Automated Malware Analysis Report for f6ifQ0POml - Generated by ...

ID: 377327Sample Name: f6ifQ0POmlCookbook: default.jbsTime: 12:57:13Date: 29/03/2021Version: 31.0.0 Emerald

24444444444555555666666667889999

101010101010111113141414141414141415454545454545

Table of Contents

Table of ContentsAnalysis Report f6ifQ0POml

OverviewGeneral InformationDetectionSignaturesClassification

StartupMalware Configuration

Threatname: MedusaLockerYara Overview

Initial SampleDropped FilesMemory DumpsUnpacked PEs

Sigma OverviewSignature Overview

AV Detection:Privilege Escalation:Spreading:Networking:Spam, unwanted Advertisements and Ransom Demands:HIPS / PFW / Operating System Protection Evasion:Lowering of HIPS / PFW / Operating System Security Settings:

Mitre Att&ck MatrixBehavior GraphScreenshots

ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Domains and IPsContacted DomainsURLs from Memory and BinariesContacted IPsPublicPrivate

General InformationSimulations

Behavior and APIsJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

Created / dropped FilesStatic File Info

GeneralFile IconStatic PE Info

GeneralEntrypoint Preview

Copyright Joe Security LLC 2021 Page 2 of 228

4647474748

48484848505151515151515152525357

219

222222222

222222

222222223

223223

223223223223

224224

224224224

224224

225225225225

225225

225226226

226226

226226226226

227227

227227

227227

228228

Data DirectoriesSectionsResourcesImportsPossible Origin

Network BehaviorSnort IDS AlertsNetwork Port DistributionTCP PacketsUDP PacketsICMP Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: f6ifQ0POml.exe PID: 6836 Parent PID: 6128GeneralFile Activities

File CreatedFile MovedFile WrittenFile Read

Registry ActivitiesKey CreatedKey Value Created

Analysis Process: svhost.exe PID: 6864 Parent PID: 968General

Analysis Process: vssadmin.exe PID: 1316 Parent PID: 6836GeneralFile Activities

Analysis Process: conhost.exe PID: 6496 Parent PID: 1316General

Analysis Process: WMIC.exe PID: 4112 Parent PID: 6836GeneralFile Activities

File Written





File Written





File Written




DisassemblyCode Analysis


Analysis Report f6ifQ0POml

Overview

General Information

Sample Name:

f6ifQ0POml (renamed file extension from none to exe)

Analysis ID: 377327

MD5: 82143033173cbe…

SHA1: e03aedb8b9770f8…

SHA256: 4ae110bb89ddcc…

Infos:

Most interesting Screenshot:

Detection

MedusaLockerMedusaLocker

Score: 100

Range: 0 - 100

Whitelisted: false

Confidence: 100%

Signatures

Antivirus / Scanner detection for sub






Antivirus / Scanner detection for subAntivirus / Scanner detection for sub……

Contains functionality to bypass UA






Contains functionality to bypass UAContains functionality to bypass UA……

Found malware configuration






Found malware configurationFound malware configuration

Found ransom note / readme






Found ransom note / readmeFound ransom note / readme

Multi AV Scanner detection for dropp






Multi AV Scanner detection for droppMulti AV Scanner detection for dropp……

Multi AV Scanner detection for subm






Multi AV Scanner detection for submMulti AV Scanner detection for subm……

Yara detected MedusaLocker Ranso






Yara detected MedusaLocker RansoYara detected MedusaLocker Ranso……

Contains functionality to modify Win






Contains functionality to modify WinContains functionality to modify Win……

Deletes shadow drive data (may be






Deletes shadow drive data (may be Deletes shadow drive data (may be ……

Found Tor onion address






Found Tor onion addressFound Tor onion address

Machine Learning detection for samp






Machine Learning detection for sampMachine Learning detection for samp……

Spreads via windows shares (copies






Spreads via windows shares (copiesSpreads via windows shares (copies……

Tries to shutdown other security too






Tries to shutdown other security tooTries to shutdown other security too……

Writes many files with high entropy






Writes many files with high entropyWrites many files with high entropy

AV process strings found (often use






AV process strings found (often useAV process strings found (often use……

Abnormal high CPU Usage






Abnormal high CPU UsageAbnormal high CPU Usage

Checks for available system drives






Checks for available system drives Checks for available system drives ……

Contains capabilities to detect virtua






Contains capabilities to detect virtuaContains capabilities to detect virtua……

Contains functionality to check if a d






Contains functionality to check if a dContains functionality to check if a d……

Contains functionality to delete serv






Contains functionality to delete servContains functionality to delete serv……

Contains functionality to dynamically






Contains functionality to dynamicallyContains functionality to dynamically……

Contains functionality to open a port






Contains functionality to open a portContains functionality to open a port……

Contains functionality to query CPU






Contains functionality to query CPU Contains functionality to query CPU ……

Contains functionality to query locale






Contains functionality to query localeContains functionality to query locale……

Contains functionality to query netwo






Contains functionality to query netwoContains functionality to query netwo……

Contains functionality to read the PEB






Contains functionality to read the PEBContains functionality to read the PEB

Contains functionality which may be






Contains functionality which may beContains functionality which may be……

Creates COM task schedule object (






Creates COM task schedule object (Creates COM task schedule object (……

Creates a DirectInput object (often fo






Creates a DirectInput object (often foCreates a DirectInput object (often fo……

Creates a process in suspended mo






Creates a process in suspended moCreates a process in suspended mo……

Detected potential crypto function






Detected potential crypto functionDetected potential crypto function

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE filesDrops PE files

Extensive use of GetProcAddress (o






Extensive use of GetProcAddress (oExtensive use of GetProcAddress (o……

Found potential string decryption / a






Found potential string decryption / aFound potential string decryption / a……

May use bcdedit to modify the Wind






May use bcdedit to modify the WindMay use bcdedit to modify the Wind……

Monitors certain registry keys / valu






Monitors certain registry keys / valuMonitors certain registry keys / valu……

Queries the volume information (nam






Queries the volume information (namQueries the volume information (nam……

Sample execution stops while proce






Sample execution stops while proceSample execution stops while proce……

Sample file is different than original






Sample file is different than original Sample file is different than original ……

Tries to load missing DLLs






Tries to load missing DLLsTries to load missing DLLs

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE filesUses 32bit PE files

Uses Microsoft's Enhanced Cryptog






Uses Microsoft's Enhanced CryptogUses Microsoft's Enhanced Cryptog……

Uses code obfuscation techniques (






Uses code obfuscation techniques (Uses code obfuscation techniques (……

Classification

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

System is w10x64

f6ifQ0POml.exe (PID: 6836 cmdline: 'C:\Users\user\Desktop\f6ifQ0POml.exe' MD5: 82143033173CBEEE7F559002FB8AB8C5)

vssadmin.exe (PID: 1316 cmdline: vssadmin.exe Delete Shadows /All /Quiet MD5: 7E30B94672107D3381A1D175CF18C147)

conhost.exe (PID: 6496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

WMIC.exe (PID: 4112 cmdline: wmic.exe SHADOWCOPY /nointeractive MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)










svhost.exe (PID: 6864 cmdline: C:\Users\user\AppData\Roaming\svhost.exe MD5: 82143033173CBEEE7F559002FB8AB8C5)



cleanup

{

"URL": "http://gvlay6u4g53rxdi5.onion/",

"RSA key":

"BgIAAACkAABSU0ExAAgAAAEAAQBtv9E5cdLPoTK8PwG0VTbxxURbhYM00jmY1b22v+Nwoe6+Vi6zHYcP5JmmueP4FBZBwANscT6dGxHpP4f4l9L9b/VLT6npX7+821EksPXaUJ8piYp8TCQPKRLJt6v7foVnI7jRW//K0wX9YmF7JWbB

QROHPQTX7g3CQqZM7xGT4PfMa8g7+UBbstiEThpJo8PE1pgHfZrUFyiMwAv1hoXvaWVeAHKGOvoV+pKZ6Qi2fBCyJFmfL3hChhDWzIjp5oWd3l/RuSgET1sNAV8lkQPpf80OwlxFls5C8OnoG2d7eZJXDhcelK6K67Pp1Y6nC/B5mGpMh

ERMGnzSg9JKcrOn\n"

}

Startup

Malware Configuration

Threatname: MedusaLocker

Yara Overview


Sigma Overview

No Sigma rule has matched

Signature Overview

• AV Detection

• Cryptography

• Privilege Escalation

• Compliance

• Spreading

• Networking

• Key, Mouse, Clipboard, Microphone and Screen Capturing

• Spam, unwanted Advertisements and Ransom Demands

Source Rule Description Author Strings

f6ifQ0POml.exe JoeSecurity_MedusaLocker

Yara detected MedusaLocker Ransomware

Joe Security


C:\Users\user\AppData\Roaming\svhost.exe JoeSecurity_MedusaLocker


Joe Security


00000014.00000002.767781620.0000000000B15000.00000002.00020000.sdmp

JoeSecurity_MedusaLocker


Joe Security

00000001.00000000.640333058.0000000000B15000.00000002.00020000.sdmp



Joe Security

00000014.00000000.766983442.0000000000B15000.00000002.00020000.sdmp



Joe Security

00000001.00000002.642220287.0000000000B15000.00000002.00020000.sdmp



Joe Security

00000000.00000003.638943647.000000000071B000.00000004.00000001.sdmp



Joe Security

Click to see the 7 entries


26.2.svhost.exe.aa0000.0.unpack JoeSecurity_MedusaLocker


Joe Security



Joe Security



Joe Security



Joe Security



Joe Security

Click to see the 2 entries

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs


• System Summary

• Data Obfuscation

• Persistence and Installation Behavior

• Hooking and other Techniques for Hiding and Protection

• Malware Analysis System Evasion

• Anti Debugging

• HIPS / PFW / Operating System Protection Evasion

• Language, Device and Operating System Detection

• Lowering of HIPS / PFW / Operating System Security Settings

• Remote Access Functionality

Click to jump to signature section

AV Detection:

Antivirus / Scanner detection for submitted sample


Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Privilege Escalation:

Contains functionality to bypass UAC (CMSTPLUA)

Spreading:

Spreads via windows shares (copies files to share folders)

Networking:


Spam, unwanted Advertisements and Ransom Demands:



Deletes shadow drive data (may be related to ransomware)


HIPS / PFW / Operating System Protection Evasion:

Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION

Lowering of HIPS / PFW / Operating System Security Settings:

Contains functionality to modify Windows User Account Control (UAC) settings

Mitre Att&ck Matrix


InitialAccess Execution Persistence

PrivilegeEscalation Defense Evasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

ReplicationThroughRemovableMedia 1

NativeAPI 1

DLL Side-Loading 1

DLL Side-Loading 1

Disable or ModifyTools 2

InputCapture 1

System TimeDiscovery 1

Taint SharedContent 1

ArchiveCollectedData 1 1

Exfiltration Over OtherNetwork Medium

EncryptedChannel 2 2

DefaultAccounts

Commandand ScriptingInterpreter 2

ApplicationShimming 1

ApplicationShimming 1

Deobfuscate/DecodeFiles or Information 1

LSASSMemory

Peripheral DeviceDiscovery 1 1

ReplicationThroughRemovableMedia 1

InputCapture 1

Exfiltration OverBluetooth

ApplicationLayerProtocol 1

DomainAccounts

ScheduledTask/Job 1

WindowsService 1

Bypass UserAccessControl 1

Obfuscated Files orInformation 2

SecurityAccountManager

File and DirectoryDiscovery 3

SMB/WindowsAdmin Shares

Data fromNetworkSharedDrive

Automated Exfiltration Proxy 1

LocalAccounts

ServiceExecution 1

ScheduledTask/Job 1

WindowsService 1

DLL Side-Loading 1 NTDS System InformationDiscovery 3 5

DistributedComponentObject Model

InputCapture

Scheduled Transfer ProtocolImpersonation

CloudAccounts

Cron Bootkit 1 ProcessInjection 1 1

Bypass User AccessControl 1

LSASecrets

Query Registry 1 SSH Keylogging Data Transfer SizeLimits

FallbackChannels

ReplicationThroughRemovableMedia

Launchd Rc.common ScheduledTask/Job 1

File Deletion 1 CachedDomainCredentials

Security SoftwareDiscovery 1 4 1

VNC GUI InputCapture

Exfiltration Over C2Channel

MultibandCommunication

ExternalRemoteServices

ScheduledTask

StartupItems

Startup Items Masquerading 1 DCSync Virtualization/SandboxEvasion 1

WindowsRemoteManagement

WebPortalCapture

Exfiltration OverAlternative Protocol

CommonlyUsed Port

Drive-byCompromise

Commandand ScriptingInterpreter

ScheduledTask/Job

ScheduledTask/Job

Virtualization/SandboxEvasion 1

ProcFilesystem

Process Discovery 2 SharedWebroot

CredentialAPIHooking

Exfiltration OverSymmetric EncryptedNon-C2 Protocol

ApplicationLayer Protocol

ExploitPublic-FacingApplication

PowerShell At (Linux) At (Linux) ProcessInjection 1 1

/etc/passwdand/etc/shadow

System NetworkConfigurationDiscovery 1

SoftwareDeploymentTools

DataStaged

Exfiltration OverAsymmetric EncryptedNon-C2 Protocol

Web Protocols

SupplyChainCompromise

AppleScript At(Windows)

At (Windows) Bootkit 1 NetworkSniffing

Process Discovery Taint SharedContent

Local DataStaging

Exfiltration OverUnencrypted/ObfuscatedNon-C2 Protocol

File TransferProtocols

Behavior Graph


Behavior GraphID: 377327

Sample: f6ifQ0POml

Startdate: 29/03/2021

Architecture: WINDOWS

Score: 100

Found malware configurationAntivirus / Scanner

detection for submittedsample

Multi AV Scanner detectionfor submitted file 5 other signatures

f6ifQ0POml.exe

503 59

started

svhost.exe

started

svhost.exe

started

svhost.exe

started

192.168.2.100

unknown

unknown

192.168.2.101

unknown

unknown

98 other IPs or domains

C:\Users\user\AppData\Roaming\svhost.exe, PE32

dropped

C:\Users\user\...\svhost.exe:Zone.Identifier, ASCII

dropped

C:\Recovery\WindowsRE\boot.sdi, data

dropped

102 other malicious files

dropped

Deletes shadow drivedata (may be related

to ransomware)

Spreads via windowsshares (copies files

to share folders)

Tries to shutdown othersecurity tools via broadcasted

WM_QUERYENDSESSION

Writes many files withhigh entropy

WMIC.exe

1

started

WMIC.exe

1

started

WMIC.exe

1

started

3 other processes

Multi AV Scanner detectionfor dropped file

Contains functionalityto bypass UAC (CMSTPLUA)

Contains functionalityto modify Windows UserAccount Control (UAC)

settings

conhost.exe

started

conhost.exe

started

conhost.exe

started

conhost.exe

started

conhost.exe

started

conhost.exe

started

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Screenshots


Source Detection Scanner Label Link

f6ifQ0POml.exe 83% Virustotal Browse

f6ifQ0POml.exe 66% Metadefender Browse

f6ifQ0POml.exe 100% ReversingLabs Win32.Ransomware.MedusaLocker

f6ifQ0POml.exe 100% Avira TR/AD.MedusaRansom.yvkui

f6ifQ0POml.exe 100% Joe Sandbox ML


C:\Users\user\AppData\Roaming\svhost.exe 66% Metadefender Browse

C:\Users\user\AppData\Roaming\svhost.exe 100% ReversingLabs Win32.Ransomware.MedusaLocker

Source Detection Scanner Label Link Download

20.2.svhost.exe.aa0000.0.unpack 100% Avira HEUR/AGEN.1134416 Download File

0.0.f6ifQ0POml.exe.ef0000.0.unpack 100% Avira HEUR/AGEN.1134416 Download File



Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files


https://www.virustotal.com/gui/file/4ae110bb89ddcc45bb2c4e980794195ee5eb85b5261799caedef7334f0f57cc4/detection/f-4ae110bb89ddcc45bb2c4e980794195ee5eb85b5261799caedef7334f0f57cc4-1616590900

https://www.metadefender.com/#!/results/file/bzIwMTAxOTJrQ3c5cDZGeWdiZ01zbmdiUGE/regular/analysis





Source Detection Scanner Label Link Download

No Antivirus matches


gvlay6u4g53rxdi5.onion/ 0% Avira URL Cloud safe

dmd-ca-beta2/CertEnroll/dmd-ca-beta2_Microsoft%20Digital%20Media%20Authority%202005.crt0d

0% Avira URL Cloud safe

dmd-ca-beta2/CertEnroll/Microsoft%20Digital%20Media%20Authority%202005.crl 0% Avira URL Cloud safe

gvlay6u4g53rxdi5.onion/21-04BymBUjhm2UYsdPZC8XC25a96k28AR0-OcR1TeBYZH2ghwRnMUFReuoTWOG46gMk

0% Avira URL Cloud safe

gvlay6u4g53rxdi5.onion/21- 0% Avira URL Cloud safe

No contacted domains info

Name Source Malicious Antivirus Detection Reputation

gvlay6u4g53rxdi5.onion/ f6ifQ0POml.exe true Avira URL Cloud: safe unknown

dmd-ca-beta2/CertEnroll/dmd-ca-beta2_Microsoft%20Digital%20Media%20Authority%202005.crt0d

f6ifQ0POml.exe, 00000000.00000003.700397993.0000000004922000.00000004.00000001.sdmp

false Avira URL Cloud: safe low

dmd-ca-beta2/CertEnroll/Microsoft%20Digital%20Media%20Authority%202005.crl

f6ifQ0POml.exe, 00000000.00000003.700397993.0000000004922000.00000004.00000001.sdmp

false Avira URL Cloud: safe low

https://www.torproject.org f6ifQ0POml.exe false high

gvlay6u4g53rxdi5.onion/21-04BymBUjhm2UYsdPZC8XC25a96k28AR0-OcR1TeBYZH2ghwRnMUFReuoTWOG46gMk

Recovery_Instructions.html28.0.dr false Avira URL Cloud: safe unknown

gvlay6u4g53rxdi5.onion/21- svhost.exe, 00000014.00000002.768636909.00000000011F7000.00000004.00000020.sdmp

true Avira URL Cloud: safe unknown

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs


No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Domain Country Flag ASN ASN Name Malicious

IP

192.168.2.148

192.168.2.149

192.168.2.146

192.168.2.147

192.168.2.140

192.168.2.141

192.168.2.144

192.168.2.145

192.168.2.142

192.168.2.143

192.168.2.159

192.168.2.157

192.168.2.158

192.168.2.151

192.168.2.152

192.168.2.150

192.168.2.155

192.168.2.156

192.168.2.153

192.168.2.154

192.168.2.126

192.168.2.127

192.168.2.124

192.168.2.125

192.168.2.128

192.168.2.129

192.168.2.122

192.168.2.123

192.168.2.120

192.168.2.121

192.168.2.97

Public

Private


192.168.2.137

192.168.2.96

192.168.2.138

192.168.2.99

192.168.2.135

192.168.2.98

192.168.2.136

192.168.2.139

192.168.2.130

192.168.2.91

192.168.2.90

192.168.2.93

192.168.2.133

192.168.2.92

192.168.2.134

192.168.2.95

192.168.2.131

192.168.2.94

192.168.2.132

192.168.2.104

192.168.2.105

192.168.2.102

192.168.2.103

192.168.2.108

192.168.2.109

192.168.2.106

192.168.2.107

192.168.2.100

192.168.2.101

192.168.2.115

192.168.2.116

192.168.2.113

192.168.2.114

192.168.2.119

192.168.2.117

192.168.2.118

192.168.2.111

192.168.2.112

192.168.2.110

192.168.2.200

192.168.2.39

192.168.2.38

192.168.2.42

192.168.2.41

192.168.2.44

192.168.2.43

192.168.2.46

192.168.2.45

192.168.2.48

192.168.2.47

192.168.2.40

192.168.2.28

192.168.2.27

192.168.2.29

192.168.2.31

192.168.2.30

192.168.2.33

192.168.2.32

192.168.2.35

192.168.2.34

192.168.2.37

192.168.2.36

192.168.2.17

192.168.2.16

IP


General Information

Joe Sandbox Version: 31.0.0 Emerald

Analysis ID: 377327

Start date: 29.03.2021

Start time: 12:57:13

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 8m 8s

Hypervisor based Inspection enabled: false

Report type: light

Sample file name: f6ifQ0POml (renamed file extension from none to exe)

Cookbook file name: default.jbs

Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

Number of analysed new started processes analysed: 27

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: MAL

Classification: mal100.rans.spre.expl.evad.winEXE@22/191@0/100

EGA Information: Failed

HDC Information: Successful, ratio: 1.2% (good quality ratio 1.1%)Quality average: 77%Quality standard deviation: 20.3%

HCA Information: Failed

Cookbook Comments: Adjust boot timeEnable AMSI

192.168.2.19

192.168.2.18

192.168.2.20

192.168.2.22

192.168.2.21

IP


Warnings:Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.TCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, VSSVC.exe, svchost.exeExcluded IPs from analysis (whitelisted): 40.88.32.150, 52.255.188.83, 13.64.90.137, 20.82.210.154, 92.122.213.247, 92.122.213.194, 20.82.209.183Excluded domains from analysis (whitelisted): skypedataprdcoleus15.cloudapp.net, skypedataprdcoleus17.cloudapp.net, skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, a1449.dscg2.akamai.net, arc.msn.comReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtAllocateVirtualMemory calls found.Report size getting too big, too many NtOpenFile calls found.Report size getting too big, too many NtOpenKeyEx calls found.Report size getting too big, too many NtQueryValueKey calls found.Report size getting too big, too many NtSetInformationFile calls found.Report size getting too big, too many NtSetValueKey calls found.

Time Type Description

12:58:00 Task Scheduler Run new task: svhost path: C:\Users\user\AppData\Roaming\svhost.exe

12:58:07 API Interceptor 3x Sleep call for process: WMIC.exe modified

No context

No context

No context

No context

No context

Show All

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files


C:\$RECYCLE.BIN\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.iniProcess: C:\Users\user\Desktop\f6ifQ0POml.exe

File Type: Windows desktop.ini, ASCII text, with CRLF line terminators

Category: dropped

Size (bytes): 129

Entropy (8bit): 5.323600488446077

Encrypted: false

SSDEEP: 3:0NdQDjoqxyRVIQBU+1IVLfAPmBACaWZcy/FbBmedyn:0NwoSyzI2U8MAPVCawbBmeUn

MD5: A526B9E7C716B3489D8CC062FBCE4005

SHA1: 2DF502A944FF721241BE20A9E449D2ACD07E0312

SHA-256: E1B9CE9B57957B1A0607A72A057D6B7A9B34EA60F3F8AA8F38A3AF979BD23066

SHA-512: D83D4C656C96C3D1809AD06CE78FA09A77781461C99109E4B81D1A186FC533A7E72D65A4CB7EDF689EECCDA8F687A13D3276F1111A1E72F7C3CD92A49BCE0F88

Malicious: false

Reputation: moderate, very likely benign file

Preview:[.ShellClassInfo]..CLSID={645FF040-5081-101B-9F08-00AA002F954E}..LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964..

C:\$RECYCLE.BIN\desktop.iniProcess: C:\Users\user\Desktop\f6ifQ0POml.exe

File Type: Windows desktop.ini, ASCII text, with CRLF line terminators

Category: dropped

Size (bytes): 129

Entropy (8bit): 5.323600488446077

Encrypted: false

SSDEEP: 3:0NdQDjoqxyRVIQBU+1IVLfAPmBACaWZcy/FbBmedyn:0NwoSyzI2U8MAPVCawbBmeUn

MD5: A526B9E7C716B3489D8CC062FBCE4005

SHA1: 2DF502A944FF721241BE20A9E449D2ACD07E0312

SHA-256: E1B9CE9B57957B1A0607A72A057D6B7A9B34EA60F3F8AA8F38A3AF979BD23066

SHA-512: D83D4C656C96C3D1809AD06CE78FA09A77781461C99109E4B81D1A186FC533A7E72D65A4CB7EDF689EECCDA8F687A13D3276F1111A1E72F7C3CD92A49BCE0F88

Malicious: false

Preview:[.ShellClassInfo]..CLSID={645FF040-5081-101B-9F08-00AA002F954E}..LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964..

C:\EFI\Microsoft\Boot\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe

File Type: HTML document, ASCII text, with very long lines

Category: dropped

Size (bytes): 19556

Entropy (8bit): 5.515899243796794

Encrypted: false

SSDEEP: 384:kFD8LNw6QO9FD8LNw6QO9FD8LNw6QO9FD8LNw6QOo:ktAw6X9tAw6X9tAw6X9tAw6Xo

MD5: 8A38AD530D4E4EF62D4BDB2D972A8788

SHA1: 469B2BC688099482B7BC5DA810C515392B7DE211

SHA-256: 32A791DE17A6E968F18896735A92718FA94DE14ABF6E59D9DBEAC8A6AC2F75AF

SHA-512: 7E7CC3B88C74DAAB1CDA027C9FAB8A97CAC040F8BD5369CF6D53F3DF4FBA7FBC6CE96FD19B4D02D1F818FFFF8EEADCBC98BB686ED4B60C0332EF011CB1A92885

Malicious: false

Preview:<html>. <style type="text/css">.. body {. background-color: #f5f5f5;. }..h1, h3{. text-align: center;. text-transform: uppercase;. font-weight: normal;.}.../*---*/..tabs1{. display: block;. margin: auto;.}..tabs1 .head{. text-align: center;. float: top;. padding: 0px;. text-transform: uppercase;. font-weight: normal;. display: block;. background: #81bef7;. color: #DF0101;. font-size: 30px;.}...tabs1 .identi {. font-size: 10px;. text-align: center;. float: top;. padding: 15px;. display: block;. background: #81bef7;. color: #DFDFDF;.}....tabs .content {. background: #f5f5f5;. /*text-align: center;*/. color: #000000;. padding: 25px 15px;. font-size: 15px;. font-weight: 400;. line-height: 20px; }. .tabs .content a {. color: #df0130;. font-size: 23px;. font-style: italic;. text-decoration: none;. line-height: 35px; }....tabs .content .text{.padding: 25px;.line-height: 1.2;.}... </style>...

C:\EFI\Microsoft\Boot\bg-BG\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 9778

Entropy (8bit): 5.515899243796794

Created / dropped Files


Encrypted: false

SSDEEP: 192:8OAl0z8DjaH4af2mwDHORnKMZJM4OAl0z8DjaH4af2mwDHORnKMZJM7:kFD8LNw6QO9FD8LNw6QOo

MD5: B8C51A0AA875AAA944F10179088D8EA7

SHA1: 6C9E099B9102048012B50235AEDC1069ECDC2351

SHA-256: 183E26B8028F4AAC29F174234FAF7AED7FBAF0D14A30C246B3117579E4E8E254

SHA-512: 72A826E2808782237FCDB049D73A91FDE875E0F77BD34CDD633ABE261F7453BE3D9EC3811770755767EBDCA151640FD673769D70859AF4A75211817822F48561

Malicious: false


C:\EFI\Microsoft\Boot\bg-BG\Recovery_Instructions.html

C:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui

Process: C:\Users\user\Desktop\f6ifQ0POml.exe

File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997778874884997

Encrypted: true

SSDEEP: 1536:gQafQxU/rEvgVpQKQoIPZ+uxgc5EO5D6hT1+fpuXg+3V+IC7Cb7UJP73yHtP:gVaU/YbpR+uxBt6lEfpJ+3hC47UJPYP

MD5: 44DE4C0A0F72CC00FCA4304ABB02BF83

SHA1: 6187D950F1E1817F399D6035DFF73451F2B1BBA0

SHA-256: 415FC063B34052327ECB7CBDEB4D2F8183E0D4616EE58F7FD7BE7CCF2ADFC98D

SHA-512: 5D9930EE74FA006BEF8B22D0CC6D941D57359022B7DC65119E8A01CD9BB7A242987168A54AC05D74D10EB23746A79D9F56EF569B33D74F6A0DF0414BB5B6C951

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.....].(7.n.B.!.DD,.. ^.fP...(5.#<d.um\N.V.......mJ*....}...'....%30..r.p...R....3c.n........ G5...d.2^>4........P...9[.$i......5.P*n.`5....y..Bj._.(.l.T$..JS'..n.W..G.....0k....../i*..3>.[.p........J.^.7k.....Y.6..Q.t.h.sJ...s.H....sNGJF.J..O.*.....c\........*.2.a.i.mX,..IY"..~.z .g....~.rp..X.x....V.7.I[.%..]=..........O.6..T\r...A......-.a]....m....:.......a...q.?.M..+...i^.._.F....C0%....L.?#....}DHm.....q0C.Z.a...=N.....{}.v(..4A.W?w.....D.=...jR..F.."...M....So:.:.....;\..D....*uW.*...&x....t=..`QN.j..b.=.[..^.d...8.+f#.àT[..|.-.:jl"..U..i.?.bv.}.. .<..1....m...D..H.....`..A7]V.. ..(... .G.eA....~G.. w...Xi...r.;[email protected][email protected][:w..n...b.C...x.I.I.>..0|..:G=..L.|

C:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997551556083401

Encrypted: true

SSDEEP: 1536:/1DM7vRenCw312dQKpWwAK3mHodTN5s77vji6t+GVX6EO9iKrPIJHB2zHNJ:+vMncmoWwPWIdB+77vPX6EAQLsHNJ

MD5: 4B87057B8CA82DD68DEA3A0D1CF1B3D1

SHA1: 0725CFB5A3F37AD42BCF08101240A238C05193B5

SHA-256: 198F61AA634C53A480ECD15580164308742615006CB54E6B1ED4414BC4FB06A3

SHA-512: EF8A0756315C97D6BE8DED4DB61A3FFFD136B0CCD55FA022DADC2974BC1CC847594BBAA36C4427FA28BBDC8AE0759ED8F7E7D395C3A30D8F1F6C732FCE2721CA

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.....].(7.n.B.!.DD,.. ^.fP...(5.#<d.um\N.V....&.-.R.T+......K@.......,f..~..8...`...1F..# .~.5}B7..-...vû..cMR.............U......D.......sÎ_..C....8..~...1~.$.^....p....qb.....zirQ.;..|.J......U.C..&f..E...P{..Xj.5.qz....8..#..x..zI.E....wJ..$....u.<.t/;..;...[...6....O..NR.... Q.{..db...v......!c..%.zMv...&:W.G.+.......5....0...X*.,.B1t..9..Y.../z\'..n.0b...._y..w[...H.......;.;.I......?..xO..LA.]..<Z........4......U...'.c!.3y.t...l..Iaj.".u5]..Q'.GF...+........M2$n..4...0A`{.T......<.h\1{@-.>Huz..[~....b..u..."......5OnqH.m?.,..E..a....A)...J..S...H.`S...3,w..(.../S.b...7...$c.j.1j.Yy.I..hE..2..E.........iI...jYqE...U....&+.U...%...d.N~..E.W....@l.<^..1....x.:[T!..T.Y....s......m....D|...<.?...O.fb^.t.Ku.~M...r..A

C:\EFI\Microsoft\Boot\boot.stlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe

File Type: data

Category: dropped

Size (bytes): 8728

Entropy (8bit): 7.979460116859485

Encrypted: false

SSDEEP: 192:3WmxqzXeHSGiM5Gqekbt/oakjcUYsMy9/q4O6aYRTog4Qdtd0W54k7:3WmKCSozDB/oaNUlMyvO6tRTfZdJ54k7

MD5: A88B935F53451F93FBCD20FA5882E4E7

SHA1: 648615D8AC5CC093EA5A04289E595BA5F1771A50

SHA-256: 0D041489E3C3852DC77C8D403E0AB378E0989DB8F51CE36B2E1EB673145EBF31

SHA-512: 7F659FFB10301214D1F37771B609CA573858EDAC5B89E6B797BC1D8474180DFA7009D14C58758BFD5C55088E82DAB488729862312AAEC5F0789D45778F8CDCFD

Malicious: false


Preview:.h.+.u.`.f..i.+c./.|.E<.._.".;...=A.5q5\.<......m...-..A..3`.hJ....&.a.a@\.).......k.,....L!...t.a"N..X.....'.z.A'z...l..Ur..>..$...'...fI..~.Hc{}._...8.N....*.l....Z....W...s.m...V...*.'..^...br.r. ."B)*.P.3.h...#....}...$;y%.9...F(i2.ndnFZf.G.h=. ...e..(SP2Ac..X...`...v.].M.....#..A...J$._s\...~.....s...k8.....y.i.T.2.F`8...x..8.XO./..e.......sU.l.JU"4...A.B...\....%6..U.YI..x`.Q.`.....[.. .....|.Nq.*..:...R..........s... j..O9.....'....d....";[T.....+..3..x.......f.../.!..jP..J....4+8{.L....H..c.~...IT..+.u.-..4-.K.o.2/KnZ.l..1..........a8..e~...^..:b..6^...=L.m.e........y/..1.M...f ...F.!...c.|.û...P+0$.....E....I.?/....8.9r..]5.^.......har..>....?..C[..W....V,.X.D0..|.dM..\.8.m8..E...5....j....[0..4.&m.{k..2.2..4...L.D#.g......hQ.B.uQ..f.3.W.7.J.."..IeQ..=a.T^R.. ...e.....?G..C+.u..7_...Gh4.....{;........1..`..f....`......K?..M.I.....b/X.mor..l..t..}.=..TA..p.,@.....M..=.M..Ii..gAU...GW3^.A.7....D..uG..'.p.O2.tF...mUf..?...1.....t......E.wS..

C:\EFI\Microsoft\Boot\boot.stl

C:\EFI\Microsoft\Boot\bootmgfw.efi


File Type: data

Category: dropped

Size (bytes): 1278488

Entropy (8bit): 7.999851414755561

Encrypted: true

SSDEEP: 24576:eFQl/WS5Tc/iFa5VlCYJrTbxYO//XemTGA84iiURrHShb3D3cFrd4tfIzc9egCQ:qUTC95Lj9mG8vNoD3cDzc9e1Q

MD5: B087033C5E847B55ABA82AB9ED186DF4

SHA1: 4F5C770E3B86EB9B560BC993313052FB38FCD7CA

SHA-256: 3C3FA91D3C1BECBA5E4F52D3E9F57C64EF7DA1075CFCC03548B6967D0A552272

SHA-512: B71BE6CFABE05E64ACA77737D81F0203F911215B24BEDCEAB048F768AF481B556617F98D9405C118B6CB102A1B0B25B8EB43AA7A8B0795FCD1AB3E7D9478A6CE

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]].^%U.|Q.|A..!1D+..Nr....n9.=.B...../K.0..c...d....n....B..V...l.$....Y9.}.....V.(.M.U0...S.`......Uyj...)[@.:V.........}.X....[..<.=......A..7md.....X. ..H;...S.....}v[@...d.......&..v...I..h0........H.2Ckw.r......9......!...&...=.......6I..5f.....S..A.xfq.2..J.3.........g.X.....`.....8.k.v.`yX|.vY.s.4.0>InX......X`n..P...6#m.AR......H........$.&P!9(.'..3D.u.V.Y{.h....W...*..OB..}(.ou....`...../.#+wSP...........}.6.l.../.C...Xuk.t:o.dHY.`......L....<P...U.(./....k.d..I.... ..1r/...r..).Q.MH.d.A...Gr.*...44w.=........:$.u..~_.$.dW/HiL`[email protected].[.yk..<'.....j.M.i.....GrH...LU.K]z..`.......|...P......07..?...5....nFeu..qo.%b(...@O....".............C..%K.M..-'...O2S3.U..#.6..p^}......a.[F.D+|......O.7.u#+...,....._...s..u"z......3Z..or%...c......*.|.......3..vuL.[....}..c=.'..<B..b..{.....S...R...;v...r...;..7v*......K9...(....

C:\EFI\Microsoft\Boot\bootmgr.efi


File Type: data

Category: dropped


Entropy (8bit): 7.999836954956653

Encrypted: true

SSDEEP: 24576:pIbyzK1Y9R5iQfKVxvtFmMbMtFqomB0Id7lRgfJs4FzhhdM4m7XmC1uWBRA:YyzK1Y95UFtYwomBd7OPFzTa4SBi

MD5: DA51EEA1E47C859C20E2AE62D4D9F403

SHA1: E4E44BFC4920B558A7A433AF06958A5581BB80EC

SHA-256: 43F20DA9158F2B7FD42BBA7C6C42AB37F4BC01F4812ECC234A4E568E670EB560

SHA-512: 981694409240200E3E4E89F81C7D3D49BC1493A68DCB53C3FD51D812AD3B1B0A38B37B8ECB29D4BB02F876172A3DAB1836F25149AC0CAFE29E4080D2BE699DAA

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$l...=.1I..$.).Z.....FR..P......oV).._....(.....y...E.44L...(c.^6#..%..4.%h.f.G.].Lw.%.d.3...b..u.....>s..j..th*.{.^-...A.C.._0.......:..p.I........}....H_..m.3..4..4q.!~..A...#@....y...$o_~k;:1..+v.w[u(..Nc........i......6.$.Y..H..g...\...R._.V.c..l.b.F...........H.......-..u...H:.K...v|,........O~..GPV+.."..k..\.....k.sN.6.....Y..l'1 .p`j.....f.j.....&.xP..Lzr8...S.U..~S.....X...v..|..t$......QgoI...g.I.Ip..... A...i[n.;..U.@z:[email protected]<o.2. ..I$..K*...U-.5.g1.R..2&+....3B\R<.t.[.x...I%....k.p4yXM../.l.P{.T....nP..q.D..Q.fO.n.3.............<..S>#$.......H....~....rK.^s.t.T.\[email protected]......,*4#v..b;b.%g`cT...fC..an\.l..s.?...8..........*..=M..A.7......ymp..\..w...ih...(5...d.._tmJ.....D.l*..f.."...w..o.;h=...d.$M....A..'...#.w...#[email protected]..........|.O.%.x.Vn...f+.H.#...............Y......I....;"..B..(g.yK....%.....C...*.f.o"..qA2.!$..;.

C:\EFI\Microsoft\Boot\cs-CZ\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false

SSDEEP: 192:8OAl0z8DjaH4af2mwDHORnKMZJM4OAl0z8DjaH4af2mwDHORnKMZJM4OAl0z8Djz:kFD8LNw6QO9FD8LNw6QO9FD8LNw6QOo

MD5: E907E2E8796F72E450EEAA65932B78E3

SHA1: CF51CE381DF34353DF4276426DE9A05E2184746B

SHA-256: 33ED124498A534195FDAFAF4927CD942AA9FAB8DDE2E49F0218DBB5DF52CDD13

SHA-512: 9B0580E100BB69CD50D4B1DF5DB67E15E6ECB6869BAFE1E629C7EF98F0EE6FF1C43A806DE0FF12E9E38D75601502B6F7E3C09E4CD8F2BAC76F02D12FE548671D

Malicious: false



C:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997998613362847

Encrypted: true

SSDEEP: 1536:5x1aip5Tq7d5lL8Bbqq50LGwhuBmWaB1g2jnugOI6GnggdYyCj3gb1oQn:5v3q79gqkPwhOh2qgOI6GnggdXCjq1o6

MD5: E9257A21EE505838D40EEB938854EBF0

SHA1: 4A26B2DFA28E108534817921AD28B7B698E5A4D5

SHA-256: CEC97CFC700E8B017B34698D7EDF004F4777E727372601C70F5E705F118DA4FB

SHA-512: 0073952B8202239429AA4626F792ABFCE7EF9A4B4B169DA6D26BCBB55355ADF1EDD5347531D1E914123D38F0E6FFEB76D4E4517AEBEB4DD22F72A153BAD417AB

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{F._5..,.\...o.x.*.}.%.&.mV..1...S`..i.....hp.o.A.IS?+...hvW......EEpDSN..w..J..{.R.p..\.%+.....~qt-.>;n.X%.pK..dX.BYZ...*.].....XRWl..7..h.qG.@~.X.X..`Y...{..lC.:...ta.....m.Gu..&S...vJ...T......:w..z..q..vR......c.C.U1h..........x1...O...:H...b....wsD(O0".UG\...<Kd.0.S.Hq.....4..@.(,...8~y=%.!....<5....d.3.a.=.d<..F..Uu.x...Mu...z|....~ ..,...gB.2...S.{.7..r.?.`,..\WC{}.E....c.>.....9..1.hH..&.j......hWB.Y[P$7.=?l..]\.....2.......I.....T.H.....WP?.......f.Xj...E*U.c|..i..U.\1.\..V.1.P..}....r9...?.4.T.J.TT....a.5P.9.L\...rN.....B...]GO.4...Y.....i..`.e.?$..>.;<........oO`../n[...A..\.xH".D..A_.Q...A.....2.D..].\.......KcrR...+.2.D:.T..9Y..;d%.M...c.q....`[email protected].;/".*..t.w..

C:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997593435804514

Encrypted: true

SSDEEP: 1536:eHh6VOjqa3fqqgY4tHyQABgxTz/svjPijMvaHizJ2cKQ6tmCMLp:eHh6VjAbkyxBQ/o2q4HmvF

MD5: 3FB11E76F26802B558393A0BA32F9EFF

SHA1: 86DCDD47C9381CC94C4ED04E0B6FB53C291A963A

SHA-256: 0597EB17827635CD0DF70602C2169869EE322D9220CDECD27E47D5249CF65C89

SHA-512: 0665C5477D6D070D81B33B1789D0105BF78D5C50E80AD2A8F2369BCEA55248B3B773F2A58BF0855CA60891237A94F4AC9C54772624B013B311449A2B09CF6C2F

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{......=....t.......u.L[1..v..D]..+..H\..T.,....pA...G..VP#R...1.....X.p.1.b.......A.g..7EJ...e...:b&..t........Y. .K%v3.79E...o..6.Cv......=.....gO.....I...8..%......x.T....9#Wo|JF=.No.s..L.L.n.Bf.......'........y.......38C..j]......+7d[.LRDt...<..U.~.U..H.C...du.[u..s.-;.U9...y....F...[W...;.....FK$../..o..5..|...%..9.....|........K7....P.....y*zG:..+vo..L..=..}|.wg.$.:.4....\[email protected]`.<}.R.9....\[email protected].<_...8.62...r."..!..v.p....'..`[email protected].*.FU':.$.Ry.X...T.....h..)......~...B....7.$U,n|n...]UM.bi....O6L...Ea.%........4..}.....Z(i6.....j..0{^..exm. ..q.C...V...3....l...?|.:.._FWX....p..d..dq..JPB....<.w.|.....Y....'].: ......g...T...3{...Xmo.+

C:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.995755869910042

Encrypted: true

SSDEEP: 768:4VNAaPpaTN6hdcGTwPKPlgji7VVdXZTpEErocJDp2S2zYqRcs/UvN:4VN7akAT2lgjSVVbd8CV2AqeV

MD5: 421BF36C3B4092E26EC842372B142284

SHA1: D3D3F8C38000F069912CA9DAB99E5EC916B35228

SHA-256: C894B59833B989EB260801FC4BE7948D75BD4D10E2AF982B80B9F61BC61AE489

SHA-512: 58EAD33610833077BA70F8BBD2A1B05DEF83629E8ACBD7A1D2A521F18338CD4B4EC3B19F6275DF66D70A7111772E51DFEC1B7DE54A4BD290D763031460B8E83E

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%....^.S..]..-.>m.9...........A..7W..9fw....3w`M'...~?..@|hFe.b.R8....=.503>.J...Tc.Wi.'..&d..~.>>zy.G.5....... U.='.T*.>8..J....!.b....[?.. .V...UM(..@..+..N...JP...\...W.. .).........Vud..w,..6...N.EC..^.2..y..X...c..d6.P.L.*uZujÒv..5..p.._k.Q$.!...z.,..I....<..c..a.......Q.?(,..R.... h..J.8.S......W\...')..&i+.T...U....Z.R.B...^.p...C...-`[..À....\..a_..Q.^.X..q:AL....d..'Z...NJy...P@^.o.-w....n[.$.m!.5$....CJ....U#.m...K..t".P.v..R../{.....l.Bw+...!.H..8.........;..\....5n..:..Z.gI..:....U.?.7..m('..E.n..F}.~.....)1_..0...Q|.U]6.tK....z..n..]..r.]y...;m....y...{..9..J..t....$.e...|.$...P.J.|.1.._?CX..E.tFog.8~.|...ptn..{.\]a......0I~V.....h.k...M..I..w..S........&...,e....s.N.D.;,..iA.n..qG.:...H....:.....:TH......W)..H.l

C:\EFI\Microsoft\Boot\da-DK\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false



MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\da-DK\Recovery_Instructions.html

C:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.998051444428724

Encrypted: true

SSDEEP: 1536:1WixPXINPswXTkv4nRsCjvgG+yA2/gOgeVQ4CR4RFz+jSnnsWdRqF:E+PXINPfkvNVyF4neWvIFKqnsWG

MD5: C3B28DCEAF588B5AD4442FC8B5352052

SHA1: A8B3B5AB38141A64672A23AE8BD6D60C1366141B

SHA-256: 8894BECFF9F3EBC9C2D734B5F3341FD73017EF3BD42C2A40008B3325586CD0EE

SHA-512: 8B6B024E25A9BA11669BCAE8EF4F07C6FF3EE9D5AFFDB9C77D07B99FF0B2A7C79D39D916E096FF53BD044F8DD1E99CDE3CD37FF1084B3B5E8F1178D514EBF837

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....2....W.....?QeX>.4.`%....N...h.l.e.n-.2..Tt.....h..]ta.@|o.[[email protected]...[.i$..egS.X.R..r.1^.p....5....&1..|.....y4.....w)..6...}....vrF3...+..o.yBg<.y|f..4.\.*.9.T..Y..Y..6.g.B.?.N.y.+.J....;.;:....N1..gQ.{R..{.a1... .S.R._...*h0\1..-6Q...r...!.-...|CW.6e8.w.!<!..R..(.../......_.s,...o.EL.\..0..:...<8 .....&..Bv.(...C...t......z.w..\.....A....o2&..n.Mpe:...O[..X.......g.Oz....#..B....."..Fu..W.....R4/3..tx.....:.Vr~...d.?Z..'..7,m...a.....2k...U?..=U....E...>"..,+...z.j< ..9|...U..?..;..4.1`..N"...J.K..#).v.8<....D...bE\ ..s..9..O6.o!.b..`q...xZ....*..@.`.p...........B.#...!m....~i/[email protected].=......).%...p.Z....(@...[P].Xu...2..C.7...F,.?r...0.$.g.R.....M.&......6..S.. .w..{6V..!<w..#..6.....q.e......y...

C:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997685561614241

Encrypted: true

SSDEEP: 1536:tim9anOkgIaZ6sw5bis4VyZl7wVJdIH7m6dBzvtEaL0NlIL:timvkRfrxZdCJWtEaYAL

MD5: 331EC90CDE52625205C89FE69C7EECDF

SHA1: 311CBCB69BF07921F74F92CB3127BF397AAD7192

SHA-256: 38AD791E5F0DF27A55116EC18F2C31CC41FEAAF7D235D85497A6CFA39EBFBEBB

SHA-512: 1BA6D2C8E1D9376ACAB340CDBF4AB36CFFD31D5DD8D4C19DD1425FA8F5E3AF84DBA6FEFB142B770CE5DCAD1B781F658DC3723F563701A89955927A737A621CAD

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....2....W.....?QeX>.4.`%....N...h.l.e.n-.2..........x].....;..{T.5*.G.\..N....7.3.[XO..j.zO..,...gM.s.<.G.N..X......t.a_.s!...........9OqS.....=.h...t.8..v..!.s...6...n......w....L.....C..i.@..'.w^..K8....2...i...+.A.0=...`n..[y[....t!.v..@......&%...vj...lc.5...?.6....$`b|.*MP....5..;|...o:s....CD.c.......Co.;.%..w...,..>N.X.^@E?.5|w...T.x.:...B.8)F..^....U..%.....S..._.1.+..Q...?..*..4..Ah..$G..HS.0.w.k. >K.WSGV...OlQu.H_.....'`>.........S.4.$!.....}.]U.....RR....45.BX....^...B..KdE.9n.,zkYL.]#...f.>!.:O.R.v+.5p.5`.x...9...Q..Q..."...0.o..<.xr.Q...$...........7w..;.%=....A..ZW...)q._T..L`.e.rvt ..ZW...`JL.h.c._..C.#B...T.`.9.Cx....*U..'.D.~.{7.+.o ...n0b....+w...e..<.1+.S..H..5M..J.(...?#MW.u'I...+....G.1.+.[.....G.;.!..

C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.995998065565866

Encrypted: true

SSDEEP: 1536:Q83A30g+cNsCGIYkCnaJpBG9vFn/Xz2/a:o30E+CGazGHn/Xz2y

MD5: A276783B1B56549462628E507AD4A640

SHA1: 74130DF21B0F3CC527D9B88C6A17A731B839F242

SHA-256: AF35876EAF4D24CF9F60B62C480C4790BB240701B6EF0001BAB128EDD8909B1D

SHA-512: 7B072938A76FD980B3DC0E9F3FDBDEE3936222088B54441B34AD4E3E34DA89B09B6662E4C095B70A1559F324D8DA4D1C80F1CD976526775E6021B222C0863DDB

Malicious: true


Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%....^.S..]..-.>m.9...........A..7W..9fw....3w...t..s....q.)}L5..@B..*..X.rM.....K.J#.7...^N.........q...T..&.............x..C.V7.5...| ^..r.h...T.i..J.W.l..2..;...UX..f.+.).A.!.`M".M.....V.G..V..b.[$M.`..i..D$0R8)0.dn[F.k...pQ(..I...1....u.-..w.~...iR.L.......f.........e....V.$...{...&...z......+{...`...C:..d.0....&.`...TP.%G.P.W.oJX......qH...l..U,..`|..<...>...?.Z..R^.<..*.3...o,...E.S.x.`\;bOv.g.D.|....\].|.]....ka.....\.2....w.{..v.*..a.zt..tp.l...5:..J(.h....D.....I/...Ki.%[G....b...J..o...eC8..D...i...g......"d#u[...$O=.4..{.K.......`2..D..TCy..........";.....?q...-...=i......;.4Lj..C...t.w......h.......!..f.5........).oG..F..V.v...e...g..........G...W1~.v[[email protected].'..y[..8.1..7q.....U..n..u1.9.....u.......Fi..

C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui

C:\EFI\Microsoft\Boot\de-DE\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9979064983774295

Encrypted: true

SSDEEP: 1536:wSA/CVpWUx2y6XYJMmkyQr2ZUKhwIjWH6Zb+h2syW22oh7Dj:wF/CVpWUx2y6X/mvPDwIjGcahPm7Dj

MD5: 5E84F5A40E2BB4540859CDB0473A0B6D

SHA1: 9E524F06C144861AE5AC6AF049E5D1A2DB433DD7

SHA-256: C013DEAAE2F46C9D38550DD83866333F678C30B33A417839E956E2DB03710CAD

SHA-512: 7DAC55F664A1DCA4E165665DCB931614554534DC115616D4E875217AE2F17FA6758E3749754233931CAD15EFBA42F276FEFBB12A108F46041332985018175B5B

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.e.{.X...a...JA..H4y........w..Fup. .8L...F....Y..b.H.,,Qa.....J.2....W..Ou.....9.n.DT....oGc..!.%.s....$..E.=.....D.N(.H..%.s`..YJ..W.....W.$..-...y.-..S.tr....l.K........s.5.&........<.a..]n7.T^/X.I..w.P...2.k.I.....".....3*..u..".[......zc'..n.x"R.B...y..~.x..f.H........t.]..d...u.......l..Q.R}3.`FT.,.A{...q...B..q.}.#..M..d.#....*..V@2`.d..$..c.@.,.4.K..w-. .%....5`V.....]...w...>[email protected](.M..q|.c...p..:.&..:.%..e.....WP.%<.W.&..T.....wl..zG..7....{.K.f.S...M..jkf..n....s.....4.rw...:@...>q.3x.mtMd.m..S.......#up.......7_r..T..`D...;.....`....M.&.$j. [email protected]..`).6.}OL.=;....]..Q]..~.....4n.........D.N...IY...x..h.`..... L..P..@=.(......]s.n. ._.!L....R....TMA,8..["Ovi&.-HdD.....<.Q...Y.....G........B..p.....<.Î.yB=...d....1

C:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997465199409455

Encrypted: true

SSDEEP: 1536:8wysdPQS4Dj2fWkG/i95E40/LDUdOy6+XIfSRdLfowOigh:dtKjmWkG/i95T0zDUd96+YfSRp9Oigh

MD5: ADE04C7DE511C71658EFB59DD55D97CC

SHA1: 2F6992DFDBA02871CE13C637B7579F9B36B2AF7B

SHA-256: F363C09E610D748962BEE0DF360DC2146D876505ABD9208039C4D7F0452CF8D6

SHA-512: 4220A6337C43F3FDDE4FA0742D70E4E483BF8DB12EFF5CA7FDCB8330370A001A73ACA5BE435E40C88030438D98A21A466CA477046F2508C37BC7C49F37051DC4

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.e.{.X...a...JA..H4y........w..Fup. .8L...F....x.......^Vg.Lh..5znOr.jF..Sn,J}...3....t....m...M&|....R.W.....9/..h...,.0+C.{j.e$?.)...+a...~n......d.Z.......n.H}E.xh..OF.z...p.|..-..T7.x..=..!...2+.....5Q.t....\J.A..q...$L...}.4.2...V#..e..,.Q..4..7Hm..=.<.v...l...*...O.....g.S9.......l3n.\..zD.l.Y.P .=#.!S.......C..l...`.s.....<C\.7..~......FV...w...?%..q,P......AJ...........+...9E.-..l..Bl.$k../{.-Q(}...j...>.....2....K.^.|K.B...q......8..}....$.{0..k...K.3.Jda.1...;.k4ZM.6....5.3.o..iX..R.... .Db&[email protected][email protected]....'lE.....:.....g..~O.}/0p....k..A.F\...yk.U9T~x.........H....N$....b..z...`.P..N.;....o..O...W.i..n.B....E../....[x.B....^./l...............g1.9!.o: .B...U)u...G.o.o......d..G...7$5....g...x.#....z.@


C:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.996524491532711

Encrypted: true

SSDEEP: 768:xIdnNSz5AtMVTXwPrcCYVk9eplaGBBYUKuBjOdvzAEsMOaRXdOr9oclHLndEVPof:udNSd/0Pdupval7uZWOgRXdMqaLnIted

MD5: 3A34B03D6837887917F48FC2E2D8B538

SHA1: 8F9293261AD41C8A13A1936FF56E0E4B89E664DD

SHA-256: 9AFF3701EAC9F1AA0715B60C7C8514252E9ED036EEBC4C30A80F23FDA0247243

SHA-512: 6F447F008469DF5AB416C2B72211E12D25E05EB3514C32783F2C03A0FA02190369F7ABBEB06BB3AB098C380A6676B6F0AA11DEA18D3B7E373820709A338C3173

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.H2).!\...|.(..~u.!.2.....m.@Oi>.[.....Wr.o......._.27)...).K~.&...K........$..p.=...d..^..bEf.......,...C;......8..<........,4.2..E..N^..U....Y..........x..c\[email protected]...^*.\..*P9..%h.t.[I..4.p?.ba..=._!-.V.KA.Q..M_~..."[email protected]....>4...:_8..........+n..I`K..L.._k....B...|.S.^.....I,.....k..g.q...I......?........N.....k..2..:..z/.`[email protected]...*Y}......O&.d....T.Z.........G..w..6..9........G.9.i......\Zu...$.....cYBN$...n7...X.o..&SS.T..16H..l...H\...T.A...a..s.F}%~u.n9..a.S..p..n..M...F0...F....)N...N.y.].......8d.f..2iy.+..T.....8..j.3.:...~:e.)E........].m..$z.+A....;4Q..:.....;......u..N...uZ...T..<.".~.H....#.....;=.M...&Y"M..F.MP.y...d....6.Z. 0.].....Lx....r.7 ....A(#|.......5..8..#X.!..O..........^...\

C:\EFI\Microsoft\Boot\el-GR\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9974161885061195

Encrypted: true

SSDEEP: 1536:racj6z8ydQm+Gdc80k4gKAlfRmDRf1ljWnwdM1vcH4ADfU+i+lPg6wSR6P1M145Q:eci8yz+R8ogxRcRfmwG1vcH/DfU+isPF

MD5: 67C9F7C685F03EBB15E609338397FA09

SHA1: C3FD10929B434DAE551DE53C134D70A7D17901F9

SHA-256: E48871180675AE06B6359A77971FE1D187D44AE3ED2187251C9EBF6AC09BB10F

SHA-512: 8C8293A29EB341CF2CFE9B2C43E45F1022CA062AD0C5C4E31377EC574BE0601035679CE7FA57AA6E776C612DAF7C4FCD9A1A8E17ABBC4EDA9DC02729EA3B4143

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%%.J.Q..x...(}.}oTwTmw.A]O.}.$.h?'....j^........K.U:..N;.W..W0F*.......t......7..;[email protected]+...........d..r6..?p#M..,.h.EIo..z....+.XDO....."0.x.k^-H..'...:y....$...E.KL....1..VLU..9......'\..>..U.f\....=...U.#.T^]...]...K.yZ.w..&4.5......q..U.;.9..c5.......vL@........@5s...=.^@.Dz.XO.|.w5odT.f?...X.z.b..YC.3t.Z.I....UG.!...OC......./...}..09j.b.......(.=...X,T.....f.vw.....=.>...I!.h.j5;6.i...1.;..I.r...3..LO+......g.z\.B=IW.(-.=&>..../..k....~.a....QD...I.fn..x...9lC,yM..s.>j.........q.17w.Q.!^....K.R.q1.z>."..R..^.`#[email protected]@..% ..l.;..k...JJ.g+.i.vp.L..Xh.!..S(...|>..v-.va...oW..2.h%.I..m`[email protected].............,..9N.r.g..R#Vj..WZa........T.R.1..y....4..1.5....n.....p......8.Û5`.

C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.99781006129731

Encrypted: true


SSDEEP: 1536:1Rw3x4WesWxd4rgYt0PomhNxOeCDZZ5zsD4FWTVo/L8JZ+dr9tAqZB+2g:1RIm7ZxvYtYomZPCdZDoTJ4db1Zc7

MD5: 55DAC91E29037EA7533B238F8A288334

SHA1: 8BC19CDBEF20703150F70CC2678C34BF686804C8

SHA-256: C742BBC67AAF03D4A16E25ACA9B8BF7C2F0960B8FCA733B60386F869FF91B13A

SHA-512: 77EDEB38129BCC15F6D8D7AF592242647D628492311A9008199D6F30723AB1F41C2354E3C8BBCD5122741BC231B8BCA2FEA17686938CE3872561ED1185F233AD

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%%.J.Q..x...(}.}oTwTmw.A]O.}.$.h?'....j^........s..yK>#.f.jd.........O..IF.....#./..c..G..&.2..T..6....&..H>\.'..:SnD.=...{`...a&......q)*....Xf..9..M3..mmN..........r,............c.kH6PM...'...6..~Y......0^.IGRV..B...E.^&I{5...}..)...._....u...{(QcM.S_BDkF..M.......ZA&.F...G.>;...xi.z.\H#aa.../..H8.u..[._{.C.H.f.C..}u.)R....s..r..*...I.c-.m.Jdd.~[)..F.....N.L~']:gPH..*.U[...H+..3...E.....<G...[.FA..&.6+.M.}.t../!R%.. ....]....W. .o..d.....y..{MSJ..@..}..W_.O.."PC.9..-......={.`#eX.vXM.D...-.j|..i.$...v.E..cKvO..>.^t...qK...hKd:.m..s9^X..*0O*[email protected]..;.g..p.(...];J.J_..+..I..f...P..+N.I..i.Z....&z...F..W.b;.==.<u..|&..t.b..Z...g.TF....).B..rf..........wjF3..y..R_..... R.m..%....rl......x.41..V1..Z.

C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui

C:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.996419414075065

Encrypted: true

SSDEEP: 1536:VzrwnwZVOAZT/wntS73YcYrWMt0juB7+cP0l2lpKmGp:Vvwwjj2tS7RjjuYO0lnmc

MD5: 1627B403B41222C7EE6C9C0E0A433985

SHA1: F41B83B5E50F1E7D691E8C0EB3188219E4D1CB5B

SHA-256: 10095655DBBE4ADAB4FED09C651D794FB8A5BF1AFF6C64C834CA5C2C3A75D3B3

SHA-512: BBD81B86720C67A1C63E703B3A026FEAF272A4E17FDD2F67C5DD0A4606C9D249294B2279D8E20D8405BC675A86530EE59BC3655B6B8D87E763A1CA9727C8C592

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%......*...`.KF...:*0.....T.....+.. ...y..j.Z...j<.T.3..2.h.X...%..........9j.." ..=........>..S.....6i...../B._}[email protected]#B..j.Xu.P,..b......|0.<.[...=d`.#.E........h..i..4lb...../r....pwt.!Gl.!b..S./.3d*.G.MI.L.......lW....&...<.z..En.q..1...T$D...&..Z..).[..`.....r....R7}.x...J8:.o..Bq..=.p2F...i..-.&s.q.+.......^.=4....`..x+..O...[.X..b...J.UD>.I.".(o.x...b..D._D.t^.7.F..#~(.0>...8...'.o..|.v}.%.|...Y7g...B...5...*..SW=>=..u.......(...|....fwc.&V.1...l...bl.....l.........4...XD.].....=......"JE.v.N....0Bl.....8./....r1T._e3@..|1i5.>...8G..?..f...=.6..M..d...T....i...h.W..)..9?J..s0.b....:.22..$r...\.xg...]..W.:0....c.N.b3M..'Qoi..].>.b.]._3uA.>.<....R.C..-.....v..ro.&...Y.....5....>8...?[....Z/s.E.h.v:....< .:

C:\EFI\Microsoft\Boot\en-GB\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 9778

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: B8C51A0AA875AAA944F10179088D8EA7




Malicious: false


C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997691549642442

Encrypted: true

SSDEEP: 1536:cVY0VCIls5IG1pG4OdBI03iR5H39YRprRSZCfnjbN:gYKCIiCGchI5H3K56wV

MD5: 5BCF16C3D62F21E3866FF6DD39950BEF

SHA1: 72B61E38A78C5E7F06C7F7C5C0E0BA766DD6C0DF

SHA-256: 209C85E54462088F03F98300A3D568139FD192E3923CEB93E94DC527A722BE14

SHA-512: 1047E32C2D113D9BCF0A9AFF1077FF63E9EBE9D87C669F08F65DA56E79347692C75F050C46BB77BE74D44820C02F5CF76F90BFD74E742D932CF1CADF073D1767

Malicious: true


Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%G...n.H.)[email protected]..}%.f.N./..wi,..z..:.{..*m..%....R?...,Q.{...S.......w......oy..#..3...JN..C0I..G+.l.j.Zr..`.P.#yV..1V|....`b...s.......O.>.;.{n`p.<A/.S......J..G6...c....dW......k).,.`..'....B.\...Y..w.K....sL....[..X...2j.#.(...k...F....,..]...0Q.n.e.b.{;.=jE6..c..N..t..4......G.)z.d.g].Yz.......2.Ey...,..=...!..7.......`.A.. [email protected]_..u.$..S`:}>a....t.-..-<...`...m.U..x9......(.o.h.T..U...z....n..-..e.4.`.....n\'y...>....1.nQ[..&...-..(.X....(.....)..K+...0....UC....o..Q.<..`....."..]..#.....<1..'.tS.&aE.Lx.yJ...F.:......J3/-...(...p...B..V<.l.K....]..^.0..W.....m.6....8..E.x..../.q.....b./e.y.c>....e.V... ....A.vV..c.i.MMKi..X.:c$..xA.xCF...Y......E..F.)..L.p4..N..w.eJ.$M.H .:.=Ek..H:!;.t..%A.d.g.%9.c...(C..\.....).n-e.g^

C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui

C:\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997800863519386

Encrypted: true

SSDEEP: 1536:Qu5zosvoJyGQCsH3wYZfJg41U3/72mBDgv9rx4sVYZZTUF:QI8XJcCsjfJmXBIjPim

MD5: 38F258ADD8E3A6FB6B6BDEC550F63A55

SHA1: F87E64CA3F0E44C70CBAD18C4EFDB000F54E09C8

SHA-256: 64FEE9D27113845FB91CB9AC7D9FD5B255B83D1024FA3C41063556161DB0E8F4

SHA-512: 8FD51E546EEBE52D62DD8E4D44B0F2AF8002E0699583F4C2044255431EC25066480A215808DBED946FBDC0E27E8606BCD0131F908EBF2D0D4CE2AEE572D1CE6A

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%G...n.H.)[email protected]..}%.f.N./..wi,..z..:.{..*m..%.....P\..6c'..c0-%"2.[-.>yX..3.F.}/.,Me......_..~..S......3.4N...;.Qb.2...Js(.......I%....D.`s}}K...7j.8,.!..J`}.c.u..M;..v....."......B...r.IFoghc.Z..l.......+...>..Fk...!...v;[email protected]..."...#*.Y.....Ix..N.....EC9....q...a.=sH.yX.E.oA.l.+Pb..g~.57.Mr.+.$!...L,s..E....;@..jM..^..7....+.8vY..jqS5.W.d..!..4w81..$.?<......H..%.9.f.!;.{l...@n.=.fO... ...O../..f...CC.....!;.g....9.....0t..Y..Xet.y..,[email protected]:Y..6.....Rt..&q.7.......".N....x@Yn ...z.L3.9.z...7.$..K.Z(^ .......^[email protected].)=.B.hokR....{s9....<..uX.l..{.....h.....S..bHY..t..e.4..o...c.|....:Jd.p.(...Zn...g..#....<.....k)...U.p.h.2.6...=.)C./......|..U.......+1...[e..5.4(...:.....i..t/4.w.a..x2g...?9..JRK.. .D..HA3I.p..%.M

C:\EFI\Microsoft\Boot\en-US\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997611579449457

Encrypted: true

SSDEEP: 1536:fIYDoxQ9U5BxwPpCXZTgZRwOx6jowdrrPZzFFVJUmPDWuZQP713v0DuEElN/bKz:wYUsU5/wPpCpUZOmnwd/xzFF8nuY71MN

MD5: 7AA561A13AE289C25D671DE89DD0AC69

SHA1: 4AD6C590D9ECEAAAE71232CF6FBA8DE8263FCA97

SHA-256: 3327404514F055195D6078F025FE4A03DAA1A8E54C0FF37C8A045CEE444989BC

SHA-512: 91C2BACB4977F52F31B47E76FF4D66EB810EC5E94FFE9222C500D34A3A3BEBF576F4C59461E62D9BF69F5B332DAE8740305B3BEC483175D33CBA1017002128CF

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%G...n.H.)[email protected]..}%.f.N./..wi,..z..:.{..*m..%.....;).|...0.......].v.......M.:.J.d.Y.> ..i..<.A...y=...hn..+u.:...3}..o....K.D..J.w.36....V]..I.....{^.'o.Y..)[email protected]..\...+av}MOMd.,[email protected].?.\..[q;..j..`.k5....b....0..F...E"....NB1&[..4...}...........=...c..f.n..h<i...?La......0..4...,..R.......p^..z...V.v[wX..Y..7...&}..)..t..v...U~....7.y.y...r0#...........?e9..B.Y.&..&;....+q..I.- 1..O.zr........=...G....P..D.....A.o...i.S...".......m..H.o.....9T...{.....SX..G..h].B...l..h..]....%..]......SS......x.NXW..B..s#.v.F.....a..Dj..b......?...9.x.].~_.*N.....oe.P.w....=UapU^5.e...h.j=c...a:..........e..X.3...}.c.Y...T..M.\.._8T4.....G.q.jiv...v.....l.....F..o.;0..1....;2d!.....Yx..J..O.


C:\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997645399294351

Encrypted: true

SSDEEP: 1536:mCp+O2/LMlZwULCZQURhgDMjdZd+wFBw54u9Coe5sdFMIweXw2ZoPNA2Hv3E:mCK/IlZXCiUYDkdZIqO54ACoe6dFMbUB

MD5: BF42192FE832AE2E90C40CA95E9090E1

SHA1: 22F619ACEA6003A87D0BB21E331F208371F7D6C2

SHA-256: 0427B8870ECFF1E93E31482D54058F616E4D56FF7558DF43A2F9C196B0D33B06

SHA-512: 24E264BA93ABD8F34D2727F9C83000DAF749BFA82B05F023177234BE9998D8ED63BB58470B0707D1EA3EBCCB487431A63D2B3E0A3C8E7BB14D3AF61273DA7C34

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%G...n.H.)[email protected]..}%.f.N./..wi,..z..:.{..*m..%.......7..4..q7.2.@4..._...H!.;@....=.Y.6.,..O....2..qd.g..5J.X..`<.<.....i9..F.(TD.y1.u......v...7U.o.......,.8N.tW.:...+......3W.....P....[&_as.,.......w..!.Z.8.V+3._.=...i..4*....)....!of..n...t..H"-k..3,.G...5....~...wq=.a..jj.V..!K....yV.O.C<..b{...J...eo....w7.w.i.\..&....?.H...'...$....=d.<b.G....$.N..".......5*..=O..aa..4.$......s~......S.s.....(.H!....U.\.....I`.T.H.].U...9..g.v{{..79.5t..W..._...p\)V67.-....qb...l.av....hw.....{.....%..3?...?..i.!7o.6P...L..G.:...p;.6....v.C.X.r..H.|o..p...)J.HS.?..x<*...>Uv.!x1.3.)./.....R...H-.....ATY..g)......e..8......hC*..,C.Vx.N...E]..sB.h....Y.UP<.CF.Z.\=...p....<..U-..?x...E.r2/..h..v.Ws|...2...........9c^..f......kgY.S..^6.\...1d"..._.

C:\EFI\Microsoft\Boot\en-US\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.996036642141688

Encrypted: true

SSDEEP: 768:I6/yug3Aozj0Ic7JsxCweaQtKcqrB7Snqu3pbhLST2KJvjkoEoLcASAsbhH7vPz:jIQocCxCweJocqN7SqabhS2igZopsJL

MD5: DF84DF5AA216C360182B97F5BD5EDC0B

SHA1: D29B737F9391E0E73AE3E2DC79C3D0C7CECECCCF

SHA-256: 54A6D7510BEFF197DA19D6BC98A0B6106DA6637AAF3FB690CC5E70E52700C65C

SHA-512: D22A789D41DF2B52695318492BC8DCDD659A16FEEAF21413E228AE328AEBB318DCAA9768865A74FF8D212C0020E80069309A7991A83582689345EF965AA65712

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%@.%..w....|6&yT.j$..CO....-.....E...<Rk.WC...s.wE..4.p.7.......&..aW.5.].~.{.......4..!*C..ON............T.?.......~.%p..D.9....$..e4qL...t;e.Qn.|.....{.9..N...rk...D.m.H......_-.W,#?..t.k1w.t}c...T'..h.\....6...2>..9.R./X...m.t..x.5..q5i...._..L...e...'.......4[K...M..aUw..Ue...0.^H&iXL....l.\;'?9..x......jh..K.3...b....Hz.,./....bx..]...Òp+.X\.H.D6.\.^.E5u.0.Ek.....'..]W...s.lD{s.U.{.].q...O..iy.."Q..C{>o.f..../Wk.P..........v........J.I;...o;R0...=.I.Y................=.d.B..-.2.-t..........).t...;...[..w..0../.zqX.....w..B.._.C..:..]..I.;..g.z............A...I.T*...uR..C......*..#<H....1.j.zw~.......N.3./..>.B..,...\M..O.g=..(.!....4/ 3.npjIq.C......BU....R......>....GFo'......C..hc(I...-'6.T..'.[.V...l.v.....0......8..d......

C:\EFI\Microsoft\Boot\es-ES\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997869611773421

Encrypted: true


SSDEEP: 1536:oXv6NzRjganWpjJ9HQ3SApq0nGJ8WDOUCyPyGFAxXdhZ/PbRZM6K2:3NzRjg7p9OpLM8WDlN2XdhZnb3Zb

MD5: AD5328BEF1875153A0678F6622CC63F6

SHA1: 55A7CCE4D6B874E5F13BF599C830E999186BB3C8

SHA-256: EDA2887415EBA1E1BDD06525C8AFDD02B5E0E3D22DE533F654063E58991AD32F

SHA-512: C3FE10F07A3351B4AD4C4836ECAAB5F7A2A26CF4DD68D449D490684B942B815DB98D8E883E961D2A6C0C1A0B11136124C3F1F084C4D4354863C8390087F804EB

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.....].(7.n.B.!.DD,.. ^.fP...(5.#<d.um\N.V..........u.p..c.Z....<.E......B......x.&........-...8...........k.}.f;P..w....Xa..=.>..s@".W.{..<....T...a.....{.o.t..R.H..0.2.%.p.n4..+.....}!...Y.S`P....[..8xI....Vb....N....T...Z......5....e.........\7AYu........ju....S_jYo;.r..U.i....YPOIhhA..&..."W.l...Y...._&... Dx3.\.h..&c....qqz.y............Cs...jDy$W.-.....c...j..|.R....0Y.+.Z.x...2DH..A.....M....7.fP..../?p...Z`.,.........b...?yx2..:........s.....i.T..]..g.).t....<i"#.I...pIf[...fs...).H &.....v...Z&..4k._1..z...d..U.ZPI%s.(..y....B.df..^..B...(n|.^......1.9.a.0A...ci....M.x.........-.i.....N.$.....Tr7...$MC:d.$.=.Om......:..m...o...nQ..+v97....v..%.QR. .K...(....sp:D..Rv..V......EE0..M.....S.....g../..\......C.?......LP>..

C:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui

C:\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997852783804539

Encrypted: true

SSDEEP: 1536:lnvlK6M4v6I+HvpSZuyWAvLyLENyFMwsd9q0B4jImjRND74oyLZZ:RvlK2/+Pp9ATyLVAv+I+Nnk

MD5: F52FED5643CE213ECB9D1909268C9622

SHA1: A75F80496BD013D3EC025C970600ABE27D0D887D

SHA-256: DB02DB745E924F24C0EEE6181F311C17E0A24F7F42F86A0262AF5C8EA0BB7BCD

SHA-512: FA98A33B0AA6559BDE7A6A7C9C154314DF9A37C1E260FD9841CA94FB0BB52A84CAA70280C01EAE58A9DD458FC1762C203CC325D94A2147DAB88D60977E54055D

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.....].(7.n.B.!.DD,.. ^.fP...(5.#<d.um\N.V.....z....w.\[email protected]&.6..bi.r<`...(.:3..#.u.s...e{....r....0^....4...b....b"...$s.'`%.M.%.Y.du...K227/..'.2.,..B.A.;.[Ucb?..Xm6..w.jf.&.U..wD....v......DH......5>......h..g..w.z.....co....~n$I...Z....Y...6.........è<..DJ..c`...z...Z...`...n5...R..A...,..:[email protected].(..g..;...:k.A..<,.U..Ew...H....9i.._..T.1....v..i....~..!..`0.E.?1.^..a........?...'D.0.N..{..}#;9......q..7\+....)(... .k..v!.Y..".I.w+~..K.d.)..!. >%.7.ML.../b..6.a.)*.v.J.$@3r..+H.ze..o.j..a..<...'D......g.1...ba|0.~."i........bV..j...K.f?vC...M."...e{&..,.h{;..V/._..*.YR.G.=..........>@..\v.xi.4.E.wh.dA............~..$.GD..j.7..]H....|...1n..eZ.z..r.J...n.r?.}

C:\EFI\Microsoft\Boot\es-ES\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.996848642748312

Encrypted: true

SSDEEP: 1536:TsqrnqegneOVsWJKBLPHi1DRg5PISpNLVtM:Ts+nqZeR8KBLPaRg5pLVtM

MD5: 7C64E30E1D1043E8C4F1D59145E05E95

SHA1: AE749B1EBC0A093C9F86ECECB5EF1DF75586DF50

SHA-256: 35CECA2D09F8B24FC7738E0BDA9B37FF05DF11432EE72584B4076D3AF02F6C67

SHA-512: 1B8896F3E3CEDB3025D280443955E720EA8C3D1F2D53A60CBE75CB1EA37CC0D838CFC00F24DEA37388EA2BA8B7D6265E289A691597C7E7F211423C46AD4CFED5

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.H2).!\...|.(..~u.!.2.....m.@Oi>.[.....Wr.o......y...,..../.{......?....hW8. F....o.~.....?.../..PF.T..`.MDb...e.7....Gec .,.....x.....p..R..mE...M...3.....PC.H"........i.....xX.k..teus*....-c...$.....B.....*..K/......Q?,`Y..;...W....M;....}`f.0....ZJ.p...by.....^.. [email protected]..%..U.9..]d...hb=.T.<..dm3.>..K.....Y..............X,$..>.=...<.x.2.....[..zw..Ax}p....A.+.sX...L..Ldl..../:Q'u.W.3f...g...,..=.m..8....MZ.......q. ....>$1$..%..=..u.\.&Y...#.f...f.B..o...a....EDu.m..n......Ka..?..h. ..Pc +...!-{...8.X...<(s..z....<~;../B.ZZq.=-;...Fn.....|_..^d.5......geez..~..Hm...k.\..;...&..5q.x 'gX.r.S..=..,K(-..."..t.....%p...O.~.7i.6..~...2=....R...I..../.O..t...e=.: H.Gm[.d ....q..]..J.....PX..:'*vG....O$.Wy.)......i..0.i@..>+......t

C:\EFI\Microsoft\Boot\es-MX\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 9778

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: B8C51A0AA875AAA944F10179088D8EA7




Malicious: false



C:\EFI\Microsoft\Boot\es-MX\Recovery_Instructions.html

C:\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997700618788961

Encrypted: true

SSDEEP: 1536:Ndx2fRGAvwtysQ7A3SNJd6CG20JxUt08b57ETBjqwQ48ehY3O7:z8fRDgygSNJdu28Ir+Bqwl8p3y

MD5: 22769EEC08A6166A875032191A217574

SHA1: 92172F5DC482B22D04F6FA4749E6E6F81CEF9458

SHA-256: A96B226343B39DDFF142F69033429484A8C158230E4C582DC406E05630DA9A3B

SHA-512: 4FC07B582315DC21D098FEFAA56E2D51AB8BF90D93937153490696E2C2A7DFEFF6ADDE5C41C2E4FA2978CEB099DF099E63433FC0ED5247CB131698B43F5DEFC6

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.....].(7.n.B.!.DD,.. ^.fP...(5.#<d.um\N.V...u.f...k1.......n)T...W!.(...m.y..A.Lk....\...<N.6[>......(...c.z....p.W8..]8j{ v.g;$xk$A,v|.9...........j.4@D,.h....1O..M....d..4..PN8..9......V...W....G..s]...y.lB#..........rO."..u.J9.D9..`f.U.i......lY6h....XI|.....w...[QD3]3?R..]x.|$..B1...$J.[o.wU..AB.b...I%...0.>..=..m..#~.9n........ ...kvr.*......~H.N=A...Z.D=....y.f..<I.h.=.....fr.S...k-.h*d..8...vH.~.~]..W....7..?...r......1......zZpg.....`.....o}.....o#.v-).r;[email protected]......{.....q.9.S.....,"..@...+.....-....d....!v;1A..R..Y.n..\j......fcN.#...[....Y...<my...2.....r.-..........s.U$iy+P...H.i0.B.Edg.toF.[.Îu....'Y"....f.X./..Kj...)..E5...].......Y..|T....G.*..L..2"%..y.Z.V...r..K}.2

C:\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9977341262234365

Encrypted: true

SSDEEP: 1536:JjvQI1hfV5ThcgOxaWEpChlXHQ7o7ZDZV+ot4JrhctJyAbF:JjtvfV5FcL/cilksl+oQhcttF

MD5: E4061A306CB015835212F8FFFADD0E2A

SHA1: 1C131FAA2D11D798089735A3E953A24B4203FD41

SHA-256: FC852DE46C9FE83EA11DFE4C3018A41B576F5514A94807AABFEA6D2D6607061B

SHA-512: 31CA3F412F3AC1430E56D2E95F70B1CF7DC97530F4D947F05B0E2D6BC87683458FF98BBBC8AB4A2BEDDD87E0083888553B0E639C820394525DFF0834004A0B15

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.....].(7.n.B.!.DD,.. ^.fP...(5.#<d.um\N.V...xU...k<.......q....*s....z.......O.<.?..Rm../.w.N..T.k..,...oe.....i......Z.u.../..YV.........*s..U....ej....H.............P. d...)..,iC6,...J..j....} ........o..........W?.t.......%[email protected][email protected]..\]..%.J*j;...L...]..o.+......#.C.e.nT.'..3A.L ..?,.p'...TD.....[.U0"/~..ac..~.....\49.G. ...H.....k.7..f.m...d.&.\...37pM...+=....1......p.8.9..?7..'~2..(..&..J.+.6oMK.R...HW..3.ut.#....t0U]A....V....U9.....R.a...~ }.Q.Q.......YaQC.....p......tB..........b.y.$R.*.....[X.'....4.\.<5. ......vU.P=..p.~..g{O..C............/..W.t...U.1.Ea..b.}N]....Rv.>[email protected]..^..rm.[-K....%5..+.. .R.L|B...^....K.Q....u.b5.r.6..`LD.:..SW.z.[BK._..`...P).h.h.

C:\EFI\Microsoft\Boot\et-EE\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 9778

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: B8C51A0AA875AAA944F10179088D8EA7




Malicious: false



C:\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9977131425972825

Encrypted: true

SSDEEP: 1536:aS13HwDoorem3iwGwVaQoaqRFU7v24xJSPO9GX/f14sC+wwot9SIwROIO9be:EEozyhwUXRSv20J7015m/wR7Ohe

MD5: 44A959CD26AAF7867DE0BF007CA6621F

SHA1: 3759AB356B438CA33CD71234B376397E6AC14BE2

SHA-256: 04334F2370AF44EC13B9C30DF97F64E331EF1D99494B9900A27A0E72B267E09E

SHA-512: 9F06D13EFE55D7F57BD8C032F6CFCBB30CAF863DAF3D50CFD4D6E3B665E94C1D80A1DE16A9A29DC71C069B118DE316A054D89F519CA68412B7688AFA65E0E4B5

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%..........F=f../J.........`.j...-....*ZH.1.v}6.J...R.Zu...}!.JR.=g.......b<U.&....L......?..~..-B...4=4. .&...m.\*Oq4d...'^..[..].K.G.2A.B?..r..........tP.#.^{..P.t.".N.. ....Z /.pGff..wp.r^......T...&.l.Y...b.(..a.z....V..G...P"...)3hk..w.^...qH<.KNb.k..\...P...F}5f9s..$...&ii....O,.+.=..G.1..m..w.!.l..#...........3;..-.....H ..b..8F.Qn..\s.=...<}<.2f.3w.EO.G._;F.=..GU.;.:.....V<.x.b.....$...13$...6.5...J.6.\....qs.d"/.`=E..&.........G..U......,....,.c.sU.....&.Te.]..6...........u.VP>4.M.`..=...'CtE... .j.F#i$).a....LWMX09.N;.....h.h....tI..a.l..z..q.5..'q..=..C.p..K{,5..yGs.l...S......,Tl+*.Hp.._;h.2;.9tv....S.Z...tV.1........d_M.D..&p5...uvd.U.o..Y.../..e.(.|......:./@..:.q$.gr7..^.h".=... ...s.J....S I.3..[..

C:\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997506287392702

Encrypted: true

SSDEEP: 1536:WnZyHDmFe4BHxHtd1vDnuEmNirPfQeDjJK1Gt0bbmqKe6XAHTP+/T+c4LleCV7qG:qZMmFvxNnDuEmNYPfQeDjJK1+obmqKRG

MD5: 245DCAAB2390F534291A157D1ACFF17D

SHA1: 570A4FC9C313499F666D871E3D692416E04A7703

SHA-256: 8C0C6C48F8190709690E3FD3BC19DBC496DC7EEB16F8142568126BB698CC1055

SHA-512: D8437EDBA91256AB62C104A906A2E28DE7BE8CCF9DB58871D1607CC984EEAAE50252CA273A7A92D6629B7CD6474E3F351F85C41F9811CF76C5299CC658DB70C9

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%..........F=f../J.........`.j...-....*ZH.1.v}.o(.if..Y...w..z....o*..e..e.`.7.~*S.b...P..S.(\A..q.....$8.[x%..1...s....j)..c...4..c......r...W.F.0..`DT.}.h.P.z....vFc...8....v.....y..td.i.T. ..h_.u.........A....9A....X....7....&0R..7...fZ....;.l..W.R......7C.o.....b..r.....8&.Z.......X..9.....W:L...y..v.M......<.=Z/.kW..R.....Zi}...v?.xfr.....6.~G,..~....j4.Q.o^.s..:&...~.][email protected]"WN'....#...9*......`.O5.f.y.Z.=.g&F...7.(C@..\..`.F.g#g...C.o.......q._...}.e7.2....7.f..Ve..A..wL..h..Y9...Ym3......=......g.JX,......SB..F...3...#.U....0....s.....uH.........Dxw..C.!OX#[email protected]...&.....*o....... =..n."....._.7..r.V..z:.... ..H......=.....$t,|.9Z.NuDJ...GD..o.`..B..DY.....]...J.....nI_Z...{h....Z.....k

C:\EFI\Microsoft\Boot\fi-FI\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997723307180774


Encrypted: true

SSDEEP: 1536:yqozDAWCfm1KOm+WiAzWlZr2VJRkNk1iL82kjc2+fTlU0SrplAH4bYn:yqlXmwOmviAzMZ6Rk2CUcRr606bU

MD5: CB5806D968581EF7F0F8A85E20BA3571

SHA1: E7736CFF767F2A2977833F9416E3F33C6E1606D4

SHA-256: ADDE955A3B3D1118ED2007B5A1702A7509FF71897D0A59049E30C2FC799D9992

SHA-512: 01D7D8DD7F1F1D8BCF659F7C8BA4CDD528A221EC2B1D0D1E327EFF3C46E0B3B87AFCE965420542DCA9C64D601B9FCDF959B9414CB540C4907264F17F5226B507

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{#.6..;....vq.I...HV.....]q..;...X>....lc..M...N.enr."..5J9>.G../.o.B.....d..s..}.mv.......(..c3.:.....2.P.`.n.mK.au.....v..$%=2:.R.........`.~.5)^.0.+Q.L..I.....Q.B....x0e..V.H......."NL..&p.8e..$=.?(..0.L...w.4.{..Z..4.Q_..~A....^-`y.#..$Z!.bvo..^.v;$).b...2.w...{a.(...3#..5A.vc.X.w..j...g.9. ...../.emK.Q.....u...<^..,..&Ijk.>y3..U..h.....|u.k..1...y...)C.n.M.(..Y.....)......JXA.c..'............N.I......E...h.DT....l.4xI...zU.(..z...|...B5O...G.de.9@ R...-......e...o.....:..[..x.]Bl..W......Xo.i.P.v&.}.z.:....W5u.m..)|....h.-.(.z,..8.V.6...=:..%...2..d.e..Sf5=~*.)....`...s:.q..T.k.hA.r..o}..:s.....D.'...P...."(....k..F..'D.....{.p.{..p./..................^.`RuD..Z...q.G}_...y.%........

C:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui

C:\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9975666187875545

Encrypted: true

SSDEEP: 1536:BW/+7RyySVuSmgFqGAd7JGLMED6odnAGKCLV/SSr6pRsDKboMHdMA099L:A2789uSm8q1dNv+nAitSMKRvUkMA099L

MD5: 0D9010B9D288037B0CB53B43C7053E1E

SHA1: B371B2146018A4DAB963A61CCA9D437F86D912F9

SHA-256: A4138A76151CB91B928356EF0D4D8666F688839F94EEAEE3CF874B9E6AA2B69A

SHA-512: 338C0C2B76207C298469E28675EC9965D4BEA6C24F55B35869D0FEEEC811BBAFCBD02531D5AB6990902D9B150495FD858C672F25152791A15D73184506177E65

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{.......(...s.l7{.F.....Z.yt.b....;'.}T..J.V.!_.gd..w=.A..'.M...*......D..0hw ..........5..Q..2CEO...uVm..<YR.5.!.......QrTi`.P.Qb..I5.x_...2..V.&0!k..E...n..0rn..VU...k.c.~....I.*......x..`<[.RV.i.u.E..L;......F.=f.#......4s.f....?.X9L..;.....:B..Rkq..:.Q.7.}..8S..0.Y'.|x9..B...e..G.M.....:.....OZ.......5{./.4,.......>.i|.T.,}..MK..)}o+X..$._..lb..`._=.#...2.....L]W..Dh.F.........B..}..^..9.3fz#..D......!?..w....!....q.P.?`&`2U.....iP,..Q..;..Xi.a...2.|ls.6x..W,............#s....@s\?...R...4.Q.x....L.Z.9C..=.ur../VB?&..[.x.+7..s#k.%..a.S...[....~.....L..%......4............|X..{.PW<..gB. .....D(..-..=.#[email protected]^..?.jM....P.;W.f-.`L4.J"<.C.4v.+...5..If._.^l..~.0N"

C:\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.996215564270047

Encrypted: true

SSDEEP: 768:0dYy1grOpXTbCoEADlSVNoJY0UFFayuF37C1V6Ly6uNT0Zo+QL2PimkHg4JKfmxy:0dYy1gMCrABS/D0Uu/+6Bw2PilkfCzCd

MD5: 4C26920A10740BDDCAA12F99407AB9E0

SHA1: 8FD6633AC90CC3AFBBB5CF9A407417CB2DCF829D

SHA-256: 1EBBD4E6A5FAED8906AE59502770E12C513227100D5078A86FCFDDA6D5027981

SHA-512: 6F483A36237DB94BFBF1B738C2C24EC354AD28625DA51523095C95C02A7601DD87D88FF2138199D1643C1AA52A74DA4F9D4E8D77F5418B5F1D83E747C85AA1CB

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%....^.S..]..-.>m.9...........A..7W..9fw....3w#..-k..8..Y....n..A.....N...Y&.. ..%..u)|.h..~....v..PX{.....a....3>..!:v...!_!..y>..}`[email protected].=..<.....VBn...X.s..S.j....9........1.X-.)L...q.nm.f._km.{-.e.).....ZX*X...I.?.X.A.........).|@./6.:4..L{.._.....;..W,[....('...N..{....]O..m._..^....".0.....5..U._..C...C......./.B./.G1,'.pC.x..`.@+0.....YZ..r{N..{....._R.8?..|tLF.]z..O..Vn..2...H.k.V.!....C..I..j.4T_.}o.."'..x.l^..vck.Z..&W<[email protected]~&...3I....n)........V...+{..m..FS.T]$J....=Xu[...nM.[.U)..i_.i.}....0[r..j.. ...@&...M.....2......Jp....Y,....6......@f:R..C..M...]...JI.$.xWl...m.......*'[email protected]*.s&....>.U~..u.GU.".M.../..7..+.c....;I.*....R.4Y...X.....*[email protected].....[.

C:\EFI\Microsoft\Boot\fr-CA\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 9778

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: B8C51A0AA875AAA944F10179088D8EA7




Malicious: false



C:\EFI\Microsoft\Boot\fr-CA\Recovery_Instructions.html

C:\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9978154273273

Encrypted: true

SSDEEP: 1536:P59gL0TklhifwwEkvV1mLbjG2N6NFugx13ElBflCDlH5lf3zvch4m:R9g44ifwwfvV1mLHGhxdwflCDlH5h3zC

MD5: 1779132C1B3E06CCE3C5B41534DA766C

SHA1: 371CE41A1BCCE200A00D8EB08623069AD0944337

SHA-256: FBE88965EC7F3CFEBEE12CAA7B60ADC4B23636306F89E7448D831CBA9CBC4760

SHA-512: 2AF78077373B3D2381BC8A1B5531052C403A58859C306D07BD5154A1F8DF649D968A05F11A59E1CE4811AAC11CD5130CF5DACCB60EA06240CB82BDAEC44E2694

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.1r...=i..k..>......].w3?.s.Gx/.tT.9..O.....O..[."..&.......0[.ACR.D.kh=..F....K..`..IH.qB.Th.t.cV..\...B..........A...?.m...R.......l..:@$<.N..$.........P........r.2.a....n0......w'+.G..t)[email protected]+...._..p..N.PB.".6..j&..y.zs.4..........k.YR.C...X..r......][......\opk...lD8.h)W..}.....u...v.....R~.I..JV.z~...z.$......'.g..d.x..q8>.k7..:..[...{.T...=.y..v..d.65J~%.[...e.......0...Tu...b..W.H.*?.Iw.2.$.6l.B...yC..p...%b.>X......k.'.|oR...$.*T.#...-c.W..J.Z.6.u.....'...^....W{...e......JL...;.qu..U......i.k....G...^n8D..,c...$H8.....R..........Z2..h.L.R..,.=...)!..[Zz...j.b ..I..V..5.TV..H...mX..r.....4L]..RHB..~....t..*-..x"......D.....j..}G..V..B..v...'.G....n..r...lg.9T)&.....8..."i9].. ..............]).8(>f.|4...

C:\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9975661187659295

Encrypted: true

SSDEEP: 1536:pLJTdkaolcnCGzWrPLakWk4/aRFkT1HVRmXeljEJvJWf4RtxFK5:BkHlIEPLak2/513mQglofOtf0

MD5: 5665F7F7D059D272C5EC1E7CBBA182ED

SHA1: D1DCCB334A1180985A34418D1A8A9FED18F20687

SHA-256: C6353B74054C85F652EAEAB4133645E2DD788DDBD57FBCFE6BC2CEE3BC0F68BF

SHA-512: 0D6D917CB87A1335639A600082C41EDABDE62767CB6E642DD19B205A27D2BF1FC08DB19A5FFCDB6DEEE533D3F7819CDD6A348817250101E154F7D178A103C5DD

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.1r...=i..k..>......].w3?.s.Gx/.tT.9..O....7=p...,....y..s.B.Rf.z...>./...RK...=(`..."."^...... />....o0..f"....^..AT$.MF.......L...L.V..=.`T...w... .\.....B.....M.59f..=.j.......l....K.]"(...68.OS.t(....z..9.{...6..V.u..3t6.y.l....L.S4/..kc^dr...g...0'......s}..l..#; ..!...f..76yR..5.X/s.D.............8....ea..d....V.L.(g.F.C..}...D_xF.o...~.....ke._.....*13.NnU.g2._...-..'.Y.Rg.."..ar..e.f`7..:..o.S.#...Hf|<....E(.\.%.p.ho.)"...=..\....i.....k.T^....j..hV.>X+E>.i...:....PL.....)..{...x..(f.....G.......1.........g....J.m.....`dP.,.TC...C..*e.*w..R...N...`.d.....:.;..U...x.Ks.H.1.(..;I&...RS.@._...D.4.9]...o...>..,Z..|J....`...D..@v....'...][email protected]...][.{.=../...+.Md.W.7..

C:\EFI\Microsoft\Boot\fr-FR\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false



C:\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997509632006258

Encrypted: true

SSDEEP: 1536:4+FKWLklAKe2M1Q3qmwKlhO+NUtwIUdg3NVzseyWE1pTYRJcRc12kIWWiqCP:BdS+QamwEoLU63N6uEjXRaAo3

MD5: DA0827D888F68E6AA1AC7CD69B000298

SHA1: 8D9352DF31AA3C94938E662EB76FECC8C1BE0A21

SHA-256: 01DB09DD1EF2F07F1D7F2BC86EC7CCA5E4F342FEE239A9BC8499A4C6487113A3

SHA-512: ECCF01F300A1F9C520FBCFBFC0EBE89602747F218D7EE4C8C29815F0BD3FD7307F103CE9EF91EA51D1A4DCFB17B950A18EBDDBCA646BAA09CECFA711F4C57FE8

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.e.{.X...a...JA..H4y........w..Fup. .8L...F.....TU..C'.~/.....a./Z...kkmR.:.>v.....(.6.L]...Y........_Ov...W...Z.;B.b..9.P.Z.&...>..y]...xks.9.o..=.F.f#......E...X.0#.".!b.!..'F.>_...m ......:..LKI....F..ZrK%...fx..q...S..C..]v~._.j.tL&....}...hR.T.b....l.6..|m`d&.@7.{.Yu..Ae.v.u............f......}.-......L..:.d.(j-".B..E:3-..../.s..I;.-.......L...E.X.}......0.R.G...V7..4.(H._u.4..F....}.&r=.T....c..1...xI.b.e.LJ..{...w.....`.j.By..\..^YD.i../...Wf..../..#VD...]t8.c.T&C.Q..U=0hI...)x.Sm{......9.WJE..A0.6.......2gD.?....U.S.Jk..o\.fA_..W...<.4.0<....n.F..../.p......0Y.dsu...:..y9u5....A9..$......*E`....`... ..nA.....$.0."qf....FZ...V&...R.EOI|....{..!'V.!1...."...$y.4.]..s...Q...mT......y-...R+..x.....[.k.;[email protected]&tw..&

C:\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997881289020322

Encrypted: true

SSDEEP: 1536:jXYjxUOpfht4c3LvR6KNqG/6IsRbuCIi+NeQmFpcJT00uB0SU2B:jXYaOp5tn3oGyenfmY00uBgI

MD5: E43E41DE726D8141D0C0D376495CD2B1

SHA1: 5262000126B6C7B2F3757C1421FB1E97512BCB4F

SHA-256: CECDC9EC2943D3E7D4E3704CCCE5D1AFAD6CD965B633A700C159280283376637

SHA-512: 18FDDEF2F9134C12CC2DBE0B9CD11F38DC39FB7B69E5DA6FB9AA6A3201442F204F919FD2D03AE87CAD3B90758857A0BB4A8FD5422A6D799335CC5748CD3C4CEF

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.e.{.X...a...JA..H4y........w..Fup. .8L...F....]5.o.GI9...8Ou.6.d...?.....k]..QG.j....`[(..Q..M..+..'...o..=..lUz.[.<3.$.."_.b .%ip.....*R..l.R...#{..n-x.?>&p.........N..wN~....N.R`...X...pET.t..r..-?.t.....Y.....%....>.3...d5.R.....w0@.$+.opB...oU.Q...bkUF..B.4...G.C......NC[...[.>.'.J.g.....`s.#......."g.wP.S$.h..u..W=..U.....w.y.OG.....%.....T.B........g?.A.../.!]>}..~..v.&.....6..J..=..9.!..N..J.[.......>.}>*|a.Y\.C...sm.ZZ1......L.|.\..k..H=1O..*.....S....J:9.ep.I..A0...a..'v..._.G....eA}S...?.l:.......p.*.R.v..P......L...l..It<d.6.H..C).........+....!d...B]..:....$..q.....E.x...>..V...[..dL.H+8.-......%..<..^...}..g..K........zm...$?...:.%:..Jd.x.Z..,w...i,C.:B.X..E..L....{Js....0.N..5...q.`...B)LQ.,..n.F..;.:.\5S

C:\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.996432814268194

Encrypted: true

SSDEEP: 1536:4NH+YtwkuKtD7F/Dz34XDrlZwbfc1U5slb627:40X8zQDrggW5QO4

MD5: B6E1D69B837FBEF09A64C38C4997B06C

SHA1: E1A8B54BFD571C0B3B982A96FA9D18ADBA5B6E72

SHA-256: 33BD4AE81DEB75D14D0333181571F6C0BAFE1C4F0B3AE1A4E441F74BCD01564B

SHA-512: 00CC21A1F8545936C7E805C4B9DC0E05C470385FF0B0A106F5AEBB71A84615961DD60970C89B33E566EC2DD61258B53106834E7B071FDDBEED90AA1FF294223E

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.H2).!\...|.(..~u.!.2.....m.@Oi>.[.....Wr.o...kR....q.Dq.y1....h.....tE.H.f...........k#...i..B.2...C[.~.........[.|..d1.yKHRDa9.f6u+.-.^..1.T.w..?f..iQj1.....G....{..y.P....c...V..G....0..veI.......sU6.....j........pL..^.......l.I~m...+.Zo.0'...)dA..A.i=)....._.(...xQ..~.'.\....( .>.... ..$......Z\@.'...hb.`...'T.!h.;L..I....X...1.Rw...l8~....v.....M..hD.|....xT...P...~K....*.Ec..`..X..n{].S.u.1....'.-\~i.....QQ"......_>B....7.o.5......K../.]UN...X.x7...A U.....;.G........Y...q..i...p...`..i.0....W.8Q|QM...,.}w6e..zq..VO..4...k...h...KDa...8..}.u.k.G.......K32.T*..a..%X.-}.....r.TRv..D.){p..GO.~.....\..Pb..1jo/,'.n,[email protected].}.7~...$.c.$.A)=.l....g.=.N...9...s5.W#..OAx..9......7..O...S. .)g....JJ...

C:\EFI\Microsoft\Boot\hr-HR\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 9778

Entropy (8bit): 5.515899243796794

Encrypted: false



MD5: B8C51A0AA875AAA944F10179088D8EA7




Malicious: false


C:\EFI\Microsoft\Boot\hr-HR\Recovery_Instructions.html

C:\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997833887378752

Encrypted: true

SSDEEP: 1536:647esyQBXzN5h0HmDieEFWq/Yzk3srNju5aYLyVgOf6sCs:6QesyQBXzNEoE9Azt5juXLwL3

MD5: A05BB30F854A3C3584076D88DF8C0A40

SHA1: C25739DACE35650FD526ACBD56ADFF1AC757E472

SHA-256: C7FAE338472290EB12A1291F94A9AAC3CF563DE34974A10BE6B403A9CEA5C4A9

SHA-512: DC51B1B5AE1D653355CBC9F8D32502EE6F7F6E41A9613740CF641686E7ECB180A29709BE2145F1B3F26909BFB789B49AA581CCC421C13EFB1414D1BFC7522BAE

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.6.].D.Oy..4.m..:....k....A2:{.......q....G.R_.m......aX..0......L. l....j..m..7...|.KQ.-.....[.Y..........%.?6...r.Q3..Q8....D:OJ.,.5..f........qg+...!.J...@).k...~.(!n.r...../O....a..!.= .....9.[(..u...rM..:nsc.p`.....4.TB..LE....=.0!.4.....D..\^:!Ev....H....w......\8Q.. .....#N..qA....>tKO..V...........j@>Cx.g....'0.......P.A..y<..$..9F..%...4iAH..]\..:....3..e.e...1XG"..C. .%].....6..7.7.n..t........5r..Z......\c.V...c.Lpw...c...b..X.rB.N....s..c#......>.n...F..psdU...?....Ea..Vk.I.'.........f{PAs.)q.xu.X..k7i.5....x~..;..........qn..+.1tZ...9....i......^GW..qeQR..Z.n...<.....{Xb%...%[email protected]\....=..+CSFH.p..~..p9..:8}e.]..6u....j.Y.$.|4H/|.+.......{.?......+.G...E...0.7L.e.......

C:\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997951856781439

Encrypted: true

SSDEEP: 1536:sJOQmCnpPknH1y8AYVBbtsYTSHq/pgGaeJB0G8lIgBTGi3HQxoD:EjpsVy8AYTJsYTSHqx8eJSG8lIgfHDD

MD5: 3724955F5EFE0CF122D79250A3BCFA72

SHA1: 97E14A35F48FF45389CCDE0BFD893BB02DDE416E

SHA-256: F608C11B20E3861462E7C8759BDF79F368A101C734C8B37A94955DECE1478526

SHA-512: B0218C7A2E301F9710ED240C8C2E257C3641803FD26FF529707A99C6D7653AF4EBA63628357CB8C2886D330E69731CB9F438F23ABD063DD27123B5350D4C9599

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.6.].D.Oy..4.m..:....k....A2:{.......q....G...vZ.........?..........?8...J}R,Y.....M^.s.q..}....._d4...vX.D...7.>#..G.b(E].}jmR.U....zjg.G.x...Ju..Ê.Pm.....ON.Rz.X...*.....Cmm.a.>.8.=N.I.............TQ...7N....0...W.?$C..._j...!......2(i....8...=x.......Q...D~.Qa.f.p..........'..b...I`.......]A......r;..[....-..DK...o7.A.4.%.!;..-2.1G..X..]......:.P6.r.iSw.M.$.....N.&....!.F.M.sfp.\.~.W?*v..Td..H..Dc.8.^*...)..0G.........{.8|Sx.18..........>.^...c,U.:.Q\7.6~.E.;...<.O+....U.J["Xy6...3=..>.......M.s........./...E.......j...*..F.j..y.q4.n..........;..V.`.U...2.X..[.5.9.>....U ?..P..!Y"..S.<z=..;.. xw....S.1k....A.....UDxS../..e....C..v.../."....I..R.Z..\.|5...!........;......|.....Z....8....sh.......1&h.j8.<..,.Z....

C:\EFI\Microsoft\Boot\hu-HU\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false



C:\EFI\Microsoft\Boot\hu-HU\Recovery_Instructions.html

C:\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997303274123528

Encrypted: true

SSDEEP: 1536:vzfqORUnQpBcN52AXwoF468+vp0FyA2vAYdesbJ73Javek/I:LiORUnQpBcNtXwo+68+vGfYVbJw9/I

MD5: 871A70B7C32FAE31583031418B429349

SHA1: 45ED85C2D568C38A1638C8AD3E3D3DE5ECD8F469

SHA-256: 60363F4498C828AF77960F0A2EB95FA42EC9A115E305C3A6BFFAAC35ECDEA9EC

SHA-512: 972BE8D4D2410EA902F3382778A16522BCC23B13E78FE01C76A7DE8685791CB29816138F7CCD31E8FE9ED423539C899001413733AA8366D4E3BDD77AC3A98497

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.1r...=i..k..>......].w3?.s.Gx/.tT.9..O......aM/[Z...3..S..9"c...h..Pg...0.:(K......T.O3%..c.F;...+....`...WXp...P.WZ.^.|M1..o..#..@._.w..[.K.,d.fN....5..i...K.)h..>.$,*.H.......//.....G.u[.."M..O2*#.).yxW.x.n..j..Y.......y.To...\.L.k.l......W...#.nW.G...{At..Um.=.<]Q..-....H.r./X...oJ.x0.r.~.$3...o.n..3Pr...g....:...o_....;L..~.. .3.Y4...v.J.D....B...F.".5..^(.tF..o."m.;.A:.w.....s.C.l..o....JG.MMzW<+|.!k.3u.@...%.J.".....9Z........U'\k_....5......|].._.o...0n.z>2....kCE.>.8..c..%bL.......P..e_{A\...<.:..Kq......7 .=.7.+.w,G.0...J..... ./.z.H...+j.H.....iX..k.....&A!^...4...e..\...,OW.pg.......?.H\L..'a..:J...jjy.P.|.k..N...=u.r.-Qy...~A@P,-...spN..F&Gv8._....-x..b..k..y.......9.(......Q...VI2..y#.EA..$..*Z....U....-.~M.U.Y%.[.

C:\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997669779878091

Encrypted: true

SSDEEP: 1536:oMAbAinzefP+t6YI/oPn0Mx12sUbFocNX4QQKI2PdbkNT7ihjn:0kKafP46YI/I5X2fFj/Qh2Pdbk0hj

MD5: 89C358AFA824EF55B418FC560E8BC980

SHA1: 36EFD606A432B4A9A0102D2434F3BF738627B625

SHA-256: F29C3FA7EA15C95D58F4CD1F84496442B5F70C4C5E86AA728ACFB7DD5B6EDC33

SHA-512: 1FD0B2699B9EE8712ADA4D9276DB00795AAB77B068CCCC57E6CF6723B9C00A96389FB831BE478EFAA12C97CA954EDFB5A7063D4DEE73B9F418756E1DB5F75045

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%D.1r...=i..k..>......].w3?.s.Gx/.tT.9..O.....g...a{b.01.U....O5....K.Bd%..J].lF...Q#.!/.g.%nT.....D..n!;..?.ANpK4{RVxM.Q+.s..q.stE......j!.y.9{(....SU&@..S.. ....<...r)[email protected]!......a...Z )D%.G.8@.^.?;..0......R.&o.7y..j_:hlP..C.Im...M.......VI....7U...v........D.()...+^.,}.XT....}..."......d...aV.IAX...3j."R.q../9d....\N.h.&dlh.n.......g.."{..Y..%.z..{..8`.(.+n...B.........[.+G..S.?y.|.Z.yn[.J.....sE-.-(+.;:...5.mA..ne...V].m.V...E..._|..@.......<R...T.7....3.......E.~........L...TZ.L..y.&C.....^(..j.x.............v...l.. .GO.._..;<..Y#..../...O[..K...iR.*wp..j.h<....O.n.......M*E..4H...}....0(v3K7..fx2...|...../.O[...}..?_l....'O=.I..0..r.2..Ir..4.5c..$..k..a. .....}M..{....gX.^..M.b...N.`............^..7....>E../_......F3..

C:\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.996142998796101

Encrypted: true

SSDEEP: 768:CTbwcYj5RS251tyw17p44lxK7vHSBNL1Ty6JWS0yOnVI9zOB5XYiwRxlfGba+Pgv:CTLYjvS25N1N44l876L1RJl6hegu8ufH

MD5: E80114A0E3020A642900BBFADD1A5309

SHA1: B9055F224CA30AB4CB8DEF596BEE4339E124715E

SHA-256: A50B8A6C2F9C21B9B43AEB59F9761DC0464004B63A6737AF91932F63385B2B2B

SHA-512: 5EB60A5693CA0D68AC4F99D825909ED84FBAC827C8ABE5D9B53C9D18309A042D735CE9528D47CFF21B7A940F4A15332943087198BAAC577C553A0D636A84962E

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.H2).!\...|.(..~u.!.2.....m.@Oi>.[.....Wr.o......E.C..L..<..v..5..l..[...'9}.....:X.....;....RF{..............=..:{...B)....}..v...s.\.]&...]......=.....iWYI..-..M.......u..n..]..0L...W.E]..M..a~.22;.......2....VGw...^[email protected]...*N ...4.w#7\.9t....(un..6Mm.(...8+.T...q...].......}.K....S..QX..Rz....F.)....F%..C....5b......#u6.......K.b....~ ...3...,s..j.g........\EMC...O.g....Yl..../C..m.J....~S.y9p@9..`...../..FAC.V;..>4..ch..F....#...t%.' ......W.@..!..]..n.6..k...[?,^....jnw:!..C<..'T .vb..k._.8.}*.:..@^.x).c.B....4V*.W...\.t5y.'...oM.!... .l\.....W.A.).....}.%q....h........e.......6o....^..X6.X}....It..&...%...,...L....5.r...3.....2t<N.[....i...3.Bmn..?.<D...Z..u.zs.9..W.z.=..X.H..._.....,p...!.g%.#....e.D.e..tG......P$..0 ..>.".


C:\EFI\Microsoft\Boot\it-IT\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997532060602381

Encrypted: true

SSDEEP: 1536:GiYRcHHUCez2LmIVwroCBJ+hGNpRL+07I1L1zRxpbQhdM7BUTNwADsDZosU:G2H0NzamIVwsCBdNfa07KltOuqNYDZu

MD5: 4F464803EFD9610E7D1E0FA766BB3CE9

SHA1: 0366831CE2369978A3A3A66323D52D0C6DE36DCC

SHA-256: 28F76A8A3CC34924C7188624A50701859219745DC2027E7C4809BE8CA69959C5

SHA-512: 19A4EF8037148B6061D5AD57338456E332E9154561462B569E3909CC1FDBAFDCC287CC5529288ED149A502265F7B5DD859F227B3DBF0B75F8792B56F22589ED7

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{..eQm.wiP......>......8..,._..&.../j..t.\).&....%@dj8....J9..8r.BT..q.....}.Fn.3..YZ.7.."7oW"..J...QIP..j^..c.y.W/.j\..PE..y.>..G.!.n.B...Uv.P....U....J.g...S...^..u..oG..[gK.}.J..}d..s;V.T....0.X.zGq>K;.-..V....^....Z4=.E|Bg....I..D(.u%.3...0..s.S.&J`79..((....W?.]...\'......p.._.....3.A0a{.3M.g.3........m.a...f-...A(........Y.........tg.4Fmt%.(.ua........T...B;.r...C.R.d.....=8..[...)(N....kU.f0..U....r......../P..V....$..(N2..).....`..-.xQq.J.."..4.pAyYDkt3I"G.)........D...{.5_".vX...../.....7..~J.r................'..$Rv...8*.n.....P;e.K.........#B{.Et.TZ...S...i.=..........<.A..>...R..vn.P.........zM..........#k4.E9m?..|...8.+0.J...1J....N.Tp0,d.bsg..du...+7fP.).f....G.V%.9{*

C:\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9978865785287825

Encrypted: true

SSDEEP: 1536:LgDnkmVBrfXubukJ1xdsY4tXZFavj1a4NnJDljwo61WHB/FUoonGIPLx+/:WVdfXPkv/yXZovj1vbDljKOFNEDL0

MD5: 7D7AA297153EB65DE9EDB3BBDE711126

SHA1: C72C0B1FF289D2BD48CCDEE0F507D5CD8231123F

SHA-256: 55BE600F8B304269287A7D225EA4F6AC788A02397E64856041081BC601E7C77C

SHA-512: 329C2F04979DEC1B6EC0B549D8D69586254C0F0BEAC402AC35164CD72A266561D9AFD3A6A44661E0AEBD5B94473585F8E71EC18EA63D0E5B10EE60FD4C7AB5F3

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{[email protected].~..._2../.t?..C....y.."<l.X....<v...l....>..D....jF.......'..".X...(......tkW.G.%....`w..a.m..`*dgq.G......Vu|..K........p..}..~..-..7.;.B.B.r......9.Y....]...:.P..&"'.C8....g...e.`...Z.....9.....C.o.R.....I.=..6v4^.B.?..-..!Cv......V...(.|.HnS.A[U..E....%..Xj..Y.w15G&..b%....s...N.Q...Q..V.\YrL.7F(S..3.P.Aw.....2..:%.....d..........!...W.o..~.{.f..J.P.1y/...<.":..$./........R...V......R...r..&X.tK.......K.pe..2.N..G.Q.o..S.p......"'kflA.f....z.I..5"....7.."UVe.f.g.- ..wq..E/FI.+...t%o.......*.z.....T..O......l.:.wj....RH.f...ky.......d...4,t.k....eL..2y%...}.....p.CU.Z8*.Q..&.....g.}..}.;...U.. .9E{...8..G.CR.p........9NDw..C6.1......+....7z......U-...{"

C:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.995834129452137

Encrypted: true


SSDEEP: 1536:O5TmoVo+8KTb+ljlX0C/iXvP4Kr9DPJnU:AvZ3HSj6qKrtJU

MD5: 06FE722458CCA2B001E827383C5D7265

SHA1: D9D2FC09411F3ED952A8628AE036AC26D2EF8557

SHA-256: 27A5EE18F46FB91E21798AA95EA14D0C7C030C721C8AB870ACDD1991A696483D

SHA-512: 54AF194D3E8C09AC1FEE8A3B908B0B817A42740D6F2C80461918226B7682F6D1A78FAC75CB2599F231CB4D382987F5F0AF7FF439B0AA4904A4CA8B4396037E90

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%....^.S..]..-.>m.9...........A..7W..9fw....3w..}..Ty..|\..k..Z.'.R..J..vo.....a7.l..[OV....../.'.O(.hj_....VZ3./.~....A...5.....r_.5Ud..5i.T....H..F.l....T..5.d........(N...Cz$O..X.x.D.$..H..X...W.....pZe....<.'...FtO...%.:.MS.G..y?..v.L.5_.z.O-7..-1iM...tu..>...W~../3.J.n.$s...s.[-8UOm.z.9.n<.{...!e..!.E......-...-k..3...oH..>`x..d/.2.ewR..*..v.jR.P@|K....8S.)..s....}.A.[M*?...Y...(6...t.'..^..Xx.m.7..w.......h.D.[..tf..u..V.~.!A.k.)..O.".D..._...O...3..6sg@~..,.:eS[l6``.V.....8p+.?m(_...Wy.=.cHt.Bc..~.qVp.*'[email protected]?9..WhG.h.PF.d-....>]\T....<y1..^......U.o...l.{..n......!Q..^.......k-......y.R.....F4.Zl.....z....r.N.d.#...vQ%1yG.H...........f>...1S..H-.|.z..s.;5.K.cW.9p......K.0.`.0..U.;^5.<1.?..80.84P[....(....G..(...o.

C:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui

C:\EFI\Microsoft\Boot\ja-JP\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 74264

Entropy (8bit): 7.997998340948887

Encrypted: true

SSDEEP: 1536:jPwbXfeUKbeb6HwNk7qo/UvZaX5TxOYMkfM025uLZPzC3AVj1q1EI3:jPwiUKqGekv8vZolORkfM025uL9zC3my

MD5: 46E839019B1E50F2F9E7F0D0F30248D1

SHA1: 99185C59708B4E7EE0B7ACD72B4EB23AC0ECAC82

SHA-256: 5D4E0AF9939C0247E07651A13AA351CD738D5B57787165BCE6BBD3898E199E6E

SHA-512: 5A83C70A628006CF39E3E6AA8F933586089BFE54603A0DE05B9A1986995A993B6E088849576F8B58534EBF8B7F97C0A851E412435B34C6F01632123537D1EF28

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%vnz....9.._Y...H7G..mMf.K........":..vb.m..,....U.l...NZ.4..CW.Eep....E..,'-Oh\....8...8.)j.!..aW..b...J..B&..#........k..g.$.<..4.,.O.b.....k..M.h.Z..?........c....K..'].i........ qvl.2IR.?..........Q......w...3j<.....j.=..4.e.. f..a.*.....JO...a.e.Z..F.3>[email protected].^F..sh'........I.....U.....`[email protected]_d..{..,+..y.h..1.Y..Lv..+.c4..v.t...b|......_.^.....U.C...r...w...vs..00....)...........B..&.<.X..hD".m....2........j.[.L."..(...S.g...~.H.8.(....$....w..(....../p;..Y3+;.CR....t`j.8....".`..sC.5..dI.7`B.!.....pPX..k.........%-...N..\[R.T..Wpk.b.....(..o-y.t...#.W.x{[email protected].&.j.6..Z........'hqc....F....HJ...."...p6.M.I.....Y..i.....lU`.ka..&t.K....9K..(.=.........A=A.a.4.j...(...x...Q`...(4.`....jc:L.U...Ma.3...

C:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 74264

Entropy (8bit): 7.9973644335986815

Encrypted: true

SSDEEP: 1536:B+9dq1+x7Q2y7zlQV4VgpW1ePDoDM375s1ColCcWd/kQ4NSX4:f1X2y75WD8kPmM3q1ColCcWd/OJ

MD5: 34AB1E3E7C9FE597838C82802F4F2854

SHA1: A41B92D1DC45AD1D7E2C7D256B2FBDE5EA03503F

SHA-256: 277E84484CDD0465BC9D35311877B098DF26786BE5227BB1551CC75F36B766C1

SHA-512: 1F879785A32F7ED14836577C1004A01AEEF7183EC4EDA296297DD14A77A3EBB954097701A3577A958AF26F26C27CC243C2D04363ED316C521CEA36AF35343208

Malicious: true


Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%vnz....9.._Y...H7G..mMf.K........":..vb.m..,..........."P=u./.z...#.b$.........]B.g.t.s.c.U....,. 3..$rq.k[...R*.Q..1.;`"..{.....'......88.4PLd.oPL.....g..|k...\..g.ESG........L4..).8...}...\.m..T...o.!&).6Vl.]...Ks#.....p./bg...W[=.~..i.4.([email protected]....~..]..uy....<.|..|.dM..........7a...L.;.....B........j..xe...!..J...E.S%AJ....bJd......|.~'.r.V...mu.*..I.d..;..uz.. Vc.m....X.`......F...>]>6l:[email protected].;.EJ....+&..j.+.../}.......R....!.._.n;,...#q..U...W...]~..N.q........=:a..2".Z..r.."4....xZuX-......0.lw...x.n..JI..J..z..RX.D..[g0.J.9....#J....\Y..t.t(.#..G.g...... .'..A..m.k};..d...N.}.fLl..u.Yk.B..,ks..|....=..l.H.p...8C...I.#..j....m..v)-d,.P..m....!..w.^...A .O6...K....<E....+.C.t>....[a..o;W.5&..:

C:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui

C:\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.995886381255092

Encrypted: true

SSDEEP: 1536:8IIzc4UcTM5Y4OVF7SLIEYbg75F5w40P+6bKlnobp9m:8/z9Uc5tnEYm5F5w40d+lC9m

MD5: 6120D977DCC381836B79C1F422F8786C

SHA1: BCA50266035E5FCEF2EAE30DF3D0E36D42B8FE4A

SHA-256: 99F7B687A61332579C8F8A241960DBA0283D947118BD3AD316C1EBB40ACCA59B

SHA-512: 64514B809E603C48A48EEABB557DAEE4BAA3AAB395A1816360B282C4CB87C103122C673426F390D194BE4EDB0D99D6A8B81A640AB517E2EDE755BFD164FF6520

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.E.q.K.S..hw..........7..yf.~K?l./.U]..:9..U....`.;..sf....)i.).W6.oT`.}j..Jzl.*-<.!2.<.r..x^Lgb.f.....|'.....q.L.`2d.".p-.....= ).FE.A...S.Q^.*.*T...I.>..~2W!....._...g.'[email protected]*U`....%..>.4pc.}7uZ.W...jW9.8..i.}KX...1(.4d.....//|.s.4..X.......Q..vp..`[email protected])...v.....-...QiA[..R..K.N.uV..$....&..)..wI.Q+a.IcW...dN...Lh.F.....`\O..W...`.........9u.[..t........+o.!..e?H..d..Dn2$6....}...+Z..d.20U..3....K...K..../:..4C.i....6.`...b.....&.J.:....`...v....E/..7w...q...:.......te...,[email protected]+.2...n......K.z...%......>.s.J`......W..K.......#-...(...I.vj.vM.....hHG'.2".....T.."....._Z....."/....C,w..........K.......L\+.>K....U"Y.R.xEMGD..}.2.._3.....:v.j...V+...U,UHD...n.<....sfq....I.. ...Jx.9...9i.|..x..v

C:\EFI\Microsoft\Boot\ko-KR\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 74264

Entropy (8bit): 7.997352562241194

Encrypted: true

SSDEEP: 1536:psRqkqq34cNOy8Jd8NshyLSEU1jNYsEMsYrljpOoKRHs:Zrq34cAiNrUxVVp6s

MD5: C1D06A911AD8B756385418AD1C63B948

SHA1: C1BBADA5C84E4A0F98694A26E4C27F56BAAB843E

SHA-256: 1EA6A00343FBFDD8027130A044F892BD8C93C9017EEEF64E61090C44EB9C97A2

SHA-512: 7984BB145FA9EBF507BD13421A75ADF94CE0A6FE26F3F42C5FE0728BF60691594639F7B67D317BBB416472EACD98CA864A11DAD6A94B56EC0E4DEEA2DA7D13A8

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%u.j.w&.%....2.Lu......pkGA.C.....XLj.-...>(..(..hZ...F..nR...^..q......."...J.|...z...G...)@.,6s`.. ....s.z.rh...t.I:.~X!....%....|a......U...f..?..|.T..."0.....+4.o.....).....Y%...[._?......aU...I....b.y.2u.3......A..E$.e..JP=J2.n.o }...^..;z.W..s9.W...F..+.BRy~........6....1G.....o..Q.L>..e.....G.A7...3...x...&1.X.......{.lV.D,...<\.;.=.hx.nE.........5..A......?.....+.t9;>.9...:.K.0..#P........LN.#";S...XGW....L...8....R...*.._.}.i0)..n%.&...n./Ztx..S.Q.o.........s.....59W.H.q....Ml.<.3......}.E7.].X9...P.XP3....o..m.b......Z......)/v,.\...-..N.i.c........A...gB.S...C..!..5(...^...E.=U...;......'[email protected].;..J.$...<....`.K...W.Y.-...6..F.~..\"kL..8.A.6%.i...~+^+...%....(.\.


C:\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 74264

Entropy (8bit): 7.997435429774626

Encrypted: true

SSDEEP: 1536:qEncAHCiLueEMDZhdGqsy+vAetSreC8JBoM:jPHjSeLDZbX+4etSrUJBoM

MD5: 8A2E93411C7DDE8158E381D302EB0AA2

SHA1: BC7EFCBBE81715AEC41A6727BAFEBDE44A11DB66

SHA-256: DE3906B439C350FB786AF6F8F82089491F298D2EB53D23660EEC62118703B874

SHA-512: E0FA456A2CFFC83617756B353446E010F433CE9D4306CDEA6E2A4307F3356CF738EA00A244AB6628C71BF0017CE2E424E9747E1039F4262FC669BE7DCBE61619

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%u.j.w&.%....2.Lu......pkGA.C.....XLj.-...>(..2..].Y.O:....B..V.f.3tB"..h.l%..c:w..'.....c..0.L..#7...s..%....T5._..)R..............]L.....F#.q7pb..c.Q.n.VC........(b..........M.....~..l.S..O...W.c.0......T.7........,...}..2.`S..C"./U..9.)...{.n.Z..F;$...H........rh.;.7..{>.pj..2..7e.....#._.,\h....]a+[BW...J.."r...*.....l.Mf...9.Gc%../e+..>.o..*....b../....hy.......[3...H..,..J...p...L..gj......~.....a@".gv.?..Tw.Oo....m.Ul.:....k..]>t..;.3.:..Ye./..;..=....O.A..d_.|3.....+.,.;.;....J1.%g...q....0..Z.s...v...dF.G.z=...t.@...=.}...:....M..~uW..LN-.....P.2...*...z.S#..R@.=l..}.../.o.j1j|.=l..Mf.oP.k-l&..s.e......EV.....2^.8!....tf7..I.........[...z....W.f..D.K.........(..A...Y.?_.rK[....y.E...Z.oC..4......R.|...(-..g.v$~uA..447.

C:\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.995739810740539

Encrypted: true

SSDEEP: 768:ZPWWE2cO+JjFIunAvj8te3Jnz5o41DV9AZjok0+tgEwunzSenjz6ohnj/QGyBcOf:gWQJjXAvj8MJz5okrxh+fe0jb/O3f

MD5: 6BAF6151D5BA8A0FDC15ADCBA1E2DCA3

SHA1: CC51791EBD15770846A82845FC69C4EF38FBE8C7

SHA-256: E3C0DE6F3A61BCF7FEFC319B10CC172FE6435684E82BABFBDAEB257ED2789F1D

SHA-512: 655E105180622290F6ED250750237C8ADBBB91336AAFBCF6ED044D221774542603F24F6D6F230232CC69D2A56D1E2591D7554AE215E13CDFB5678AF17403C942

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.E.q.K.S..hw..........7..yf.~K?l./.U]..:9..U.`..^.V....<*...V..9F?).g2...L...\......3I"..,.....c....lMH..L......;.Zy._.g~&.s...dq.V..g.E...c.&+..+g.U....l.y....K.BxX..en.m.*..b...".........N..I"<.kj.)y_.y...D. [..Yu.....<p.......s.C..N...O..D...M.h...X....$.Z..5L.K,.^..uf..s.6]..d.s..g....a....+..j.7..,...#mV.[ayO.=&..@.......!.|..^n-....:I>.ozF.\...-.{.c.6.pz.`..B...7<W.s...._.xK.. JS...........;..._4..j........,...5.y..K.+..J..'..[........A...g.x.......o..^3......V-..I.2hz..~....p..9w..M..w.......y....=..7...s...9.......\&?....=lW&h.'.... ..7.....Z..:.h.'.T!.."..gz....v...q...;.iu.Y.....F.....8k.N....Y.MB... ...~c....\8.lF.r..n.A%<.aU8O..k........b<yj....H;..nu....70EPy\2..t.U .^..}.7.k.o[4`..tfkF.J...Q.yw.C(.....y.J.Z.

C:\EFI\Microsoft\Boot\lt-LT\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 9778

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: B8C51A0AA875AAA944F10179088D8EA7




Malicious: false


C:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997814203846458

Encrypted: true

SSDEEP: 1536:+cJbXghS2B4hcLSiDBeQt4V9w2Oi4ssSqXXM+hWgsX3G9ChR:LJUh/+gXL4vgZvhWRXW9W


MD5: 80152AE3D90C322BE77744B8849CC491

SHA1: 9FD648BAE901A7F3AEAA05417B2AED305590449B

SHA-256: 5C84591A3BE30A683EC6CD91C44082BB44FA6006978F2DFF80B167B9F93F4703

SHA-512: 7E095F03766649BDB3C5E659864916F68244C93033E7CF6146769EC694A5C692FE4AB0D5298833D158D543758A0C66DCC2B3575FAF75A10ABC6B9502995BDD95

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....2....W.....?QeX>.4.`%....N...h.l.e.n-.2.....uoI.``[p.)./..T~<.......c.4..2W....Mx.....]yb....9.h.......M.li)c.FB.....7.KpEN.\s.c..w........$..-.1.....^.~V..f'B......... .M._.Z.....?v....<.z.1...W$.8...Z...]....K#r%...Q...:.(&...F3Kkn..r...!....*6"...B.UR.?.......J...C..>.'V.e....GgD..`..+e.C8.15..7.9Bl.....AQ.po.I...>..1'...C.CT..|.n6Sf.._>..W7%..V>4.t....{.....UK .S...s.r.W..._Q+.stfH....(........~j.....?..k;.._.a....I.z..a).5..j...>..).,t..._..;..0...F.e...7 BJ......$.'[...}..."...K.o.G..5..."...a.T... ...i...^.z`w...L....~R..,.j.....q.l.U.....l4.e.^|R../..bmD4C.x..e#[email protected].>.3..Y.....{JC.....]_...../^...g..).h.E...>.}WI....-k.u.2....+.x...4.D.3.....4..%..BD3.l8..scn.&.....R2..a..U..n./.$<..PZ.k.g`.}..i...=.

C:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui

C:\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997620481894485

Encrypted: true

SSDEEP: 1536:KBN5dG8cIT6oVc2LuS7hvbO4sCI3qbmbS+AJ3whacAw4f2XgvkGwM011p1F63:WdjBTrLDAhfqSRAKacAKj3pv63

MD5: 17849FE70CEDCAD54ACE65E2A6F1B27B

SHA1: 000D5B9E0218C38C67C6F120F12288D8C3E9C376

SHA-256: 7A9459F2938E542817A8E7E48687C5B0C9B0B02C732FCDBCC4E07A0C18507EB1

SHA-512: D9CD925DB3CFDE3790D73B96D392B5588DDC97BB0D3F01576FBDF25450584F993487B3EBD3DC399906E9207F95113A19035C00E3A20C8179FA57E32BD967182C

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....2....W.....?QeX>.4.`%....N...h.l.e.n-.2.4~.'....F.......q........e......O.-.Waa;s..\.d.hh.8.h.m....v........."_....D.........~S+cP..........F.R&b.-.+f.........j.1.XC.....pl~.}l.T+.y.9t?.1.....<........uW.;-?.`....R.....p4...v.....?.l.2..(....1U.&s.#...Y...T~&o...b.^../.....(!I.knI3z.....j6.W.{D.{.....7.......Ydy.*..../V..XV#..~<..bF...M...-U.=3eA..#i....3...mV.=..N,>#P%......jn........$x....C.].%..h......;.....(yPR4} ..g'L_d...:..\...cV...Y.%e.WR....(..$j.'[email protected]?....;..4...M..~.....S~}.PCIIl.O..}.=..........c`HV`4..}+zB.. .y..7....Z~.~....Z'..>..0s....../.b...RHV1A...P...Y....:..R..;..]k...3`....p..........J.V.F.y.X.o.D.....P.).T.j..n>r~........~5....Re.7`.&".u...I.........2%........ir..m.R.jS'|>&f...y.k.W....6....(.U

C:\EFI\Microsoft\Boot\lv-LV\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 9778

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: B8C51A0AA875AAA944F10179088D8EA7




Malicious: false


C:\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997983669584332

Encrypted: true

SSDEEP: 1536:AW4GHMH8lIbm8k7Nc12Y+iaXttAPUIN5TTTVcUpa/FJtU7sY:AiHMXnksAiNP7jGUpa9Jq7F

MD5: 0577809DE7A3561F53849E44E3B935ED

SHA1: 90C8F3F9C1677DC851F5C30DCDF33407C4BE79D5

SHA-256: 92473B5FF089552D3C0AA00F78666A0585218C36AD368F9BCE8DC8DAFBE62A26

SHA-512: 15FD2D1E0A781223F49DA5F4346F39C9D9DCA20D1546FD9E0A7AD0EFC6B6E44B3432D7719707C7C69FA6723EB4BA004E55D26498EFEB9A1F09CF522AB9CA5A0D

Malicious: true


Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....2....W.....?QeX>.4.`%....N...h.l.e.n-.2.B){l..K.^.........w).H..j(S......4..S....5.....0.......[...1..^.41O.."p...!.:Y.....`.`.O.\.t... .7.....Z.M...<.2..9qC.a*..U...p9:M.c...:C.T).j......[.[..si4".z..Ql#..r.R..q.9.1......D.JC.....Z..O<5..#.....=....W.....$......L.b.$... ..(~."e.,....?....T..l.....).R..S"p.....X>9...f.\Y`.*.....vC Y......dn.r..K....|.;y..2z.u._:.3.i.D....m(..l^...3... BJq..(rD...._.s._.#..C..Ao.....>..]L.%8.C......u..g).`.d.......i...."0.kR`.t......NP.Y.........B.....-.&.u...NRuv#'....[..P..+Qg...6.D.7.#.z.j........,... ."k...A.h...:aB#.*..'h..w?1.m$....A8.'..$0.|..z7ym$K.a..Vl.*^.........%...3Ll..Qad......*..:....w..O.A.`s.2..1.2K...B.BE.!W.H>Lj}.\..W...tk..4..08.x.9.*UJ..H..E.._..w.....T.k.....5(..

C:\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui

C:\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997648053712954

Encrypted: true

SSDEEP: 1536:jRUA3AAgmz8TkQkLN9oOlT60qQEmtwF9YAQ5zSAnXjKmGEArn5PXxfQMyuDo:tb3AAgmoTk59ocT8xmafjEXG5PXxIqDo

MD5: F350AA5B2F89DC71F98FE13364138633

SHA1: A012714F650C0FDCA14F31746265048BEDD2BCAC

SHA-256: E196BD2D285460691526966BFCCA3E3BBB3EF191C8B885C29F91BEA4A19549F7

SHA-512: 1AE9505F4EBDC41F04158F15706B4F27649CA9A2B1C5AED34E1749DF6DB341BE6C13EA9267A8F0E3A07846CEAD98FB1037ED10474AC2B5E5F0E15C7CF2C3F2C7

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....2....W.....?QeX>.4.`%....N...h.l.e.n-.2.r$c.r)!.b.M..L...V.V....=...!.l.....yr.Kk.\........GU20[......K..b..4}[email protected]...]T.1.oq.Q3Q.@..>!.^%z..=R`._..."@wy...f.1.u...T..m.#.L..^si. J3.qp..........:[email protected].}.Cq..#...9..O...%.ut..I..]..u..9T..Z....wz.d..C..sf.TP..>W.L..N#.._'e.bV>3.......,..&......W2............V.}..@.>..d`.-..jdC...k.{q..._.qDma..$K8...o...m!..._.8........B.....m.<..Q.$CPt.&..t............&f>.<h.;.R.>FL..}...P.^.D.8>$.......;......2YUs....G......i$Mr..hk.....g.\....t.......3.6."..a./n...V..n.(.%d.....h..m.P.Y...z....(...s.W.fG.GZ...L."X%.jM....w.l,....w.*...;....D0?.D.k.S.?_...K.k.\|.....".c..M..K..g....b=...I.B...............f"44..2..;....u..o.....Z..P...r....i.=

C:\EFI\Microsoft\Boot\memtest.efi


File Type: data

Category: dropped


Entropy (8bit): 7.999814105402384

Encrypted: true

SSDEEP: 24576:vu7N/ba0C4+/57350ZmEamOLy8ofl3+gGWmBlHQWrmnkS:v4ojl3wmEA1ofl3xGWylHQWrmnkS

MD5: CFA66474F27F861915537C11610E2C5F

SHA1: 253531FC0E8456768659FC5D58EE4A80C8CBBDCF

SHA-256: 0B48DCC2A79A4794C28BA4CE6F55A20D98C4466774E2C4DEC96ECA2276701315

SHA-512: 784475E11AE5D2FE059199A9586C7E3CC90A85870B9EF173A9039D7D26F92FB01FCD6F59835F65C4D624D67FEA777CBBB019A093B7CD44E4F3A2877E956406E2

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$l...=.1I..$.).Z.....FR..P......oV).._....(.....y...E.44+...b<...G4..............>,..g...8."..j./.FEy].3........$g..QD...T_;...b&o.],.3..p${.o.MbP..;K]q..O..Upe._&VUn.L..(.6L..O....<..@..\...K..h.........r..e...Z....".......Mw....rX..v/..1'..p3....#...[w.."....}...8..=.`...<s.azbm.?.....+.5...8.%..ic.S^..0nE"....?G......? .......en..w......\.....&..........h.._i.k.F.gmQ!.. i...5...[.dmd..o..P...m.[.'.....v.G..Y.*..i...D%p...3..6.o..!`..m~...S.4..>Y.Y.w<.....:...4..{......k....I.|.o.O....\wCJ8{C.F...33......%.n.9!...ph.....6....Of.p.s...Y...3i.).E"[vO.$....Yo..V!........=..O..`.OY....K.k..t.....*..j....[.,.....esE.>-.Kt...^.....D..s..z..... .Uf..?.....b'..L....|..$&B...&....Q.....x.F...uC..rc.2..U(.].....g..g..6...~<..%.k.H`B..cU....W._...Uf..-..A{...../..E.Gv5.dj.XK.Y..>..q.%...;SI..Gh.&lQ...'.z..m....e....gK9.:......B.......iiY....0..[.{...lf....._+>....A|..a%.....Q.....v

C:\EFI\Microsoft\Boot\nb-NO\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false



C:\EFI\Microsoft\Boot\nb-NO\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.99772549826723

Encrypted: true

SSDEEP: 1536:b9EbEMmytg1iQNuzpREb3IsU1xH0lPXwS7DMoncG7BR1XzxH3umj:nMrgFU/wxgSPMonD1fXZu0

MD5: 2538919B308D6B42EAA96286A7777242

SHA1: 6417F80EC6E322FAEDEA5F9F6F3D7E43B171501B

SHA-256: DB6D0B1D0E3FF422682CC6341F041FC2C25F76391F2957D3FBE4C4915AD6BB97

SHA-512: 52F13D5EFBAD6F3FAE95002729E9585A6EF40C837B4CC3D5113AC29622BE2B4712C24567A3232622ADF16F9571F5874F9D5C950F6F2B1E6FEC641B8AF8B4E3BA

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....2....W.....?QeX>.4.`%....N...h.l.e.n-.2.R.'Qc..#..[V.Y...G..$u.$..=.Nv_.-q..bp..>|..K.VL..B\/.....h~RRh.."7v.5c...._2..'....4.Qb.....WQ.N..-.].H.........t.!..Kva.W....:~...;h(.....A.;...:.]7./3....^S........Z...,[email protected]...>}...6.T.5b..?.R/Z........W..t{0........B........6.FQ....n.oy.a.R.M_..!....?.....r..H...xs.f.W...PL.......$/]....tK.....HR..A+.L.E.\...F..<W.9.;[email protected]..]....$.3/K...n.M..k..0G.:.H...Bl%..RV.p.b=>/.j..&.....r..,....S.CL..:...3>8..... K.k..a.} .>....".G.4S.!\r...p_t........k..:FM....<......h@.....?"3U)..'[email protected]..`.<.e..._.f...C'M.]...m...'...9OP.;...........tN...S..E.J+..5.....}G.C.=`.*...1.@S..%.x.6..t.r.=..+.....a1L/.lRF.sG"....y.y...r.uVC....Z..OquW.r&<.$..(........2g

C:\EFI\Microsoft\Boot\nb-NO\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9976550561530635

Encrypted: true

SSDEEP: 1536:fw4Sl0SZVHakI34xh45W1ANAKewQdRCqJNlcY/pmkIoOg+lNx7KKsa:48kVo34s5cANAnXtNlJp9Og+lH7Z

MD5: 56360C596AD9178738DA3DAAE1573639

SHA1: 38A88BDC82EEB7B0B4E8FF4C1DEEDF0CDE54C683

SHA-256: B58A7B75F219900EB0204CC76571C0840A21299EBC3B774FAA04766F4DF81CAD

SHA-512: BA5D3C2A0C48D621601E636F401EC077EBB2DED3E34A3B7C86D8451A176CE97D3DEF0308D48233C3AB5C82FEF15FE253693D78CA11BC283335917A0D267C4A43

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....2....W.....?QeX>.4.`%....N...h.l.e.n-.2..4.<...~2pW...i......U..B.eF..Z5.o.5`.>[email protected]..%.3>}...z......F6=9......`....J5Z.[.c.2.`.."3....8.....r..L......4...'..]?uB==>.!..^/..EH.w*.}..v....................:....|.......A.Y..9..'z..Fx.....A.sn\5s.:gl. .FÀj....m..u....!........n....B..S?L2.?.Q......0..a..:.6F...".6c.-F...p.M.*.ep..9.q.W*\..z...fH..W.5.l.V.*..h....|,:*[email protected].~a+..$(.(.:.H...U..c.....|.r.......G...6%%.)N"..d..._....m~.[....H.......B...Ri-..P..4..J...r"..(...aYp..:m.r....C....Zl.F.5U..Ck2......E.....â'..n2...d.$M'q....G.bK.ye.Lax8..GK...*p.Od^$.h.T...~.....\u.(b.&.IR(..i#.h....hu~..h..`.................xt.t<n.5....T.Ua.s..[.!..'...K....vP..Q.c.....t.<m;....W.N8G...V)#.."......

C:\EFI\Microsoft\Boot\nb-NO\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.996284438153445

Encrypted: true

SSDEEP: 1536:sH8Ef9i/iDXI8JWLopHyNI/z8KW1miJa/fVTt:sH7f9i/iDXhdLW1baHr

MD5: 05F5BF2B721482DA733E2C3DCA227115

SHA1: 456D47E8DEDDA5BBC0E92003AC25D4F4111E25F5

SHA-256: 3E4A9AAB81788A2D65FDBA81E3A2FE07348517B17D7E662C7DCB7659F4F1BE4A

SHA-512: 33915ACC322255F225BF5545B0C233B8B0161945C6FAD4B00BC326A47789EA773469D3C46258E6ABDD6444E110B7FDDE73DC7F2C2193FA1B8522E15B6AEAF560

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%....^.S..]..-.>m.9...........A..7W..9fw....3w....[.O..]l....^4.....$rBa.Rt.U.........d.|..,.....F...?.l..f....14.E..|.O...#~.I..:..b..=.{d.0....Y.}\.....%..W].M...R..\.'...y}...[...E.<#'.*$J.vD{.~e.....5s.....u...=..]t.(8.+.@...$.......m{.1.T.i........C....(....t....9.q......6....0. ....J{...i.l.7)[email protected]...!_.7..8".Z"=8...0/d\.:;'mG\[email protected]..)....{i....gu.lk...#.+..O....[.K..?4.w\H$m..Hh.Z.....?.!.z.4+/.........u.............G..v...d.....H,...T.pq...gm....<y.LRQv+.8.r...........|..5..Q..2..7W$?qI.e9...O..7..l...^...S..).....*C.N_.....|..#v+0S....Z.L.aQ...`rb?.Ct.=^ [email protected].^X/....[[...V.x.'.q~@>..^......8E}..T....&.. .....5;..W.J.Fi......\K..s.X.2...wAC......\.K.c\...N.v...F.#<.7/:W...

C:\EFI\Microsoft\Boot\nl-NL\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false



MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\nl-NL\Recovery_Instructions.html

C:\EFI\Microsoft\Boot\nl-NL\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9978735949792865

Encrypted: true

SSDEEP: 1536:2vfYpWPmfTmao/Vul++GYQegiFG2CDykcEoChRDcPL5y8lGPEM/c6T:2HGfc/w++GYQegiFG2DfEoqtkL5JlG8Q

MD5: 571FCD851DEC6B3CA0FCFE041967D6AF

SHA1: 7B4E8E736648E600B9AF080BEDBE69C7015D0E1E

SHA-256: D4C44A0A1154581FB8D9265E201012AD60BFEFF07833DFCC49F7D9AB4019075E

SHA-512: 1786C39314A94030FF8E6A7EEE25E1C9ECFE9692B6E8BC42B82B499914EBB3FEE94EF7DAE3E253E77EC66F75744B04DBD1284FDC711917A8E4566807B2243279

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....t..r..S...,.[)n...f.w>.C.....$jx.$./DV..s...J+>...pB.?E........7).LFH..r....z...x..x.....:.f...Z.J".......8..g1..c..u...u6j...+.8wO..y...OL.t4.1rWZ9....g.G....y...b.Uy+*+S..*G..4+....R..LK...A'[email protected]\...X......Q5..%.....}4..R.:T..C:..?t..........P.%.|.c.........}.K...Nz....R..j.*.n(7=A.Qi....7..?.Z'......;.o?......].?.....k.......(cXk.C).ED.L.sXF...H..t{...@*3J..,n..^.s.t......L.X..t.M.x...^.i..sz....F...1..~G}.*..s.h..]..v....i...^.......l..L.wh.i..1!C.K...n....R...iI......zi.......d.!g..>E..:g...O.q.B.H(.:..d.b2..........M?.#D.........b...s=u[z.8.+.{~...Y.e"R.({H.D.`.G0....N....?...[T...x.'.....*..........D.$x.......~>..........(..G...k.3\+'AH.......:.I4.&.....8.#4D.\.T..Z.T....x...Y.s.h.8.

C:\EFI\Microsoft\Boot\nl-NL\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997657820026341

Encrypted: true

SSDEEP: 1536:SEGgXEonAJk7bFc56q4nWi818XmJ6h3kPIQjmgyhGiwVUxXVIVBBJ:SpYXAMBc5bFq+6h0PHmgjVyFIr

MD5: 5286F62A6856ED9F4FB4A2A90FAC625B

SHA1: 12C584ECE52601570351F1D573671BC135DA89E7

SHA-256: 63D6FDCC000CE473C3225C046D08BE74E72039E9CE5ACFE9CE81FBDC2C793416

SHA-512: 27518768C535F95DEDE202B5C29E863044DFF43BAA91F5AB1E05467915F4515ABC5670022265CB019E6E915BB05420E7F53896059ED7DAA366EE478A6868D49C

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....t..r..S...,.[)n...f.w>.C.....$jx.$./DV...J)K}......t.=6M......oP.......9=...b...0..}....t,....D.m..ui....Up.._h.QE..l8..70..&..;..AjUeQ-*o8...y&.)...$.=..T][email protected]?..6..rG..6..L."(.,a..D....;.j..*._.......Wy..p..../S..1...=v...}N.hI.C.S....5.$*.....f.<.s]..#..!J.k.z..(2....Q\...:.).._7...0..I.E'.R.{u!pS.4î`.I2.n..y...;,..9I..;.I9./..9........,x....>4gjVwI}C0:.R....) P.I([email protected]!.a..H... j...H...Y`...D..Ih.G5{..=...z.`..8....s.tC.eU....q..9l....@W.....^;.....9..sTG..2}"...W..5.{...g.b.. .N&.S.j.^;I...]..p._.....M..Y.......GV..v..j..1..7<.KGJ.....w3..=...6H....L.Z~++...."s....&u...."........?..s.k...D...D...H.."..?.h..-i.xj.^..2.[-../.]..7.Li`.=....p..7.d\..p..T..).......T.+...V..(.c;.........+.Y...!.Wc2...|.Z:...N

C:\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.997036134133239

Encrypted: true

SSDEEP: 768:9QPXLo8fIgwGSBGMSYC1olksIBTwZ8dEZLiH5/z8YkQ0CT0fcsnR9N:9gLfIgwGSAYmo1IgiZ/QvQPTsnRj

MD5: EFD75EA00F2C62A1C7B9591573D273B2

SHA1: 746DD96CE5B7B6CFB79C7019F516F02C777D7A4F

SHA-256: 5DBC697D5284A4A6B12992CD960B50B86B373342F93FEA9AB223A5A3CEB37602

SHA-512: 5D00DE7D8C056372E0158501C339A160F21F43350AF29C0F3C99A0AB9884DC3EF64AEDE896C313A59E8C0248CC989A01994BC8E5F11A66C80742D23D7982CCC2

Malicious: true


Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%....^.S..]..-.>m.9...........A..7W..9fw....3w.'.......[...../..zc.fs(....;..R.e3.-.R..M.t.l=$o.>9.N..=..F.........s.Z..`w......3.6F...+U.d...B$~S.1"Z.J.)E......WZ.-NI.-..qh.DV....}.....x.9:......LSq.0....P..m0.[.d..k]..[....c/...n.8./[email protected]....|./.oQ$......:Q......n..'........E]...B..H...9./...2..M^..!.`_..t^.p;2&. .H...hB..jB...gcL.c.n.".kV.=..q..?O..F..4V...E..<.6lD...~....j...=.n.GM.kR]|.$..!.n.*.Y...V.i....G.......;.(FU...V..f............x.G0..9.u.....j...Y.1...K.u.W.......*O.'F8..2.L.........^......c.0y5.-........._.:.uoN..\~.K..".c..<%..+.7q...VIN..E..3...Vi....r.0.....g..\..5b....N..x..L...oJ*........#..9c....d8.ie....'.X.......D.fei.."*......G\E5..A.......EB........R......Ud.......>...C._....q.-.5..?.mu.....Y$;.cK...".

C:\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui

C:\EFI\Microsoft\Boot\pl-PL\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\pl-PL\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997793521362493

Encrypted: true

SSDEEP: 1536:CSq2jGRaPQOZ0U2gBytjiHvL0J+M6nD3zHBRhFNLnYATPjSOHajXTzKf0euHC0+2:CS5GEJYjQvAwMkhRh3MAzjzajjzu0/Hr

MD5: B7A22682AF0BDDE93DEA2A55AF1A5577

SHA1: C4FB6F3CAC99769BA7F024A420481E43CFDF5878

SHA-256: 986A0D6941ECF3E52CE736644E701D4FE400F8E11B6D5C2DEE320E3725D803A5

SHA-512: BE589D49B51833E9DDC82E03205AF73C206A2491112F50D9FBB762E9A8A47D943051D5705C5DEAB673048B6AEE737C90F47D38CC17D014825439363B0A5EFFD6

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....t..r..S...,.[)n...f.w>.C.....$jx.$./DV..r.[~2..=.9..".p"EI.hf....o..Cj.....|Q...<..g..^p4E..H.U.. .?..yO1..V5is6.........m.$...14...1}....p..............U...n.H4}.X.n..Cno...`..R/t.|.E..T.........^J....0.5.,X..ns43G..^.hS..X7v.<....1..L..L.<..V..j]..Q=.v.C...$2N.......!.w.wL.=.Lx........2....qcz..3~.......kXTJ.C....B.4i...........h.b.....d..'....O^....[0.../O..N.!.%.......G.p.>[email protected].../cY..A..#@..P...5M....2.i....n..JS.:.....B..C/[email protected].~CZ\....*.d...u..Or.6h.l.E.E.X..'..;.V.:.Ie3...*.'eT.@..@._Ku.Y(S.fw...~....Q..z.+.z.}..j....-....._&.}H........S.bQ.'...;......a...^t..<..e.R~y.b.j...4....O\.F`.......j....\.#....l?..l.L..y.s.0b....F.`..c.i..oQ ....d......0 .9.o.aRh.G.....N..M......5.....TD..b$

C:\EFI\Microsoft\Boot\pl-PL\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.998020978881523

Encrypted: true

SSDEEP: 1536:3YTCvS5+WQvnmNwVSe1kU2YSmVkUR/CH7q0vFUbq8eK6tz+Ok++wKvTaJ8:/D/mN1e1P2RWkkQq4Kxg/BKvue

MD5: 080E10E1ED020564932C2BDD804A7209

SHA1: 7870327BA3C92ABED585B91F88C6D7F519F1017B

SHA-256: C8C90F510BFA710CA205B7746C3AE20620FDA13A229645D8C8C5706CB284A87B

SHA-512: ED5947DB5D99A98E433DCF4C08EDE02F6DD38F6500EE76980B372A12E325BA163F1B885DC60D20D9D47B3A8A664DA62B2CA41E831EE3371C4F9E6B7ABEAE2A89

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.....t..r..S...,.[)n...f.w>.C.....$jx.$./DV.o`...jI.`.h.0.qG.|..f.c8.p.Af.~k).:.........a.BaP...`..e=e..\<v.[.~....,.a...*.z...Jl.0.2..o.."4u.z..~b.../..*gK`.<........O.v..tI./..g$...M.J............u... ...Y....G;e..T{.)F*Y.\ld;...qy..N....k].B'R...?.m.!.p..k......)....Y..pg.5.....w.!w.K.k...8...W.Y...-.!.0.......R.......L.....rn.Q.tm.o#.....=..(28..&.Kf...;.s`..n.x.{.p.X.~.....6..H.l[..`....h."V..e...D^M..CGDyL:..&..o<..^.>{U.%...........m^5Zx.`..mxY..+.o.#Q.u....m....T.I.@f^9.e/.U.....'.....&......=+.S:....N$I....Kh...n`....=}.'.. ^.5.y...p.....uFzw<hG....&6.._...o.RJ.i`..f.DjW...^~....O.../.....+..z. x.q..@...,E...1...<..W.P".%f.....o...a..^.7...D..!.M......4........s.xx..B.<..ZN2...p.H....{..|..|W.....2..^T....`..,....fBOP..(


C:\EFI\Microsoft\Boot\pl-PL\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.9964545599906645

Encrypted: true

SSDEEP: 768:o+uCjC10xueNDs2FWV0lcA9UinbL1QsMdC5LMnz187cXVyd+sMs60zpY5GKBSbn:omC10rYWv9UinbxQsV5LipVydmpopQBE

MD5: 1D2EB57872B55C8F26166EC67D307F83

SHA1: 613551F2082B32C0C2294965A7044D84B02C3039

SHA-256: 3FB16AC66C38D763FCC0BEF5699145A1907568C748B09DC982E69CDFC54F762A

SHA-512: 30C4FDC14AFD85648A18FD5DD60AE8BD2ACF305874EF124AE9C303FA3C750897F6173227042EA0B21E85E6ABF8C1B12D574CC70396581608D4C83423B6783FA7

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.H2).!\...|.(..~u.!.2.....m.@Oi>.[.....Wr.o.....1.m.ev.J#...B.v.C..C.9..LK}...8IVq...?.C..%.1ri...2.!&...y./U.....1...f.d..L$#....o......9.'.r.z.SG...E..S...j....)&.E.[.3...Bp..N=......].;.......u.M.p........xc_.~...K>V.V.k4K...i.-2nC{..Y..o.5r..h4.......k6.U..P+}..X...Z.,Hx......2k.1|..U.[pe%.(.3. .xU5.a......E)!|V..-.;W..Jr....GW..#.b.S.(.Q.w.|$......R\*.._....~9........B...`{.}`..|4S....}H;a....~&...K..9........ZC..*.~.w.e.~..X..=k...{.)../....M..4.;s.06..-x..D.......nN.w.'i..*..i......1.....O)wL41c....VWZ. ....$..o....n....BE.._n$J~.y......F;4.'.W......V....=..i..1....-.[...E.Z.+..iZM......Dc..G..a!....~....x6b.....V.E8q.t....)T.....Q............Zl../y...^8..g..m....j35B.Q.....:1.3RfT.\v..(w...y]....C.U..%P..a.0.r......../.7.u\

C:\EFI\Microsoft\Boot\pt-BR\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\pt-BR\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.99774202157841

Encrypted: true

SSDEEP: 1536:BEskQZFe7qMV7lp0jrzgF8CgMcnV+WujdXl6gxg6iCGmu6P60j1AD83:askQZEPd0b6cV+LtQgxKCGF6QD83

MD5: 8833E160A17309FAA3A307E9766EA2A7

SHA1: F4360E03D9C1D39BD31C583C1A9D7FDE314D16EF

SHA-256: 5E4AF580516DCF36A039D43F5084E125665D65391752A2F993D173FD908D2839

SHA-512: CB699EEF82B4AB1B9C1D32E6B326375D726CF3AA1D9FFEE43107C69F825B85DF7555F383C1CB2DB5C1FB40EE9D661919EE60E9021C7A29CC51CCA3D65E79BD31

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{..SM..f!...m.mS.GS.L...!qq-4...zF;.T..*pW......h..`V....S.F$...n..V.^-87...]d..6..'.Bo....g.2...z. .....W...o.>5.J......[....H....:..:7....=~.2wtO[.k[V0Xgs./..,.].K2P.gY.[..aq..f.v........eL...F....T...M......!wC.3..i.@%'........^.9..Z>.zMF...+~...j}..[$^......z....9.pk)..~8.[tT..Hc..f.L....L.k...n.b....pL [email protected]....^.k...<6".....8}.....s.z.xd...u..n.......)*$1U.....,}[email protected]>{..yR...#...........n*.9>...n.[..o....W..G.yK.v.hDv({...e3..Z...3_...F......F2.........P..C...O...M.......x.E.....D...]..\Hfs.(....~.o. .E:...q.(...%..H.zQ.w....V$..l.]'I....,....!].s..<..E.9.."...[.DA..]..I.K...D..U.[Q-=....pq>.1...DD...+....&#...zv...H.M.....V.~oxPZ.^.%0.L.m.....?.e<W....$+.

C:\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9975122146112785

Encrypted: true


SSDEEP: 1536:YGOT52qVmXR0WhOVw5472i8U8krK+VOPzIGiXe7JIIOn8iKp3x+zrIX:csR0W8W5m9s+VOPzITu6Iu8p383U

MD5: 61CD6CA9BC13E828F78F90345104C3FC

SHA1: 0F878100571E0BDDB83D8877904138E441965E01

SHA-256: 2A6E22900AE97D83DAA1F4157FD88B0711FD2A22F10DD45524FFF318C77D49E6

SHA-512: 600BB4DA50357A6A3B21B3B9BEC84ACE3FB813B85D2C7802B6D5585FEA601D108A673B23CFB9A52F3FF7D0B1743766C0300CD206D40AC6C289D3C2BE1104FBC7

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{..+9"[email protected]...]..K....W=....]&......c..d..~=.....S..u2..E. >..'4.+..E..J..{..38-n.E8.......*YwO........e...VC..Z./R..Z6*.....h.L..<-.L....v...........n-......O.'x......|&m.b...>...6..-...;.*.N(....o. y1......Hu./.K+...l_...\%.7.s3.*..tt.Qo......%~.....7mi.m....=F0.s.:.%e.}.&o.Y.fL..Z...AM..BS..*..w..N.o.j.. ...9z..m..........i...6v....F.b....*t.....D....*...L..H.E......J.......M....PuB..,.P~iIr.i..N.3R.,H.lu.5.Q.4."..2.R..................F.Q...e..d..prR6...Y.b.2.g/..D..UoC.......#,....L5.l.af(UB.Ff[}(..........8xx@{yD.V..\......>vh...}.:.$.7..oa.jy>.BZJ..fI>.T.N.."...bA...&A.)...C...l....9..XR[.r....&.....=4.Z..s,.....J..X0.....,..H/.:..D3.U....}.(..<...:z.... 7}.q..<n..k.Nd. .3...0H^.*.......

C:\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui

C:\EFI\Microsoft\Boot\pt-BR\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.9963889574932665

Encrypted: true

SSDEEP: 1536:gHNIPMeXorCpd+b5kspjomsIz3pgHtIAZ:gHNIjXuW+uspNgNIAZ

MD5: F686B95C3C48974AF549F92E29294503

SHA1: 278B222E630AB6F35842DDFAA61D7D3C2F778689

SHA-256: 334746F2512E190A8B12AFE9F2544064B77DF3FFEEA924C9571E2754C36C9D3D

SHA-512: 20A03DA00D9C2700DB97DF5896D1C2DF65162D3DB51CE5C6E6587123F102296974A9240F7321E552DB98FFDA9F1B61F9AD05C066D0F726DE9B58F3057C8304F8

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%....^.S..]..-.>m.9...........A..7W..9fw....3w..H...p..\x..P...P.[n....'Aw./*...p....$.....e.G.?.{xS...T6|.ZP'.R..$...Cz(bE3....,.PL...p.]..G...........u,.@,b.&e....H.7.t...$4..8.J...t.&...R5..{r...[.).o. ..dn.f0..&.@`....."WNq...E.....0lI......x0~.3n*?.N@..../.~)0N;...I.1...fQ.l....07".....bC.4.s...3.........$.k.Rgww.rCh.BZ.....L%.d..|........aIYVk.;.2.......$..I2.L.+.8.^L..xu........Q..Yx.9..>`s..9..}.......Rx.c...Vx.QNl..R........k.7....3.....C.2..hq....P9.'yi.8.N.FQ......jL^.....^. .Un .Q.%]\..o.vX.....m..o..13)4.....MF...t.*[email protected]~nPuk.......}...K......"T`f....gd.h....r..H..M.D..<.^-.W...JL......(.2......F....."{..MA.m.:...,...a.Q(8.s@c`................Y7...*.-..Kf.l4.s...(..)'N.A

C:\EFI\Microsoft\Boot\pt-PT\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 14667

Entropy (8bit): 5.515899243796794

Encrypted: false


MD5: E907E2E8796F72E450EEAA65932B78E3




Malicious: false


C:\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.997778883943141

Encrypted: true

SSDEEP: 1536:4R/9/LhCs5fJKFpZ8S3V95tTqN/aBN/AIPqIQGtYGRy563XFJJ:eCs5fJE8S3VXtTqmjKGRyU3XXJ

MD5: 78DAEB8BF042979C60A828C997437EAE

SHA1: 4AB5E2434E5A74FFBECC797203944A492F837817

SHA-256: 1F4B6CBAE7B2BBF1CF07FBBCC55155001186002E82D820046118AAB87609F40A

SHA-512: 98CD96A0D17A9D1ACF6E3CD6ACC2FAC66ADE6CDB05BC17A0753D0C07922C050A88952E9F44BA29AD101DDD642F1C5159EBF56B0FCFB3E091E3568DF9886AEC9F


Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{..%..e.9{...... ....*.r..{......zE..Yy.....)].v.9.'..,......V.`....}.MN..b..VVw?W,..}.|....o.E@$.W.n.=?2H.....c.*.;7...<..]A......$D. r...=.....46sVO4.:.K.....1BT.=3y.R.....X..8.7X5.%,j=Vb..iQ..nSq.."[email protected]:b.0<t....Q?..N....^.#.S._.#m.....m....r...`..AY.3.?....@[...z..=.{o..B..wK"..._..EkR........f.W.M.S......_...j..1Zs.L..7"1><o..!.'.Mk..u8..{u[1..'.... ...:.Ng..:...j.....Y..sI..L.c..x]...Gzh]]...&..o..'..i.1...\.^...E.\!._wU............Iuq:.v#..... _....2.._.my#vK..V....G....O...=..s...k......~..F|.TB..Cc.......N..R.... ..<.[0.....U..K..pt.!.`X..e..(.]...tn;...58.kv.HI......([email protected],dc..%[email protected][email protected].:...\..n...0..?.7.k.=u...-.R

C:\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui

C:\EFI\Microsoft\Boot\pt-PT\bootmgr.efi.mui


File Type: data

Category: dropped

Size (bytes): 82456

Entropy (8bit): 7.9981658718092135

Encrypted: true

SSDEEP: 1536:+g4+EQ4h7EbF39n3Iy2uXjSRIRkjpil1U3gRcgY6kidnniMa9:+wEQ2EbF3eE2IRkdI2RjgiMO

MD5: 39DDB198DD1883735D454CE7817169BD

SHA1: 8783BB40C3471917748891059B0E68CBF2F80453

SHA-256: 00C570E780DF01490A4B4F8372D9628B16C547C68C092B288BFA997821C2190F

SHA-512: 7CC6AC6472AC7B65AA3E80F3C0CC662FCA02B14E35C9D50460CF65B138B741EAA2EF4C4D6F5A0EFB5E2916F2C6523A4C1C64769BD94B907BB2B07EDB9C5E9BFB

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%t....n......l.....E..r/,,$u.{.....m..K;.,.J{3x|f...hc..v(bA..z#.[. ......._......W%e...19wL...m.7X&....h..p_.>...M....O...F.n.g.~.)/..C....&.B;O...H.~....~].x06...`.......9.k.x>#I.6& .H5u.A.l.\.'C..;......2].~.~..K..D..../.k..SW...&.V7@-X$....][email protected]].6%.;h\...6.LX].h.g..Od..^FN2..D.T.7.M..F=...5o...=.....`..?YY.-%.....z.....<;.k..9..s.K..._'û.i.....Z.....y...I5.ky:02.m1/..A..........d..:ym..{.9..Z.W....I..h.-j......?Y.KB.....C..7v....t.....:..d..3..{..'..5.$.<.....(.....M.~.....j...6:*7[4.c....w.({[email protected](...`..w..2..QK...B..a.9$.A....].+..<$.#Qd.Y..!....(.....>...gdfF.....Y..a....$.d..r.N.0f...].Q...O...b..*......\6bJT!|.8a.&....ZPàW.Y......\w..|..lr3.+d..@...>..EO..q...H......)..*];...OO.PDNH.......r..T.

C:\EFI\Microsoft\Boot\pt-PT\memtest.efi.mui


File Type: data

Category: dropped

Size (bytes): 49688

Entropy (8bit): 7.995606548470388

Encrypted: true

SSDEEP: 1536:jLW09fyG9Upnt7HzavgjVkFvaon1oxjUZTJDr0334bFYVm:391Z2kFvaaoqT+qqVm

MD5: 4802A22299A3B682934D4CEFED351E9B

SHA1: 23AE06344DEA6B9F571939F45F3E10E43FFBBED5

SHA-256: 201E79FDABF598028EFBD3CFFAEEA378A51DC4D923840025995BD49F7ABDB47B

SHA-512: 87A3E2B251C7BEDCBE2B88E72AD388B2D412A3DAD874D53E2FC7E7B23042D2C7E85E9005FD65E43EBEE531BC42F06221B1CD3E867E31E6F761B4ADFE032782E2

Malicious: true

Preview:...I}.1!.L....>l?.%...0.h8m.3....S.)[email protected]$.O....>.mj..z.........f.3.^..%&.1FIU.j...u..Zz.......wt=v...lN...?.Km.;....qlk...TG...WJHS.._u...T...]e..H?7. .?..7..'sjs..N.'.....w..U....?..^.t.....I.n.}.%.H2).!\...|.(..~u.!.2.....m.@Oi>.[.....Wr.o......cd....N..|..P...Z.P}..Z"...#m..W....&u..5.....Jv..W....3.7.#x..S(Bj....&...+.+_.....Gv......D.I.%.....+/l..P#..9....vmX.!...`.Y.p...:A...-..@A=...X.".!..u~;...=7......?Q..T.,....b....#`\.._.......$...p.......olD....O..g(u..w........R.tU-...%....:.9a.P..4o.qÒ.......W}..-.....;...S!.*.4.U...&nG.Ch...m.G.$.e...J..x515..F..........q>i.c j..S.3.._.../"..tC..... ..?I....... Y.....jLm.....5.......ackOl.....Z.......Q.FmP...|....Y.j.(i........2h..uf.Hx....L.b...$...PZ..l..k..-......H.F..u..-.p..b...J.G.#1z...d}..w.[D-M...5E.M./a...d6....`.Y.,0..H..0~.s"|..^#K...%....N#+...g.b<}..=.R.....4XP..5.K.+....(O.s.X.0..-.F...;Px..&Qi.}...1..PsG.h.D....Z.?.......F7.......o\....(.D.i..2r..G..

C:\EFI\Microsoft\Boot\qps-ploc\Recovery_Instructions.htmlProcess: C:\Users\user\Desktop\f6ifQ0POml.exe


Category: dropped

Size (bytes): 4889

Entropy (8bit): 5.515899243796794

Encrypted: false

SSDEEP: 96:8y+cAl5azln+DtZogtckSUae47f2m5+DHORCiKMr9JM4oqo:8OAl0z8DjaH4af2mwDHORnKMZJM7

MD5: A567EDB0841F238E4BE8EF0051BF728C

SHA1: 86FF15C748F292EC0418DD868D4DB505522DBFCF

SHA-256: AF63FC9A5DC026024951CC157DDAE53E98CEF96E3688993F2A0EB997DA72865D

SHA-512: 948809F614E1C3FE6F2F2B584D2459BF18FBEDACD2B56FC81BAAE866015E6B2CF38C46E6B1F05B761189C8CC46B67B590A20956B5B5CEC1F586795C9C0263542

Malicious: false



Static File Info

GeneralFile type: PE32 executable (GUI) Intel 80386, for MS Windows

Entropy (8bit): 6.162685727512194

TrID: Win32 Executable (generic) a (10002005/4) 99.96%Generic Win/DOS Executable (2004/3) 0.02%DOS Executable Generic (2002/1) 0.02%Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%

File name: f6ifQ0POml.exe

File size: 694784

MD5: 82143033173cbeee7f559002fb8ab8c5

SHA1: e03aedb8b9770f899a29f1939636db43825e95cf

SHA256: 4ae110bb89ddcc45bb2c4e980794195ee5eb85b5261799caedef7334f0f57cc4

SHA512: 77377c732c3fb944f56170e6382fbc25e8bbe1f2ffd42290c52da5f33f7301272c67356843464c89bba71b8c45e3d4222fe70bb7a1f80bbe89b3ce2dc498dcf1

SSDEEP: 12288:cPJ4U0TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLuMJVoM7:JzTYVQ2qZ7aSgLwuVfstRJLrYM

File Content Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A...%...A...%..iA...%...A...%...A...)...A...)..BA...)...A...%...A...A...A..Y(...A..Y(v..A..Y(...A..Rich.A.........

File Icon

Icon Hash: 00828e8e8686b000

GeneralEntrypoint: 0x43aea8

Entrypoint Section: .text

Digitally signed: false

Imagebase: 0x400000

Subsystem: windows gui

Image File Characteristics: 32BIT_MACHINE, EXECUTABLE_IMAGE

DLL Characteristics: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Time Stamp: 0x5E74EFA5 [Fri Mar 20 16:30:29 2020 UTC]

TLS Callbacks:

CLR (.Net) Version:

OS Version Major: 6

OS Version Minor: 0

File Version Major: 6

File Version Minor: 0

Subsystem Version Major: 6

Subsystem Version Minor: 0

Import Hash: f2a8a842c869f344b4d75729bc60feed

Instruction

call 00007F5D3CA80145h

jmp 00007F5D3CA7F77Fh

mov ecx, dword ptr [ebp-0Ch]

mov dword ptr fs:[00000000h], ecx

pop ecx

pop edi

pop edi

pop esi

Static PE Info

Entrypoint Preview


pop ebx

mov esp, ebp

pop ebp

push ecx

ret

mov ecx, dword ptr [ebp-10h]

xor ecx, ebp

call 00007F5D3CA7EF16h

jmp 00007F5D3CA7F8E0h

mov ecx, dword ptr [ebp-14h]

xor ecx, ebp

call 00007F5D3CA7EF05h

jmp 00007F5D3CA7F8CFh

push eax

push dword ptr fs:[00000000h]

lea eax, dword ptr [esp+0Ch]

sub esp, dword ptr [esp+0Ch]

push ebx

push esi

push edi

mov dword ptr [eax], ebp

mov ebp, eax

mov eax, dword ptr [004A2074h]

xor eax, ebp

push eax

push dword ptr [ebp-04h]

mov dword ptr [ebp-04h], FFFFFFFFh

lea eax, dword ptr [ebp-0Ch]

mov dword ptr fs:[00000000h], eax

ret

push eax




push ebx

push esi

push edi


mov ebp, eax


xor eax, ebp

push eax

mov dword ptr [ebp-10h], eax

push dword ptr [ebp-04h]

mov dword ptr [ebp-04h], FFFFFFFFh

lea eax, dword ptr [ebp-0Ch]

mov dword ptr fs:[00000000h], eax

ret

push eax




push ebx

push esi

push edi


mov ebp, eax


Instruction

Name Virtual Address Virtual Size Is in Section

IMAGE_DIRECTORY_ENTRY_EXPORT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_IMPORT 0xa06b0 0xf0 .rdata

Data Directories


IMAGE_DIRECTORY_ENTRY_RESOURCE 0xa7000 0x1e0 .rsrc

IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x0 0x0

IMAGE_DIRECTORY_ENTRY_SECURITY 0x0 0x0

IMAGE_DIRECTORY_ENTRY_BASERELOC 0xa8000 0x5ce4 .reloc

IMAGE_DIRECTORY_ENTRY_DEBUG 0x97910 0x38 .rdata

IMAGE_DIRECTORY_ENTRY_COPYRIGHT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x0 0x0

IMAGE_DIRECTORY_ENTRY_TLS 0x979e8 0x18 .rdata

IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0x97948 0x40 .rdata

IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_IAT 0x75000 0x31c .rdata

IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0x0 0x0

IMAGE_DIRECTORY_ENTRY_RESERVED 0x0 0x0

Name Virtual Address Virtual Size Is in Section

Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics

.text 0x1000 0x732a6 0x73400 False 0.489954751898 data 6.5332685459 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

.rdata 0x75000 0x2c8ca 0x2ca00 False 0.273076418067 data 3.64908904035 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

.data 0xa2000 0x4a68 0x3800 False 0.190708705357 data 4.84799484868 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

.rsrc 0xa7000 0x1e0 0x200 False 0.52734375 data 4.70823651487 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

.reloc 0xa8000 0x5ce4 0x5e00 False 0.692819148936 data 6.59037586019 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name RVA Size Type Language Country

RT_MANIFEST 0xa7060 0x17d XML 1.0 document text English United States

DLL Import

KERNEL32.dll Process32NextW, Process32FirstW, CreateProcessW, GetTickCount, CopyFileW, GetCurrentProcess, WriteConsoleW, CreateToolhelp32Snapshot, OpenProcess, WaitForSingleObject, TerminateProcess, FindClose, FindNextVolumeW, GetVolumePathNamesForVolumeNameW, FindVolumeClose, SetVolumeMountPointW, FindFirstVolumeW, QueryDosDeviceW, GetEnvironmentVariableW, GetLogicalDrives, GetProcessHeap, MoveFileExW, SetFilePointerEx, HeapAlloc, CloseHandle, GetLastError, SetFileAttributesW, GetFileAttributesW, CreateFileW, WriteFile, HeapSize, GetConsoleMode, GetConsoleCP, FlushFileBuffers, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, GetFileType, HeapReAlloc, GetTimeZoneInformation, EnumSystemLocalesW, GetUserDefaultLCID, HeapFree, GetFileSizeEx, IsValidLocale, GetTimeFormatW, GetDateFormatW, GetStdHandle, ReadFile, OpenMutexW, Sleep, CreateMutexW, GetModuleFileNameW, SetEnvironmentVariableW, EncodePointer, DecodePointer, RaiseException, GetCurrentThreadId, IsProcessorFeaturePresent, QueueUserWorkItem, GetModuleHandleExW, EnterCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, FormatMessageW, WideCharToMultiByte, QueryPerformanceCounter, MultiByteToWideChar, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, DuplicateHandle, WaitForSingleObjectEx, GetCurrentThread, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, SetEvent, ResetEvent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetStartupInfoW, GetCurrentProcessId, InitializeSListHead, LocalFree, CreateTimerQueue, SignalObjectAndWait, CreateThread, SetThreadPriority, GetThreadPriority, GetLogicalProcessorInformation, CreateTimerQueueTimer, ChangeTimerQueueTimer, DeleteTimerQueueTimer, GetNumaHighestNodeNumber, GetProcessAffinityMask, SetThreadAffinityMask, RegisterWaitForSingleObject, UnregisterWait, GetThreadTimes, FreeLibrary, FreeLibraryAndExitThread, GetModuleHandleA, LoadLibraryExW, GetVersionExW, VirtualAlloc, VirtualProtect, VirtualFree, ReleaseSemaphore, InterlockedPopEntrySList, InterlockedPushEntrySList, InterlockedFlushSList, QueryDepthSList, UnregisterWaitEx, LoadLibraryW, RtlUnwind, ExitProcess

ADVAPI32.dll CryptExportKey, RegCreateKeyW, RegOpenKeyExW, RegSetValueExW, RegCloseKey, CryptReleaseContext, CryptGenKey, CryptImportKey, OpenProcessToken, GetTokenInformation, CloseServiceHandle, OpenSCManagerW, DeleteService, ControlService, EnumDependentServicesW, OpenServiceW, QueryServiceStatusEx, CryptDestroyKey, CryptAcquireContextW, CryptEncrypt, CryptDuplicateKey, RegDeleteValueW

SHELL32.dll SHEmptyRecycleBinW

ole32.dll CLSIDFromString, IIDFromString, CoInitializeEx, CoGetObject, CoInitialize, CoUninitialize, CoCreateInstance, CoInitializeSecurity

OLEAUT32.dll SysAllocStringByteLen, VariantClear, SysAllocString, SysStringByteLen, VariantInit, SysFreeString

CRYPT32.dll CryptStringToBinaryA

MPR.dll WNetGetConnectionW

Sections

Resources

Imports


Snort IDS Alerts

Network Port Distribution

Total Packets: 63

• 53 (DNS)

• 443 (HTTPS)

NETAPI32.dll NetApiBufferFree, NetShareEnum

IPHLPAPI.DLL IcmpSendEcho, IcmpCloseHandle, GetAdaptersInfo, IcmpCreateFile

WS2_32.dll inet_addr

RstrtMgr.DLL RmShutdown, RmRegisterResources, RmStartSession, RmGetList, RmEndSession

DLL Import

Language of compilation system Country where language is spoken Map

English United States

Network Behavior

Timestamp Protocol SID MessageSourcePort

DestPort Source IP Dest IP

03/29/21-12:58:22.052540

ICMP 384 ICMP PING 192.168.2.4 192.168.2.1

03/29/21-12:58:22.052593

ICMP 408 ICMP Echo Reply 192.168.2.1 192.168.2.4

Timestamp Source Port Dest Port Source IP Dest IP

Mar 29, 2021 12:57:55.309469938 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.309607983 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.309686899 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.309747934 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.309801102 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.309819937 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.309910059 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.309945107 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.309997082 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.343426943 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.343529940 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.343933105 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.343945980 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.345096111 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.345169067 CEST 443 49696 204.79.197.200 192.168.2.4

Possible Origin

TCP Packets


Mar 29, 2021 12:57:55.345205069 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.345256090 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.345314980 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.345324039 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.345484972 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.426712036 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.459311962 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.739300966 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.774192095 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.774274111 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.774293900 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.806756973 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.806778908 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.806858063 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.806898117 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.839852095 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.839874983 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.839885950 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.839895010 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.839936972 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.839983940 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.839992046 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.840090990 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.872442961 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.872462034 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.872469902 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.872514009 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.872548103 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.872548103 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.872565031 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.872575998 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.872580051 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.872591019 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.872594118 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.872611046 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.872637987 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.872661114 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.872692108 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.872710943 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.872755051 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:55.905010939 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905033112 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905041933 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905072927 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905090094 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905680895 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905697107 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905704975 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905760050 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905772924 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905785084 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905797005 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.905946970 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:55.906027079 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:57:56.035249949 CEST 443 49696 204.79.197.200 192.168.2.4

Mar 29, 2021 12:57:56.035351992 CEST 49696 443 192.168.2.4 204.79.197.200

Mar 29, 2021 12:58:00.740068913 CEST 49703 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.740119934 CEST 49703 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.743859053 CEST 49730 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.798165083 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.798213005 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.802128077 CEST 443 49730 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.805111885 CEST 49730 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.805830002 CEST 49730 443 192.168.2.4 20.190.159.138



Mar 29, 2021 12:58:00.826030970 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.865727901 CEST 443 49730 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.865762949 CEST 443 49730 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.865781069 CEST 443 49730 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.865797043 CEST 443 49730 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.865814924 CEST 443 49730 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.866590023 CEST 49730 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.870213985 CEST 49730 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.931494951 CEST 443 49730 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.933757067 CEST 49730 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.933816910 CEST 49730 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.939774990 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.939821959 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.939862013 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.939901114 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.939937115 CEST 49703 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.939956903 CEST 49703 443 192.168.2.4 20.190.159.138

Mar 29, 2021 12:58:00.940004110 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.940043926 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.940090895 CEST 443 49703 20.190.159.138 192.168.2.4

Mar 29, 2021 12:58:00.940133095 CEST 443 49703 20.190.159.138 192.168.2.4



Mar 29, 2021 12:57:51.454853058 CEST 58028 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:57:51.500935078 CEST 53 58028 8.8.8.8 192.168.2.4

Mar 29, 2021 12:57:52.236511946 CEST 53097 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:57:52.285331964 CEST 53 53097 8.8.8.8 192.168.2.4

Mar 29, 2021 12:57:53.445045948 CEST 49257 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:57:53.492408037 CEST 53 49257 8.8.8.8 192.168.2.4

Mar 29, 2021 12:57:54.224644899 CEST 62389 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:57:54.272645950 CEST 53 62389 8.8.8.8 192.168.2.4

Mar 29, 2021 12:57:56.225780010 CEST 49910 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:57:56.271730900 CEST 53 49910 8.8.8.8 192.168.2.4

Mar 29, 2021 12:57:57.091075897 CEST 55854 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:57:57.138401985 CEST 53 55854 8.8.8.8 192.168.2.4

Mar 29, 2021 12:57:58.006848097 CEST 64549 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:57:58.055368900 CEST 53 64549 8.8.8.8 192.168.2.4

Mar 29, 2021 12:57:59.618787050 CEST 63153 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:57:59.664694071 CEST 53 63153 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:00.559587955 CEST 52991 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:00.608412981 CEST 53 52991 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:01.444581985 CEST 53700 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:01.493607044 CEST 53 53700 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:07.113459110 CEST 51726 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:07.160988092 CEST 53 51726 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:08.343502998 CEST 56794 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:08.400475025 CEST 53 56794 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:09.171381950 CEST 56534 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:09.220191002 CEST 53 56534 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:10.032677889 CEST 56627 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:10.078866005 CEST 53 56627 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:12.922483921 CEST 56621 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:12.972770929 CEST 53 56621 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:16.553980112 CEST 63116 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:16.599953890 CEST 53 63116 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:17.770174980 CEST 64078 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:17.818646908 CEST 53 64078 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:18.582171917 CEST 64801 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:18.628155947 CEST 53 64801 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:19.453201056 CEST 61721 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:19.499044895 CEST 53 61721 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:38.115051985 CEST 51255 53 192.168.2.4 8.8.8.8

UDP Packets


Code Manipulations

Statistics

Behavior

• f6ifQ0POml.exe

• svhost.exe

• vssadmin.exe

• conhost.exe

• WMIC.exe

• conhost.exe

• vssadmin.exe

• conhost.exe

• WMIC.exe

• conhost.exe

• vssadmin.exe

• conhost.exe

• WMIC.exe

• conhost.exe

• svhost.exe

• svhost.exe

Click to jump to process

System Behavior

Mar 29, 2021 12:58:38.160825968 CEST 53 51255 8.8.8.8 192.168.2.4

Mar 29, 2021 12:58:41.240981102 CEST 61522 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:58:41.296818972 CEST 53 61522 8.8.8.8 192.168.2.4

Mar 29, 2021 12:59:14.365235090 CEST 52337 53 192.168.2.4 8.8.8.8

Mar 29, 2021 12:59:14.411279917 CEST 53 52337 8.8.8.8 192.168.2.4


Timestamp Source IP Dest IP Checksum Code Type

Mar 29, 2021 12:58:22.052540064 CEST 192.168.2.4 192.168.2.1 f7fc Echo

Mar 29, 2021 12:58:22.052592993 CEST 192.168.2.1 192.168.2.4 fffc Echo Reply


Start date: 29/03/2021

Path: C:\Users\user\Desktop\f6ifQ0POml.exe

Wow64 process (32bit): true

Commandline: 'C:\Users\user\Desktop\f6ifQ0POml.exe'

Imagebase: 0xef0000

File size: 694784 bytes

MD5 hash: 82143033173CBEEE7F559002FB8AB8C5

Has elevated privileges: true

Has administrator privileges: true

Programmed in: C, C++ or other language

ICMP Packets

Analysis Process: f6ifQ0POml.exe PID: 6836 Parent PID: 6128Analysis Process: f6ifQ0POml.exe PID: 6836 Parent PID: 6128

General


File ActivitiesFile Activities

Yara matches: Rule: JoeSecurity_MedusaLocker, Description: Yara detected MedusaLocker Ransomware, Source: 00000000.00000003.638943647.000000000071B000.00000004.00000001.sdmp, Author: Joe SecurityRule: JoeSecurity_MedusaLocker, Description: Yara detected MedusaLocker Ransomware, Source: 00000000.00000000.638560363.0000000000F65000.00000002.00020000.sdmp, Author: Joe Security

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

C:\Users\user\AppData\Roaming\svhost.exe read data or list directory | read attributes | delete | write dac | synchronize | generic read | generic write

device sequential only | non directory file

success or wait 1 F1107F CopyFileW

C:\Users\user\AppData\Roaming\svhost.exe\:Zone.Identifier:$DATA read data or list directory | synchronize | generic write

device sequential only | synchronous io non alert


Z:\Recovery\WindowsRE\Recovery_Instructions.html read attributes | synchronize | generic write

device synchronous io non alert | non directory file

success or wait 2 F0DE41 CreateFileW

Y:\EFI\Microsoft\Boot\bg-BG\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\cs-CZ\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\da-DK\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\de-DE\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\el-GR\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\en-GB\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\en-US\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\es-ES\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\es-MX\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\et-EE\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\fi-FI\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\fr-CA\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\fr-FR\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\hr-HR\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\hu-HU\Recovery_Instructions.html read attributes | synchronize | generic write



File CreatedFile Created


C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\Recovery_Instructions.html

read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\it-IT\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\ja-JP\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\ko-KR\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\lt-LT\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\lv-LV\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\nb-NO\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\nl-NL\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\pl-PL\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\pt-BR\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\pt-PT\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\qps-ploc\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\ro-RO\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\ru-RU\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\sk-SK\Recovery_Instructions.html read attributes | synchronize | generic write



Y:\EFI\Microsoft\Boot\sl-SI\Recovery_Instructions.html read attributes | synchronize | generic write



C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Recovery_Instructions.html




C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\Recovery_Instructions.html




Y:\EFI\Microsoft\Boot\sr-Latn-RS\Recovery_Instructions.html read attributes | synchronize | generic write



C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Recovery_Instructions.html




Y:\EFI\Microsoft\Boot\sv-SE\Recovery_Instructions.html read attributes | synchronize | generic write




Old File Path New File Path Completion CountSourceAddress Symbol

C:\Recovery\WindowsRE\boot.sdi Z:\Recovery\WindowsRE\boot.sdi.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\Recovery\WindowsRE\ReAgent.xml Z:\Recovery\WindowsRE\ReAgent.xml.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

File MovedFile Moved


C:\EFI\Microsoft\Boot\boot.stl Y:\EFI\Microsoft\Boot\boot.stl.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\MF\Active.GRL C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.nett

success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\MF\Pending.GRL C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.nett


C:\EFI\Microsoft\Boot\bootmgfw.efi Y:\EFI\Microsoft\Boot\bootmgfw.efi.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\bootmgr.efi Y:\EFI\Microsoft\Boot\bootmgr.efi.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui Y:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\Recovery\WindowsRE\Winre.wim Z:\Recovery\WindowsRE\Winre.wim.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui Y:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui Y:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui Y:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft Help\nslist.hxl C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\nslist.hxl.nett


C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\en-US\memtest.efi.mui Y:\EFI\Microsoft\Boot\en-US\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\es-ES\memtest.efi.mui Y:\EFI\Microsoft\Boot\es-ES\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui Y:\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui Y:\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.nett


C:\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui Y:\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\Network\Downloader\edb.chk C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.nett


C:\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui Y:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW



C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs.nett


C:\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs.nett


C:\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui Y:\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.db.nett


C:\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.jfm.nett


C:\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui Y:\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edb.chk.nett


C:\EFI\Microsoft\Boot\memtest.efi Y:\EFI\Microsoft\Boot\memtest.efi.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00001.jrs

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edbres00001.jrs.nett


C:\EFI\Microsoft\Boot\nb-NO\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\nb-NO\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW


C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edbres00002.jrs.nett


C:\EFI\Microsoft\Boot\nb-NO\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\nb-NO\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\nb-NO\memtest.efi.mui Y:\EFI\Microsoft\Boot\nb-NO\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\nl-NL\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\nl-NL\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\nl-NL\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\nl-NL\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui Y:\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\pl-PL\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\pl-PL\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\pl-PL\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\pl-PL\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\pl-PL\memtest.efi.mui Y:\EFI\Microsoft\Boot\pl-PL\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\pt-BR\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\pt-BR\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\pt-BR\memtest.efi.mui Y:\EFI\Microsoft\Boot\pt-BR\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\User Account Pictures\defaultuser0.dat

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\defaultuser0.dat.nett


C:\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\User Account Pictures\guest.bmp C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.nett


C:\EFI\Microsoft\Boot\pt-PT\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\pt-PT\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW



C:\ProgramData\Microsoft\User Account Pictures\guest.png C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.nett


C:\EFI\Microsoft\Boot\pt-PT\memtest.efi.mui Y:\EFI\Microsoft\Boot\pt-PT\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\User Account Pictures\user.dat C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.dat.nett


C:\EFI\Microsoft\Boot\qps-ploc\memtest.efi.mui Y:\EFI\Microsoft\Boot\qps-ploc\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\User Account Pictures\pratesh.dat C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\pratesh.dat.nett


C:\EFI\Microsoft\Boot\ro-RO\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\ro-RO\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\User Account Pictures\user-192.png C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.nett


C:\EFI\Microsoft\Boot\ro-RO\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\ro-RO\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW



C:\EFI\Microsoft\Boot\ru-RU\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\ru-RU\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW



C:\EFI\Microsoft\Boot\ru-RU\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\ru-RU\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW



C:\EFI\Microsoft\Boot\ru-RU\memtest.efi.mui Y:\EFI\Microsoft\Boot\ru-RU\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\User Account Pictures\user.bmp C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.nett


C:\EFI\Microsoft\Boot\sk-SK\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\sk-SK\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\User Account Pictures\user.png C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.nett


C:\EFI\Microsoft\Boot\sk-SK\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\sk-SK\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\sl-SI\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\sl-SI\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppxProvisioning.xml.nett


C:\EFI\Microsoft\Boot\sl-SI\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\sl-SI\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\cversions.2.db.nett


C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\tokens.dat.nett


C:\EFI\Microsoft\Boot\sv-SE\bootmgfw.efi.mui Y:\EFI\Microsoft\Boot\sv-SE\bootmgfw.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\sv-SE\bootmgr.efi.mui Y:\EFI\Microsoft\Boot\sv-SE\bootmgr.efi.mui.nett success or wait 1 F0631C MoveFileExW

C:\EFI\Microsoft\Boot\sv-SE\memtest.efi.mui Y:\EFI\Microsoft\Boot\sv-SE\memtest.efi.mui.nett success or wait 1 F0631C MoveFileExW



File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

C:\Users\user\AppData\Roaming\svhost.exe 0 262144 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 87 20 e7 c9 c3 41 89 9a c3 41 89 9a c3 41 89 9a ac 25 8a 9b d2 41 89 9a ac 25 8c 9b 69 41 89 9a ac 25 8d 9b d4 41 89 9a ac 25 8f 9b c2 41 89 9a 91 29 8a 9b db 41 89 9a 91 29 8c 9b 42 41 89 9a 91 29 8d 9b e7 41 89 9a ac 25 88 9b d4 41 89 9a c3 41 88 9a 19 41 89 9a 59 28 80 9b cd 41 89 9a 59 28 76 9a c2 41 89 9a 59 28 8b 9b c2 41 89 9a 52 69 63 68 c3 41 89 9a 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A...%...A...%..iA...%...A...%...A...)...A...)..BA...)...A...%...A...A...A..Y(...A..Y(v..A..Y(...A..Rich.A.........


C:\Users\user\AppData\Roaming\svhost.exe:Zone.Identifier 0 26 5b 5a 6f 6e 65 54 72 61 6e 73 66 65 72 5d 0d 0a 0d 0a 5a 6f 6e 65 49 64 3d 30

[ZoneTransfer]....ZoneId=0 success or wait 1 F1107F CopyFileW

C:\Recovery\WindowsRE\boot.sdi unknown 8192 bb e1 a5 fc db c7 f1 e4 a8 99 ce 4a 3a 94 e3 42 64 7e a2 05 f8 91 55 c0 75 4a 55 c3 ce ac d5 68 c2 f4 ad 45 43 05 db f3 85 8c 53 50 fe 44 ed 32 ea a1 f3 9e ca 23 26 08 cb ed c2 00 42 34 c0 31 5b ec 9f 69 4a 2f dd 23 e3 0a 1b 64 83 ee e2 f3 4e c5 bf 3d ad ef aa 3e 23 71 4a c8 26 a4 e0 b6 73 61 2f c4 00 a0 96 d1 37 c8 56 24 c0 7f d0 1c b8 f6 53 16 d2 ec 8c da 92 01 25 da e9 87 08 68 84 46 6d 8c dd bf 1f 89 a2 08 d0 64 1e 3d 9e 6a 04 16 d8 66 89 77 8c 2a ae 53 c0 c7 a6 0d e5 9c 32 9c 9e 48 ff 3c ef ef 25 6b d5 2c 1e 11 78 45 f0 5e e2 fe 39 68 57 72 ef d2 97 12 bb 1f d1 07 8f 2d 2a cb 4d bf 8c d8 9a 95 93 31 76 03 ec e6 a4 df e3 0b fc b7 11 58 ae 1e 01 6d 4b cf 81 67 b4 c4 45 87 70 9f cb 88 08 01 c8 10 96 b4 c4 24 09 2b 96 54 41 0a 7f ef b9 97 09 de 18 4f 72

...........J:..Bd~....U.uJU...

.h...EC.....SP.D.2.....#&.....B4.1[..iJ/.#...d....N..=...>#qJ.&...sa/.....7.V$......S.......%....h.Fm........d.=.j...f.w.*.S......2..H.<..%k.,..xE.^..9hWr.........-*.M......1v..........X...mK..g..E.p..........$.+.TA........Or

success or wait 387 F06614 WriteFile

File WrittenFile Written


C:\Recovery\WindowsRE\boot.sdi unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8

m.'.....~#......e.._.t.dr.....[.4.C....i^.Y..../..Wo..N..P}[email protected]..'v....n........)m.=~...=.h#dE....%...q.D...w.....Xy..Âe<?.kIU..'4..?.&.W0....Jr...1P...v9.z./..../.1I..............{OK...."-...;4D$...'D.`......}u.w.h.....k.E....E.#.J..8....W2.#....

success or wait 1 F066DC WriteFile

C:\Recovery\WindowsRE\boot.sdi unknown 24 00 60 30 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.`0.........,........... success or wait 1 F0677E WriteFile

C:\Recovery\WindowsRE\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78

<html>. <style type="text/css">.. body {. background-color: #f5f5f5;. }..h1, h3{. text-align: center;. text-transform: uppercase;. font-weight: normal;.}.../*---*/..tabs1{. display: block;. margin: auto;.}..tabs1 .head{. tex

success or wait 3 F0DE85 WriteFile



C:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 a7 a9 86 fc d7 5d c7 28 37 c8 6e ce 42 b0 21 f0 44 44 2c d2 d5 20 5e 0e 66 50 8e f1 cb 28

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%D.....].(7.n.B.!.DD,.. ^.fP...(


C:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui unknown 24 a0 2f 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

./..........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\bg-BG\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\Recovery\WindowsRE\ReAgent.xml unknown 8192 bc d4 61 b7 ed be 66 37 27 87 98 8e ed 87 ae 36 fc 75 01 7c cf 92 37 4a 16 e8 d8 38 3e 7b ac 78 58 79 6e bd c7 65 77 b1 a1 6f df 59 79 b4 68 f4 18 65 f5 64 a9 c6 5a 37 81 3b f9 79 1d 7c 05 c0 a8 08 b6 1c 0e b0 24 d6 d7 de 18 b8 6c 8a 8a e6 9e 5b fe c7 a8 4c 52 29 17 3e 62 d7 d8 a7 cb 45 01 76 82 dc df 5c 7e 27 cb 4d 7e 18 b5 95 e6 b1 a9 bc d7 69 62 ee 22 fc 44 10 cd 16 23 c8 a8 e1 5a f0 73 3d 95 c3 94 c0 d4 92 e9 ac 88 1f a9 37 1d 8f 2a 01 f7 8a 19 3f cd e8 3c 66 07 26 d6 f8 6d 8b 77 18 bd 1b 1a da fa 2e 9f f3 50 be 36 91 d0 39 9e d1 5c 08 e5 c7 fd ff 3d 76 6c 8d 8a ef ff e7 e4 67 22 2d 01 c6 2b 6a ce f6 b7 30 c2 fa 35 e3 59 0c 81 2b 1e 3e 1a e5 6d d7 94 b7 a0 c7 5a 9f 43 20 3c d5 b6 33 ea da 36 fb a0 1d 46 63 f0 57 19 23 53 fa e7 7f 8a 68 4b 59 50 a1 0f

..a...f7'......6.u.|..7J...8>{

.xXyn..ew..o.Yy.h..e.d..Z7.;

.y.|........$.....l....[...LR).>b....E.v...\~'.M~........ib.".D...#...Z.s=...........7..*....?..<f.&..m.w.........P.6..9..\.....=vl......g"-..+j...0..5.Y..+.>..m.....Z.C <..3..6...Fc.W.#S....hKYP..




C:\Recovery\WindowsRE\ReAgent.xml unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\Recovery\WindowsRE\ReAgent.xml unknown 24 51 04 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

Q...........,........... success or wait 1 F0677E WriteFile

C:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 a7 a9 86 fc d7 5d c7 28 37 c8 6e ce 42 b0 21 f0 44 44 2c d2 d5 20 5e 0e 66 50 8e f1 cb 28





C:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui unknown 24 98 2f 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\Recovery\WindowsRE\Winre.wim unknown 8192 aa a5 89 93 df 6f 69 9e 0a 2e 4d ed 88 cc 88 be 5e 8a 7a 17 f7 b9 6b 01 c9 66 50 90 61 da 48 1f e4 cc 41 a6 34 5f a3 78 53 86 89 bd 6f 5b b8 17 cf 9c af c6 d9 6f 97 5e 5b cf d2 2d 84 d6 88 b5 58 44 dd 93 06 da 73 b9 76 6b fc 21 0b 41 47 e0 57 a4 88 8c af e2 74 c7 a3 22 ad 6e 24 80 a4 12 29 73 41 49 5c 0d 33 27 68 17 9f 0c a3 f0 20 a1 44 e3 28 c4 68 b2 36 18 17 23 84 dc 42 5b 62 56 ca 65 bd b3 34 ee 4f 0c 19 0b b4 2a ac 70 5b 8c ba 75 94 b0 1a f8 04 cb c6 df 62 97 4a d0 12 78 40 5b 3e 22 ce e6 6e 50 f0 c8 24 c6 7f de 8e 14 1e 62 73 db 44 be ff aa 02 43 35 ce 72 1c c8 43 47 c4 71 00 e2 01 00 eb 9f 19 f0 6b f6 34 91 14 76 a4 68 96 c7 4d 48 ff d9 d3 79 b9 c1 f8 9c 2e 9f 45 8a 14 67 8e 5a 88 c8 71 94 f3 42 77 44 9c 65 88 8b 52 a9 98 22 77 ef 90 22 42 27 d9 55

.....oi...M.....^.z...k..fP.a.H...A.4_.xS...o[.......o.^[..-....XD....s.vk.!.AG.W.....t..".n$...)sAI\.3'h..... .D.(.h.6..#..B[bV.e..4.O....*.p[..u........b.J..x@[>"..nP..$......bs.D....C5.r..CG.q........k.4..v.h..MH...y......E..g.Z..q..BwD.e..R.."w.."B'.U




C:\ProgramData\Microsoft\MF\Active.GRL unknown 8192 f4 5c d1 c9 4c 8c d7 8a 5e 73 2e 50 e5 ef c9 b6 e8 67 3d 2c a3 67 08 cb 23 c1 ce ab 78 f1 94 29 ee 90 fa 9b 7e ea b5 cd c6 ba 87 70 72 b4 08 a6 a9 89 3b 75 af be 43 55 50 81 4f 44 ab 6c 77 24 85 c2 a2 0d 4d 4b 5b 2f 63 96 de 98 c4 18 1b 9a af 53 3f f0 4e d6 c4 ef 3c be 47 7c 44 56 82 cf 97 4a 79 81 d1 81 3a d2 f2 e0 8e 35 a5 c0 20 07 c0 73 84 22 e2 cc 17 ee 57 40 41 4c 5c 84 21 4d b8 41 6b 09 9c ee 54 43 4f 3a 05 c2 ee 10 ef 61 aa b1 ad 98 7a 7f 13 eb b9 04 f4 07 dc d2 b4 82 d8 f5 64 b9 15 42 f3 f0 fc 9a d3 2e f9 3d a5 26 35 cc 51 ab b7 a0 82 29 ac 47 76 5e 34 85 f7 61 65 0d 39 b4 bc 8a 2a 4d 9e 56 0c 88 53 6e 3f d3 4d 1c 85 8f 10 c5 6e fa dd 0c 5e b4 a1 26 3e ea 94 ac e3 64 d4 6e 1b c0 e9 74 c9 11 ed 41 de d2 fb 73 b8 64 b2 74 b3 44 79 20 ec b1 39 fd 52

.\..L...^s.P.....g=,.g..#...x.

.)....~......pr.....;u..CUP.OD

.lw$....MK[/c........S?.N...<.G|DV...Jy...:....5.. ..s."....W@AL\.!M.Ak...TCO:.....a....z.............d..B.......=.&5.Q....).Gv^4..ae.9...*M.V..Sn?.M.....n...^..&>....d.n...t...A...s.d.t.Dy ..9.R


C:\ProgramData\Microsoft\MF\Active.GRL unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\MF\Active.GRL unknown 24 7c 3a 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

|:..........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\boot.stl unknown 8192 ef 68 b9 2b 19 75 ef 60 fc 66 81 e3 69 9b 2b 63 05 2f d3 7c 0a 45 3c b0 17 5f c9 22 f8 3b c3 02 ae 3d 41 07 35 71 35 5c 15 3c a0 16 ae 19 cf b2 c5 b5 6d d0 be 14 0f 2d bf 1d 41 a7 85 33 60 c7 68 4a a5 f7 c9 a1 ed 26 0f 61 ac 61 40 5c 0d 29 b5 df cc cd 1c b1 80 6b de 2c 13 b9 9c f8 4c 21 cf f7 dc 74 f3 61 22 4e ba 02 58 dd f1 dc a0 a2 f6 27 14 7a bd 41 27 7a c6 de b2 fd 6c 06 93 55 72 8e d1 3e 12 94 24 85 b6 e5 27 93 83 ce 66 49 cd d0 7e ef 9c 48 63 7b 7d 02 5f 9c f0 85 38 08 4e ea 1b f8 05 2a 13 6c f9 0c 9d 93 5a 9e a5 d8 19 57 83 95 9d 73 06 6d 84 97 18 56 e9 03 82 2a f2 27 e6 da 5e dd 07 e5 62 72 f7 72 bb 20 2e 22 42 29 2a fc 50 83 33 2e 68 b0 b2 a5 23 f5 b6 ae 18 7d d4 16 13 24 3b 79 25 b3 39 10 ba c7 46 28 69 32 ae 6e 64 6e 46 5a 66 1c 47 15 68 3d be

.h.+.u.`.f..i.+c./.|.E<.._.".;

...=A.5q5\.<........m....-..A.

.3`.hJ.....&.a.a@\.).......k.,

....L!...t.a"N..X......'.z.A'z

....l..Ur..>..$...'...fI..~..Hc{}._...8.N....*.l....Z....W...s.m...V...*.'..^...br.r. ."B)*.P.3.h...#....}...$;y%.9...F(i2.ndnFZf.G.h=.


C:\EFI\Microsoft\Boot\boot.stl unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\boot.stl unknown 24 9f 13 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

............,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\EFI\Microsoft\Boot\bootmgfw.efi unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 0c e0 66 4c a0 e1 b0 73 05 77 b2 15 30 6d f2 d7 9a 4c c7 50 1e 47 5d 8f 5e 25 55 fe 7c 51 e5 83 7c 41 95 e2 21 31 44 2b 9b b2 4e 72 a2 86 09 c9 6e 39 e0 3d da 42 91 c1 ad e9 ed 96 2f 4b 04 30 14 96 63 fb a0 0b 64 e8 8a ef 01 96 6e db 0e aa 02 42 bc 14 56 be b8 9c 6c e3 24 e1 ee eb c8 59 39 b6 7d 0b 0b 89 ef 9f c7 56 a2 28 d3 87 4d b2 55 30 a6 8e 06 53 1e 60 ac ef f6 c2 a2 c1 bd 55 79 6a f3 17 d6 29 5b 40 00 3a 56 06 db 14 d0 db 94 bc a7 c2 8e a8 7d a7 58 11 be ea d5 5b de 82 86 3c f5 3d 7f 87 ef ce e0 e8 41 1c a2 37 6d 64 00 11 9d bf b8 58 92 20 c5 f6 48 3b fe ac e5 a3 53 07 a0 ab e6 fd 7d 76 5b 40 c7 ff c4 64 84

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]].^%U.|Q..|A..!1D+..Nr....n9.=.B....../K.0..c...d.....n....B..V...l.$....Y9.}......V.(..M.U0...S.`.......Uyj...)[@.:V...........}.X....[...<.=......A..7md.....X. ..H;....S.....}v[@...d.




C:\ProgramData\Microsoft\MF\Pending.GRL unknown 8192 f4 5c d1 c9 4c 8c d7 8a 5e 73 2e 50 e5 ef c9 b6 e8 67 3d 2c a3 67 08 cb 23 c1 ce ab 78 f1 94 29 ee 90 fa 9b 7e ea b5 cd c6 ba 87 70 72 b4 08 a6 a9 89 3b 75 af be 43 55 50 81 4f 44 ab 6c 77 24 85 c2 a2 0d 4d 4b 5b 2f 63 96 de 98 c4 18 1b 9a af 53 3f f0 4e d6 c4 ef 3c be 47 7c 44 56 82 cf 97 4a 79 81 d1 81 3a d2 f2 e0 8e 35 a5 c0 20 07 c0 73 84 22 e2 cc 17 ee 57 40 41 4c 5c 84 21 4d b8 41 6b 09 9c ee 54 43 4f 3a 05 c2 ee 10 ef 61 aa b1 ad 98 7a 7f 13 eb b9 04 f4 07 dc d2 b4 82 d8 f5 64 b9 15 42 f3 f0 fc 9a d3 2e f9 3d a5 26 35 cc 51 ab b7 a0 82 29 ac 47 76 5e 34 85 f7 61 65 0d 39 b4 bc 8a 2a 4d 9e 56 0c 88 53 6e 3f d3 4d 1c 85 8f 10 c5 6e fa dd 0c 5e b4 a1 26 3e ea 94 ac e3 64 d4 6e 1b c0 e9 74 c9 11 ed 41 de d2 fb 73 b8 64 b2 74 b3 44 79 20 ec b1 39 fd 52

.\..L...^s.P.....g=,.g..#...x.

.)....~......pr.....;u..CUP.OD

.lw$....MK[/c........S?.N...<.G|DV...Jy...:....5.. ..s."....W@AL\.!M.Ak...TCO:.....a....z.............d..B.......=.&5.Q....).Gv^4..ae.9...*M.V..Sn?.M.....n...^..&>....d.n...t...A...s.d.t.Dy ..9.R


C:\ProgramData\Microsoft\MF\Pending.GRL unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\MF\Pending.GRL unknown 24 7c 3a 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

|:..........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\bootmgfw.efi unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\bootmgfw.efi unknown 24 a0 6f 13 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.o..........,........... success or wait 1 F0677E WriteFile

C:\ProgramData\Microsoft\Network\Downloader\edb.chk unknown 8192 c0 bf d2 d2 86 90 d0 10 57 75 f4 56 6b 44 d2 e1 09 cb 07 63 1a b1 56 98 15 c6 14 66 81 b5 c5 33 93 ea 62 e0 88 b4 eb 78 22 af e3 b0 40 83 77 ec e7 7c 94 e0 9f 61 6b 80 b7 95 27 91 7d af 89 71 71 29 73 2a 42 bf 1e bb 2f 7b c8 8f b4 76 b5 2b c0 57 f3 47 37 3b 01 7d f3 72 0e ac 6b 48 36 38 39 92 b0 fe be 8d 7e e6 1c 3a 12 be 54 04 63 4e f6 7e b9 8f 62 d5 d9 b9 f9 a5 ad 25 1e 86 02 76 a2 d1 f4 5d 80 a2 33 7f 6d 9e a8 a3 6a c2 9b 23 e9 fa df d9 5b 4b de 27 14 61 62 99 3f 1e 27 36 bb 2b 1b d8 6c ca 75 3e 07 3e d1 36 4a 61 6f c9 25 6c cc ad 92 3d cc 06 66 a4 88 fd fd 11 7f e4 f1 77 be cc e1 08 4f 2d 22 01 1b ed e1 07 e6 15 5e a3 bb da d4 ce 65 78 71 46 36 7f 84 eb 2a d1 26 ec 86 3b 7d 4f f9 2b 5b 90 c6 a5 a9 92 1b 5d c3 b4 01 91 0f 82 fa 01 aa 8e 96 7e 6b 9e ba

........Wu.VkD.....c..V....f..

.3..b....x"[email protected]..|...ak...'.}..qq)s*B.../{...v.+.W.G7;.}.r..kH689.....~..:..T.cN.~..b......%...v...]..3.m...j..#....[K.'.ab.?.'6.+..l.u>.>.6Jao.%l...=..f........w....O-".......^.....exqF6...*.&..;}O.+[......]...........~k..




C:\ProgramData\Microsoft\Network\Downloader\edb.chk unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\Network\Downloader\edb.chk unknown 24 00 20 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

. ..........,........... success or wait 2 F0677E WriteFile

C:\EFI\Microsoft\Boot\bootmgr.efi unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 17 da 56 d2 53 bc 9e 1d 9d 68 31 11 1a 96 ad 64 69 de 77 98 4d 24 6c f0 e1 c8 a4 3d a3 31 49 f7 ef 24 c1 29 da 5a fb 1f 84 1d b8 46 52 d0 d9 50 ac 0e d1 1d f4 e2 aa 6f 56 29 d1 03 5f 9a 06 e7 e7 28 f7 f9 df 9c 1f 8c 79 1c 94 b4 45 e1 34 34 4c e4 08 c8 28 63 ca 5e 36 23 b1 8a 25 17 87 34 d4 25 68 16 66 aa 47 80 5d fd 4c 77 16 25 e9 ab 64 a5 33 1d d7 e8 62 8a fc 75 e0 9d 10 a5 eb 3e 73 92 a3 6a b4 0e 74 68 2a 09 7b cf 5e 2d c9 2e 14 41 fd 43 86 10 5f 30 08 d6 9d f0 8e cf 16 90 3a 81 14 70 b0 49 16 0d 0d b8 ec 17 c8 cf 7d b7 8f b7 cc 48 5f 16 d9 6d df b6 33 9f db 34 1b 8f 34 71 8d 21 7e 87 b6 41 a9 a1 c8 23 40 13 1d

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$l....=.1I..$.).Z.....FR..P.......oV).._....(......y...E.44L...(c.^6#..%..4.%h.f.G.].Lw.%..d.3...b..u.....>s..j..th*.{.^-...A.C.._0........:..p.I........}....H_..m..3..4..4q.!~..A...#@..




C:\ProgramData\Microsoft\Network\Downloader\qmgr.db unknown 8192 d5 26 f2 ed 2e 57 58 d6 27 c7 f5 e4 6f f9 53 80 9c 24 26 c3 6e 90 a2 1f 2b 30 84 4e 30 22 60 18 97 11 43 c5 88 8f 7d 8b 2b 6a 55 9c f9 7f 93 6d e8 96 8d 49 8f 40 a7 2e c2 d9 fc d0 89 d5 fb 01 06 8d a0 16 b3 d5 27 77 2c 94 33 cc 7d 56 b4 8f 66 fb 5d d5 15 74 23 9b 1c 60 11 99 33 c3 17 59 d8 b3 27 99 30 63 80 53 1a d9 fc 9e 63 da 3d b9 e9 76 63 0b cf 13 3e 10 38 bb b5 87 fc a3 40 aa 73 bb 14 23 38 83 a8 0f 54 98 1e fb 85 f7 d7 92 1b 77 4d 74 bf 99 e0 44 11 8d 6b 7e d4 ba ab 3d e4 e3 bd 7b 0c 8b 7c 54 79 80 ba 15 65 dc e2 a6 13 aa ec 4c 6d 28 1a 18 4a 42 73 0b ea ec 10 5a 4e 94 9c 34 f8 f6 5d 21 98 09 8e a7 95 14 e5 74 b7 40 90 73 c5 35 18 b8 97 8a 9d 73 7f 39 9b 29 69 27 1d a3 4c 0e 32 47 f1 68 53 fa cc 61 64 3d 2d c5 a9 7c 47 8f 81 48 24 17 30 97 a4 fe dc

.&...WX.'...o.S..$&.n...+0.N0"`...C...}.+jU....m...I.@................'w,.3.}V..f.]..t#..`..3..Y..'.0c.S....c.=..vc...>[email protected]..#8...T........wMt...D..k~...=...{..|Ty...e......Lm(..JBs....ZN..4..][email protected].)i'..L.2G.hS..ad=-..|G..H$.0....


C:\EFI\Microsoft\Boot\bootmgr.efi unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\bootmgr.efi unknown 24 a0 2f 13 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\Network\Downloader\qmgr.db unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\Network\Downloader\qmgr.db unknown 24 00 00 0c 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%t....n........l......E..r/,,$u.




C:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.-..........,........... success or wait 1 F0677E WriteFile

C:\EFI\Microsoft\Boot\cs-CZ\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5



C:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 a2 a5 0d b6 5e aa 53 93 91 5d 91 bf 2d 05 3e 6d c6 39 ad 15 bb c6 8b d3 ce 02 cd e5 01 f0 41

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%....^.S..]..-.>m.9............A


C:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui unknown 24 a0 b1 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat unknown 8192 e1 0e 5b 8a 06 94 9d e4 54 a4 e8 fa 5e 74 82 d6 a4 8d 64 f1 23 77 1b 0c 34 dd 94 83 5d f3 12 56 06 11 53 f2 36 35 83 ed 9b 21 cc 8c 00 08 fc bd c5 ac 0e 5c 77 f0 16 53 cf fe 6f ea 87 68 be 02 be 8c 4a 5b 58 d8 70 ad 5c ff e3 ab 3c 91 44 1e 6d 27 2d 34 42 dd d3 99 61 30 21 89 db 47 bd 7b 6c b4 0f 82 b9 95 25 40 1a 82 3a d9 67 0b dc f3 63 b5 c8 79 0c cd d0 39 b0 eb 33 5a d5 64 c5 bf e7 ad 1c aa f8 23 6b 33 a4 c8 23 2f f8 c5 6a e2 c0 27 e9 07 6b 66 3f d8 16 5e 99 bf 5e 93 f6 e9 1b cb 07 cf 07 98 17 a9 a5 88 79 ed 7e d5 6f f2 8c b0 ec 96 63 ff 56 b4 88 2f f8 f9 f8 80 80 6e 02 69 dc 20 18 ac 42 2c f5 2e 8d ba cd 52 8a 76 66 6b c6 52 7e 3c fa 28 72 4d 43 11 84 5b 30 e4 34 4b 5b 1b 76 a4 e3 c5 4f b4 72 8f c0 a4 e3 4d 77 bf 64 f0 7a 36 6c 97 f1 2f 42 28 95 f3 58

..[.....T...^t....d.#w..4...].

.V..S.65...!.........\w..S..o.

.h....J[X.p.\...<.D.m'-4B...a0!..G.{l.....%@..:.g...c..y...9..3Z.d.......#k3..#/..j..'..kf?..^..^.............y.~.o.....c.V../.....n.i. ..B,.....R.vfk.R~<.(rMC..[0.4K[.v...O.r....Mw.d.z6l../B(..X


C:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 9a 87 a3 fe f5 32 09 f1 dc cd 57 80 d9 94 12 c6 96 aa 3f 51 65 58 3e d3 90 34 0b 60 25 0c fb

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%.....2....W.......?QeX>..4.`%..




C:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui unknown 24 a0 29 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.)..........,........... success or wait 1 F0677E WriteFile

C:\EFI\Microsoft\Boot\da-DK\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\Recovery\WindowsRE\Winre.wim unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat unknown 24 d7 ed 0a 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\Recovery\WindowsRE\Winre.wim unknown 24 ae a0 e3 15 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 9a 87 a3 fe f5 32 09 f1 dc cd 57 80 d9 94 12 c6 96 aa 3f 51 65 58 3e d3 90 34 0b 60 25 0c fb



C:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui unknown 24 a0 29 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 a2 a5 0d b6 5e aa 53 93 91 5d 91 bf 2d 05 3e 6d c6 39 ad 15 bb c6 8b d3 ce 02 cd e5 01 f0 41



C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui unknown 24 a0 b1 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn unknown 8192 0c bd db bb ad 2b 6f 1b 8a 3a 0c 73 bc 21 e2 dc 61 65 1c 13 0e 22 7c 02 b4 72 4d 4e a2 f7 36 c6 d0 fa 06 10 7a f2 29 e6 e5 b1 31 3d 40 80 1b da d6 d6 c4 51 dc 90 1b 24 96 af ac 6f 61 fe a9 b9 e4 57 4f 3b d0 37 c6 eb 39 27 9e fa 85 68 90 6e 7d 45 02 17 4e 07 6b d5 a1 d2 39 1b 9a 87 4e a7 86 49 61 df 88 fe 5c 63 36 a1 f9 99 88 b1 4a 4e 10 25 a3 21 3d 08 d6 ee 5c e7 58 09 df c3 e6 77 d0 3b 75 1c cb e8 43 e8 4f e8 6b 1c 1b 2f de 33 ec 13 e4 0e c9 ad 13 71 cb f7 1b af 9d a6 5c d2 87 bf c1 ea 57 a2 bc 56 d6 82 bb 90 2d 1f 3a 89 b5 41 fd de 88 37 aa aa 19 a6 6a 36 a3 87 d1 8a a9 7e 75 2d 32 d1 cb ed 76 95 61 ed 57 58 b4 80 eb 6c 7e 3d d6 a4 17 ae 87 6b 71 a3 7a e0 97 ac 67 5a 2b 91 b7 23 11 07 3d 1d 59 43 3f 10 16 ed cb 68 06 1e 4d 0a c5 72 04 d7 9c 87 77 80 63

.....+o..:.s.!..ae..."|..rMN..6.....z.)[email protected]...$...oa....WO;.7..9'...h.n}E..N.k...9...N..Ia...\c6.....JN.%.!=...\.X....w.;u...C.O.k../.3.......q......\.....W..V....-.:..A...7....j6.....~u-2...v.a.WX...l~=.....kq.z...gZ+..#..=.YC?....h..M..r....w.c


C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn unknown 24 5e 01 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

^...........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 95 65 03 7b d4 58 1c b5 eb 61 02 81 bb 4a 41 16 f9 48 34 79 f9 f3 0b ef 18 b8 e3 fb 77 c4 af

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%.e.{.X...a...JA..H4y........w..


C:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui unknown 24 a0 37 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.7..........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\de-DE\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn unknown 8192 0c bd db bb ad 2b 6f 1b 8a 3a 0c 73 bc 21 e2 dc 12 9d 79 7d ba 95 a6 2a 5a 4a 16 56 2e 57 dc aa d2 3f ce f9 bd 11 5e b5 77 b3 45 9c db 70 95 e2 e0 3e 18 8f 7e a1 25 79 48 49 93 d7 4f 7a 97 fb 36 7e 27 4e d1 77 a5 8b 1e 5f 89 aa 37 39 50 0b 30 65 5d c3 ff 47 84 18 b6 0b 5c 25 5b bd 3a ba d8 7d 6b af 8b 05 25 f1 f6 fd 1e 23 2a 85 a9 cf 00 cb 22 af 39 e6 10 ff 86 45 16 da ef 44 79 84 0a 02 83 4b b0 71 19 04 ea e1 7b 28 1f 5f d9 fb cb f5 ae d4 d4 72 69 87 41 50 89 38 5a da c5 e5 ac 99 95 89 b4 43 60 9d f0 25 88 9d 06 6a c4 f1 97 26 95 7d 02 2b 3a 31 5c d2 0b ab b7 f1 45 24 2f 20 6a 18 21 6c 3b 2d 55 46 e0 c0 06 09 30 a0 e9 dc df 93 93 9b cb ac 8d 69 4e bf 09 e3 1a 4e 57 b4 90 42 2a ed 26 0b 8d ee 0f 2f 57 5b 9c ee 01 c0 5a b2 71 df 06 8c 67 e8 3a a1 8a 49 8b

.....+o..:.s.!....y}...*ZJ.V.W

...?....^.w.E..p...>..~.%yHI..Oz..6~'N.w..._..79P.0e]..G....\%[.:..}k...%....#*.....".9....E...Dy....K.q....{(._.......ri.AP.8Z........C`..%...j...&.}.+:1\.....E$/ j.!l;-UF....0..........iN....NW..B*.&..../W[....Z.q...g.:..I.




C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn unknown 24 5e 01 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 95 65 03 7b d4 58 1c b5 eb 61 02 81 bb 4a 41 16 f9 48 34 79 f9 f3 0b ef 18 b8 e3 fb 77 c4 af





C:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui unknown 24 a0 37 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn unknown 8192 0c bd db bb ad 2b 6f 1b 8a 3a 0c 73 bc 21 e2 dc 77 40 55 f6 12 61 e9 c7 87 88 a4 8e f4 1e cb ad 11 8a b3 5a 71 49 13 a6 af a9 57 e7 40 59 23 ea c1 18 bc b7 1b 25 aa ee 75 71 64 b1 72 54 56 d6 42 e9 7a 44 21 af 6d 7d 5e 6d 00 0d 45 b9 22 6d 6f bf 93 16 7a ca 21 44 df fd d4 d8 54 ff 15 0d 0f 2f 50 15 e0 89 5f a1 00 3f b0 c5 93 e1 a5 e2 7c 82 0e d5 74 43 ab ac 57 1a 78 b2 ee 82 1e 5b 24 76 3a 89 29 ad 7d 9a 05 d6 9e 2c 87 25 f3 05 b4 61 6e 78 1c ae 33 ab c8 de d2 f8 dd eb 1f b6 87 95 29 46 77 8a 7f a7 4e 01 85 70 49 e9 ae ca b3 6a 17 09 6a f5 3a 79 e3 4f 46 e1 cc 22 52 a4 65 51 e9 d5 78 b3 4f d0 c9 b4 6c d4 91 d4 c0 0a f5 25 6a 15 9d 42 f9 f5 d1 3e 02 ce 86 67 e5 29 60 a3 fa ba 17 f8 d9 06 15 fa 6b a2 11 6b c9 aa da d3 ea c6 4c e6 20 0c 76 e5 99 75 41 96 29

.....+o..:[email protected]........

.....ZqI....W.@Y#......%..uqd.rTV.B.zD!.m}^m..E."mo...z.!D....T..../P..._..?......|...tC..W.x....[$v:.).}....,.%...anx..3...........)Fw...N..pI....j..j.:y.OF.."R.eQ..x.O...l......%j..B...>...g.)`.........k..k......L. .v..uA.)




C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn unknown 24 64 01 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

d...........,........... success or wait 1 F0677E WriteFile

C:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 de 48 32 29 2e 21 5c 0f 0d 85 7c 81 28 8c 9c 7e 75 f5 21 0c 32 cc ea 88 e2 e1 0b 6d 04 40 4f

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%.H2).!\...|.(..~u.!.2......m.@O




C:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui unknown 24 98 b3 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn unknown 8192 0c bd db bb ad 2b 6f 1b 8a 3a 0c 73 bc 21 e2 dc f5 1e cf 67 36 33 a2 03 21 b8 88 68 2a e3 e8 e0 30 ad bc ea da 87 1c 3f 65 69 05 85 89 68 1a 43 7c 71 68 83 6f 3c f0 c9 76 0b 18 32 cf e1 8c c5 39 0f 5f de 4a 40 a3 0e 54 10 c3 00 a1 5b 5e 5b b8 35 75 64 63 ab 3b 74 2f 91 54 d8 1c d3 35 c3 7c 5c b9 11 f8 38 57 d2 1c e0 bd 23 e0 57 1f bb 7e 33 14 7c 90 e8 fc 5e ab ae 6d cc f5 2f 5f 68 c6 8a 63 1b 9a e9 f7 25 de 3e 79 d5 f2 22 f9 f9 59 45 e1 4a c4 27 ca dd 61 18 58 c9 27 90 8c c6 15 03 f3 05 e5 07 1a 84 a5 ac 19 06 15 e5 aa 76 6a f3 d9 ea e0 82 38 23 4a f9 18 ce ec b9 05 20 d4 74 71 f1 a9 29 f4 0d 28 dc 7b 3c e7 5c d5 fd 5e 4a 1b fe 89 92 28 0a 58 9a 30 c2 88 e3 05 d1 eb 3a de e5 29 a4 3a f1 47 e9 db c6 b7 3f 2a 49 6a f0 b8 b4 38 44 61 20 d6 a8 ad ad 21 ad 13

.....+o..:.s.!.....g63..!..h*.

..0......?ei...h.C|qh.o<..v..2

[email protected]....[^[.5udc.;t/.T...5.|\...8W....#.W..~3.|...^..m../_h..c....%.>y.."..YE.J.'..a.X.'..................vj.....8#J...... .tq..)..(.{<.\..^J....(.X.0......:..).:.G....?*Ij...8Da ....!..




C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn unknown 24 58 01 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

X...........,........... success or wait 1 F0677E WriteFile

C:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 25 dc 4a b0 51 09 ee 78 e8 12 ea 28 7d e2 a3 7d 6f 54 77 54 6d 77 e8 41 5d 4f 14 7d b0 24 1d

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%%.J.Q..x...(}..}oTwTmw.A]O.}.$.




C:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui unknown 24 a0 39 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\el-GR\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn unknown 8192 0c bd db bb ad 2b 6f 1b 8a 3a 0c 73 bc 21 e2 dc 44 cf b6 fd e3 ba f5 19 48 fe 8b 6b b4 24 67 6c 3e 8a c0 72 72 17 60 f8 af bd 15 24 fc 01 6e 8a 8f e8 1e 16 a2 b2 11 9b ca ec 76 ea e7 b9 ac 88 72 32 a0 49 10 3a b8 a7 24 90 bd 43 a2 24 59 2f f1 b3 dd 4d 07 15 24 ed 15 b7 10 89 65 97 34 0f 21 b6 72 54 9b eb 00 41 78 00 c8 55 35 a2 72 6b 87 f7 91 91 5a ae f6 5f 92 96 e7 62 2d 8b 8c 95 f9 73 e9 07 42 55 44 b9 d8 8b f0 bb ac cb e5 d9 23 6e 9b de 76 19 2a d4 60 e6 e6 22 5a 3c d8 eb 4a ac 55 ea 6c 3e 2a dd c9 52 91 c7 d7 7c 88 e6 73 82 83 38 32 25 6a 0c 44 92 90 b8 b0 00 e3 17 93 a6 e6 24 26 0a ca 2d 65 08 7e 0a 2f 85 bc 44 94 78 02 c0 10 0c 4b 13 a4 92 65 26 9e db 75 12 5e 23 b4 a7 87 f8 4d 8c 85 c8 62 4c d8 db e4 05 38 74 30 c2 f9 e2 7e ce 27 2e f3 2f 39 4b 03

.....+o..:.s.!..D.......H..k.$gl>..rr.`....$..n...........v.....r2.I.:..$..C.$Y/...M..$.....e.4.!.rT...Ax..U5.rk....Z.._...b-....s..BUD.........#n..v.*.`.."Z<..J.U.l>*..R...|..s..82%j.D..........$&..-e.~./..D.x....K...e&..u.^#....M...bL....8t0...~.'../9K.


C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn unknown 24 5e 01 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 25 dc 4a b0 51 09 ee 78 e8 12 ea 28 7d e2 a3 7d 6f 54 77 54 6d 77 e8 41 5d 4f 14 7d b0 24 1d

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%%.J.Q..x...(}..}oTwTmw.A]O.}.$.


C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui unknown 24 a0 39 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn unknown 8192 0c bd db bb ad 2b 6f 1b 8a 3a 0c 73 bc 21 e2 dc 44 cf b6 fd e3 ba f5 19 48 fe 8b 6b b4 24 67 6c d5 6c 64 69 f8 c9 da 85 14 49 36 f7 2b 49 a9 f1 eb 8c 70 c7 b2 e8 b0 e0 a7 5a f6 e4 ae 64 c9 fd fc 49 f2 30 6a d9 d3 ee b0 33 78 02 7b 4b 3b 4d 23 6d 03 cc d1 a5 fb dc a5 7f aa 65 10 aa c7 ba d7 bf ec 3f 00 ca 92 5e af 09 f0 54 a2 69 65 5b e2 23 ac 42 96 17 08 fc 4f c9 c6 1f 42 5a 3c 0c af 06 fe 69 15 95 3f 79 5e 67 b0 29 e1 79 7b 7e d6 7d 03 f8 b6 20 c3 86 5d 9f 97 73 a2 4e b2 74 99 fd e3 5d f0 95 3a 6e 3e 87 91 cd 44 af b5 f2 24 65 d0 c1 d5 2f 4f 22 f1 84 5a 74 85 9f ad a7 a0 6f 2d 18 b4 e4 e6 db 1b 30 4b 79 bf 31 2a 8b 7b d6 e0 f7 55 9c 5c 02 5a f6 cc 39 74 c7 14 f9 d5 9e f4 a5 a7 ad 07 e8 57 81 56 0d 1f 66 fa 08 01 b2 dc 7c b3 86 da e7 38 4b 81 cf 1c c4 ca

.....+o..:.s.!..D.......H..k.$gl.ldi.....I6.+I....p......Z...d...I.0j....3x.{K;M#m.........e.......?...^...T.ie[.#.B....O...BZ<....i..?y^g.).y{~.}... ..]..s.N.t...]..:n>...D...$e.../O"..Zt.....o-......0Ky.1*.{...U.\.Z..9t...........W.V..f.....|....8K.....


C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn unknown 24 5e 01 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 05 01 8d b7 16 84 2a 03 8d a9 60 06 4b 46 18 95 aa 3a 2a 30 d2 93 b2 05 1c 94 54 b7 b3 1d a8

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%......*...`.KF...:*0......T....


C:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui unknown 24 a0 b5 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft Help\nslist.hxl unknown 8192 b5 a3 0c 1b 36 89 30 43 5a a1 ff b0 bb 2c c3 00 b1 9b 91 03 58 41 63 a4 54 4a bd d2 c4 e3 97 b8 c3 e2 27 db 5c 7a 95 70 38 8d 08 52 a9 86 49 4f 0c c3 2c 3c bf fa b9 85 1b a5 9f ff 35 16 f2 33 d0 b7 04 57 0d d0 bf b0 96 ba f3 10 c8 88 80 da b4 f0 20 9e 27 e4 47 97 00 df a7 e0 92 29 6c 59 7f 9e 80 9c 19 49 29 de e5 81 7e c3 08 7c c5 71 54 44 fa 25 09 ee 0a e9 c8 85 1c 7d 3a f7 e4 4a cc 92 33 21 16 40 a1 de b5 54 fb f3 b9 7c 3b 25 a6 20 8b 59 95 87 6c a8 7d 23 76 ce 5d aa 89 5d a3 34 36 8a 8a 1f f7 d9 25 cb f8 25 7e 25 ac 0c 59 07 75 71 16 ad 8e 3e ae d4 5d 64 72 cb f9 de 07 fc 62 33 50 de f9 20 d6 a2 a7 91 46 5a eb a5 2d 88 75 3c 1e e4 17 db f1 1c 01 33 a6 c8 f9 4d ca c2 e0 c1 ba 84 bc c4 25 d1 e9 af 05 a5 54 29 0d 39 3a a2 19 15 6b ae ef 7d de 9e 39 b9 b8

....6.0CZ....,......XAc.TJ....

....'.\z.p8..R..IO..,<........5..3...W.............. .'.G......)lY.....I)...~..|.qTD.%.......}:[email protected]...|;%. .Y..l.}#v.]..].46.....%..%~%..Y.uq...>..]dr.....b3P.. ....FZ..-.u<.......3...M........%.....T).9:...k..}..9..


C:\ProgramData\Microsoft Help\nslist.hxl unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft Help\nslist.hxl unknown 24 76 18 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

v...........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 47 b8 fc f6 6e a7 48 1b 29 66 52 40 ed 30 0a 0c 7d 25 e7 66 c9 4e bf 2f c8 f7 77 69 2c 80 fb

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%G...n.H.)[email protected]..}%.f.N./..wi,..


C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui unknown 24 a0 23 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.#..........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\en-GB\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 77 91 c5 1e 09 e4 af 8e 1c 4f 4d 81 02 a3 a5 13 06 f4 e2 95 7e aa 44 c6 5d ca 39 a7 25 93 95 ae 7a 38 82 69 50 e0 b9 23 41 6c 76 85 17 bd 8d 11 db 18 e1 4a a3 98 2c 81 bb 1e f1 e3 cd dd a5 9f 87 31 cc a7 db df 55 39 82 9c b6 54 3d 36 4f e5 b0 84 2b c7 69 ee 2f c8 63 bb 17 f8 f1 5a 4d 82 82 06 93 e7 17 b0 99 11 69 7c f7 89 a5 f8 5d 14 fe 76 67 fb b1 9d 4a b0 3c 85 f3 65 4b 0d b2 45 7c e2 ec 7e d8 88 74 44 4b 0c d1 c3 d4 71 96 40 2c b7 74 71 b4 3e c8 92 b0 ac c3 34 96 c2 5e af 7b 55 38 5f 82 9e cd 34 3d b0 56 03 43 b6 17

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..pw........OM.........~.D.].9.%...z8.iP..#Alv........J..,..........1....U9...T=6O...+.i./.c....ZM.........i|....]..vg...J.<..eK..E|..~..tDK....q.@,.tq.>.....4..^.{U8_...4=.V.C..




C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl unknown 24 00 20 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 47 b8 fc f6 6e a7 48 1b 29 66 52 40 ed 30 0a 0c 7d 25 e7 66 c9 4e bf 2f c8 f7 77 69 2c 80 fb





C:\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui unknown 24 a0 23 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 47 b8 fc f6 6e a7 48 1b 29 66 52 40 ed 30 0a 0c 7d 25 e7 66 c9 4e bf 2f c8 f7 77 69 2c 80 fb





C:\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui unknown 24 a0 23 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\en-US\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 47 b8 fc f6 6e a7 48 1b 29 66 52 40 ed 30 0a 0c 7d 25 e7 66 c9 4e bf 2f c8 f7 77 69 2c 80 fb



C:\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui unknown 24 98 23 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\USOShared\Logs\NotifyIcon.003.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 c8 b4 ff 18 e2 32 86 20 ed 43 43 77 cf 59 c7 93 d0 d7 83 c4 22 48 2a 64 04 fc 19 2a ea 42 ed 2f e4 23 70 9c a8 ca 5c 91 99 a0 32 f5 a4 e0 1b dc 9d 2c f6 72 55 52 64 ad 65 6e 8f a3 55 fe bc 5a af 87 6f ec 0c 3c 4a 07 18 8e 66 51 a2 b9 a6 f6 0f de 62 02 47 6b 71 de 50 f0 68 e9 91 10 ef f5 a7 a4 89 bd ce 41 81 5d 53 7e ff 60 ef 99 9f 2a c8 cd 43 54 6a 6e d7 8b 67 19 92 83 a9 45 f0 a7 a1 9f 00 9d c8 2a 7a e8 25 31 5b 02 d3 a7 53 a5 93 4a f8 4c aa b9 8e 3c 66 77 f0 25 a8 5b 01 86 1e d6 92 fe ac c9 0f 90 62 63 d1 03 12 87 57

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p.....2. .CCw.Y......"H*d...*.B./.#p...\...2......,.rURd.en..U..Z..o..<J...fQ......b.Gkq.P.h..........A.]S~.`...*..CTjn..g....E.......*z.%1[...S..J.L...<fw.%.[..........bc....W









C:\EFI\Microsoft\Boot\en-US\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 40 a1 25 1a d6 77 be d9 f9 d9 7c 36 26 79 54 df 6a 24 fc a9 43 4f 86 b8 e1 bd c6 2d e9 f7 fc

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%@.%..w....|6&yT.j$..CO.....-...


C:\EFI\Microsoft\Boot\en-US\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\en-US\memtest.efi.mui unknown 24 a0 af 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\USOShared\Logs\NotifyIcon.004.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 fe 49 3b 1a cc 4b 59 33 80 5c 23 ef 2b d9 ab 54 74 59 02 e9 78 f3 5b 63 df 67 63 5e ba d6 c0 65 9c ac b2 2d 06 98 56 91 e0 b3 30 47 89 0e ba 9a 75 07 bb 47 7a 39 bc 5c 37 09 bc f2 58 79 59 c4 82 45 3f fd bb db 39 48 42 4f 8f 55 3d 5c f5 7a a7 10 54 b8 bc 61 29 75 2d 91 13 75 25 ea ac 4d 82 70 20 56 45 04 8f b8 03 e4 75 9b cb 95 32 dd ce 14 dc 35 12 ba cf b2 5f 44 3f e9 4d f1 74 6c c6 ce 82 bc 53 91 41 9e 92 ff e9 78 5f 44 33 a3 72 07 41 51 53 11 12 c0 32 13 13 2f 06 e0 3d 4b 84 ce ef 41 3f 75 42 5e 10 fd 8e 62 75 2a 19

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p.I;..KY3.\#.+..TtY..x.[c.gc^...e...-..V...0G....u..Gz9.\7...XyY..E?...9HBO.U=\.z..T..a)u-..u%..M.p VE.....u...2....5...._D?.M.tl....S.A....x_D3.r.AQS...2../..=K...A?uB^...bu*.









C:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 a7 a9 86 fc d7 5d c7 28 37 c8 6e ce 42 b0 21 f0 44 44 2c d2 d5 20 5e 0e 66 50 8e f1 cb 28



C:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui unknown 24 a0 2f 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\es-ES\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\ProgramData\USOShared\Logs\NotifyIcon.005.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 17 db 42 62 c5 fc 7d 99 4a e0 8a 93 21 59 11 4b 4b 51 50 f0 ca 76 ee 7f 0d b7 2b 09 a6 cf 5a ef 68 99 bd ca d1 1e 83 ab 92 4d db de 73 b4 bc 45 b4 cd e6 32 05 07 f2 42 d0 bb d7 73 1c 7c 3e 87 81 ca 5e 61 39 ef ac eb 6b 4e 0f 01 55 98 99 bd 07 78 2e 44 24 ec 8d 49 fb 25 d0 84 7a 62 14 e9 29 69 09 45 1e 84 8e 4b 73 d0 79 7b 0d bc c5 bd 18 9d bc 6a 70 21 61 31 01 06 e2 da c7 df 6e b6 1e e5 18 d2 12 28 a7 da 09 ba 10 82 6c 08 d3 83 56 01 cf d6 52 81 60 e8 2d da 12 57 f5 07 44 30 d8 3d 03 60 2c 56 bb a1 ff d4 59 71 cf d0 f5

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p..Bb..}.J...!Y.KKQP..v....+...Z.h........M..s..E...2...B...s.|>...â9...kN..U....x.D$..I.%..zb..)i.E...Ks.y{.......jp!a1......n......(......l...V...R.`.-..W..D0.=.`,V....Yq...









C:\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 a7 a9 86 fc d7 5d c7 28 37 c8 6e ce 42 b0 21 f0 44 44 2c d2 d5 20 5e 0e 66 50 8e f1 cb 28





C:\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui unknown 24 a0 2f 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\ProgramData\USOShared\Logs\NotifyIcon.006.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 2c e5 43 a8 a4 88 ec 41 b7 b1 5e 65 08 9f 3b fd 8d 95 97 96 e7 53 3c ea 84 a1 f6 7a ce a2 ac 2f ce 6b 9d 80 16 af 6a 96 b4 ee 55 8d ed 07 fb 5a e3 a7 5a 8b a2 36 7e cf f3 3f 66 49 26 41 be 74 d2 ac 5b 5c ca bd c4 0a 63 de 1a 0e c8 27 fe 0e eb 2d 1f c3 ef 78 5e a1 9c e6 44 7f 8d 3a 78 4b b5 9f 0a 9f 32 d6 27 a4 69 bf 42 89 4a 84 ed c5 6f 35 df a1 5f a9 1e ca cb 7c e4 cc 05 5d f6 da 08 96 ec 0c b9 fc fd 58 19 a2 4e 3c 3f 1b 10 a1 8b 84 a8 e6 b9 af 96 56 a3 f4 4a df 5f 64 32 90 bb 26 18 52 7d 92 7c fc de e5 3c f0 7b c3 28

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p,.C....A..ê..;......S<....z.../.k....j...U....Z..Z..6~..?fI&A.t..[\....c....'...-...x^...D..:xK....2.'.i.B.J...o5.._....|...].........X..N<?..........V..J._d2..&.R}.|...<.{.(









C:\EFI\Microsoft\Boot\es-ES\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 de 48 32 29 2e 21 5c 0f 0d 85 7c 81 28 8c 9c 7e 75 f5 21 0c 32 cc ea 88 e2 e1 0b 6d 04 40 4f





C:\EFI\Microsoft\Boot\es-ES\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\es-ES\memtest.efi.mui unknown 24 a0 b3 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\ProgramData\USOShared\Logs\NotifyIcon.007.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 25 c1 0a 61 4f 20 f7 93 73 c5 9c 3c 40 5c 75 50 8b 3d 7f f8 b4 d8 cb 15 54 38 92 c0 d8 d9 dd d6 3a 46 fd 40 e8 e0 c8 73 16 a7 f7 9c c0 28 e5 ab 8e f1 19 89 be a4 93 28 9a f2 ef 6a 71 41 ae 77 eb a6 37 bd 69 89 09 c6 49 90 a0 4f a2 88 04 b2 03 f8 0d e4 a8 03 24 a2 34 c8 68 76 7f 87 10 71 e8 3c be 59 50 5e 92 ef 7b c0 9e 13 d8 9a e5 cd 26 76 19 2d 51 19 89 b2 4b 5a 68 40 50 b7 20 c5 ef 29 b1 a8 97 62 79 68 4f be bf 58 e1 9c f9 98 e2 c2 29 3a 63 4f 00 b6 c9 ae 92 f2 88 74 af a3 a6 c8 38 de d3 bc 9e 46 62 b7 74 6a 82 9e e2

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p%..aO ..s..<@\uP.=......T8......:[email protected].....(.........(...jqA.w..7.i...I..O..........$.4.hv...q.<.YP^..{.......&v.-Q...KZh@P. ..)...byhO..X......):cO.......t....8....Fb.tj...









C:\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 a7 a9 86 fc d7 5d c7 28 37 c8 6e ce 42 b0 21 f0 44 44 2c d2 d5 20 5e 0e 66 50 8e f1 cb 28





C:\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui unknown 24 a0 2f 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\es-MX\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\ProgramData\USOShared\Logs\NotifyIcon.008.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 16 8c 0b a4 5f 99 4a a7 98 64 b8 cc 18 e3 6d 09 51 e3 53 c3 3d 06 64 f2 17 3e 68 a9 a5 7a e7 63 34 03 da 2c e9 26 b1 ee a9 fb 77 31 db 9b 10 66 c7 4c ca ac 48 6a 42 c2 a0 a9 8d 65 03 a2 18 75 f9 87 46 12 ee 7d bb 13 72 6a 37 be 64 6c 80 a3 41 f8 f0 87 60 6f cb 83 08 ec 7b 7e 13 a8 02 f6 90 54 c9 26 45 1f 70 50 02 7b 70 82 73 e2 91 50 54 5d 8c 59 ef 01 e3 dd 49 73 32 50 5c 9c f4 85 5c e8 ca 50 bd 59 3c 5a d5 88 08 bb 86 bc 54 7d 70 93 bd 27 de 74 a0 c3 ae 1d 60 a5 31 48 99 f4 bc 0d f8 af b4 f4 2d 55 70 59 ef 4a 52 64 49

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p...._.J..d....m.Q.S.=.d..>h..z.c4..,.&....w1...f.L..HjB....e...u..F..}..rj7.dl..A...ò....{~.....T.&E.pP.{p.s..PT].Y....Is2P\...\..P.Y<Z......T}p..'.t....`.1H........-UpY.JRdI









C:\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 a7 a9 86 fc d7 5d c7 28 37 c8 6e ce 42 b0 21 f0 44 44 2c d2 d5 20 5e 0e 66 50 8e f1 cb 28



C:\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui unknown 24 98 2f 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\USOShared\Logs\NotifyIcon.009.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 30 f8 85 ec 5c 3a 20 92 bf 87 07 54 8f 1f 87 83 46 72 8e 58 d2 85 ac 93 62 f5 c5 90 aa df 61 ee 46 ad 98 04 29 2b 5a 7e 29 b0 33 e7 48 97 37 4a 5b 7c c6 f1 aa 10 83 cb 37 8f 3a 43 a0 de 03 61 1c 0d b3 a4 a5 78 30 cf fa 70 08 79 2c 54 8a 35 ee 61 b7 11 fe 2e 2e 34 0e 55 4c a6 b6 8b 4c d0 9f f1 1d 18 bc 88 0f d0 0a 8a 23 b8 44 c2 4c b2 18 bc ae 8b 8f 3f d9 55 3c 6d 4f af 3a c0 7d 86 56 4f b4 5a ef ae ae 79 7f eb 88 6e cd a1 dc 0a 1b 47 46 4f 10 a6 dd 0d d5 5e 72 0c 75 1b 9c 65 91 8a bb 85 72 63 ac 62 a9 6c 70 7f a9 45 8a

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p0...\: ....T....Fr.X....b.....a.F...)+Z~).3.H.7J[|......7.:C...a.....x0..p.y,T.5.a.....4.UL...L...........#.D.L......?.U<mO.:.}.VO.Z...y...n.....GFO.....^r.u..e....rc.b.lp..E.









C:\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 96 2e 18 f4 e5 c4 82 d7 b9 d3 ce 0d 46 3d 66 af bd 2f 4a 86 86 b6 be 16 15 13 ba eb b9 60 be

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%............F=f../J..........`.


C:\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui unknown 24 a0 27 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.'..........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\et-EE\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\ProgramData\USOShared\Logs\NotifyIcon.010.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 55 32 f2 61 f7 e4 42 e5 ff 2f af 92 8c 96 ee 00 f2 95 88 fb 58 44 3d 55 85 fb 39 61 52 38 cd 61 48 a6 fc d6 2d d2 de 4e 81 a4 b8 41 de aa c9 35 4a be 38 5e ea 54 f7 29 8a b9 1d a9 81 11 f6 0e ed 34 a7 f8 b9 24 c6 85 c1 94 19 02 00 fa 54 cc 89 1d b9 6c b6 f9 b7 6b 63 7a c8 36 24 01 a1 b0 3c df 99 e0 31 44 36 d2 be 94 8f 11 02 9e 3a d9 ae 6f d7 ef e8 33 12 6b b9 d5 44 c8 69 80 d1 32 90 7d de ad a8 93 43 14 0b 36 3c b1 89 33 0f 35 0c 5b a2 b9 de 13 34 42 08 c1 81 03 fe 72 46 90 ff 6b 96 3b eb e6 a2 d2 99 ae e4 f3 52 6d c5

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..pU2.a..B../..........XD=U..9aR8.aH...-..N...A...5J.8^.T.).........4...$........T....l...kcz.6$...<...1D6.......:..o...3.k..D.i..2.}....C..6<..3.5.[....4B.....rF..k.;........Rm.









C:\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 96 2e 18 f4 e5 c4 82 d7 b9 d3 ce 0d 46 3d 66 af bd 2f 4a 86 86 b6 be 16 15 13 ba eb b9 60 be

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%............F=f../J..........`.




C:\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui unknown 24 98 27 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.'..........,........... success or wait 1 F0677E WriteFile

C:\ProgramData\USOShared\Logs\NotifyIcon.011.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 85 58 6d 1e f8 35 c1 d7 de dc 75 5c ae a7 ce 9e 37 c2 93 8f da 89 ec f6 6b 71 01 6d 97 01 1d 74 13 d0 80 e1 49 4d 13 f9 74 44 95 62 30 04 e1 d1 b5 10 c4 0a 1c 75 32 dc 08 76 f9 b8 10 00 08 ff bb c5 57 e7 ab 09 2e 8e 2a 23 d0 87 9f 5c 43 07 f2 65 fd 39 61 b9 55 66 70 7f b5 00 3e 68 53 36 bb e9 e7 c8 9b fb 15 41 3d 81 cb 27 9c 41 8b 24 53 be e7 ba 0d f2 4b d1 4b 57 6e 0a aa 28 9f 31 3a bd 5e a2 91 e9 77 87 11 06 99 99 f0 71 d5 9e 0e 09 42 19 08 fa 97 70 f4 95 dc 2c 63 22 9b 20 74 b1 9c ed 7d d4 e4 82 ba 4d f9 28 8b 59 d0

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p.Xm..5....u\....7.......kq.m...t....IM..tD.b0........u2..v........W.....*#...\C..e.9a.Ufp...>hS6.......A=..'.A.$S.....K.KWn..(.1:.^...w......q....B....p...,c". t...}....M.(.Y.









C:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5





C:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\fi-FI\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\ProgramData\USOShared\Logs\NotifyIcon.012.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 e3 1b 13 08 a9 2d 06 90 ab cc 8f 83 d7 35 cd 8d 64 45 7a 27 c8 19 ab 39 25 fd 1f 98 7a 3f ac 66 fd 58 a9 5f 82 ac 7a 47 64 6d 56 ee e7 05 75 e1 fa 32 b2 6a e0 38 b4 5e ed fc 50 cf 95 5b 5a 98 63 02 ab 8e 4c 5f 1f ed 9f 8b f4 f6 5a 93 5c 36 2f 2a ba 53 6e 4a c7 f9 42 88 4c 54 ad 1f 50 c6 a4 a1 39 36 e6 31 fb 62 fd ea 6e f9 df 8d 8f 0d 11 ce 70 24 de c9 de da 4c 40 ab 64 c3 7d 44 9d ce c4 3a de 8f 43 bf 26 29 5b 77 c5 ee c6 86 5d f9 a5 55 35 cd 39 8d ac a2 a2 5f 12 32 c1 0f 8a d0 50 63 fc ca 0f 20 8d 04 c1 6a 05 5f be 17

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p.....-.......5..dEz'...9%...z?.f.X._..zGdmV...u..2.j.8.^..P..[Z.c...L_......Z.\6/*[email protected].}D...:..C.&)[w....]..U5.9...._.2....Pc... ...j._..









C:\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5



C:\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui unknown 24 98 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\USOShared\Logs\NotifyIcon.013.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 cd 5f 84 be fa f4 ec 4f 6c 58 7b 99 67 76 15 79 d2 dc 81 a8 b7 72 d3 36 c7 af 36 98 60 27 3c b8 a9 7a 00 cc 9e 16 85 e1 df d0 96 16 6c 8e e9 09 88 fd a9 23 da 4c 72 b7 91 f0 ee 5e 03 b7 fa 9f 77 a5 9c 86 d8 35 f2 93 d1 1f 9e 42 e3 2a a6 07 25 71 41 1e a7 ec b4 de 83 f5 a7 0a 3f 54 1f b9 53 46 5d a9 2e 1d 1a c4 91 d4 63 ae a4 2c 94 a9 b2 7a ce 09 85 85 2d 0c 34 64 d4 c4 95 a2 3d ef f0 bc 46 7a 20 e8 d4 72 a6 87 c0 4b 44 1e bf ad 5a 19 60 c4 5b c6 13 5b 06 d8 aa d1 4d 34 3b ab 3d 3e 2b ad 14 79 5b 61 83 76 b4 82 64 de 9c

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p._.....OlX{.gv.y.....r.6..6.`'<..z..........l......#.Lr....^....w....5.....B.*..%qA.........?T..SF].......c..,...z....-.4d....=...Fz ..r...KD...Z.`.[..[....M4;.=>+..y[a.v..d..









C:\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 a2 a5 0d b6 5e aa 53 93 91 5d 91 bf 2d 05 3e 6d c6 39 ad 15 bb c6 8b d3 ce 02 cd e5 01 f0 41



C:\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui unknown 24 a0 b1 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\USOShared\Logs\NotifyIcon.014.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 c3 ff 90 ec bb b3 9d 49 70 7b 71 d8 84 2e 7f f3 62 b9 f5 b1 e3 2a 81 d2 35 68 13 53 8a a5 b8 1b 77 4c 77 b3 75 c1 0a e9 8e 16 9a 51 62 dd 08 c9 96 71 4d 9a df 07 f0 d0 19 de c3 1b 97 ca eb f3 f6 98 38 1c 71 1d 24 be 14 dd 37 bf 44 b7 a0 92 ca e2 9f ed 3a 69 75 59 d2 f0 e6 4c 54 87 f0 32 7a a8 c0 fc bf 78 4a ce 07 72 fd 5f 9e e3 07 69 2f b8 5c 70 6b f2 7f 93 34 77 06 8e 3d fd 65 d0 9f 9a 04 31 b7 46 8d 02 07 b5 58 2d f1 ad bc b8 8d 83 aa e5 07 56 1d 6f 9a 15 5f bb 9a 4b d2 1c 36 71 a6 6f 31 6d 13 8b 0a b2 12 c5 af 6c 15

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p.......Ip{q.....b....*..5h.S....wLw.u......Qb....qM...............8.q.$...7.D.......:iuY...LT..2z....xJ..r._...i/.\pk...4w..=.e....1.F....X-.........V.o.._..K..6q.o1m.......l.









C:\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 83 31 72 18 c1 a0 3d 69 c4 be b0 6b d4 e7 b9 ad 3e f6 a2 bb 02 2e ba 5d 9a 77 33 3f e5 73

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%D.1r...=i...k....>......].w3?.s


C:\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui unknown 24 a0 35 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\fr-CA\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\ProgramData\USOShared\Logs\NotifyIcon.015.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 6d 55 d1 e9 53 45 8f 0f fb 4b 97 21 84 ce 6a c6 35 dd d4 b7 a6 9f 9f e2 38 8a 53 01 1e 14 5a 49 e0 14 34 0d 39 05 2c 3c 17 bb bd e0 15 37 0f 83 45 d9 f0 1e fd f0 38 eb 5b 0f c0 57 79 95 8c 37 43 f9 a1 96 b7 3a 71 7e 50 fc 5f 88 95 dd 05 1c 7d d1 f4 10 4f ba 70 55 a9 b5 aa 8c 83 f0 94 50 7e ed 23 a0 cc 2c 9e 5b 87 44 6d 46 f9 29 a5 a6 ec 92 b5 c6 66 ba 2c 52 a8 2e 7a ce 38 ad 56 60 98 bd cc 99 fc 66 7b 57 44 a5 84 40 22 63 5f d2 b0 1b 69 52 af 4d 32 df 2b 43 42 2b c5 e2 20 52 72 e1 6e a1 1d ab 0d d6 aa 47 83 d4 53 f1 eb

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..pmU..SE...K.!..j.5.......8.S...ZI..4.9.,<.....7..E.....8.[..Wy..7C....:q~P._.....}...O.pU.......P~.#..,.[.DmF.)......f.,R..z.8.V`.....f{WD..@"c_...iR.M2.+CB+.. Rr.n......G..S..









C:\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 83 31 72 18 c1 a0 3d 69 c4 be b0 6b d4 e7 b9 ad 3e f6 a2 bb 02 2e ba 5d 9a 77 33 3f e5 73





C:\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui unknown 24 98 35 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\ProgramData\USOShared\Logs\NotifyIcon.016.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 53 4f ae 4d 9a 9a 8d 0d 21 99 07 6a 31 31 6b 80 34 d9 fa aa 00 3d 15 0b 4e 9f 7d 49 2b 37 43 3a 3a ed f0 f9 55 5f 70 4c fb 1f 31 ac 6c 2a c1 43 c9 4e 98 d6 86 10 d1 50 6e 4a bd 39 34 31 5e 1d 07 01 e5 51 6b 81 db 73 5c 4a 62 90 81 ec 7e f6 27 46 38 c2 95 91 29 ea b7 08 d9 57 5d db 1e c3 de 74 af c1 51 0e 2f cc 7c c5 5b fe b5 9e 39 84 d8 e0 1a d9 56 f3 7f cd f4 91 98 aa 05 76 57 26 2a 35 dd 0c ec f7 1d 5f b4 2e 41 c8 32 f8 be 51 d8 e7 88 43 4d 50 f1 d7 12 5f 29 d0 75 2c 7f a0 84 e6 1b 4b 84 e6 0d 58 1c 50 a6 00 2b d1 ea

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..pSO.M....!..j11k.4....=..N.}I+7C::...U_pL..1.l*.C.N.....PnJ.941^....Qk..s\Jb...~.'F8...)....W]....t..Q./.|.[...9.....V........vW&*5....._..A.2..Q...CMP..._).u,.....K...X.P..+..









C:\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 95 65 03 7b d4 58 1c b5 eb 61 02 81 bb 4a 41 16 f9 48 34 79 f9 f3 0b ef 18 b8 e3 fb 77 c4 af





C:\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui unknown 24 98 37 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\fr-FR\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\ProgramData\USOShared\Logs\NotifyIcon.017.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 ae 33 9a af 27 6e f5 7f e3 a3 e4 44 5d 2b 7d 2c 13 23 78 76 97 4f 96 9a f3 3c a8 31 ad 73 82 75 b6 38 ba be de ca 9b 96 0d 88 45 68 26 7a f0 bd 0a 4c 9f ec bd ce 53 f7 1b e6 f9 d4 6a 34 c2 3b b2 5e 63 e0 4c d9 35 39 00 96 b3 55 b8 08 a7 23 75 08 ab e7 4a cd 2c 84 06 e7 c5 85 8b 2a 67 ee 64 02 f9 7b 5d c1 a6 83 e8 00 90 65 3f 11 4f 1f 09 a0 41 31 1e 61 58 b8 48 25 49 35 7c ff ed 45 34 d9 20 a6 cb 76 95 44 74 a2 07 b3 07 4d 7f 0a 05 77 fb 30 9e 71 e5 d6 aa d5 c4 00 28 46 21 3d 8d bd 6f e2 30 af 71 54 27 cb bf e2 8b c2 33

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{mu.X..b6...V.A..p.3..'n.....D]+},.#xv.O...<.1.s.u.8........Eh&z...L....S.....j4.;.^c.L.59...U...#u...J.,......*g.d..{]......e?.O...A1.aX.H%I5|..E4. ..v.Dt....M...w.0.q......(F!=..o.0.qT'.....3






.@..........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 95 65 03 7b d4 58 1c b5 eb 61 02 81 bb 4a 41 16 f9 48 34 79 f9 f3 0b ef 18 b8 e3 fb 77 c4 af



C:\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui unknown 24 98 37 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl unknown 8192 36 5b e5 3a 86 25 40 d8 49 4d 18 51 a0 c2 6d bb fb 42 37 ce 92 93 34 13 5d b7 53 45 a0 e0 2a c3 30 0d c2 70 7e 2a 8b 83 81 1c a9 c5 b0 8a 99 5c 8b e1 e1 59 a2 88 6a d2 12 40 d9 6e c5 0b 7b 6d 75 c2 58 1e 18 62 36 98 1d ee 56 e8 41 88 b0 70 40 cc 32 ec 52 a6 1e d1 be 7b 00 f2 da 85 d4 06 34 98 19 9f 03 62 76 a6 c2 a7 6f 78 5e c7 5a 6a 6e 37 37 00 09 d9 13 00 83 e8 9d 3d 2e 69 2f 8f 90 54 d5 0c bd ab 1a cd 13 68 51 5c a5 6e d9 a4 1a 62 d7 10 2e 2d 87 35 4c 1c e9 1f da c5 b5 98 a0 4e e5 84 c4 bd 98 37 83 32 59 7b d8 c8 31 ad c0 4c 62 4a fa f9 e0 32 56 0a 38 ce 5c 68 b1 9e 3e 14 fb 9d 6c 28 62 2d 3c 76 73 6c 21 ff 18 0e b3 41 9f 90 f6 77 b3 50 29 8a 6c 6e 36 23 35 3b c6 41 46 df 73 72 fa 93 f6 2a f5 14 a9 d1 7e e8 c1 59 dc 1d 00 2c d3 a2 c4 37 cc 30 4d 1a cd

6[.:.%@.IM.Q..m..B7...4.].SE..*.0..p~*.........\[email protected]..{[email protected]....{......4....bv...ox^.Zjn77........=.i/..T.......hQ\.n...b...-.5L........N.....7.2Y{..1..LbJ...2V.8.\h..>...l(b-<vsl!....A...w.P).ln6#5;.AF.sr...*....~..Y...,...7.0M..


C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl unknown 24 00 20 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 de 48 32 29 2e 21 5c 0f 0d 85 7c 81 28 8c 9c 7e 75 f5 21 0c 32 cc ea 88 e2 e1 0b 6d 04 40 4f



C:\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui unknown 24 a0 b3 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl unknown 8192 12 e8 c9 80 19 81 41 d9 07 62 39 38 f0 8a d7 cc 6a 0f 37 f6 c6 b6 9d fb da 9e 4d 08 ce 43 cd 2d f6 c8 8d 48 7b e1 5f dc e3 9f 36 4e 9f df 61 40 24 24 cd b9 0d 62 ca 15 a6 e5 74 6b da be f8 4e c4 ce ed 4c af 66 39 f5 f7 ca b8 f0 85 f2 65 d8 7c 8c 5e f6 60 77 3b 4d 78 1e 07 4c 2c 49 44 9d 31 92 50 e0 9c e2 9c bd 32 e9 67 a9 0a 97 cb 8f 58 b2 e5 63 81 86 2a 58 e6 b8 8a fd 11 11 cb 1b 0f 07 6f 75 a4 98 1d 07 6d 60 8b a9 93 c4 7a cb 26 63 e2 0e 95 e5 b2 7e 1b 44 2b 74 b0 e0 7b 30 9e 3b 7b 0d 81 fd 60 cd 2e 08 3f 13 16 be e2 88 be 27 2f bb b0 b9 67 b1 1d df 2f 65 25 92 ee 93 03 c7 71 07 83 a7 d8 d0 77 21 d4 01 15 59 2f 10 a0 99 e3 07 ec 2d af 99 b9 93 29 9e 81 78 b5 ea ac 6c bf a3 c1 d5 bc f9 77 0a 96 6e dc ad 45 c7 f9 db 66 e5 66 e9 96 e4 98 88 ed 19 e6 a1 56

......A..b98....j.7.......M..C.-

...H{._...6N..a@$$...b....tk

...N...L.f9.......e.|.^.`w;Mx.

.L,ID.1.P.....2.g.....X..c..*X

..........ou....m`....z.&c....

.~.D+t..{0.;{...`...?......'/.

..g.../e%.....q.....w!...Y/......-

....)..x...l......w..n..E.

..f.f.........V


C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl unknown 24 00 90 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 cc 36 cb 5d a9 44 e6 4f 79 83 8f 34 f1 6d b8 13 3a 9e c9 83 08 d8 88 6b ef b7 a5 ad 98 ea 41

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%.6.].D.Oy..4.m..:......k......A


C:\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui unknown 24 a0 2b 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.+..........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\hr-HR\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 cc 36 cb 5d a9 44 e6 4f 79 83 8f 34 f1 6d b8 13 3a 9e c9 83 08 d8 88 6b ef b7 a5 ad 98 ea 41





C:\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui unknown 24 98 2b 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 83 31 72 18 c1 a0 3d 69 c4 be b0 6b d4 e7 b9 ad 3e f6 a2 bb 02 2e ba 5d 9a 77 33 3f e5 73





C:\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui unknown 24 a0 35 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\hu-HU\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 83 31 72 18 c1 a0 3d 69 c4 be b0 6b d4 e7 b9 ad 3e f6 a2 bb 02 2e ba 5d 9a 77 33 3f e5 73



C:\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui unknown 24 a0 35 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml unknown 8192 5f 34 db 3b 0d 54 c8 7f 9c b7 4e 97 2e 1c a6 92 3c 5b c5 df 7a fe ee 31 69 68 26 ea 64 3c 36 fb 47 e2 ff 96 04 1a 96 9d 3f e4 22 99 c9 bf 8c f3 12 fd 41 0f 75 55 19 6a d2 f2 d5 76 2a 27 f4 2b a3 39 f6 38 8c 99 22 c6 9a b9 41 7c ea 1c a9 7b 0e 56 46 ed c4 0d 66 07 ef b5 a0 f4 08 39 31 92 d5 b8 c0 fe 93 c7 c6 78 e0 f4 a9 c0 1f aa 46 55 0a cf d0 96 91 9d 21 d5 e1 68 1f fc 71 70 2b 60 15 82 61 4d db 07 fb 7c 99 91 fe 2f b5 b5 b2 c2 85 e7 eb f3 00 bf b7 0e b9 54 a5 8b c5 8d 79 0e ee e1 0b 67 ee b0 59 32 3a 83 a2 b9 38 f7 92 54 4c 40 3d 39 61 02 38 15 13 1f 27 be 9c 60 7c e9 1f 01 44 a6 52 b3 7e e6 54 49 8b c3 74 5f 5f d9 19 8c 3d 96 fa 2e 79 05 5b d9 7d 4c a7 df 35 d8 09 52 31 ef 8f 83 02 cd 96 c0 7e 3c 86 50 d6 4d bf 8e eb 96 69 8e 3c bc 9c bd 31 75 00 69 99

_4.;.T....N.....<[..z..1ih&.d<6.G.......?.".......A.uU.j...v*'.+.9.8.."...A|...{.VF...f......91........x......FU......!..h..qp+`..aM...|.../.............T....y....g..Y2:...8..TL@=9a.8...'..`|...D.R.~.TI..t__...=...y.[.}L..5..R1.......~<.P.M....i.<...1u.i.


C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml unknown 24 ca 31 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\IdentityCRL\INT\Recovery_Instructions.html

unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 de 48 32 29 2e 21 5c 0f 0d 85 7c 81 28 8c 9c 7e 75 f5 21 0c 32 cc ea 88 e2 e1 0b 6d 04 40 4f





C:\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui unknown 24 a0 b3 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml

unknown 8192 5f 34 db 3b 0d 54 c8 7f 9c b7 4e 97 2e 1c a6 92 3c 5b c5 df 7a fe ee 31 69 68 26 ea 64 3c 36 fb 47 e2 ff 96 04 1a 96 9d 3f e4 22 99 c9 bf 8c f3 12 fd 41 0f 75 55 19 6a d2 f2 d5 76 2a 27 f4 2b a3 39 f6 38 8c 99 22 c6 9a b9 41 7c ea 1c a9 7b 0e 56 46 ed c4 0d 66 07 ef b5 a0 f4 08 39 31 92 d5 b8 c0 fe 93 c7 c6 78 e0 f4 a9 c0 1f aa 46 55 0a cf d0 96 91 9d 21 d5 e1 68 1f fc 71 70 2b 60 15 82 61 4d db 07 fb 7c 99 91 fe 2f b5 b5 b2 c2 85 e7 eb f3 00 bf b7 0e b9 54 a5 8b c5 8d 79 0e ee e1 0b 67 ee b0 59 32 3a 83 a2 b9 38 f7 92 54 4c 40 3d 39 61 02 38 15 13 1f 27 be 9c 60 7c e9 1f 01 44 a6 52 b3 7e e6 54 49 8b c3 74 5f 5f d9 19 8c 3d 96 fa 2e 79 05 5b d9 7d 4c a7 df 35 d8 09 52 31 ef 8f 83 02 cd 96 c0 7e 3c 86 50 d6 4d bf 8e eb 96 69 8e 3c bc 9c bd 31 75 00 69 99

_4.;.T....N.....<[..z..1ih&.d<6.G.......?.".......A.uU.j...v*'.+.9.8.."...A|...{.VF...f......91........x......FU......!..h..qp+`..aM...|.../.............T....y....g..Y2:...8..TL@=9a.8...'..`|...D.R.~.TI..t__...=...y.[.}L..5..R1.......~<.P.M....i.<...1u.i.





unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8




unknown 24 b2 30 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5





C:\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui unknown 24 98 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\it-IT\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5



C:\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui unknown 24 98 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs

unknown 8192 0c 0d 82 55 65 cb 19 be d3 c0 cc 4b f3 aa 31 e6 19 ca a4 75 b4 82 13 02 bc a3 dc 94 58 d7 dd eb 64 95 29 9b b0 1b 65 71 5a e5 2d 3f d4 d0 e5 46 41 13 f6 ea 51 e1 5e 9c 0d 59 ef 2c 0a 23 bb 4c c4 b8 91 8d d2 42 72 fd 8f 06 08 c8 b4 f9 f3 66 a6 8e 62 58 5a 9a 35 c7 4b 76 c8 11 87 4f 63 be e6 85 d4 51 ed 73 d4 01 59 c3 0e 64 03 7e 56 35 6a 29 ad 8e 38 45 68 5b ee 43 69 55 d7 52 bc d5 70 d9 a5 d6 53 89 35 e5 af e7 d4 89 ec 29 d1 6a cb 9d 03 53 4f b9 d5 57 da 2f 29 fb 49 0e 51 74 06 38 ae d2 e2 a3 ca f5 04 b9 c8 f2 fb 25 64 65 db 49 e0 49 f2 4f 24 d8 a4 fd 55 a2 b3 96 79 a4 0c 60 b9 f2 ce 37 d4 a8 1a a2 e5 45 11 80 2c f0 c9 0f 3e dd b6 22 a6 60 32 07 8f d9 97 c9 70 b6 f2 3b 81 a3 95 bf 86 49 74 37 61 e5 40 32 86 d8 2b 62 88 bc ec 32 a0 07 81 b5 26 7c 28 f9 ca

...Ue......K..1....u........X.

..d.)...eqZ.-?...FA...Q.^..Y.,

.#.L.....Br........f..bXZ.5.Kv

...Oc....Q.s..Y..d.~V5j)..8Eh[.CiU.R..p...S.5......).j...SO..W./).I.Qt.8...........%de.I.I.O$...U...y..`...7.....E..,...>..".`2.....p..;.....It7a.@2..+b...2....&|(..


C:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 a2 a5 0d b6 5e aa 53 93 91 5d 91 bf 2d 05 3e 6d c6 39 ad 15 bb c6 8b d3 ce 02 cd e5 01 f0 41





C:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui unknown 24 a0 b1 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00







unknown 24 00 00 14 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 76 6e 7a b8 a2 91 ad 39 0a 07 5f 59 92 0b 8d 48 37 47 84 1c 6d 4d 66 05 4b a8 1a 9b a7 90 96

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%vnz....9.._Y...H7G..mMf.K......


C:\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui unknown 24 a0 09 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\ja-JP\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





...Ue......K..1....u........X.

..d.)...eqZ.-?...FA...Q.^..Y.,

.#.L.....Br........f..bXZ.5.Kv





C:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 76 6e 7a b8 a2 91 ad 39 0a 07 5f 59 92 0b 8d 48 37 47 84 1c 6d 4d 66 05 4b a8 1a 9b a7 90 96

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%vnz....9.._Y...H7G..mMf.K......


C:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui unknown 24 a0 09 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00









unknown 24 00 00 14 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 ad 45 b4 71 16 4b f2 53 d9 c4 a2 68 77 97 aa ec 84 93 ab 0a e1 2e 10 f9 9f 37 f4 91 79 66 ab

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%.E.q.K.S...hw............7..yf.




C:\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui unknown 24 a0 a7 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 75 a9 6a ca 77 26 da 25 9f e9 1c 00 32 c3 4c 75 85 c6 00 d0 81 b0 db 70 6b 47 41 e5 98 99 43

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%u.j.w&.%....2.Lu.......pkGA...C




C:\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui unknown 24 a0 07 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\ko-KR\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 75 a9 6a ca 77 26 da 25 9f e9 1c 00 32 c3 4c 75 85 c6 00 d0 81 b0 db 70 6b 47 41 e5 98 99 43

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%u.j.w&.%....2.Lu.......pkGA...C


C:\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui unknown 24 98 07 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm unknown 8192 f2 d2 73 ae cb 4a 03 57 5c b4 dc a9 a8 29 e3 7a f8 01 23 f7 9f 87 7b 6f b7 98 60 37 75 b2 cf be 0a 4e d9 d5 b6 8d f4 1e 10 5b 2e 7b f1 d1 d7 87 2d c3 d4 d1 0b 3e e3 5b 47 1e 17 ac 6d 64 aa 8a d6 66 86 b4 c0 93 d4 9a 6d 60 96 4b 91 8e b6 45 45 ca 7c 39 05 ad c4 40 d4 b9 c6 35 e1 ef 0b 2a 5a ee 09 11 4c 96 1c 3e e9 43 d0 f2 4a 83 96 28 18 89 c0 f1 49 ba d5 38 fe 35 09 29 ba fe fb 89 ee 26 b1 15 04 c8 88 63 e1 15 f8 1f 2f 77 49 eb 77 c7 62 14 d7 26 d3 e4 8c 26 eb 05 3c 45 b6 f0 44 2e 85 07 37 64 22 3c 0d f2 6f 69 bd 95 1f c0 6a c1 56 8f 22 aa 87 0b 99 9a 60 b9 d2 5b c6 61 66 b9 6a 19 f7 8e 68 24 17 f2 0b 04 79 4a 81 71 d9 90 0a c2 1b ee 26 e9 d8 e3 9e 53 bc 3a c7 91 18 d3 18 a3 19 de 92 11 23 b8 cb f2 d6 0e 2a 12 91 68 50 01 4a 1f d2 c7 d2 51 0b 42 17 c9 b1

..s..J.W\....).z..#...{o..`7u.

...N.......[.{....-....>.[G...md...f......m`.K...EE.|[email protected]...*Z...L..>.C..J..(....I..8.5.).....&.....c..../wI.w.b..&...&..<E..D...7d"<..oi....j.V.".....`..[.af.j...h$....yJ.q......&....S.:..........#.....*..hP.J....Q.B...


C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm unknown 24 00 40 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 ad 45 b4 71 16 4b f2 53 d9 c4 a2 68 77 97 aa ec 84 93 ab 0a e1 2e 10 f9 9f 37 f4 91 79 66 ab

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%.E.q.K.S...hw............7..yf.


C:\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui unknown 24 a0 a7 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp

unknown 8192 36 1e bf 6d 49 c7 c5 fa 29 8a 35 4d 22 ef fe 2a 09 3b 5b 6f 97 50 f8 50 43 52 bb b8 cf c0 c5 89 4f 6a 2e b0 6f 33 53 14 47 ab b8 96 07 7c 9a d2 e8 ab f3 e0 15 59 07 a9 ba 88 87 c3 6c 33 24 37 eb df 2b d9 d8 76 6d 9c a7 eb 35 3e 49 3d 34 70 93 d5 fe de dc dd 3d c1 fd fe 59 ab 73 65 50 83 2a c1 af 0c 99 7f a5 fa e9 f0 d0 6f 38 f3 8d de 96 39 7a 06 c7 b6 5e 83 95 c6 1b b4 0e 16 a0 5f 06 33 dc 9d 7f ca b8 ae 11 f9 26 6c 18 43 d7 37 e7 f6 b2 38 25 37 09 88 02 d9 58 4e e4 0e 19 6f e0 bc c0 bd 1a 29 a1 3e 20 a0 29 78 3f 4a 8a 75 0f 05 08 f4 8f 77 3e 00 ac 95 36 53 c9 67 43 25 80 65 7e f4 c7 1a ce 39 c5 ef 99 8d 38 d7 5c 04 95 a6 13 10 53 1f d3 bb f1 e3 43 37 ca 05 10 85 13 e1 a4 87 46 41 37 0d a4 d2 20 1c 82 f7 63 cc 26 7f 92 1f a4 de a3 ce 31 e2 c0 9a 63 48 e6

6..mI...).5M"..*.;[o.P.PCR......Oj..o3S.G....|.......Y......l3$7..+..vm...5>I=4p......=...Y.seP.*..........o8....9z...^........_.3........&l.C.7...8%7....XN...o.....).> .)x?J.u.....w>...6S.gC%.e~....9....8.\.....S.....C7........FA7... ...c.&.......1...cH.







unknown 24 00 20 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 9a 87 a3 fe f5 32 09 f1 dc cd 57 80 d9 94 12 c6 96 aa 3f 51 65 58 3e d3 90 34 0b 60 25 0c fb



C:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui unknown 24 a0 29 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\lt-LT\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx

unknown 8192 e5 bf 88 f9 3c c7 8d 2f 6d 87 17 ce 2e c3 51 14 14 34 81 fe 7e 3d 32 8c 24 e9 74 06 51 b2 05 bf 8d 99 eb 99 62 56 44 7a 60 0d bd 77 95 da c8 1c 6c 37 27 04 73 87 3b b6 3f e9 54 e7 14 a2 13 5f 9b e7 17 2b a0 8d 2c ea f3 ad b1 5f c3 a4 d6 c2 e8 e3 a0 45 09 0c 40 b4 68 99 fc 8c e2 cb 50 c9 fe ae 73 45 53 82 49 77 2d ef e1 b9 92 64 5e 67 a7 d3 e5 5b 47 8b 10 55 67 0f 35 77 ca b9 67 e5 83 4d 07 3c cc 83 7e f7 3f 54 cd 67 a9 4b 45 19 99 87 c5 46 8d 0d c6 58 07 39 53 9a 76 09 83 cf 5e 4a df 89 36 83 18 0a fe 9c 3c ea 60 fb ce d4 be 6c 18 aa c9 84 f9 af 5d 04 c4 28 42 a8 29 f2 2b 94 4c 58 0b ab fc 16 ad af c7 c4 b9 e0 a0 16 1d e6 06 e3 5e 59 d8 e8 8f c1 90 68 13 0b 31 92 4f fc 48 81 81 ca 13 3b 40 9d 7c 6b f4 f3 73 7b ee bb be ba 1f b3 a3 a9 3c 14 2a 54 d5 e5 b5

....<../m.....Q..4..~=2.$.t.Q.

......bVDz`..w....l7'.s.;.?.T.

..._...+..,[email protected].

....P...sES.Iw-....d^g...[G..Ug.5w..g..M.<..~.?T.g.KE....F...X.9S.v...^J..6.....<.`....l......]..(B.).+.LX................^Y.....h..1.O.H....;@.|k..s{........<.*T...




C:\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 9a 87 a3 fe f5 32 09 f1 dc cd 57 80 d9 94 12 c6 96 aa 3f 51 65 58 3e d3 90 34 0b 60 25 0c fb



C:\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui unknown 24 98 29 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00









unknown 24 00 00 10 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 9a 87 a3 fe f5 32 09 f1 dc cd 57 80 d9 94 12 c6 96 aa 3f 51 65 58 3e d3 90 34 0b 60 25 0c fb





C:\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui unknown 24 a0 29 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\lv-LV\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx

unknown 8192 6b 23 8a 9d 54 3d 1f 0c 1a 91 bc 6b 44 9b 4c 94 66 f0 0c d2 a5 72 6d 8c 11 ad d3 22 02 b5 83 95 25 0d b7 c5 42 6f bd 49 ed 2d 20 38 de 25 a0 67 ef c0 36 fd 2e 15 95 58 60 91 1f 97 bc 46 5d 77 a2 0f f2 c1 d3 40 c5 12 cc 48 76 2b 4d 3a 5f 48 b0 26 11 4e 0e 92 8e ac 8b de 62 d9 35 6e b1 be b2 bb 6c 50 4d c0 65 c6 a8 69 99 0c 5e f3 b4 04 94 6d 05 69 73 ae 27 65 e6 ef 73 57 0e 0a fa 23 b2 3d dc 3f 11 de 09 cd 13 b7 62 01 8b 57 1f 2b 2c d0 5c f2 a2 8f 53 81 7f 88 26 08 8a 39 88 22 19 7a e3 c1 8f ea f9 67 ca 48 b6 70 11 b6 a4 1c 31 f5 48 99 89 8e ef 32 7f 68 bc 40 bd b7 62 46 69 f2 3c a3 b8 64 05 e5 d8 d5 53 e0 ed 06 61 46 af e2 45 59 a7 33 f7 14 d9 f4 e7 21 d5 f1 b5 00 be 9c 51 e0 2f b7 ef a5 05 30 76 54 a1 01 33 5b 22 b3 61 0d 59 c5 4a fd 52 29 76 0c 18 23 a3

k#..T=.....kD.L.f....rm...."....%...Bo.I.- 8.%.g..6....X`....F][email protected]+M:_H.&.N......b.5n....lPM.e..i..^....m.is.'e..sW...#.=.?......b..W.+,.\...S...&..9."[email protected].<..d....S...aF..EY.3.....!......Q./....0vT..3[".a.Y.J.R)v..#.


C:\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 9a 87 a3 fe f5 32 09 f1 dc cd 57 80 d9 94 12 c6 96 aa 3f 51 65 58 3e d3 90 34 0b 60 25 0c fb





C:\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui unknown 24 98 29 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00







unknown 24 00 00 10 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\memtest.efi unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 17 da 56 d2 53 bc 9e 1d 9d 68 31 11 1a 96 ad 64 69 de 77 98 4d 24 6c f0 e1 c8 a4 3d a3 31 49 f7 ef 24 c1 29 da 5a fb 1f 84 1d b8 46 52 d0 d9 50 ac 0e d1 1d f4 e2 aa 6f 56 29 d1 03 5f 9a 06 e7 e7 28 f7 f9 df 9c 1f 8c 79 1c 94 b4 45 e1 34 34 2b 03 18 a1 62 3c b5 90 12 47 34 83 f5 ff b4 a2 87 c4 b2 a4 02 fd b2 e0 fd 9a 3e 2c 0f c4 b8 67 e8 09 f7 38 b8 22 ca 0e 6a b9 2f b3 46 45 79 5d 15 33 15 05 ad a7 c9 d0 fd f3 24 67 bb 8e 51 44 13 a2 81 54 5f 3b 02 ce 09 62 26 6f ef 5d 2c ec 33 b0 f1 70 24 7b cc 6f d5 4d 62 50 8d ca 3b 4b 5d 71 c0 a3 4f 9c a0 55 70 65 d5 5f 26 56 55 6e e1 4c 8c 8f 28 e6 36 4c c8 99 03 4f a9 cb c7

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$l....=.1I..$.).Z.....FR..P.......oV).._....(......y...E.44+...b<...G4...............>,...g...8."..j./.FEy].3........$g..QD...T_;...b&o.],.3..p${.o.MbP..;K]q..O..Upe._&VUn.L..(.6L...O...


C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk unknown 8192 09 c6 e3 d4 87 19 84 14 02 31 4a 98 5c 12 99 1d 06 10 b9 dd 9f 82 70 e2 8d 90 32 3e 5c 92 07 ef 40 b4 1f e5 3b 21 5d 90 32 dd 9a f5 7d 01 97 cb 59 7c 9a 71 37 b4 62 5a e2 df 2e 6f c9 4d 97 d7 84 e0 ed 78 19 ef 6e 13 cc 27 d5 b4 ca ad a8 57 c2 03 47 eb 1d 0b 11 ea 00 86 67 b1 2f b8 e8 79 ba d6 0d 5e 6d 50 5d 16 97 0e 6d e7 36 13 a8 70 de a1 0b ae 4d e8 58 a6 34 48 c7 dd 58 01 8d 0c b2 e6 c4 9e 1c aa 45 23 2c 06 43 ed 1a 8a 39 5a 9b 2a 1c e2 a6 2c 1a ea 97 df 14 80 a0 67 52 76 5d cc fd 3b 65 e8 4c 5a 63 f8 6e 60 72 51 68 00 f2 0d 1a 5c fe 71 35 ca 1f 0d 6e dd 2e 98 dd 61 65 b5 fd ee cf ed 5f a4 ad da 56 74 77 a6 4f f3 52 f8 3a ac e5 47 36 16 1b 3d 35 43 94 73 02 de 56 95 07 dc d7 d4 f3 9d 88 fb 83 b3 0d c5 85 73 9d 8b a8 21 e0 c0 69 95 48 52 cf d2 ce b8 07

.........1J.\.........p...2>\.

..@...;!].2...}...Y|.q7.bZ...o

.M.....x..n..'.....W..G.......g./..y...^mP]...m.6..p....M.X.4H..X.........E#,.C...9Z.*...,.......gRv]..;e.LZc.n`rQh....\.q5...n....ae....._...Vtw.O.R.:..G6..=5C.s..V..............s...!..i.HR.....




C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk unknown 24 00 20 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\memtest.efi unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\memtest.efi unknown 24 98 d7 10 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00






...Ue......K..1....u........X.

..d.)...eqZ.-?...FA...Q.^..Y.,

.#.L.....Br........f..bXZ.5.Kv








unknown 24 00 00 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\nb-NO\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 9a 87 a3 fe f5 32 09 f1 dc cd 57 80 d9 94 12 c6 96 aa 3f 51 65 58 3e d3 90 34 0b 60 25 0c fb



C:\EFI\Microsoft\Boot\nb-NO\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\nb-NO\bootmgfw.efi.mui unknown 24 98 29 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\nb-NO\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





...Ue......K..1....u........X.

..d.)...eqZ.-?...FA...Q.^..Y.,

.#.L.....Br........f..bXZ.5.Kv










unknown 24 00 00 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\nb-NO\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 9a 87 a3 fe f5 32 09 f1 dc cd 57 80 d9 94 12 c6 96 aa 3f 51 65 58 3e d3 90 34 0b 60 25 0c fb





C:\EFI\Microsoft\Boot\nb-NO\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\nb-NO\bootmgr.efi.mui unknown 24 a0 29 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db

unknown 8192 88 42 16 71 19 fb 9a e0 5f a2 1b 7e 33 12 96 bc 51 72 dc b3 f7 ec f5 af 22 2a de d9 bf 47 aa b7 c5 8c fd 27 e2 47 04 5f db 36 2b a5 2c 15 e5 fb 75 a6 87 8e 41 3b 3f 03 f7 57 cd 14 6a 3d fe 33 48 db e7 42 10 21 8d b6 d8 59 68 16 bc 72 d6 f9 5e d1 7d 70 2b 37 76 e8 b5 8c 56 86 61 85 7e 2e 8c 22 79 af 5c 63 5a 32 7d 2c 16 e7 57 85 cf 01 66 91 2c 64 75 d0 b2 06 c9 af c2 9a 44 08 37 f3 5e a6 c8 81 a6 a6 e5 d6 fd 30 f6 95 e3 34 cf af 75 ba 73 57 33 55 67 df 79 de e7 88 05 64 b8 5c 70 97 b1 e4 45 05 d7 46 ba 52 e5 f6 45 62 d1 67 2e 12 bd c9 85 d3 54 97 99 5f b5 85 10 0e 9f 3d 3b 7c 17 4f 05 44 f4 bd d9 7e f9 1e 11 6e 5e de 40 7e 87 64 37 74 77 cc ab 45 16 21 2b c7 99 98 69 59 e3 ba c1 8d c0 da c2 67 20 69 65 73 b8 a6 90 f1 c6 11 73 71 c4 6f e9 cb fa 09 85 06 21

.B.q...._..~3...Qr......"*...G

.....'.G._.6+.,...u...A;?..W..j=.3H..B.!...Yh..r..^.}p+7v...V.a.~.."y.\cZ2},..W...f.,du.......D.7.^........0...4..u.sW3Ug.y....d.\p...E..F.R..Eb.g......T.._.....=;|.O.D...~...n^.@~.d7tw..E.!+...iY.......g ies......sq.o......!









unknown 24 00 00 03 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\nb-NO\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 a2 a5 0d b6 5e aa 53 93 91 5d 91 bf 2d 05 3e 6d c6 39 ad 15 bb c6 8b d3 ce 02 cd e5 01 f0 41





C:\EFI\Microsoft\Boot\nb-NO\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\nb-NO\memtest.efi.mui unknown 24 a0 b1 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\nl-NL\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 d2 7f cc fd aa 74 e2 ce 72 cf ef b2 53 81 c6 05 2c c7 5b 29 6e ca 97 b9 c2 66 be 77 3e c3 9a

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%.....t..r...S...,.[)n....f.w>..




C:\EFI\Microsoft\Boot\nl-NL\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\nl-NL\bootmgfw.efi.mui unknown 24 a0 31 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\nl-NL\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\nl-NL\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 d2 7f cc fd aa 74 e2 ce 72 cf ef b2 53 81 c6 05 2c c7 5b 29 6e ca 97 b9 c2 66 be 77 3e c3 9a



C:\EFI\Microsoft\Boot\nl-NL\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\nl-NL\bootmgr.efi.mui unknown 24 a0 31 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 a2 a5 0d b6 5e aa 53 93 91 5d 91 bf 2d 05 3e 6d c6 39 ad 15 bb c6 8b d3 ce 02 cd e5 01 f0 41



C:\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui unknown 24 a0 b1 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\pl-PL\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 d2 7f cc fd aa 74 e2 ce 72 cf ef b2 53 81 c6 05 2c c7 5b 29 6e ca 97 b9 c2 66 be 77 3e c3 9a



C:\EFI\Microsoft\Boot\pl-PL\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\pl-PL\bootmgfw.efi.mui unknown 24 98 31 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\pl-PL\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\EFI\Microsoft\Boot\pl-PL\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 d2 7f cc fd aa 74 e2 ce 72 cf ef b2 53 81 c6 05 2c c7 5b 29 6e ca 97 b9 c2 66 be 77 3e c3 9a





C:\EFI\Microsoft\Boot\pl-PL\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\pl-PL\bootmgr.efi.mui unknown 24 98 31 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\pl-PL\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 de 48 32 29 2e 21 5c 0f 0d 85 7c 81 28 8c 9c 7e 75 f5 21 0c 32 cc ea 88 e2 e1 0b 6d 04 40 4f





C:\EFI\Microsoft\Boot\pl-PL\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\pl-PL\memtest.efi.mui unknown 24 a0 b3 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\pt-BR\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5





C:\EFI\Microsoft\Boot\pt-BR\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\pt-BR\bootmgfw.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\pt-BR\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5



C:\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\pt-BR\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 a2 a5 0d b6 5e aa 53 93 91 5d 91 bf 2d 05 3e 6d c6 39 ad 15 bb c6 8b d3 ce 02 cd e5 01 f0 41



C:\EFI\Microsoft\Boot\pt-BR\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\pt-BR\memtest.efi.mui unknown 24 a0 b1 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00









unknown 24 00 00 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5





C:\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\pt-PT\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\ProgramData\Microsoft\User Account Pictures\guest.bmp unknown 8192 42 03 51 f9 48 6f e7 01 57 a4 2c 9d c9 aa 5e 80 cf 47 dd b4 2b 91 88 c6 df e2 29 e1 88 69 25 4c 63 80 93 2d 29 dd fa 8e cc b1 1b 84 79 fd 89 02 78 8b 86 c1 44 a6 10 68 c2 41 9d 2b d4 2d af 05 e4 99 f9 6d 6d 0e ef ef c0 10 28 d3 d4 f7 03 d5 d1 92 9e 8f 48 4d 78 eb 68 30 2c 6d 3b 68 8f b5 7a 8e 3a db c8 6e 6b f0 1b c6 0e 67 07 37 e3 ae 20 58 2a e8 b6 83 49 81 ec 4a ec a9 30 3c 8d d7 f6 36 d6 b0 ca 3f 51 58 6b 42 5e 2a a0 a1 f8 a4 b8 ea 4c 4e 87 b3 27 ce 98 06 6a 95 e1 3c 0c 5b aa 5b 4b 52 38 b2 74 71 82 e1 34 5b 52 39 25 db 49 bc e0 ea 16 76 a1 91 f2 27 2d e5 c9 4f c2 61 5d 16 d6 8d fd b9 0d 8c f3 3d e1 3b 5e ef e8 9f 89 94 e4 d4 b4 e8 a1 15 9e 9c 33 a9 93 72 59 65 63 74 5c 4d e4 c8 d3 63 ca 3f f0 59 12 c6 6d 84 14 07 61 64 5a bc fe ad f1 34 42 8b d0 30 56

B.Q.Ho..W.,...^..G..+.....)..i%Lc..-).......y...x...D..h.A.+.-.....mm.....(.........HMx.h0,m;h..z.:..nk....g.7.. X*...I..J..0<...6...?QXkB^*......LN..'...j..<.[.[KR8.tq..4[R9%.I....v...'-..O.a]........=.;^.............3..rYect\M...c.?.Y..m...adZ....4B..0V


C:\ProgramData\Microsoft\User Account Pictures\guest.bmp unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\User Account Pictures\guest.bmp unknown 24 38 30 09 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

80..........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\pt-PT\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5



C:\EFI\Microsoft\Boot\pt-PT\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\pt-PT\bootmgr.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\User Account Pictures\guest.png unknown 8192 7a 35 c6 25 96 80 da 1e 2b e2 42 be 29 0c 0b 90 a8 dc 84 cd 19 d7 21 37 3b 4a 72 8c 81 04 20 a1 8f 78 5c 02 93 e1 c6 26 8a 81 39 47 87 52 17 85 68 a4 04 c5 c3 48 d7 86 8f a2 50 a6 fc af 06 54 79 e0 3e be 0f 9e 9c c7 c2 9b 04 0f 91 45 9c df 12 e7 a7 f8 c9 99 d5 8b 19 c1 7c 0e d0 d6 d1 dc 7c f2 ca ec bb e0 74 41 a5 37 cd 24 c1 3b 36 89 a8 13 e5 9f 76 16 00 30 12 2c cd a0 c8 09 bd 05 46 3d 15 82 40 b9 9a 9e 30 b1 92 f1 f1 74 35 a5 03 11 ea dc e5 9f c0 20 f5 6a 7f c5 b1 8e 5a 14 48 b1 44 11 b1 d2 b9 b3 c1 46 8f 87 f7 99 6c a7 f1 7d 81 9f b9 92 a9 7a 12 89 fc 9c 5f 0c ef c2 68 9e 86 17 1c 19 d5 f7 b8 12 be 34 86 af da 91 40 48 1a 37 39 2e 92 3f f0 92 fe 49 90 c1 8c 66 74 f9 65 1d 83 40 3e ce 0e 32 78 cc 42 25 b3 4d bc 24 59 33 94 00 0f 59 42 63 aa 2e 1f 75 b9

z5.%....+.B.).........!7;Jr... ..x\....&..9G.R..h....H....P....Ty.>..........E............|.....|.....tA.7.$.;6.....v..0.,[email protected]........ .j....Z.H.D......F....l..}[email protected]..?...I...ft.e..@>..2x.B%.M.$Y3...YBc...u.


C:\ProgramData\Microsoft\User Account Pictures\guest.png unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\User Account Pictures\guest.png unknown 24 18 15 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\pt-PT\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 de 48 32 29 2e 21 5c 0f 0d 85 7c 81 28 8c 9c 7e 75 f5 21 0c 32 cc ea 88 e2 e1 0b 6d 04 40 4f



C:\EFI\Microsoft\Boot\pt-PT\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\pt-PT\memtest.efi.mui unknown 24 98 b3 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\User Account Pictures\user.dat unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\User Account Pictures\user.dat unknown 24 00 00 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\qps-ploc\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 32 5b 9c 70 ed 63 c7 e1 2c 91 4e 98 36 65 1d 6e d3 40 a4 7a 4a fe 7e 89 65 c8 05 4a 80 45 2d

...I}.1!.L......>l?.%...0.h8m.3....S..)[email protected]$.O....>.mj..z..........f.3.^..%&..1FIU...j...u..Zz.......wt=v...lN...?.Km.;.....qlk...TG...WJHS.._u...T...]e...H?7. .?....7...'sjs..N.'......w..U......?..^.t.......I.n.}.%2[.p.c..,[email protected].~.e..J.E-




C:\EFI\Microsoft\Boot\qps-ploc\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\qps-ploc\memtest.efi.mui unknown 24 a0 d3 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\qps-ploc\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\ProgramData\Microsoft\User Account Pictures\pratesh.dat unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\User Account Pictures\pratesh.dat unknown 24 00 00 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\ro-RO\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 cc 36 cb 5d a9 44 e6 4f 79 83 8f 34 f1 6d b8 13 3a 9e c9 83 08 d8 88 6b ef b7 a5 ad 98 ea 41





C:\EFI\Microsoft\Boot\ro-RO\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ro-RO\bootmgfw.efi.mui unknown 24 a0 2b 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\ro-RO\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\ProgramData\Microsoft\User Account Pictures\user-192.png unknown 8192 7a 35 c6 25 96 80 da 1e 2b e2 42 be 29 0c 0b 90 a5 fd b3 fe 8a 26 bc ed 1a 76 05 98 00 6a 2b bf 17 57 ee fe ad bb ed 83 bb 69 74 e8 28 12 9a 81 37 9c 11 8f 51 c9 9a 21 e1 4d cd 75 3e 1f d5 f3 f2 d5 a1 21 6d 22 83 a4 17 22 86 57 96 ea 8e 00 8c 20 95 d7 dd 81 d5 a9 6e 07 85 1e 5e 5e 69 7f 1d a2 8e 19 51 e5 f3 d9 70 6d 35 f3 49 a6 9e 10 e0 9b c3 1c 52 4b 8c 46 2e eb 5f db 77 9a d5 fa d0 8e 81 f0 c0 f1 49 0d 87 f9 14 26 88 a1 b5 0d 89 e9 1a f4 b2 9c cf 85 25 b5 68 12 11 bc c3 6c 7a 6d ef 90 b5 13 9c fa 73 6b 0b 2b 30 b9 bc b1 5c b8 f2 36 64 94 1e 61 e7 b2 a3 7d 26 8a 02 4c a1 2a 16 01 87 f1 9f 0a 64 86 3a 6d 81 f6 97 3c 96 0c 02 44 7c f9 21 0a 97 22 31 a5 f1 f8 d8 80 67 ce 72 31 ac 1c 79 b4 7a 65 0f b2 7c 51 fd df f4 de 46 5a 64 4d ea b5 37 2c f3 98 ec 4c 4e

z5.%....+.B.)........&...v...j+..W.......it.(...7...Q..!.M.u>......!m"...".W..... ......n...^î.....Q...pm5.I.......RK.F.._.w.........I....&............%.h....lzm......sk.+0...\..6d..a...}&..L.*......d.:m...<...D|.!.."1.....g.r1..y.ze..|Q....FZdM..7,...LN


C:\ProgramData\Microsoft\User Account Pictures\user-192.png unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\User Account Pictures\user-192.png unknown 24 67 09 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

g...........,........... success or wait 1 F0677E WriteFile



C:\EFI\Microsoft\Boot\ro-RO\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 cc 36 cb 5d a9 44 e6 4f 79 83 8f 34 f1 6d b8 13 3a 9e c9 83 08 d8 88 6b ef b7 a5 ad 98 ea 41



C:\EFI\Microsoft\Boot\ro-RO\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ro-RO\bootmgr.efi.mui unknown 24 98 2b 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\User Account Pictures\user-32.png unknown 8192 7a 35 c6 25 96 80 da 1e 2b e2 42 be 29 0c 0b 90 bb 75 78 01 16 86 c0 ff 82 07 eb 14 69 e4 b5 6d 54 40 15 6f a7 04 ab 3a 90 fd 0a 6f 42 a5 6f 90 85 27 61 ee 24 b8 82 68 bf ea 9a 0b 42 3d a2 a4 8a 27 fe 7e 7a 6e 9a c9 c1 08 4d c9 5f 94 61 7b 29 29 80 67 4b 15 ca a6 7c 16 f1 12 a3 bf fa de df 74 fc 2c 8d 56 ea 19 40 58 d7 83 0d 40 67 9f 8b e9 55 8d 96 a2 24 33 6f fa 09 67 27 df 28 8d 17 fc d2 d5 59 40 70 07 fe bf 98 05 80 16 b9 fa f0 a6 3b ca 96 f1 f6 23 1b c6 5c 83 01 58 ba 6b 90 78 b8 d1 79 27 79 a6 68 b7 4e 51 18 67 a9 9e 29 33 6e 3e cf 04 54 b7 05 65 9d ac 6e 7f dd 30 36 3a 6e 4c e9 1f a7 f9 42 52 36 c5 4e 6e cd 28 6e bc 6c e2 87 9f 78 45 f1 10 f0 ed 19 7a bf 9c 0e a4 9d 9f 13 74 dd cc bd f5 cc e8 a3 e2 e3 7e c5 85 91 1e 38 44 71 f6 0f aa fc 96 dd 94 3b

z5.%....+.B.)[email protected]...:...oB.o..'a.$..h....B=...'.~zn....M._.a{)).gK...|........t.,.V..@[email protected]...$3o..g'.(.....Y@p...........;....#..\..X.k.x..y'y.h.NQ.g..)3n>..T..e..n..06:nL....BR6.Nn.(n.l...xE.....z.......t.........~....8Dq.......;





C:\ProgramData\Microsoft\User Account Pictures\user-32.png unknown 24 9f 01 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\ru-RU\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5



C:\EFI\Microsoft\Boot\ru-RU\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ru-RU\bootmgfw.efi.mui unknown 24 98 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\ru-RU\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\ProgramData\Microsoft\User Account Pictures\user-40.png unknown 8192 7a 35 c6 25 96 80 da 1e 2b e2 42 be 29 0c 0b 90 9c 6c 43 3f 03 c6 ae ce 8e c2 33 5f a4 e8 6d 26 3d 87 f2 80 0f a3 0b 6c f2 ed f3 30 8d d9 0b ea 8b 17 0e af cc db 17 5c 00 f7 1e c0 77 cf 59 18 00 dd 14 ca 6a 92 3b 90 46 d3 97 19 f1 b7 a5 48 21 04 6f b1 27 60 ba ca c6 06 fa a4 db a5 81 01 15 1a 2e 2c 5d be 12 04 0f 89 a8 ea 13 c8 91 8d 30 10 8f c7 be 00 5d f7 44 72 7d 8b a3 51 15 dd 9d 11 2e 32 3f 23 47 1c 7e 60 8f a9 8e 7b bc e5 f2 33 59 6b ec d4 bd c4 fc 29 a2 fe 03 b0 b7 17 a4 32 8c bc 39 ce 2b b7 67 0f d5 a8 0f 82 00 a8 2c a4 29 85 76 5e 91 c8 31 52 5f 87 fb 1b 7a c4 f5 61 1f 8f c1 ce 71 00 39 e8 a2 c8 87 73 ec 36 3a 39 33 1b ae 3c 87 e1 17 f0 cb 26 ea 61 b3 35 cf 1d c6 9a c1 8e 31 9c 19 3d 82 65 43 af d1 3a 78 de ee f5 9a 7c 9a 2f bb f8 8b 5b 17 d9 6d

z5.%....+.B.)....lC?......3_..m&=......l...0...........\....w.Y.....j.;.F......H!.o.'`.............,]...........0.....].Dr}..Q.....2?#G.~`...{...3Yk.....).......2..9.+.g.......,.).v^..1R_...z..a....q.9....s.6:93..<.....&.a.5......1..=.eC..:x....|./...[..m







C:\ProgramData\Microsoft\User Account Pictures\user-40.png unknown 24 b1 01 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\ru-RU\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5





C:\EFI\Microsoft\Boot\ru-RU\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ru-RU\bootmgr.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\ProgramData\Microsoft\User Account Pictures\user-48.png unknown 8192 7a 35 c6 25 96 80 da 1e 2b e2 42 be 29 0c 0b 90 6d 86 b7 49 97 35 4f 96 cb 21 83 cf 94 46 e9 16 80 1c 6f d4 4d c1 e5 66 e4 89 04 93 57 47 1f fd 60 d9 01 0f 6a 44 40 7c f1 6f 81 c8 4c 1f 6f a1 73 fa e1 36 e1 d9 47 72 89 d3 fa bc fa 94 db 7c 8a f8 bb cb 01 e2 41 6a a3 74 76 b4 cf 31 f2 97 a8 b2 f2 aa 49 fb 41 db c8 81 ff 2e 5a 28 08 73 7c 72 fa 33 c3 9b af 95 48 01 ae d0 24 cc 6b 25 5c 5c 77 65 fc 12 a4 e9 05 17 22 0f a8 94 93 4d 63 7f af 92 ed 22 67 db 8c 0e a7 53 28 c7 bf 9f 6c fa 8d d9 91 e7 ca a7 1e bc d3 09 47 ae f6 f4 11 37 2d 84 f7 47 33 20 b5 22 c2 db 7b da aa ae 23 17 f7 b9 4e 47 e4 ff 7d bb b5 06 2b ad 8e 3d b6 d3 2d 0f cd 4f cc a9 bb 90 fe 44 ea 7c 9d 7e 56 3c b2 5e 7b af 4b f4 fa 3b 34 d1 33 aa cf dd 89 63 92 b7 bd df fb 8b 28 fb 56 41 a3 d6 a0

z5.%....+.B.)...m..I.5O..!...F....o.M..f....WG..`...jD@|.o..L.o.s..6..Gr.......|......Aj.tv..1......I.A.....Z(.s|r.3....H...$.k%\\we......"....Mc...."g....S(...l...........G....7-..G3 ."..{...#...NG..}...+..=..-..O.....D.|.~V<.^{.K..;4.3....c......(.VA...







C:\ProgramData\Microsoft\User Account Pictures\user-48.png unknown 24 f5 01 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\ru-RU\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 40 a1 25 1a d6 77 be d9 f9 d9 7c 36 26 79 54 df 6a 24 fc a9 43 4f 86 b8 e1 bd c6 2d e9 f7 fc





C:\EFI\Microsoft\Boot\ru-RU\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\ru-RU\memtest.efi.mui unknown 24 a0 af 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\ProgramData\Microsoft\User Account Pictures\user.bmp unknown 8192 42 03 51 f9 48 6f e7 01 57 a4 2c 9d c9 aa 5e 80 cf 47 dd b4 2b 91 88 c6 df e2 29 e1 88 69 25 4c 63 80 93 2d 29 dd fa 8e cc b1 1b 84 79 fd 89 02 78 8b 86 c1 44 a6 10 68 c2 41 9d 2b d4 2d af 05 e4 99 f9 6d 6d 0e ef ef c0 10 28 d3 d4 f7 03 d5 d1 92 9e 8f 48 4d 78 eb 68 30 2c 6d 3b 68 8f b5 7a 8e 3a db c8 6e 6b f0 1b c6 0e 67 07 37 e3 ae 20 58 2a e8 b6 83 49 81 ec 4a ec a9 30 3c 8d d7 f6 36 d6 b0 ca 3f 51 58 6b 42 5e 2a a0 a1 f8 a4 b8 ea 4c 4e 87 b3 27 ce 98 06 6a 95 e1 3c 0c 5b aa 5b 4b 52 38 b2 74 71 82 e1 34 5b 52 39 25 db 49 bc e0 ea 16 76 a1 91 f2 27 2d e5 c9 4f c2 61 5d 16 d6 8d fd b9 0d 8c f3 3d e1 3b 5e ef e8 9f 89 94 e4 d4 b4 e8 a1 15 9e 9c 33 a9 93 72 59 65 63 74 5c 4d e4 c8 d3 63 ca 3f f0 59 12 c6 6d 84 14 07 61 64 5a bc fe ad f1 34 42 8b d0 30 56

B.Q.Ho..W.,...^..G..+.....)..i%Lc..-).......y...x...D..h.A.+.-.....mm.....(.........HMx.h0,m;h..z.:..nk....g.7.. X*...I..J..0<...6...?QXkB^*......LN..'...j..<.[.[KR8.tq..4[R9%.I....v...'-..O.a]........=.;^.............3..rYect\M...c.?.Y..m...adZ....4B..0V




C:\ProgramData\Microsoft\User Account Pictures\user.bmp unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\User Account Pictures\user.bmp unknown 24 38 30 09 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

80..........,........... success or wait 1 F0677E WriteFile

C:\EFI\Microsoft\Boot\sk-SK\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 a7 a9 86 fc d7 5d c7 28 37 c8 6e ce 42 b0 21 f0 44 44 2c d2 d5 20 5e 0e 66 50 8e f1 cb 28





C:\EFI\Microsoft\Boot\sk-SK\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\sk-SK\bootmgfw.efi.mui unknown 24 98 2f 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\sk-SK\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\ProgramData\Microsoft\User Account Pictures\user.png unknown 8192 7a 35 c6 25 96 80 da 1e 2b e2 42 be 29 0c 0b 90 a8 dc 84 cd 19 d7 21 37 3b 4a 72 8c 81 04 20 a1 8f 78 5c 02 93 e1 c6 26 8a 81 39 47 87 52 17 85 68 a4 04 c5 c3 48 d7 86 8f a2 50 a6 fc af 06 54 79 e0 3e be 0f 9e 9c c7 c2 9b 04 0f 91 45 9c df 12 e7 a7 f8 c9 99 d5 8b 19 c1 7c 0e d0 d6 d1 dc 7c f2 ca ec bb e0 74 41 a5 37 cd 24 c1 3b 36 89 a8 13 e5 9f 76 16 00 30 12 2c cd a0 c8 09 bd 05 46 3d 15 82 40 b9 9a 9e 30 b1 92 f1 f1 74 35 a5 03 11 ea dc e5 9f c0 20 f5 6a 7f c5 b1 8e 5a 14 48 b1 44 11 b1 d2 b9 b3 c1 46 8f 87 f7 99 6c a7 f1 7d 81 9f b9 92 a9 7a 12 89 fc 9c 5f 0c ef c2 68 9e 86 17 1c 19 d5 f7 b8 12 be 34 86 af da 91 40 48 1a 37 39 2e 92 3f f0 92 fe 49 90 c1 8c 66 74 f9 65 1d 83 40 3e ce 0e 32 78 cc 42 25 b3 4d bc 24 59 33 94 00 0f 59 42 63 aa 2e 1f 75 b9

z5.%....+.B.).........!7;Jr... ..x\....&..9G.R..h....H....P....Ty.>..........E............|.....|.....tA.7.$.;6.....v..0.,[email protected]........ .j....Z.H.D......F....l..}[email protected]..?...I...ft.e..@>..2x.B%.M.$Y3...YBc...u.


C:\ProgramData\Microsoft\User Account Pictures\user.png unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\User Account Pictures\user.png unknown 24 18 15 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\sk-SK\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 44 a7 a9 86 fc d7 5d c7 28 37 c8 6e ce 42 b0 21 f0 44 44 2c d2 d5 20 5e 0e 66 50 8e f1 cb 28



C:\EFI\Microsoft\Boot\sk-SK\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\sk-SK\bootmgr.efi.mui unknown 24 a0 2f 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\sl-SI\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5



C:\EFI\Microsoft\Boot\sl-SI\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\sl-SI\bootmgfw.efi.mui unknown 24 98 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\sl-SI\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78



C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml unknown 8192 5f 34 db 3b 0d 54 c8 7f 9c b7 4e 97 2e 1c a6 92 d8 1a 78 71 6e 52 2b fd 4f 9b 78 9b 49 71 8e c4 12 7a 41 b7 45 fe d3 50 60 bd d0 a2 ee b7 2a b6 fc c6 f5 fd c3 ed cb 04 07 12 5f e4 1d 93 5c 8c de 83 0a e7 0f 46 4f 7f 5f 82 7e ff 1e bf ca bb 00 cf 21 6d 43 05 38 b3 2a 3c b6 52 95 0d ea c4 11 67 99 f1 1c ff 84 ab ba 16 05 02 b9 56 bf 9e cc 3b 88 39 9d 93 09 d9 75 5b bb 49 0b e5 ea 13 2d f7 69 ec 40 ac 97 73 94 95 20 f4 c1 62 55 b4 f9 89 b8 a0 fb 54 b7 c3 9c ae 04 76 79 80 8d 81 99 13 4c 3b 8b 1c ff fe 48 32 a8 11 58 11 25 3f ad 96 1d d5 52 c1 68 38 1d 81 d8 e2 ca b5 71 18 b0 a0 a7 b9 ea 25 6f 1c a4 43 df 14 92 1e 92 e3 e7 4c 2c c4 3d 42 fb c7 ee 74 f9 f5 47 db 47 c9 3c bf bd 28 ea ce 16 51 9b f7 99 1f 89 09 d5 99 61 9d 13 6e 92 af 97 cd b0 01 79 74 86 56 c9

_4.;.T....N.......xqnR+.O.x.Iq...zA.E..P`.....*..........._...\......FO._.~.......!mC.8.*<.R.....g...........V...;.9....u[[email protected].. ..bU......T.....vy.....L;....H2..X.%?....R.h8......q......%o..C.......L,.=B...t..G.G.<..(...Q........a..n......yt.V.




C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml unknown 24 ef 4b 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00

.K..........,........... success or wait 1 F0677E WriteFile

C:\ProgramData\Microsoft\Windows\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\sl-SI\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5



C:\EFI\Microsoft\Boot\sl-SI\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\sl-SI\bootmgr.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db unknown 8192 52 e0 44 c7 88 0e b9 1c fa 92 2c 6a d0 02 1d d4 0e 63 54 5e 7c 18 e9 42 50 97 65 eb bc ca 31 45 73 05 d1 e1 66 97 25 d6 b3 c4 aa b3 90 37 50 40 11 8b 67 61 8b eb 96 2b 56 d1 12 bc d6 73 34 a3 ea 51 8f d0 7a f9 07 13 9d ac ad 14 e8 d3 21 52 3b 7d 2e e0 bd bd 7e b8 02 32 61 a0 f1 d2 d4 ec e9 c9 5e ae 3c e7 3e 28 94 b6 10 c4 3d 13 d5 6e 2f fb 86 1e 0f a5 ff b5 2f 82 7f 84 86 b9 86 e9 08 7f 8f 3a da 7d 65 18 26 39 0a 5a 57 ec 60 ff 61 34 8b 45 dc 94 45 53 58 d9 32 ca 82 eb ec b1 c6 92 89 dc 66 0e 71 aa 85 8c ea 71 0f 2b da 26 85 5f a6 22 f0 e5 b2 04 ea 3c a6 d0 dd 62 c4 c0 2c 62 20 bb 67 8f 80 f5 e2 d5 a3 8b 05 7c ff 06 72 ea 4a 7f aa 86 5a 9a 3c 52 b7 38 1e f3 61 37 59 cc 11 85 62 b1 94 4b 70 1b cd 92 d6 bf a3 42 fb e1 f4 4b d8 1f ff 7f 0a f7 d6 28 58 d0 d9

R.D.......,j.....cT^|..BP.e...1Es...f.%[email protected]...+V....s4..Q..z.........!R;}....~..2a.......^.<.>(....=..n/......./..........:.}e.&9.ZW.`.a4.E..ESX.2.........f.q....q.+.&._.".....<...b..,b .g........|..r.J...Z.<R.8..a7Y...b..Kp......B...K.......(X..


C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db unknown 24 00 40 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\Windows\Caches\Recovery_Instructions.html




C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5





C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgfw.efi.mui unknown 24 a0 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\sr-Latn-RS\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 74 9f c6 1f 85 6e e4 c4 dc 8b 83 96 cc 99 6c ba d8 83 b0 95 cc 45 b7 85 72 2f 2c 2c 24 75 e5



C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgr.efi.mui unknown 24 98 2d 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\Windows\ClipSVC\Recovery_Instructions.html




C:\EFI\Microsoft\Boot\sv-SE\bootmgfw.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 cc 36 cb 5d a9 44 e6 4f 79 83 8f 34 f1 6d b8 13 3a 9e c9 83 08 d8 88 6b ef b7 a5 ad 98 ea 41





C:\EFI\Microsoft\Boot\sv-SE\bootmgfw.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\sv-SE\bootmgfw.efi.mui unknown 24 98 2b 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00


C:\EFI\Microsoft\Boot\sv-SE\Recovery_Instructions.html unknown 4889 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 7d 0a 0a 68 31 2c 20 68 33 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 20 63 65 6e 74 65 72 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 0a 2f 2a 2d 2d 2d 2a 2f 0a 2e 74 61 62 73 31 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 74 61 62 73 31 20 2e 68 65 61 64 7b 0a 20 20 20 20 74 65 78





C:\EFI\Microsoft\Boot\sv-SE\bootmgr.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 cc 36 cb 5d a9 44 e6 4f 79 83 8f 34 f1 6d b8 13 3a 9e c9 83 08 d8 88 6b ef b7 a5 ad 98 ea 41



C:\EFI\Microsoft\Boot\sv-SE\bootmgr.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\sv-SE\bootmgr.efi.mui unknown 24 98 2b 01 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\EFI\Microsoft\Boot\sv-SE\memtest.efi.mui unknown 8192 91 b0 a6 49 7d 87 31 21 ea 4c f2 14 88 f2 ab 80 3e 6c 3f cb 25 a1 0e d8 30 16 68 38 6d bc 33 d5 0a 14 bb 53 f2 a6 29 88 06 74 40 59 73 9e c8 77 10 4c 0f 4b 24 c6 4f 8b 0e b1 1d 3e a3 6d 6a ac dc 7a b6 b4 86 c6 9c 05 13 de 0d bc 66 ad 33 0b 5e b1 91 25 26 e4 af 31 46 49 55 ea 92 92 6a 95 a6 fc 75 a7 b9 5a 7a 80 8e 95 18 82 8f 94 77 74 3d 76 0a cd d4 6c 4e 0e c9 ee 3f cf 4b 6d 0e 3b f0 af c1 19 8a 71 6c 6b f6 c8 09 54 47 84 87 e3 57 4a 48 53 a9 08 5f 75 e7 e9 c5 54 18 ab d3 5d 65 d4 af c9 48 3f 37 f8 20 19 3f f3 92 ad 9b 37 c8 be 85 27 73 6a 73 ab 90 4e e0 27 11 d3 b2 cb fd c4 77 fb c7 55 12 cd 9c a0 de b9 3f d3 fb 5e dd 74 ec c9 c4 99 15 dd 8e 49 88 6e ad 7d 1f 25 40 a1 25 1a d6 77 be d9 f9 d9 7c 36 26 79 54 df 6a 24 fc a9 43 4f 86 b8 e1 bd c6 2d e9 f7 fc



C:\EFI\Microsoft\Boot\sv-SE\memtest.efi.mui unknown 512 6d d1 27 cd fa 86 05 d6 7e 23 dc c6 bf e3 bb 9d 65 1e 87 5f ca 74 c3 64 72 a7 94 0e c3 aa 5b d7 34 a7 43 cc f3 8d a8 69 5e e7 59 ee 82 8f 97 2f d6 da 57 6f b2 a4 4e a9 d7 50 7d 1a 59 69 15 43 40 85 b2 00 33 72 10 83 27 76 93 f3 da e1 6e d7 04 ec 1a ee dd ee 90 29 6d c7 3d 7e a1 b9 ff 3d 09 68 23 64 45 96 f2 dc 0f 25 8e c9 c9 71 f7 44 cb a6 05 77 fb 13 19 ea f1 58 79 a6 cc 5e 41 65 3c 3f ed 6b 49 55 ed 01 27 34 fb 87 3f 00 26 fa 57 30 e9 be 2e ab 4a 72 c6 86 ef 31 50 8b d5 d8 76 39 8e 7a c8 2f 0c 97 e3 ee 2f b1 31 49 9c 1c 84 d9 8d fc 9a f8 1e 87 93 8a 9e c5 7b 4f 4b dd b7 a6 a2 22 2d 86 e5 e1 3b 34 44 24 97 f6 d4 27 44 82 60 1e 8c c1 13 0a a8 7d 75 07 77 f1 68 1e 18 80 a0 13 6b 1b 45 dc cd 86 fc 45 b7 23 99 4a be a1 38 ef 05 be 1b 57 32 ed 23 cf ea fd e8



C:\EFI\Microsoft\Boot\sv-SE\memtest.efi.mui unknown 24 a0 af 00 00 00 00 00 00 05 00 00 00 2c 00 00 00 00 02 00 00 01 00 00 00




C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db

unknown 8192 c2 04 a2 f1 57 6c 6e 10 fc 5d ff e6 13 2b 32 d7 b2 48 90 e8 bc 8a 54 c4 1a e8 55 e2 79 47 23 7f 35 80 45 17 24 f0 e5 b0 18 58 71 1d 6f 49 5d 83 39 27 60 02 0d 93 ab f6 c9 a8 bf 23 af 39 43 46 77 77 86 37 47 ad 6d 20 f7 f4 2a 46 a7 69 d6 2a 1d be 97 ec ff 28 c9 42 bd 5d 70 ce 3d 08 a5 63 20 1f e4 7f 50 2f 87 bc 97 34 59 43 78 2b 8a e3 7f 7d f0 3a f6 89 99 ce 67 35 77 4c 24 b5 3f 4f d4 4f a7 b2 fb ee e9 24 11 a0 9b d5 3b 3c 54 ad d4 90 4b 70 ea e0 18 3f 68 2d 57 47 e7 f8 f5 2a f3 96 44 02 a8 68 32 bf 85 69 08 9c b5 f5 63 1c d5 f2 d2 5c 13 23 07 9c 1e b5 1b 29 60 40 af f0 7a cf 5d a2 4e ff 7b 04 e9 27 f3 8b af 76 8f 6f 4d 9a ab 88 6c 0f 7f 42 a9 19 3f 14 ad d3 43 af 82 b0 71 a2 ec ef 55 e5 63 51 e0 f2 60 9e d9 9b 1c 1a 83 e2 cd 85 13 7c 97 64 c5 82 4e 33 84

....Wln..]...+2..H....T...U.yG#.5.E.$....Xq.oI].9'`........#.9CFww.7G.m ..*F.i.*.....(.B.]p.=..c ...P/...4YCx+...}.:....g5wL$.?O.O.....$....;<T...Kp...?h-WG...*..D..h2..i....c....\.#.....)`@..z.].N.{..'...v.oM...l..B..?...C...q...U.cQ..`..........|.d..N3.


C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db

unknown 8192 57 04 5e a4 65 65 e4 41 d3 40 f4 b0 28 5d b7 82 58 37 15 df 77 cd 33 4d 25 ed da 3d c7 0a b5 d6 06 e3 78 52 41 35 6f fe 03 b8 e2 c5 06 9f 90 e4 14 e1 f5 0e 8f 9f 07 b0 f8 3a a4 3e 93 d4 4a 4c ff eb 55 54 d0 b5 3f 72 9a 93 1a 43 dc 0f 61 c3 66 eb 07 e0 0d 11 2e 60 03 79 53 49 a2 73 f8 ce cd 37 94 ef e3 07 c0 3b 40 1a f8 e7 ab 03 6d 4c 74 e8 94 23 bd 34 d8 f4 3c c8 18 0d 87 e2 7a 67 46 f5 ab 90 08 42 ed d1 1a 54 6e 27 64 f1 12 82 30 ba 83 98 2a e6 09 63 f3 42 50 19 d3 48 b1 33 f2 ee 83 05 d3 9d a4 03 b6 b5 14 fe b0 fe 8a 07 4c d4 f8 cf 13 14 de bf ac a8 7e e0 e3 01 86 ec 2b 34 0a 0f c3 c4 dd fe 80 5e dd 31 a8 79 ac 12 b6 83 c8 31 d6 35 fd 8d 19 fa c6 a0 28 92 52 fc cd 63 8d b4 f5 50 d5 47 f6 19 b4 35 3c 81 d0 b4 c8 0c e9 9f 09 10 e5 e6 8d 0a 21 6e 76 1a f5

W.^.ee.A.@..(]..X7..w.3M%..=......xRA5o..................:.>..JL..UT..?r...C..a.f......`.ySI.s...7.....;@.....mLt..#.4..<.....zgF....B...Tn'd...0...*..c.BP..H.3................L.........~.....+4.......^.1.y.....1.5......(.R..c...P.G...5<.............!nv..

unknown 1 F06614 WriteFile


File Path Offset Length Completion CountSourceAddress Symbol

C:\Recovery\WindowsRE\boot.sdi unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\Recovery\WindowsRE\ReAgent.xml unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\Recovery\WindowsRE\Winre.wim unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\MF\Active.GRL unknown 16777216 success or wait 1 F064FC ReadFile

File ReadFile Read


C:\EFI\Microsoft\Boot\boot.stl unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\bootmgfw.efi unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\MF\Pending.GRL unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Network\Downloader\edb.chk unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\bootmgr.efi unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db unknown 16777216 success or wait 2 F064FC ReadFile

C:\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat unknown 16777216 success or wait 2 F064FC ReadFile

C:\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\da-DK\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\de-DE\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\el-GR\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft Help\nslist.hxl unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\en-US\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\es-ES\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile



C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\it-IT\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp unknown 16777216 success or wait 2 F064FC ReadFile

C:\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\memtest.efi unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00001.jrs unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\nb-NO\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00002.jrs unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\nb-NO\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\nb-NO\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\nl-NL\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\nl-NL\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\pl-PL\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\pl-PL\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\pl-PL\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\pt-BR\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\pt-BR\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\User Account Pictures\guest.bmp unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\pt-PT\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\User Account Pictures\guest.png unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\pt-PT\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\qps-ploc\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\ro-RO\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\User Account Pictures\user-192.png unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\ro-RO\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\ru-RU\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\ru-RU\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile


C:\EFI\Microsoft\Boot\ru-RU\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\User Account Pictures\user.bmp unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\sk-SK\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\User Account Pictures\user.png unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\sk-SK\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile



Registry ActivitiesRegistry Activities

C:\EFI\Microsoft\Boot\sl-SI\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\sl-SI\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\sr-Latn-RS\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\sv-SE\bootmgfw.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\sv-SE\bootmgr.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\EFI\Microsoft\Boot\sv-SE\memtest.efi.mui unknown 16777216 success or wait 1 F064FC ReadFile

C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db unknown 16777216 success or wait 1 F064FC ReadFile


Key Path Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\SOFTWARE\MDSLK success or wait 1 EF5B74 RegCreateKeyW

Key Path Name Type Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\MDSLK Self unicode f6ifQ0POml.exe success or wait 1 EF5BAB RegSetValueExW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

EnableLinkedConnections dword 1 success or wait 1 EF5D2C RegSetValueExW

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol



Path: C:\Users\user\AppData\Roaming\svhost.exe


Commandline: C:\Users\user\AppData\Roaming\svhost.exe

Imagebase: 0xaa0000






Yara matches: Rule: JoeSecurity_MedusaLocker, Description: Yara detected MedusaLocker Ransomware, Source: 00000001.00000000.640333058.0000000000B15000.00000002.00020000.sdmp, Author: Joe SecurityRule: JoeSecurity_MedusaLocker, Description: Yara detected MedusaLocker Ransomware, Source: 00000001.00000002.642220287.0000000000B15000.00000002.00020000.sdmp, Author: Joe SecurityRule: JoeSecurity_MedusaLocker, Description: Yara detected MedusaLocker Ransomware, Source: C:\Users\user\AppData\Roaming\svhost.exe, Author: Joe Security

Antivirus matches: Detection: 66%, Metadefender, BrowseDetection: 100%, ReversingLabs

Reputation: low

Key CreatedKey Created

Key Value CreatedKey Value Created

Analysis Process: svhost.exe PID: 6864 Parent PID: 968Analysis Process: svhost.exe PID: 6864 Parent PID: 968

General

Analysis Process: vssadmin.exe PID: 1316 Parent PID: 6836Analysis Process: vssadmin.exe PID: 1316 Parent PID: 6836

General






Path: C:\Windows\SysWOW64\vssadmin.exe


Commandline: vssadmin.exe Delete Shadows /All /Quiet

Imagebase: 0x810000


MD5 hash: 7E30B94672107D3381A1D175CF18C147




Reputation: moderate




Path: C:\Windows\System32\conhost.exe

Wow64 process (32bit): false

Commandline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Imagebase: 0x7ff724c50000


MD5 hash: EA777DEEA782E8B4D7C7C33BBF8A4496




Reputation: high




Path: C:\Windows\SysWOW64\wbem\WMIC.exe


Commandline: wmic.exe SHADOWCOPY /nointeractive

Imagebase: 0x1190000


MD5 hash: 79A01FCD1C8166C5642F37D1E0FB7BA8






Analysis Process: conhost.exe PID: 6496 Parent PID: 1316Analysis Process: conhost.exe PID: 6496 Parent PID: 1316

General

Analysis Process: WMIC.exe PID: 4112 Parent PID: 6836Analysis Process: WMIC.exe PID: 4112 Parent PID: 6836

General




\Device\ConDrv unknown 35 55 6e 65 78 70 65 63 74 65 64 20 73 77 69 74 63 68 20 61 74 20 74 68 69 73 20 6c 65 76 65 6c 2e 0d 0d 0a

Unexpected switch at this level....

success or wait 1 11C26B7 fprintf













Reputation: high







Imagebase: 0x810000


MD5 hash: 7E30B94672107D3381A1D175CF18C147













General


General


General







Reputation: high































Reputation: high


General



General









Imagebase: 0x810000


MD5 hash: 7E30B94672107D3381A1D175CF18C147

















Reputation: high















General


General


General



















Reputation: high






Imagebase: 0xaa0000






Yara matches: Rule: JoeSecurity_MedusaLocker, Description: Yara detected MedusaLocker Ransomware, Source: 00000014.00000002.767781620.0000000000B15000.00000002.00020000.sdmp, Author: Joe SecurityRule: JoeSecurity_MedusaLocker, Description: Yara detected MedusaLocker Ransomware, Source: 00000014.00000000.766983442.0000000000B15000.00000002.00020000.sdmp, Author: Joe Security

Reputation: low






General


General


General


Disassembly

Code Analysis


Imagebase: 0xaa0000






Yara matches: Rule: JoeSecurity_MedusaLocker, Description: Yara detected MedusaLocker Ransomware, Source: 0000001A.00000000.900797330.0000000000B15000.00000002.00020000.sdmp, Author: Joe SecurityRule: JoeSecurity_MedusaLocker, Description: Yara detected MedusaLocker Ransomware, Source: 0000001A.00000002.901407926.0000000000B15000.00000002.00020000.sdmp, Author: Joe Security

Reputation: low
