd3f439fb57a5893f6d8429bd785ee468e66e78`
CRC32	`27FFAB80`
ssdeep	`192:cg/TPY96j36Fo23GDXypPBI+vwIZd4y9i1q6WznYWg:d/TPH6FocGLCvwQm1q6WznYWg`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	e7c5bd87dd0f5b57_mobilepcmobilitycenter-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Enterprise\tokens\ppdlic\MobilePCMobilityCenter-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`55b8cd78b187fbaabbfac9b7c782d67b`
SHA1	`4f82671d1ce83ddf276e290e58489f3a7ab4e46d`
SHA256	`e7c5bd87dd0f5b5760dfc239a92b7d3bf9de2eeda29d87d3a17bb318b4168300`
CRC32	`8A0C0E9F`
ssdeep	`48:3GkHG3uaflF3Ov39mcRHO6b6shtl+pnMZ1hRtwSN5J6OkY3pq2flv:Bm3uaT3i3UYHXmn2XTwSN5J6OkY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	a1c723b12e58a2bf_msmpeg2adec-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\msmpeg2adec-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`1c9da7a2b1f5b7508e519d25cb436116`
SHA1	`21edc30a83c85b1aa5a0efcce1fb462bb0744fb5`
SHA256	`a1c723b12e58a2bf29a80f5dd9500a5a9383390d2bd6c9d557a0594bc45da59a`
CRC32	`AA1B7635`
ssdeep	`96:jm3nwT3i3UYjXLkfTi5VwSN5J6cY3pq2t:onwroUF2VfLmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	6432d968f2822570_mobilepcmobilitycenter-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MobilePCMobilityCenter-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`93dc4bc22bd90360e47b6bd1731f624d`
SHA1	`d689a4e74a45625d72888e63258e975f980df4d3`
SHA256	`6432d968f282257038129ce015ef8295a8e3c35a7ee41ae413ea19543e4a0da5`
CRC32	`FDFA0E3D`
ssdeep	`48:3GkHG3uaflF3Ov39mcRHtR9TSn6b6sht/0+5Aq5dtwSN5J6LY3pq2flv:Bm3uaT3i3UYT9G6XV/wSN5J6LY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	dd32437f13f100e5_security-spp-component-sku-professional-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\ppdlic\Security-SPP-Component-SKU-Professional-ppdlic.xrm-ms
Size	14.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7c3005299196f7958bad1c5a535b6dd6`
SHA1	`ad1b4bffe61549fe4855353bbffb6a892b04dcbd`
SHA256	`dd32437f13f100e52e80a5a3759cb444210accf6e8bbf08b599c4a03f2757a57`
CRC32	`C7153307`
ssdeep	`384:er6roN4cbcKXxVCzknsNyCt9UAobSgJ1x6jJwUf8jt:eWQxVCzko9bESgJ+it`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	3439eff764956c1a_microsoftwindowssafedocsmain-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`36ad4eee439e9d02eefe0f2074f47e2c`
SHA1	`508622c6f2cfa6eea54e696e385b90254c725288`
SHA256	`3439eff764956c1af8a1778432e492eea427768bb63b0c2a7a220c232ca68a6e`
CRC32	`81B03C40`
ssdeep	`96:Cpm3HoT3i3UY9AEP5wXq6HwSN5J6CY3pq2t:ZIroUiZ6Hftmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	815be996ba308be1_w7cs.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\W7CS.reg
Size	440.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`5c7eec8da1224b53525b4bfdd28ffdca`
SHA1	`94e2721764d45a8a6065e22347975ec7ca338c74`
SHA256	`815be996ba308be163cb74b05fc6abd067c050169fa2087ffc9c076ce3225b07`
CRC32	`8562BD50`
ssdeep	`12:Qy5hVZArRNEEaW+ANLLBrtMrRNEEaW+ANLLBrt9:QChVOrrElANLdZMrrElANLdZ9`
Yara	None matched
VirusTotal	Search for analysis

Name	a94c0c8aeef54296_themecpl.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\winsxs\x86_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_60d6493e5ec01332\themecpl.dll.mui
Size	9.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f7f931c5ac61c58a794b1cc7b064e095`
SHA1	`84adfebd384a8c0821188d0c724469835fe7f574`
SHA256	`a94c0c8aeef54296a3662a744be2ab6f8c078a216c044aed047ac2555f1f71f5`
CRC32	`4178E45F`
ssdeep	`192:Zg/TPY96j36Fo23GDXypPBI+vwIZd4y9i1q6WznYWg:i/TPH6FocGLCvwQm1q6WznYWg`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	516a19314062cfb8_slic2.1sthidden2.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1STHIDDEN2.cmd
Size	5.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`3dd62ce58ea2dd143db4122bed495792`
SHA1	`b1c1a630e8ef3e426dfb28b6929e8e5403633994`
SHA256	`516a19314062cfb8eae5156ba8dbf84ba91fd27d2a604231ce512768f5bb7039`
CRC32	`5C33DD49`
ssdeep	`48:uFer2rzrw5McVx84cQ4MiLzn82eQPCbNVXd6gTD0S7/BrlVx+8Nn+tRtLeWhdntC:ec84chMiLzn8VLZ3ZrlrEr1t/lN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	8c267fcf826dbb30_tel_id.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Tel_ID.cmd
Size	330.0B
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`09664b119c7d4894733c62619e210c0a`
SHA1	`a99ca4e41ad3a44f582b17bef78dfd706ab3e2df`
SHA256	`8c267fcf826dbb301a45594c123f3168b4fd0f92059854de21d33bfb4dded6c1`
CRC32	`D1EA606A`
ssdeep	`6:h8JKc4hsZ1h3qSI/4//IV//IV//IV//oe9qSIc9qSIRwQn:SK141h3FIAXIVXIVXIVXoe9FIc9FIRwQ`
Yara	None matched
VirusTotal	Search for analysis

Name	6f50a8bf5d7bafa5_virtualpc-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\VirtualPC-licensing-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9018beb2601a16dc8631b11e69063cdf`
SHA1	`8f658b2220ed0dfe2b42a1eacf093e59efa9f61e`
SHA256	`6f50a8bf5d7bafa50f549a43e20f2399192200e8ca9a18e463655ae2c8700c8d`
CRC32	`2C06E3EE`
ssdeep	`48:3ydkHG3zflF3Ov39mcRHk6b6shtq+DeVmPXUq2DtwSN5J6dtY3pq2flv:9m3zT3i3UYNXB2mPX8wSN5J6DY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	90eae28514fafb03_msmpeg2adec-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\ppdlic\msmpeg2adec-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ef60ce48d1f50a99a2791bf1e06e98b5`
SHA1	`b77a4b9554e1db45300a1ba01388c6ad25fb2f47`
SHA256	`90eae28514fafb03ed6f2ebe481e87a3c79ed585004d217e942819a749489d4a`
CRC32	`6069D6BB`
ssdeep	`48:3inkHG3nwflF3Ov39mcRHW0602l1wl023wl6b6shtD+NidVIeWiQZtwSN5J6NY3J:jm3nwT3i3UYjXfdVDuLwSN5J6NY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	e5d995198b5fa266_advent-dsgltd.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\ADVENT-DSGLTD.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`26d276e893429c6dcd9146ff86cdc555`
SHA1	`71ae573ab583ced2030badfc70176807955a5d27`
SHA256	`e5d995198b5fa266ce1b125d5932bba912a923c7712f71a57deaa81f53849cb4`
CRC32	`07AF850B`
ssdeep	`48:cK7kHG3U/zDHUnX9OEx6b6shtE+gfiCkSz3mubm0u2Y3gflYp:Qm32D0nX8tXMfeSKub42Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	a7e98c1f8e956303_changedesktopbackground-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\ChangeDesktopBackground-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9639f160448ca086725f2e201eea829f`
SHA1	`464bbe14fd544ea209b204681387c6bb1c7b4ba6`
SHA256	`a7e98c1f8e956303918bf0dd060d92814f54f5d8750c2a9b4876c26bc584e798`
CRC32	`3F490B36`
ssdeep	`48:3tkHG31iflF3Ov39mcRHvW6b6shts9S+ObQ0CFtwSN5J6cY3pq2flv:ym3IT3i3UYXXWMGwSN5J6cY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	7e3a6a71a44c03ce_foreverr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\ForeverR.cmd
Size	4.7KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`625210de377bd9714f1ae0e5b134af9c`
SHA1	`06d3e7266a8561264916d61aa1d5c75580306f3b`
SHA256	`7e3a6a71a44c03ce6f3f68923e0309636406f0c3b1566069f79d3d7b32fa482d`
CRC32	`B81A8A99`
ssdeep	`48:b535b5nL5Gw5X5n5rL5E7t9NfVZ1FTFVmHqkNYLuJjdB4AvuJjdHNAMymii+RP:lJlVzp5ZGt9jZ1Fv5uJZ1uJZDymixP`
Yara	None matched
VirusTotal	Search for analysis

Name	e71d40de4b71e11c_kmschange.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\KMSChange.cmd
Size	8.9KB
Processes	2196 (A.I.exe)
Type	data
MD5	`f8080473dfa2e715d1f347da5d70f7bd`
SHA1	`e9db4d49bfc8845345cd08281f590ee4dfd527e5`
SHA256	`e71d40de4b71e11cd0fae1e8b20531c921c9859f9ac448e1a88ee268ac99161b`
CRC32	`4AD7C5CE`
ssdeep	`96:yulXymts1jBHOaVvmts1jS5FtfBV0jyyoSNzmts1pS5FtftV0jpyohd0QdZ5daow:Ms5FlZR5FlIR0QZraYXZAc1X6bhDg2`
Yara	None matched
VirusTotal	Search for analysis

Name	fdb42ffb062d3b24_slic2.1si.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1SI.cmd
Size	3.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`058d087417e4154f8336127cc3cf67b1`
SHA1	`3fb736abbeac35677447700b3e7c7496fc978a7b`
SHA256	`fdb42ffb062d3b246e3ca310946235abd404c3fd53a546cf1eaacd01d9ff22bc`
CRC32	`3DCBA9D5`
ssdeep	`48:yu4F1EF2jFVF8BFgMYxpXArWUEioAzE41ye4sAIMqVx7wn:yxQ2/8DSdABphzx1ylsA20n`
Yara	None matched
VirusTotal	Search for analysis

Name	b3157e91e5f53dd0_security-spp-component-sku-ultimate-retail1-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-RETAIL1-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ed7092beb2a864e0bb3475757b109565`
SHA1	`5117bf5cfc518f9eb1c5e6b7a7fb3170c9d03feb`
SHA256	`b3157e91e5f53dd0e8487fb40da25882aaa21264ea5f30986f616f69e2b108a7`
CRC32	`73B3595D`
ssdeep	`384:n2fC4ukCNrSDym0ML5KGf7miCgmE88e0FwKQ62GNf7YO:tnBWym0InJFu4z`
Yara	None matched
VirusTotal	Search for analysis

Name	d072a059d3ed3e75_dell.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\DELL.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`18b1e45bf56f40c3c4bbe65831178216`
SHA1	`cc9172bbb1a299ea0b0fe7fbb97db51faf0a08b5`
SHA256	`d072a059d3ed3e75c98b85b41e4319e8d5cfae0e0c239b62436a3ad34003ab4a`
CRC32	`DD981F15`
ssdeep	`48:cZkHG36SPE6b6shtOX+vXvajSz3mubm0u2Y3gflYp:Nm3xPNXLXvySKub42Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	89ca566d3dc108c9_photominfeature-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\PhotoMinFeature-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`97c82d90ac5c191fa7d25dbb17453a14`
SHA1	`5eedeab919c07973ad29d28dc73ea274856437ce`
SHA256	`89ca566d3dc108c9cd13374d6e2bac520807ec5fdd74799f1fcbcb2eec3aae2e`
CRC32	`2B254CA4`
ssdeep	`96:Km3JET3i3UYrlHv4kXVKAwSN5J6amY3pq2t:3JEroUglHv4Yftmmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	7dad71f3f5ee0db7_microsoft-windows-auxiliarydisplay-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\Microsoft-Windows-AuxiliaryDisplay-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4b5382ebd12f475f327a3b0e51c9df0a`
SHA1	`2e0130fe7671c06d64bc95b43c54964a7de67c40`
SHA256	`7dad71f3f5ee0db77d8be13434e0559ab4be96dad0c393afaaa9a5dd9a69872b`
CRC32	`BC9987FE`
ssdeep	`96:Pm3HkaT3i3UY9WYbfsqXjhnTIwSN5J6zY3pq2t:sEaroUED2f8mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	e526b111f7a008d2_security-spp-component-sku-enterprise-vlkms1-pl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VLKMS1-pl.xrm-ms
Size	13.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`fbcc6d0626b7db130852b28ea25fbbcb`
SHA1	`789ba74edeff005ca92caddbc2c21dbcdce4e34e`
SHA256	`e526b111f7a008d2eacdd31bdaeb46e4a161ddd2040002e60e8eb2d870f9e7f4`
CRC32	`F77A8FED`
ssdeep	`384:5geygf/f0flejmE83G6e5bOmITIfVTGf0g:eeO4X6WK`
Yara	None matched
VirusTotal	Search for analysis

Name	c79ea4d781955547_server2008.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\Server2008.cmd
Size	4.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`cb9aed7f7c73f8389374bdb69df5a2a1`
SHA1	`deb89e9a1de7bf7f9522beb93953e77fbb370829`
SHA256	`c79ea4d781955547d90c0fef44e726f5259ef09ab39fd0c671501180347cf55f`
CRC32	`5213A1AA`
ssdeep	`96:yXXrWLiSnVC88UaF1J3EsEUiKvddnKvINTqQTp/a:+qnVC88HdmINWQa`
Yara	None matched
VirusTotal	Search for analysis

Name	de1a0a3c8daf7e78_shell32-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\shell32-license-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`53e9fda45791498334af0e10654fd9b9`
SHA1	`2ff31de31c075333204329849edb0743e7ade0a0`
SHA256	`de1a0a3c8daf7e7800e342f4e963857a2c1eadcc7130ba4c740731b3a30e1a19`
CRC32	`4DA2C338`
ssdeep	`48:3lgkHG3JflF3Ov39mcRHm6b6shtY+Irvt0htwSN5J6OY3pq2flv:Vrm3JT3i3UYPXGvtMwSN5J6OY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	8b796e4ec3443d3e_security-spp-ux-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\ppdlic\Security-SPP-UX-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5f01f3f0e3aee9dcd3b20f25ff47e2b6`
SHA1	`61e102acb5ee67e208a97d1342ab206fbcc0ce48`
SHA256	`8b796e4ec3443d3edf1b07ce82aaf185e7a778ec5f9700f110b095fdf98e646b`
CRC32	`922DC678`
ssdeep	`48:3obkHG3PQflF3Ov39mcRHhy6b6shtg+wAUdLD+OtwSN5J6JY3pq2flv:4Am3IT3i3UYpX8TL6cwSN5J6JY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	5d21f98296b4527d_tabletpccoreinkrecognition-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TabletPCCoreInkRecognition-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`149d1b24df36956cb0331f7f8cee54ad`
SHA1	`479ada396bfd24c83e79d4e76e894f72c17d6a7e`
SHA256	`5d21f98296b4527df4b1c0d19b61f060f51dcfce41c12d59d8473e6b7db214d0`
CRC32	`2310BC1E`
ssdeep	`48:3TikHG3/flF3Ov39mcRHT6b6shtg+krd4OnwtwSN5J6NtY3pq2flv:DVm3/T3i3UY+XVOnKwSN5J6zY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	33d3b8889def9417_keyfinder.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\Keyfinder.exe
Size	304.2KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5	`8f9b306aff7c6862e79ed8100fc71ab0`
SHA1	`f40b4cb14202db2c82c32b3d136ecee14e9aff7f`
SHA256	`33d3b8889def941792c0d049e1dc27ec0f4635ebef6b8ce214644a9cf7affd0d`
CRC32	`DD02B21A`
ssdeep	`6144:KTfFDbRnOTr2/lqLAMMUo6HrgpQyaXzKTAZ9+5dRQ:Y5OU47br8pQyaXEAZ9+5dRQ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	683c360e28b4d386_printing-spooler-core-localspl-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`6c8a514c947d8cad0c46f08b1151803e`
SHA1	`5652386e653da4f9eed839194ee8c883183bf62d`
SHA256	`683c360e28b4d386df6af4828d756aae1e3eac86f6a08b0e5b29fe99df81d358`
CRC32	`86D0309D`
ssdeep	`48:3RkHG3UflF3Ov39mcRHMBeh6b6shtY+U7A0twSN5J60Y3pq2flv:Om3UT3i3UYSX07AewSN5J60Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	a59a97bdec499a56_client-issuance-spc.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\spp\tokens\issuance\client-issuance-spc.xrm-ms
Size	5.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d01a3ca76390ea208929c071977a0472`
SHA1	`9e5334ac81033800c22ca83ab3ddf36233bc6bd4`
SHA256	`a59a97bdec499a56b4ceb06dc8c4332cd75535707943f15feffb9e40f60de26f`
CRC32	`4D46346D`
ssdeep	`96:+m3t0WqT7ZMVZiwSN5J6ZjXDQVKPEWY3/kb:Tt0fT9MTifqPR9mm`
Yara	None matched
VirusTotal	Search for analysis

Name	cdc92b8f0b79343d_tabletpcplatforminput-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9004333844f593b83320e0f80a676f7f`
SHA1	`4371b63ff04f0d15775d0ac4b3e85ac13a570df7`
SHA256	`cdc92b8f0b79343de11e1e8f92ea6f8a7888226c7745111c08821e87c09a1679`
CRC32	`CD08625F`
ssdeep	`48:3s2YkHG30flF3Ov39mcRHfp6b6sht4A+PyKE0zOtLltwSN5J6iY3pq2flv:cOm30T3i3UYkX6zcLXwSN5J6iY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b2167926373d2862_gateway.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\GATEWAY.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`6a098a851204179d430741684ff4f4b9`
SHA1	`6524b4cba31e786f73d336c48a157bebe4b60e49`
SHA256	`b2167926373d286274f2236213bce9e827b3e5f4846d3057777d8335e7ec360c`
CRC32	`81487FE8`
ssdeep	`48:cHHkHG3iM1C3AN6b6shtY+qjGc8Sz3mubm0uFY3gflYp:8Em3nWAYXgGc8SKub4FY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	d0f74005dee1e1c5_tcl.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\TCL.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`ba6aadc93237a7b683749628aa0d74d5`
SHA1	`ab6ca80197961ef59e34797f94a772566b6100b5`
SHA256	`d0f74005dee1e1c538eb5e5b9acc0ccd32d54842753b69f264fc7c3d97a9ebb0`
CRC32	`3A42CE25`
ssdeep	`48:cAkHG37vyX6b6shtM4q+xbehPUhSz3mubm0ujY3gflYp:Im37lXH0CSKub4jY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	2f3210da0d80a3e0_microsoft-windows-desktopwindowmanager-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerStandard\tokens\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms
Size	3.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`5528b6d1c60f088625d304690d8296ab`
SHA1	`e0937bad179bac3e1fff833fefcca453b4d3d0f0`
SHA256	`2f3210da0d80a3e02f17527da31058509c4612c7ffa94c92276bb6175633ea8a`
CRC32	`4EF93486`
ssdeep	`96:fm3H4T3i3UY9ruu0qbPXGIwSN5J6mY3pq2t:cYroUxIfRmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	bbd74b20954f8a43_security-spp-component-sku-enterprise-vlkms1-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VLKMS1-ul-oob.xrm-ms
Size	13.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`906f188ec953beb237c024a241814fcb`
SHA1	`df2c436c95a735334251eda80e41fb5b8cc96305`
SHA256	`bbd74b20954f8a4346d395c13d505bf8c61f92cd9442dde19d5cb8edd62ffa77`
CRC32	`AA2CD041`
ssdeep	`192:acfhWWDvpgWn4sBDfvmqo78vP+mE8d/nePIE7e73MtqJVtrfvm7Q:acfPjZn4sBDf+qo4+mE8Rne/Etrf+7Q`
Yara	None matched
VirusTotal	Search for analysis

Name	5b1a159150570e0a_securestartupfeature-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\EnterPrise\licensing\ppdlic\SecureStartupFeature-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`6a558e28293d46bdf0c8a650bc9aab89`
SHA1	`004116d6e335e95455e85dedf74f683baa8891ca`
SHA256	`5b1a159150570e0ad0aac7b4cedda4763930778136cc234d7ad00060105802c7`
CRC32	`2E2B0F3E`
ssdeep	`48:3I0kHG3SflF3Ov39mcRHMT6PTUD6b6shtix+fsxS+YutwSN5J6qY3pq2flv:6m3ST3i3UYsWXEBEEwSN5J6qY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	4d460348ad0f8e43_explorer-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerEnterprise\tokens\ppdlic\explorer-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d653e5080f8f1b158f11a372c4aee9a8`
SHA1	`21d98aa134df90f33d9dccf5c11646dd94461d7c`
SHA256	`4d460348ad0f8e43cb32bdf3dfc089233aff2b21e37a91729fbcba0b42b243d2`
CRC32	`E0AB34C6`
ssdeep	`48:3jkHG3pflF3Ov39mcRHKF6b6sht9+nhjzvQO3twSN5J6+Y3pq2flv:om3pT3i3UYBXw5vQO9wSN5J6+Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	d155536463afb3f2_dns-client-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\DNS-Client-license-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e5fc1f60c87f0764296f279426f2de4d`
SHA1	`7a7d9b45dab4a2bc57c523e8e13a70eab18a6a55`
SHA256	`d155536463afb3f2559fc2cec0a8603ec36461905b3898d2ad66111b84ac3650`
CRC32	`F941E807`
ssdeep	`48:3tFbkHG35flF3Ov39mcRHA6b6shtE+X3inG4i0ptwSN5J6HY3pq2flv:dGm35T3i3UYhXz3qrwSN5J6HY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	cf7ffefa3d20d85a_removewatermarkx86.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\RemoveWatermark\20090314\RemoveWatermarkX86.exe
Size	17.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`5c3607fe665c4250ae315270e0183b47`
SHA1	`b3d3655b9b81273492e9126284098cf9818bd231`
SHA256	`cf7ffefa3d20d85ad9d0fb67a38b6d601acb2f1344d1667c1a785964e4c4eb0a`
CRC32	`BDB9A464`
ssdeep	`192:GHY72zUkStKGGO3tVXPx9lfvFoIkoGy1BCYaalVvis1Z7KVgJdCDHtUYKLrkSIwm:GtGGSVfEBoGy17Tr6slzu6F9Iv`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	b94b5b631272da59_shell-inboxgames-solitaire-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`668aae567688e2e54fd437bd729bc738`
SHA1	`54b8e2b66ba2a24712f6539be801216c805af6a8`
SHA256	`b94b5b631272da59fc13f7965fca08a7e5d65ae73b8c4eb7392f2db7f09e154b`
CRC32	`83929993`
ssdeep	`48:3Yb0kHG3xflF3Ov39mcRHY6b6sht9+cqyA7dT6DdtwSN5J6vY3pq2flv:0m3xT3i3UYJXQyOg/wSN5J6vY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b0bce05b1c5f9bf0_shell-inboxgames-solitaire-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`f1ad6a6e72b968e8065d19a2014f8b0c`
SHA1	`0f4ea08826aca82040c3d73389e5b64c7f00be37`
SHA256	`b0bce05b1c5f9bf085cc31ab11132239914b9c5719cbbbff0286ae39b72b5e91`
CRC32	`DC8D5D6C`
ssdeep	`48:3Yb0kHG3xflF3Ov39mcRHX+6b6shtZD+zAXMHtwSN5J6mY3pq2flv:0m3xT3i3UYHXryAXewSN5J6mY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	cfa13cce45482069_takeownershipinstall.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\TakeOwnershipInstall.reg
Size	967.0B
Processes	2196 (A.I.exe)
Type	Windows Registry text (Win2K or above)
MD5	`dd35a77b6a633fa1204186b84a3625fd`
SHA1	`f5e3fca2f7ce51245a7eb9e6bf620e722b45308a`
SHA256	`cfa13cce454820692e5764a4f7c5d8cced020320a83c7181311516bef35ff8be`
CRC32	`2DDD0BEE`
ssdeep	`24:jBJtRvtTPt+dtQt+x+vtLPt+dtQt+xnvtgPrc++tQrc+p:9JBPt+dtQt+x4Pt+dtQt+xaPQ++tQQ+p`
Yara	None matched
VirusTotal	Search for analysis

Name	a77366847c9900c0_security-spp-component-sku-professional-vl-bypass-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul.xrm-ms
Size	12.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4b67c11701f8047ab2f3d1373db300fa`
SHA1	`ff2ac877d36cb4c4caa4609b733a96c815b83aaa`
SHA256	`a77366847c9900c0fd6962f021d283543afed4ede31234b4a3e51a33a1146bad`
CRC32	`9A8EFF12`
ssdeep	`192:YOfJm1fJmffYmsnocQAmE81SeUEeEz3E4CSV3P12fYmn:YOfI1fIff1ssAmE8IexeshbV3P12f1n`
Yara	None matched
VirusTotal	Search for analysis

Name	2376e4ac5f572cb1_omd-api-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\OMD-API-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`e374ecf5ad216e25c1377dee5452849b`
SHA1	`4cea8aa3de2c1c0992210297af13f283858658be`
SHA256	`2376e4ac5f572cb15b386cf4a03c2e30e3bd6b807da867009f2d37618e363ff4`
CRC32	`126364A3`
ssdeep	`48:3xnkHG3xflF3Ov39mcRHtd06b6shtih+4LpFlB2Q9twSN5J6JY3pq2flv:hkm3xT3i3UY9XENDb2ewSN5J6JY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	0c426f67bc3eb0ff_mathrecognizereventslicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\MathRecognizerEventsLicensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0964607473bf62fb97818f5406930e6c`
SHA1	`b8ca8071354b05be5ae720aa9f5077b44b84758b`
SHA256	`0c426f67bc3eb0fff102ee270dd6ef14b9e4ec27fdeafda8a7f8d28e67c9396d`
CRC32	`D2A0ABAB`
ssdeep	`48:3VkHG3bflF3Ov39mcRHc6b6shto6k+OMO3CBoceQWtwSN5J64Y3pq2flv:Km3bT3i3UYVXe3CBojQUwSN5J64Y3pqO`
Yara	None matched
VirusTotal	Search for analysis

Name	b9fa2d3bf2670280_systemcpl.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\x64\System32\systemcpl.dll
Size	410.0KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`6e62eaf8a35ae3801ce0554fb140a84a`
SHA1	`ba1f56c430a222e753cd1f5322136f8726247cf3`
SHA256	`b9fa2d3bf26702806fc394521e57c9d65825ee40923a663af5e8b568646d1f11`
CRC32	`B1341108`
ssdeep	`3072:HHbuq0/DMnlGfzLOgYH1kppH7yT1V6WxFO+lk0yQW5Gk0GH/qO7rpKCUwyvsPjJr:H7u5gnYXaHePc1bqY/W5R02qO7VKC1z`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e86e0371b747a8b3_shell-premiuminboxgames-chess-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Shell-PremiumInBoxGames-Chess-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`c5e26c622c057ae6d82369e2cfacc86f`
SHA1	`98b193c758f10e684c83a3e092b73e309613a34b`
SHA256	`e86e0371b747a8b36035d6ada91497ff7f8c21718d28b85d9a171eaccd3d3b15`
CRC32	`88E3C30B`
ssdeep	`48:3F6kHG3EflF3Ov39mcRH4d6b6shta8+9nnIHtwSN5J6VY3pq2flv:19m3ET3i3UYBX04NwSN5J6VY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	b719bff57185e7a1_printing-spooler-core-spoolss-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms
Size	3.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a30b7723a419324978d6dc3b770159f9`
SHA1	`0e929af2e93aab7855dac3faadfca8157d70dc69`
SHA256	`b719bff57185e7a17038e08e38f9dcd8f7b0f40ed94e0c59513fba2fd9845cf3`
CRC32	`25319CF5`
ssdeep	`96:tm3FT3i3UYxMo6hXNUe69YwSN5J6BY3pq2t:+FroUxoAUefimjt`
Yara	None matched
VirusTotal	Search for analysis

Name	ab641776597d6f1c_dwm.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\DWM.reg
Size	404.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`e6b848a5e536cf91563fe04156ec401a`
SHA1	`9ba61357471a193c8a8a7307a312ff39bb4a9a48`
SHA256	`ab641776597d6f1cdcc1124cde3dafe701dded643ffffa98920c5a2520c8a811`
CRC32	`BA9154CB`
ssdeep	`6:Qyk+SkWCiiCRroZ6IJl5qIlgCVlEEoWcHWn+Sk6yGj3yjJlUAG+DZKHWn+Sk6yGY:Qy5hVZtrRNEEaW+7EyNeAxDZaW+7Eyj`
Yara	None matched
VirusTotal	Search for analysis

Name	1aae1fe472740627_nec.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.0\NEC.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`6698c5246b01eaaf2773d95edba5defd`
SHA1	`ceae3f2d561ae06ee586b1c31e30f8f2447bfa08`
SHA256	`1aae1fe4727406278b7b903c5916dc1946f354ca942676d08af719f8fd9f7406`
CRC32	`B25C4AA2`
ssdeep	`48:cPcYkHG3Ic7LT6b6shtx+/yrpV7cSz3mubm0uuY3gflYp:Uom39LeXKIVgSKub4uY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	37ee58d8565a3824_microsoft-windows-dot11pref-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`bb2c62953a247c5925ef46410778617c`
SHA1	`d2d479710de7deadb72592d0c041d948c1f2b408`
SHA256	`37ee58d8565a38240e783268176746e3d3c1f50e54b0aaf4cb8f9d6aaa40afed`
CRC32	`BA0DAF8C`
ssdeep	`48:3qkHG3HlflF3Ov39mcRHa+06b6sht6+IO/+vblEtwSN5J6WY3pq2flv:dm3HlT3i3UY9dXCXxuwSN5J6WY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	72b9f1baf76899ae_hasee.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\HASEE.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`cb8e5074d10afd932c62289974b10491`
SHA1	`0cd8cc723bfaf0da13b0e004818600cba5e1635a`
SHA256	`72b9f1baf76899aec002d10787c79a5bcaacf2adb77525842f124e5860ddab41`
CRC32	`E8E6E72F`
ssdeep	`48:cFkHG321w5fn6b6shtt+HWRuSjPQsSz3mubm0uo4Y3gflYp:Fm3n6XtASjPjSKub4jY3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	7aded7077783a965_shortcutpatch.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Shortcutpatch.cmd
Size	8.6KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`63e66f2c8ce7c57ccd14754b401bb208`
SHA1	`6f7950b59d9a22e5462c67876422875d4c63be74`
SHA256	`7aded7077783a965fdc674cf2dc77d2974c25085c9d57ed87c57212f5e4ca335`
CRC32	`FB80E308`
ssdeep	`96:wQAmq4a+F4mw46s6+HhJnJ3JXJsxWJsNKJs6f66mmaqK4a+FSkjkv4mwSBV46s6i:ymqmu+HjJ5ZpB9mmaqKmQuu+cH94R`
Yara	None matched
VirusTotal	Search for analysis

Name	ee966290f475be04_sliccheck.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLICCHECK.cmd
Size	7.5KB
Processes	2196 (A.I.exe)
Type	data
MD5	`5c8ec3f98098d93bde3c4912ff3a54cb`
SHA1	`4a9d45a4f8dd44a069644763c25c92a6f6183f25`
SHA256	`ee966290f475be0407c4c21b126f28e11e6c8f377fcefb12c952d599bce46fbf`
CRC32	`1DFAF8EE`
ssdeep	`96:UaAqMiLzlSDZ2mCY6wfVoOX9hpMYvrvD+Avtpn15L3Xger+gH1yHr:qJTBVoO23OpIr`
Yara	None matched
VirusTotal	Search for analysis

Name	7a164f530db40e4c_slic2.1stbootmgr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1STBOOTMGR.cmd
Size	5.8KB
Processes	2196 (A.I.exe)
Type	data
MD5	`6f48c52393dafe6a103627cfe5a2a757`
SHA1	`0f34985fb5a55de551f465085789b4e66b8cea6b`
SHA256	`7a164f530db40e4c42822f2bad3836b4b6f8a8e209a206ed8238049225b4c706`
CRC32	`F36A69FD`
ssdeep	`96:eqG1hCj9chMiLzrTKLZ3zrlr8DwrCt/lN+n:pG1h6p3zrd8DWn`
Yara	None matched
VirusTotal	Search for analysis

Name	73c4c8445a6b4813_client-issuance-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\issuance\client-issuance-ul.xrm-ms
Size	4.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`12e793fe60505bad1c3df58779d83dab`
SHA1	`d547957e832444b8f58653afad277601ab8dec4d`
SHA256	`73c4c8445a6b4813cea814199f6364ad5a5054797a10fec9c47d77b811fee640`
CRC32	`195D10B3`
ssdeep	`48:3TkHG309LtpqZGVffu4S06b6shtV+M6+gP885nKPEWY3ykb:Ym3OhpqZEhiXUJPBKPEWY3ykb`
Yara	None matched
VirusTotal	Search for analysis

Name	7c2cb8bc305b523a_7retail.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\7Retail.cmd
Size	16.2KB
Processes	2196 (A.I.exe)
Type	data
MD5	`05823228d9c7552e141d046bd0125a5e`
SHA1	`dca05a2c4ef6698b872f466849d310d6facb434f`
SHA256	`7c2cb8bc305b523aeef74d03a549515aedc8c344a6b69eb7db42f73e5ea4a454`
CRC32	`F914A8D0`
ssdeep	`192:qol95FlA3DWbmJ8iAas6J8iAtDJ8iA2qJ8iAGxCThJ8iAvqMUcJ8iAmJ:qM50z34Lca8x`
Yara	None matched
VirusTotal	Search for analysis

Name	0779f008d6ccab1f_bootmgr Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\bootmgr\original\bootmgr
Size	374.6KB
Processes	2196 (A.I.exe)
Type	DOS executable (COM)
MD5	`d6ae2d5521dd93aebc90d411d099fa36`
SHA1	`900889155f2ed72d82739c4290ab5893ae3c6894`
SHA256	`0779f008d6ccab1f48ad76717f06cd4ba9405c65e6412ae22646361680035eb2`
CRC32	`EE471B58`
ssdeep	`6144:lxcD/zDc0zNlM1Gbs7wzsoX5NmmSpS67WemiX6kM+EjSkW2lVE7FjHhSx+:DWzDc0R6ob80sAIg62k61EBjBSx+`
Yara	None matched
VirusTotal	Search for analysis

Name	ad68ac46027d6ab2_tabletpc-tabbtn-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`81bbf79232267782b6ca6583edc741bc`
SHA1	`d386feaaaf5c97c2e948f922dea7a0ac00629142`
SHA256	`ad68ac46027d6ab2957039363a9bdaff39007291af02281c06171835016ee40c`
CRC32	`152CC5E0`
ssdeep	`48:32Ri+kHG3BflF3Ov39mcRHH6b6shtrFjk+dd/NOHgtwSN5J6EY3pq2flv:eiZm3BT3i3UY6XdDNW6wSN5J6EY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	6e11a4ee0f5a9f40_security-licensing-slc-component-sku-business-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\skus\Security-Licensing-SLC-Component-SKU-Business\Security-Licensing-SLC-Component-SKU-Business-OEM-SLP-ul-oob.xrm-ms
Size	12.5KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`79eb822d0c28171ad3be6e6d75a290fd`
SHA1	`a44e08d9ec30249d0891bb38b78be2aae56add42`
SHA256	`6e11a4ee0f5a9f40df0e6e05a8125061e801dc999fee8d11fc677f1b5935f504`
CRC32	`3292E396`
ssdeep	`384:NsfYu4sGd4afGgC4jmE8OXeICCbs53fG5:f54wC4V5se`
Yara	None matched
VirusTotal	Search for analysis

Name	82c247ce3fb670a5_security-spp-component-sku-starter-oem-slp-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\skus\Security-SPP-Component-SKU-Starter\Security-SPP-Component-SKU-Starter-OEM-SLP-ul-oob.xrm-ms
Size	12.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`66d2bae505fb2c2a21683b880ee8cf48`
SHA1	`cebd692a9b4b74bdcb134fdd32a99820ef788d8a`
SHA256	`82c247ce3fb670a5c0d0db11c022428fbdc9b54bacceff0bd280cbb8ecad9796`
CRC32	`A19AEFE0`
ssdeep	`192:hwfhq6vpgm4sn3fTm135K+V5+mE8dCeMnSXqj9ufTmv:hwfnR4sn3f6pH+mE8seM+Ff6v`
Yara	None matched
VirusTotal	Search for analysis

Name	92b9992e551df538_printing-spooler-core-spoolss-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`fec8778c37d9bb722af4ea788ddcf5f4`
SHA1	`77d1f28c33706148d9a302dc2fadc9099257a72a`
SHA256	`92b9992e551df53800081ade8184034fed5b41ec3e6795f8d91042c6604c847a`
CRC32	`69CB6EFE`
ssdeep	`48:3hYkHG3FflF3Ov39mcRHe6b6shtm+DZDRsIf8rtwSN5J6zY3pq2flv:tm3FT3i3UY3X7RsIMwSN5J6zY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	4d9486e61400523e_client-issuance-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\spp\tokens\issuance\client-issuance-ul-oob.xrm-ms
Size	4.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`15d416f4d75b777140bfad61dbcadb82`
SHA1	`d67c3c6a26ab436b8dbaffedbdb1c6aebeb7b03b`
SHA256	`4d9486e61400523e8200112c221c4ebfe70ebe669b0f251b470216206a4cf1f6`
CRC32	`53C5860D`
ssdeep	`48:3OkHG3etwSN5J6ZG4Ukl4Sd6b6shtZU+gWrqjBfIeQ85nKPEk5Y3Hkb:5m3swSN5J6Z7U/XXLYBfIelKPE2Y3Hkb`
Yara	None matched
VirusTotal	Search for analysis

Name	f953c8f21f3f7583_slicinstallcheck.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLICINSTALLCHECK.cmd
Size	5.1KB
Processes	2196 (A.I.exe)
Type	data
MD5	`f84919e5cea4ab5f7a9c4a83419bd0cb`
SHA1	`05ba1b86c4b67b6f41181501d83eaa98909cbf14`
SHA256	`f953c8f21f3f75834adc9b60ce472f5a29020d69672217654ab33bc6570d1686`
CRC32	`EB21CF29`
ssdeep	`96:D6v2m+UY6wfT8pztZjNB3Fd77trTyw+Hr:WP+fTufMhr`
Yara	None matched
VirusTotal	Search for analysis

Name	216f362b55dbee0f_option.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\Option.cmd
Size	11.3KB
Processes	2196 (A.I.exe)
Type	data
MD5	`2ef98a5fb8f9dd46875d75b49997fafa`
SHA1	`dfe4636bae73d94cb8deb9ea0478477150648533`
SHA256	`216f362b55dbee0f9aa9c14a757ae06921180625c480cfc24f6dfab8687cf6ea`
CRC32	`0469C571`
ssdeep	`96:5oLxLl/e4RPnftYRGfRGQkkZEiNRqtGAxgqbgsIiEdy0h0Y0YUdaOGqhnY4hEc2+:5Boimf/sIr4mT4thn`
Yara	None matched
VirusTotal	Search for analysis

Name	82e1ca366e969266_printing-spooler-core-localspl-licensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a6c2758212303295e180ad70fb520d71`
SHA1	`0b9d1c4d4ddcd1347dd8684b77704d865ae43df6`
SHA256	`82e1ca366e969266c53ff662ab57d05ad32a3c85367c85431088df62bb2c5af5`
CRC32	`9B6C9387`
ssdeep	`48:3RkHG3UflF3Ov39mcRHD6b6shtr+VLQajSdatwSN5J6zY3pq2flv:Om3UT3i3UYOXoUiS+wSN5J6zY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	276deb04efc11c1e_systemcpl.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x64\System32\systemcpl.dll
Size	410.0KB
Processes	2196 (A.I.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`155a8948bf8ec4ef0a582f0e07daccfd`
SHA1	`38f3fe989384b34507947d8dc86416c0de451bd0`
SHA256	`276deb04efc11c1eb485257c94120d462fb599e603c3665e7c3a6cea1af7a3da`
CRC32	`4910A121`
ssdeep	`3072:JHbuq0/DuJlGf+aOgYH1kppH7yZ1cFWxFO+lk0yQW5Gk0GH/qO7rpKCUwyvsPjJr:J7u56JYlaHeP61tqY/W5R02qO7VKC1z`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ecba5cf4114af056_explorer-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerStandard\licensing\ppdlic\explorer-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`eeef7b6c4ce548e031d7fca8a06cc697`
SHA1	`e98fbd5f5182b398b58a8d89145c9cd61a50921a`
SHA256	`ecba5cf4114af056c705d284468d5b53369c9ef432fdfb1cd1ade8b16916e7f4`
CRC32	`07600A8B`
ssdeep	`48:3jkHG3pflF3Ov39mcRHt6b6shtZQ+dJF+C/QtwSN5J6XY3pq2flv:om3pT3i3UYYXDDJ1/qwSN5J6XY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	af37a6a01bf76905_snippingtoollicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\ppdlic\SnippingToolLicensing-ppdlic.xrm-ms
Size	2.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`86e2fb2c0a6236e2189733d2facb2a98`
SHA1	`1098eee45af4b12b5d35181b22f860c026a3440d`
SHA256	`af37a6a01bf769051e4ae9e888b903b2a55d5786511b42d6bfc61b1d04d25a84`
CRC32	`E8895C33`
ssdeep	`48:3MVkHG3slflF3Ov39mcRHWg6b6shtB+x4nPtwSN5J6bY3pq2flv:xm3OT3i3UYMXu4lwSN5J6bY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	aadc3db3056dd106_slic2.1dhidden2.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\SLIC2.1DHIDDEN2.cmd
Size	5.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`2e222cc3789a1b2556daf48ea919994b`
SHA1	`c4df33677d52eb76a95c91dbb1b314a3d3a6d26d`
SHA256	`aadc3db3056dd1066a0bc5ff38d46050eb74c5871b8542da546f2d46c7ad48ec`
CRC32	`73DE2F56`
ssdeep	`48:Teqk3rMSVx64cAqMiLzn82eQPCbNVXd6gTD0S7/BrlVx+8Nn+tRtLeWhddHGvRv+:TeB64cAqMiLzn8VLZ3Zrlr4rnHgN+n`
Yara	None matched
VirusTotal	Search for analysis

Name	7a1ce86e22398da4_kmsserver6.reg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\KmsServer\KmsServer6.reg
Size	738.0B
Processes	2196 (A.I.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`c77bfc55b36ccf13e369fed0c1be5185`
SHA1	`8a52b1b59f74fdcd7cd74efe0743d1610ab427a5`
SHA256	`7a1ce86e22398da40fcb1fa2f9f7bd406df9686ade0448e278f1d2cb5998b3de`
CRC32	`AA7BB37A`
ssdeep	`12:Qy5hVZteAxDZaW+ZENgUOtY80UUOgeAxDZaW+ZENsEg6e9UOtY80UUOU:QChVTessZENgUNUU/essZENsEg5UNUU5`
Yara	None matched
VirusTotal	Search for analysis

Name	d74444b75681c2a6_mclicense-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\MCLicense-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7b56436619b89659e398e4a4e1601e29`
SHA1	`bb63a8630808e7d8dd31a839be1b02889bfb4e53`
SHA256	`d74444b75681c2a6bf3a96a65a2870c86032127dc0c7595e4817cb86387ccc1c`
CRC32	`134920CD`
ssdeep	`48:3U+vkHG3PflF3Ov39mcRHj5G6b6sht4FM+fhaKppR/twSN5J6aY3pq2flv:EDm3PT3i3UYtPXGFLRVwSN5J6aY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	0ef2da0537b84c5b_security-spp-component-sku-professional-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`8e4f9b45710d252ab63f47c53a286703`
SHA1	`d8c843616d3447f9de1b99a45ede5a839b9b6306`
SHA256	`0ef2da0537b84c5b597cb472c0839d1787fb57f8a0ad55a90e449f82c026f2ac`
CRC32	`EF9870F1`
ssdeep	`192:yIfh8svpgY4sqgfEmWnIkO+mE8dk2Se++iatTdy0cfEm+:yIfrv4srfpWw+mE8PSenthcfp+`
Yara	None matched
VirusTotal	Search for analysis

Name	371d6514a7fde088_security-spp-component-sku-professional-vl-bypass-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul-oob.xrm-ms
Size	12.8KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d0fe7e471c4811ac5a70ca38621d7253`
SHA1	`2ea04a5fc158f31c60312e9ba9d59b132226ffe1`
SHA256	`371d6514a7fde088fdb584ed25cebea293fdcf493095a04b235a2a6344a6aefa`
CRC32	`9756BC83`
ssdeep	`192:HIfh8TvpgX4sTfTm/enoUkw+mE8dueIbM9tHPjblfTmE:HIfwY4sTf6m1+mE8seIA/rblf6E`
Yara	None matched
VirusTotal	Search for analysis

Name	d8534a7ab6ef3a79_tabletpc-uihub-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`779efd3c91df0caac2e76e5055830364`
SHA1	`115bf50e6138827f062dd470453b4027d65c6005`
SHA256	`d8534a7ab6ef3a79f8b47f85ef13b04888ea49b224006c9908ddcc1a442c4406`
CRC32	`B87F1BE6`
ssdeep	`48:3gkHG3rflF3Ov39mcRHT86b6shtgS+yhvEDKgtwSN5J69Y3pq2flv:bm3rT3i3UYBX9EwSN5J69Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	6488fd4b89f12b71_kmsoptimizer.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\KMSOptimizer.cmd
Size	8.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`ca85e6d901552941caa9060fa2ef7f51`
SHA1	`cc1c92cf948a35479ad00800887d2118a1508880`
SHA256	`6488fd4b89f12b7189912bf26a0f410e5e4d48f46e938da39ab1bd4ca75ba697`
CRC32	`C251D755`
ssdeep	`96:KdjJ+mts1Sua0u9aToheSaF711UDg6+n5iPkYVx06tljVf5Z7yqZyqytYO3q1XTn:Kd/6t6eR6+58k6xXLjFzbHn`
Yara	None matched
VirusTotal	Search for analysis

Name	4405cddad33f20fd_security-spp-component-sku-ultimate-oem-slp-ul.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Ultimate\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLP-ul.xrm-ms
Size	11.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a58e41a5c4bf638532c631a15eefd937`
SHA1	`8fbde7286aabb22c5032af2b25e0426620405559`
SHA256	`4405cddad33f20fdffe32ba5480cd40284b0729a06a30c11d9be1e9d1542abdf`
CRC32	`F6E2584E`
ssdeep	`192:gdfRwoeyHlfGmTvK0EFmE8dIeqExLMdCdQTQnfGmY:gdfFdf7T6FmE8Seq0Ydkbnf7Y`
Yara	None matched
VirusTotal	Search for analysis

Name	c7db0b64ad1d6265_microsoft-windows-internetconnectionsharingconfig-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`8ecc877351ceef3516e51ef7e3b10b8f`
SHA1	`a81637e8ad25797a59fb6ef9bb66751ecca6845b`
SHA256	`c7db0b64ad1d626514f13d56c2096258314ab861a806925a63854ca4d73d7f98`
CRC32	`5DC282AA`
ssdeep	`96:im3HXgT3i3UY9XnXuXq05wSN5J6RY3pq2t:fQroUI+fqmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	0357fb094c40a6c2_dwm.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\dwm\x86\dwm.exe
Size	92.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`98c8d928f519a0e6170b7dd54bb7b37c`
SHA1	`45beec3632ab9a2b4890c78a6123695e8165fce0`
SHA256	`0357fb094c40a6c275035fd03fd0fa0aee0d6a2118e95e83452b482bc5d57efd`
CRC32	`47291A79`
ssdeep	`1536:0P2S0JAg49YxYqdDjbZV4YcBaP/veRb0qqqStbswTezRPjjQcBTUFz:0+S60IjtVjcwcbnqpTeFP/BWz`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	d95f9fa4f9139e5c_microsoft-windows-qwave-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-QWAVE-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`3a7d973e5a523ba81b0a99dcb412c4bb`
SHA1	`e405c2b9078ca0091c8f1a25ca18fa2507d7efe6`
SHA256	`d95f9fa4f9139e5c4857d45dab4e9f6a2792532da188cd5e9ef64e39100f9aa0`
CRC32	`CEEB7CAD`
ssdeep	`96:em3H/T3i3UY9VfNXYpXvTwSN5J6/Y3pq2t:zfroUOqpXLfEmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	0bb42216b0b7162b_security-spp-component-sku-serverstandard-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerStandard\tokens\ppdlic\Security-SPP-Component-SKU-ServerStandard-ppdlic.xrm-ms
Size	12.4KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`744074ae5d5d2ad1cce5420a48e3e13b`
SHA1	`cbe013eeda1c632e1e10bf70d39c6294b7fe7e07`
SHA256	`0bb42216b0b7162b967e1e32143b54b23d7c536d41661efd45d4616dac885adb`
CRC32	`70A265CE`
ssdeep	`384:GTroeEUOb49nWFEUXnUAoAOEBXFBxx2JkjJ+Oxfyjt:GQVFEUXnbf5Fxx2JkjMt`
Yara	None matched
VirusTotal	Search for analysis

Name	3605709ae7559976_security-spp-component-sku-serverenterprise-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerEnterprise\tokens\ppdlic\Security-SPP-Component-SKU-ServerEnterprise-ppdlic.xrm-ms
Size	13.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`28464e920f6974c8d30198d417b4e2f2`
SHA1	`0a3942537228241787184c2f838749c8a65d1966`
SHA256	`3605709ae7559976e13a1433c2ad68237173fbefd16a99f46dc4d425b522b741`
CRC32	`37DE3F65`
ssdeep	`384:GVroANUCLy59ZXxABnJFVlXqUAoAOE5uxsWEvq2J6PjJR1fsjt:QPosFVlXqbf5MxsS2J6Lr6t`
Yara	None matched
VirusTotal	Search for analysis

Name	22ee3bdc9f58e5a2_slic2.1sibootmgr.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\SLIC2.1SIBOOTMGR.cmd
Size	5.7KB
Processes	2196 (A.I.exe)
Type	data
MD5	`82ee404b1caaafd1bd08319b67c25db2`
SHA1	`732ad77e7b159aa1f0cfdb560c0229549914433f`
SHA256	`22ee3bdc9f58e5a2da6bf4ae8d00b82ebeac5f5fbff02429511e9b2e850322d7`
CRC32	`7D4267EF`
ssdeep	`96:eqD1hCj9cAqMiLzrTKLZ3zrlr8kVCrCt/gN+n:pD1hAJp3zrd8kVJn`
Yara	None matched
VirusTotal	Search for analysis

Name	ba0e969717681f97_a.i.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\A.I.cmd
Size	7.0KB
Processes	2196 (A.I.exe)
Type	data
MD5	`383b6ff7b119251265135abbc7d91ecb`
SHA1	`8ae9e870f4413f52a4789ef7288c276c82604b34`
SHA256	`ba0e969717681f97c0fa4205f43f1f8a61f4875520290517ba294b80bbfcbf06`
CRC32	`6CE82981`
ssdeep	`96:yzCfZDZJNApIPAIcK3BgrSXwPK1MQ++wBS/4LoO0zpCjzpCFJj8G4:j3ApQW7kFaP`
Yara	None matched
VirusTotal	Search for analysis

Name	ff66ec48527685ce_microsoft-windows-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Server2008\ServerStandard\licensing\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms
Size	3.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`db42bd1f9f070d51f164ebfd4f3b6b73`
SHA1	`9be4afb376746da087e0213b3a61b9ab5839d3db`
SHA256	`ff66ec48527685ce2db54495908800ec0bb31c6d215b83e03728f3eae2abdadd`
CRC32	`204A56DC`
ssdeep	`96:3m3HFAT3i3UY9FXF5FkFWFTFhoF4FvXfCC1bMGwSN5J6+Y3pq2t:ElAroUYVDo+ph0knCC1bMGfFmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	f8ba7bee2bd32d76_parentalcontrols-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\parentalcontrols-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`98dfc2aeca9e436e0d6c7d90b36d7050`
SHA1	`001723cbefeb922274e169beee7a388ad34da66d`
SHA256	`f8ba7bee2bd32d762aa3c0533b829a49ef449acc666634e2d8d815b7d1c973d1`
CRC32	`B9559EA0`
ssdeep	`96:Cqm3u0T3i3UYI9gvXWZjg1qjwSN5J6OY3pq2t:CXu0roU79gif1mjt`
Yara	None matched
VirusTotal	Search for analysis

Name	eedac53713bc5846_removewatermarkx86.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\RemoveWatermark\20090509\RemoveWatermarkX86.exe
Size	21.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`a3f4ffabc057ed6947c0de739b76c5cf`
SHA1	`83dd9b98fa1f60595d39b863913e737f65fa63b8`
SHA256	`eedac53713bc5846eabab9ef562a6a0a1dcf8e27dfc284e1e2f289a2aa8982c6`
CRC32	`CBBD4C4B`
ssdeep	`384:U2flq6TGltfhtthE1hSeYOlRU7M2/qdXIuC40IW:Uelq6TQtflmHSeYOliM2idIu70IW`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	28353c379ff43685_slc-component-sku-ocur-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Professional\tokens\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`c74b672815841cb621c81bd6e907148d`
SHA1	`d511ad8f39e39ae31188b49a6096b238f9c706a3`
SHA256	`28353c379ff4368566bbe2f03c6f9a89dd4290b5018cb1e535f3aa9c18b971ed`
CRC32	`3FA6C1AD`
ssdeep	`48:3wxkHG3WflF3Ov39mcRHKG6b6shtm+ILH+eDZDltwSN5J6qY3pq2flv:Vm3WT3i3UY0XqLee5XwSN5J6qY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	667c03bd0997ad5b_shell-premiuminboxgames-chess-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Ultimate\tokens\ppdlic\Shell-PremiumInBoxGames-Chess-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`610dce8131e5f167efe07952355a8afd`
SHA1	`29a3b676d81382dda7f2cb043ee4a2f3cbc0654c`
SHA256	`667c03bd0997ad5b51c4432ff077139f890bdb59c72572d53dd5736a29c6dd90`
CRC32	`851AEBEC`
ssdeep	`48:3F6kHG3EflF3Ov39mcRHP6b6shtP+q+S5CaYoVtwSN5J68Y3pq2flv:19m3ET3i3UYyXFWadwSN5J68Y3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	2f0202de9a6c1dfd_shell32-license-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\ppdlic\shell32-license-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`f8e68c039d4391b4ce8c7db9503a5d16`
SHA1	`46254944b2c36b155f902dbca9bc421c0c933f37`
SHA256	`2f0202de9a6c1dfd892fef87d3f1a9086e0dc0584166f886078e3b6c5471c48a`
CRC32	`22FA256F`
ssdeep	`48:3lgkHG3JflF3Ov39mcRHm6b6shtPq+dqVlXQJtwSN5J6lY3pq2flv:Vrm3JT3i3UYPX/EMwSN5J6lY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	8c64b02a9fd13c87_systemcpl.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Forever\x86\System32\systemcpl.dll
Size	401.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`4ee1f86f0380ee6f57c5283d945861ea`
SHA1	`3a2fb4421b35cd7fe7e133da4160e4b1995ff55d`
SHA256	`8c64b02a9fd13c870085f72f70524f119e5b3192a9fe2112b0dd4a565b942416`
CRC32	`C153EF3A`
ssdeep	`3072:ZaHbuq0/DI/rmpHy77HW1FWxFO+lk0yQW5Gk0GH/qO7rpKCUwyvsPjJr:Za7u59pHZOqY/W5R02qO7VKC1z`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	dcfc19a9d743a75f_security-spp-component-sku-ultimate-ul-oob.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\Ultimate\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-ul-oob.xrm-ms
Size	12.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7560e3ffae68e0fcc440dad1688499a7`
SHA1	`a902ab6d66c330fcc00dd93b2f01f03cd5174b13`
SHA256	`dcfc19a9d743a75f1f5e9c5c512e36d48ad4c114c8e158acb80a43f9654da7b3`
CRC32	`D5B82ACC`
ssdeep	`192:1Ufhktvpgp4sUqfomy+vIczQ+mE8dPSwe1EKr2lVgd+KefomI:1UfuG4sdfFy+NQ+mE8IweyKr2lk1efFI`
Yara	None matched
VirusTotal	Search for analysis

Name	ecf26fe25f37aae6_security-spp-component-sku-professional-vl-bypass-rac-private.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\kms\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-private.xrm-ms
Size	5.2KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`40067f10e5876b0f7af1363523380347`
SHA1	`27ba42c510326d86d777303f751c73c8f0e3e57a`
SHA256	`ecf26fe25f37aae6ebc265c9575556e36595be51fc81d9f7b189a85438b9691b`
CRC32	`D7E5B0DB`
ssdeep	`96:+m39tpLYLuLmL5qenPgQLa+YRYafMcGTUvWMWLymXn+wSN5J6DY31tetoYR:TTlmE85MemKeMcaUvWL5+fYmLoT`
Yara	None matched
VirusTotal	Search for analysis

Name	0b5730b51a81f964_terminalservices-deviceredirection-licenses-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\TerminalServices-DeviceRedirection-Licenses-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`b5197fd9f54b46fdfdcfde8b73b2bde5`
SHA1	`580248ce5ea55b69e946b8446db6ad09c3dd71ad`
SHA256	`0b5730b51a81f964aa0b405a1431990c24a29c86ef7408077afaa7619612b52a`
CRC32	`4CCD0657`
ssdeep	`48:39kHG3EflF3Ov39mcRHiB6b6shtKjH+0upqlS5p2twSN5J6fY3pq2flv:im3ET3i3UY9Xsj7S5KwSN5J6fY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	ae80fd76dbf7203e_mobilepcpresentationsettings-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\MobilePCPresentationSettings-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`dfcf942f00220ea6aeaa109def74beee`
SHA1	`a813cc29b132a40929999c7a67387b27c62c9883`
SHA256	`ae80fd76dbf7203e348ff216506dee8aee1567438d7a4013cc8f2246ee045574`
CRC32	`ECB150CC`
ssdeep	`48:3+UkHG30flF3Ov39mcRHg6b6shtr+zsJwGEH2EutwSN5J6vY3pq2flv:Onm30T3i3UYBXgsJBuf8wSN5J6vY3pqO`
Yara	None matched
VirusTotal	Search for analysis

Name	9653d10376402d0d_kmschange.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source64\KMSChange.cmd
Size	9.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`313bb15955c1c2f07b604ecf9c67471c`
SHA1	`972c3bbf77fb20e86389f49ec90e5930ef219446`
SHA256	`9653d10376402d0dcf49129956f88ba92d6e6e3e5f1553fc4c491cc5c553fb45`
CRC32	`70B31B9D`
ssdeep	`192:UInA7zzSznA7zzRtAUfZCcpTsg7F6dblm2:UInAQnAsX`
Yara	None matched
VirusTotal	Search for analysis

Name	9f8a10bbe8d42b9c_shell32.dll.mui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\SysWOW64\ko-KR\shell32.dll.mui
Size	288.5KB
Processes	2196 (A.I.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`58d29c85bb142be898ae37506bfbd314`
SHA1	`2f1db8f3b29825b8e06a0ac8dd09ffd8b42c16b5`
SHA256	`9f8a10bbe8d42b9ccd94a910cae46f75cd52a9718a339e20d54ca3989c949ff7`
CRC32	`2528FD74`
ssdeep	`6144:MWXJrKCAqFlq/ZqJlot/AZf2V2b0mGgs0G:MilLwKlot/AZKP`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	94e54bd02a9405dc_microsoft-windows-offlinefiles-core-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\Microsoft-Windows-OfflineFiles-Core-ppdlic.xrm-ms
Size	3.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a21a712ffaf001040c44cfebdef77002`
SHA1	`0cbd676632fb6ca380c1385eaa40176690025ecf`
SHA256	`94e54bd02a9405dc0067fd4a5351e89e96b2529db10a951ce6c24d615f20ff0d`
CRC32	`1D08FAF0`
ssdeep	`96:fm3HTT3i3UY9TqXn59oUDRwSN5J6RY3pq2t:czroUFDRfqmjt`
Yara	None matched
VirusTotal	Search for analysis

Name	faa62b40ecde92cb_wga64.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\wga\wga64.cmd
Size	3.6KB
Processes	2196 (A.I.exe)
Type	DOS batch file, ISO-8859 text, with CRLF line terminators
MD5	`38b13ac22b096850d25983d5171b7365`
SHA1	`21425432fc1854056458105ed021cff6f3fdfa92`
SHA256	`faa62b40ecde92cb19f1b198a22bfc7a04746ece648b6851e10f812adf135667`
CRC32	`B0BA5BCB`
ssdeep	`96:fTh938PNLPhcVBUcESWYgEYkUxABTA3tFui7FciOYtg76mrxFSFK3NjKr:7h938PNLPhcVBUcESWYgEYkUxABTA3tP`
Yara	None matched
VirusTotal	Search for analysis

Name	4a99e456460a326f_averatec-trigem.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\AVERATEC-TRIGEM.XRM-MS
Size	2.7KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with no line terminators
MD5	`172c78e78366f8dcbe4c4a5546bad60b`
SHA1	`67022b142bd1a0248206d1d10da3d51f88b4e1ef`
SHA256	`4a99e456460a326f2659706f031efe268d0dfabfb40f77d84dde6a5ba0e6e664`
CRC32	`8E6B285F`
ssdeep	`48:cUkHG3sFGx9L6b6shtp+h32JbQkwISz3mubm0u/Y3gflYp:Im3sgXmXE4wISKub4/Y3gKp`
Yara	None matched
VirusTotal	Search for analysis

Name	581e150405febb00_kmskey.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Source\KMSkey.cmd
Size	3.6KB
Processes	2196 (A.I.exe)
Type	data
MD5	`70e0708d45bb6fba81649f47c7d07d2a`
SHA1	`f8c634a4d18ceaae29d2d2774d31ed995f931a8c`
SHA256	`581e150405febb004f38336e6432d4479a3c6e7882664b7ebd2468a5db19a7db`
CRC32	`40977407`
ssdeep	`48:50SPBaW2B0SY072yO0DeClM2Rxce8Jfth7LvcjN3vv30Dieb+:50wUR2uce89tZ83+b+`
Yara	Win_PWS_Dexter_Zero - Win PWS Dexter
VirusTotal	Search for analysis

Name	94fa131d71c69732_pkeyconfig.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms
Size	765.1KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ed789bd86a3343a039a256a2ae06bbce`
SHA1	`9c096d9087e2270028eb65269cceda4518921b26`
SHA256	`94fa131d71c6973266ca1f86d7a30f563dbdc3fc6f7142585c3761facf74f2c0`
CRC32	`0783E32D`
ssdeep	`3072:c0OBckH4FGMq9s3f2Y5t4DuVHrAoYGmkVC92oVuAXfjqiuLHkXDxyBYxm/xWK7Za:TkUWqwenahOZeeBU/YiRPpvPeRg`
Yara	None matched
VirusTotal	Search for analysis

Name	c425d093109c62de_terminalservices-deviceredirection-licenses-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\R2\ServerEnterprise\tokens\ppdlic\TerminalServices-DeviceRedirection-Licenses-ppdlic.xrm-ms
Size	3.3KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`4de3c2190b1dac1486949271fd6a280c`
SHA1	`aafed3bc8d8aac53a32ebcc09889cc49b8452963`
SHA256	`c425d093109c62de70a2451b11e51c5e2b9773ce7145584c3a65fd277ac32952`
CRC32	`129E1B17`
ssdeep	`48:39kHG3EflF3Ov39mcRHiB6b6shttV+O1WLxoH+twSN5J6UY3pq2flv:im3ET3i3UY9X3jMl3wSN5J6UY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	ce3da9694769ac9e_makegrldr1-2 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\Makegrldr1-2
Size	10.9KB
Processes	2196 (A.I.exe)
Type	data
MD5	`7101ff9e0566217873be86bebe61c1ad`
SHA1	`828f03a6146a05dc65eb1cb51678833d93f6d518`
SHA256	`ce3da9694769ac9e01bd4da5e257a4ec432a355dc7b4ef824913dda7f33ba5a2`
CRC32	`CB1AACBE`
ssdeep	`192:gQRFbnapa0gc6jf1zpbQJtsRrVr042MUzFAVshVmzwhNrwj:g+FaEtLf8QrVr0EUz6mvmzwrrwj`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b48bb881279ff6_temporaryauto.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\Option\TemporaryAuto.exe
Size	155.0KB
Processes	2196 (A.I.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`973d4ea9b32b9d71441e7a0c661122aa`
SHA1	`d430f9093a732d3479f99ac90566fa29a214919f`
SHA256	`e3b48bb881279ff66ec993ad8171a1f97e70a817f49f8680f7f53e3f36a2453d`
CRC32	`81927719`
ssdeep	`3072:UDQsChO9QgQezQWSlvynQa7mApRbOIxnvjnwLtqETxyHcfswPYKDStWrh/XEV5:uQ5hOJ0WSlWpmgRi4nwL0zHcStWxXQ`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_34915562 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_34915562
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	39bbfe8ecab667f2_rac-generic-private.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\spp\tokens\identity\rac-generic-private.xrm-ms
Size	5.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`34b536d317f07cc08366825b7645a21d`
SHA1	`649391280338f7a272216624d9d6361e81eb2b35`
SHA256	`39bbfe8ecab667f206edc5e7ebcbc1535c5c140a7b52473acab78792e874eb75`
CRC32	`DFB7CF31`
ssdeep	`96:um3gLYLuLmL5qenW/gQLnpqq+LqfpH8ZMspt0OTJmXkjYwSN5J6FY31TrUR:jOmE85jLenpqqf8tfYfumC`
Yara	None matched
VirusTotal	Search for analysis

Name	6b0e449d76fde8b8_tabletpc-mathinputlicensing-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\TabletPC-MathInputLicensing-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`1d02749f5f142a9a00496a7c3dda3231`
SHA1	`16921994e010243669144cc2938d27d3b707d20b`
SHA256	`6b0e449d76fde8b8e67510436a794885c8fcf8bae43b57aee2cb612662226f17`
CRC32	`A7AE976C`
ssdeep	`48:3GS54kHG3yflF3Ov39mcRHL6b6sht9+xq7cLiztwSN5J6LY3pq2flv:D5zm3yT3i3UYGX579wSN5J6LY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	8f8b49557f0feae6_tabletpcinputpanel-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Professional\tokens\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`16e65751fe8eec5c07deabcbfb3ece72`
SHA1	`ec456ded1d88aa0f005de936a9cafd61f625341a`
SHA256	`8f8b49557f0feae65f0cfbabbc03e7b69041bc8983a39758e08fdabb1cf52066`
CRC32	`018160C8`
ssdeep	`48:3LnzkHG3xflF3Ov39mcRHd36b6shtO0+AidoG95twSN5J6iY3pq2flv:jIm3xT3i3UY8XUlmWwSN5J6iY3pq2t`
Yara	None matched
VirusTotal	Search for analysis

Name	a9d5f156a77e8ce9_security-spp-component-sku-enterprise-vl-dmak-ul-phn.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-DMAK-ul-phn.xrm-ms
Size	15.9KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0312d0c9e8eb5eee4ebd425de6586c3e`
SHA1	`77140795e52faad469e0df688f187459af39539e`
SHA256	`a9d5f156a77e8ce94363bb6c41a06c1b2eb9e72eac126c553651dee674915207`
CRC32	`9937F880`
ssdeep	`384:f2fM4ukCNrSDym0ML5KyDfHmMNgmE82DetUNfHYw:7nBWym0If9ZU9`
Yara	None matched
VirusTotal	Search for analysis

Name	ca4f17f0631d8243_security-spp-component-sku-ocur-ppdlic.xrm-ms Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\Security-SPP-Component-SKU-OCUR-ppdlic.xrm-ms
Size	3.0KB
Processes	2196 (A.I.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0c3fde8673610f69d28fb6e033bfafd2`
SHA1	`5a3b49415166735f6860753727591bc4d1a43102`
SHA256	`ca4f17f0631d82436c007bbebec0692921e1e0680186e7e4ed1a6459328b1f32`
CRC32	`E9A752AB`
ssdeep	`48:3ykHG3FOflF3Ov3elmcRHMW6b6shtn+NNFY+utwSN5J6iY3pq2flv:Vm3YT3i3fYsX0N6JwSN5J6iY3pq2t`
Yara	None matched
VirusTotal	Search for analysis