GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-17 17:04:14 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 ST500LM020-1G1162 rev.DM72 465,76GB Running: ufsld6ny.exe; Driver: C:\Users\lucca\AppData\Local\Temp\uglyifob.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2116] entry point in ".rdata" section 0000000072e88fc0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2124] entry point in ".rdata" section 0000000072e88fc0 ? C:\WINDOWS\system32\apphelp.dll [2216] entry point in ".rdata" section 0000000073d8f7c0 ? C:\WINDOWS\system32\apphelp.dll [2408] entry point in ".rdata" section 0000000073d8f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2408] entry point in ".rdata" section 0000000070b63570 ? C:\WINDOWS\SYSTEM32\DSREG.DLL [2408] entry point in ".rdata" section 0000000072b3f900 ? C:\Windows\System32\ieproxy.dll [2408] entry point in ".rdata" section 000000006e359680 ? C:\WINDOWS\SYSTEM32\srpapi.dll [2408] entry point in ".rdata" section 000000006cdd6100 ? C:\Windows\System32\OneCoreCommonProxyStub.dll [2408] entry point in ".rdata" section 000000006c6ada90 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2408] entry point in ".rdata" section 000000007238a020 ? C:\WINDOWS\system32\ncryptsslp.dll [2408] entry point in ".rdata" section 000000006c2b04f0 ? C:\Windows\System32\ActXPrxy.dll [2408] entry point in ".rdata" section 000000006bc79c50 ? C:\WINDOWS\system32\apphelp.dll [8664] entry point in ".rdata" section 0000000073d8f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [636:684] ffffb8dce1da6c20 Thread C:\WINDOWS\System32\spoolsv.exe [1900:7972] 0000000003132450 Thread C:\WINDOWS\System32\spoolsv.exe [1900:7976] 00000000031af0b8 Thread C:\WINDOWS\System32\spoolsv.exe [1900:7984] 00000000031af0b8 Thread C:\WINDOWS\System32\spoolsv.exe [1900:7988] 00000000031af0b8 Thread C:\WINDOWS\System32\spoolsv.exe [1900:7992] 00000000031af0b8 Thread C:\WINDOWS\System32\spoolsv.exe [1900:7996] 00000000031af0b8 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [5164:6256] 00007ffe722d0440 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [5164:6340] 00007ffe69d648e0 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [5164:6368] 00007ffe435cd5b0 Thread C:\WINDOWS\system32\SettingSyncHost.exe [5540:6852] 00007ffe624ddbe0 Thread C:\WINDOWS\system32\SettingSyncHost.exe [5540:6052] 00007ffe624ddbe0 ---- Processes - GMER 2.2 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1BD5118-BCDD-40B9-9720-935B7229C52D}\mpengine.dll (*** suspicious ***) @ C:\Program Files\Windows Defender\MsMpEng.exe [2268] 00007ffe61680000 ---- Services - GMER 2.2 ---- Service (*** hidden *** ) MpKsl0e373d08 <-- ROOTKIT !!! Service (*** hidden *** ) MpKsl0f010555 <-- ROOTKIT !!! Service (*** hidden *** ) MpKsl19dd51d3 <-- ROOTKIT !!! Service (*** hidden *** ) MpKsl1ad7f0bc <-- ROOTKIT !!! Service (*** hidden *** ) MpKsl1feedfa6 <-- ROOTKIT !!! Service (*** hidden *** ) MpKsl2ca7f3aa <-- ROOTKIT !!! Service (*** hidden *** ) MpKsl5927ba7b <-- ROOTKIT !!! Service (*** hidden *** ) MpKsl72643835 <-- ROOTKIT !!! Service (*** hidden *** ) MpKsl82d492d8 <-- ROOTKIT !!! Service (*** hidden *** ) MpKsl94fed897 <-- ROOTKIT !!! Service (*** hidden *** ) MpKsla4e442e3 <-- ROOTKIT !!! Service (*** hidden *** ) MpKslb4769408 <-- ROOTKIT !!! Service (*** hidden *** ) MpKslbcc1b92d <-- ROOTKIT !!! Service (*** hidden *** ) MpKslcd3b51ed <-- ROOTKIT !!! Service (*** hidden *** ) MpKsldd2af0c8 <-- ROOTKIT !!! Service (*** hidden *** ) MpKslfdb7ea87 <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -2102220032 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... ---- Files - GMER 2.2 ---- File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\AIMP 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\AngelWriter 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\AntMovieCatalog 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\FreeDownloadManager 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\Gimp 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\HateML 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\HEXelon 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\HomeBank 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\HxD 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\IcoFX 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\InfraRecorder 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\Inkscape 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\KeePass 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\LightAlloy 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\MyPhoneExplorer 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\Notepad++ 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\Opera 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\OperaMail 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\Poweroff 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\Recuva 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\SIW 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\SubtitleWorkshop 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\SumatraPDF 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\SystemExplorer 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\TeamViewer 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\UniversalExtractor 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\Unlocker 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\uTorrent 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\VeraCrypt 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\VirtualDub 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\Wavosaur 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\WinContig 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\WinMerge 0 bytes File C:\Users\lucca\AppData\Local\Zoner\ZPS 18\ZPSCache.dat\006\XnView 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\53ee5cfe17ce6770bed0b84ec17873cd\08EEA4E6-0000-0000-0000-501F00000000-0.bin 1871872 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\53ee5cfe17ce6770bed0b84ec17873cd\MpScanCache-1.bin 1200128 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\3b4fd3486e12f4a2d8cd9a9cd1f5aec8\9N63NRGB.cookie 213 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\3b4fd3486e12f4a2d8cd9a9cd1f5aec8\container.dat 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\3b4fd3486e12f4a2d8cd9a9cd1f5aec8\LNS78YN2.cookie 599 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\en-US 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\en-US\hmmapi.dll.mui 2560 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\hmmapi.dll 53760 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\iediagcmd.exe 512000 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\ieinstal.exe 495616 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\ielowutil.exe 223232 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\IEShims.dll 417280 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\iexplore.exe 825024 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\images 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\images\bing.ico 5430 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\pl-PL 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\pl-PL\ieinstal.exe.mui 2560 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\pl-PL\iexplore.exe.mui 6144 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\SIGNUP 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\SIGNUP\install.ins 468 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0f6d23364e7b3a46239d700e77d95e3a\sqmapi.dll 37784 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\a76be70dba7640d2a4409dcce5b1445d\System.Runtime.Remoting.ni.dll 940544 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\a76be70dba7640d2a4409dcce5b1445d\System.Runtime.Remoting.ni.dll.aux 1276 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Icons 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Media Renderer 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Media Renderer\avtransport.xml 20699 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Media Renderer\connectionmanager_dmr.xml 5428 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Media Renderer\DMR_120.jpg 2979 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Media Renderer\DMR_120.png 14876 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Media Renderer\DMR_48.jpg 1220 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Media Renderer\DMR_48.png 4265 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Media Renderer\RenderingControl.xml 6363 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Media Renderer\RenderingControl_DMP.xml 2355 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\mpvis.DLL 184832 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\ConnectionManager.xml 5422 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\ContentDirectory.xml 7515 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\MediaReceiverRegistrar.xml 2574 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\wmpnss_color120.jpg 4743 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\wmpnss_color120.png 16037 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\wmpnss_color32.bmp 4152 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\wmpnss_color32.jpg 1859 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\wmpnss_color48.bmp 9272 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\wmpnss_color48.jpg 2320 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Network Sharing\wmpnss_color48.png 5022 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\mpvis.dll.mui 3072 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\setup_wm.exe.mui 65024 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\wmlaunch.exe.mui 2560 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\wmplayer.exe.mui 3584 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\WMPMediaSharing.dll.mui 3072 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\wmpnetwk.exe.mui 45568 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\wmpnscfg.exe.mui 3584 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\wmpnssci.dll.mui 4608 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\wmpnssui.dll.mui 3072 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\pl-PL\WMPSideShowGadget.exe.mui 4608 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\setup_wm.exe 1842176 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Skins 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Skins\Revert.wmz 70991 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\Visualizations 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\wmlaunch.exe 90112 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\wmpconfig.exe 103424 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\wmplayer.exe 169984 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\WMPMediaSharing.dll 120832 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\wmpnetwk.exe 1184256 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\wmpnscfg.exe 71168 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\wmpnssci.dll 507904 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\WMPNSSUI.dll 22016 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\wmprph.exe 81920 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\wmpshare.exe 106496 bytes executable File C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\8e423d5a795442f427ec580361a5be61\WMPSideShowGadget.exe 174080 bytes executable File C:\Windows\CbsTemp\30599026_1601190912 0 bytes File C:\Windows\Globalization\ELS\Transliteration\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1 400 bytes File C:\Windows\Globalization\ELS\Transliteration\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 340 bytes File C:\Windows\Globalization\ELS\Transliteration\77EC63BDA74BD0D0E0426DC8F8008506 290 bytes File C:\Windows\Globalization\ELS\Transliteration\B912B2C6928A18B8CD7D50CF08BEA95B_BEB725938A5DDBC0476AEF53D3F3399C 486 bytes File C:\Windows\Globalization\ELS\Transliteration\FB0D848F74F70BB2EAA93746D24D9749 330 bytes ---- EOF - GMER 2.2 ----