Skip to main content
  • EN

Hi,

We have a Malware Detection on our terminal server and all of them come from C:\Users\(Username)\AppData\...

Such like the following:

[\\?\c:\Users\Username\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache]
New files: 1 Deleted files: 2
New files: 
AppCache133660689737733525.txt, 
Deleted files: 
AppCache133660298026316423.txt, AppCache133660298053314107.txt, 


[\\?\c:\Users\Username\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData]
New files: 1 Deleted files: 1
New files: 
C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437, 
Deleted files: 
80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177, 


[\\?\c:\Users\Username\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content]
New files: 1 Deleted files: 1
New files: 
C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437, 
Deleted files: 
80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177, 


[\\?\c:\Users\Username\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache]
New files: 1 Deleted files: 2
New files: 
AppCache133661275782912828.txt, 
Deleted files: 
AppCache133659544358654850.txt, AppCache133660081498346023.txt, 


[\\?\c:\Users\Username\AppData\Local\Microsoft\Windows\WebCache]
New files: 3 Deleted files: 3
New files: 
V0100435.log, V0100436.log, V0100437.log, 
Deleted files: 
V0100430.log, V0100431.log, V0100432.log, 


[\\?\c:\Users\Username\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KBDRIDJE]
New files: 1 Deleted files: 3
New files: 
preloadoffice[1].js, 
Deleted files: 
OfficeJsPreloader[1], outlook-win32-16.01[2].js, outlook-win32-16.01[3].js, 


[\\?\c:\Users\Username\AppData\Local\Microsoft\Windows\INetCache\Low\IE\ATON5AGG]
New files: 2 Deleted files: 1
New files: 
OfficeJsPreloader[1], office[1].js, 
Deleted files: 
preloadoffice[1].js, 


[\\?\c:\Users\Username\AppData\Local\Microsoft\Windows\INetCache\Low\IE\8SVGW6JY]
New files: 1 Deleted files: 1
New files: 
outlook_strings[2].js, 
Deleted files: 
office_strings[1].js, 


[\\?\c:\Users\Username\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1O9VG48U]
New files: 3 Deleted files: 2
New files: 
office_strings[1].js, outlook-win32-16.01[1].js, outlook-win32-16.01[2].js, 
Deleted files: 
office[2].js, outlook_strings[1].js, 


[\\?\c:\Users\Username\AppData\Local\Microsoft\Windows\INetCache\IE\7ETM46KX]
New files: 1 Deleted files: 1
New files: 
background[1].jpg, 
Deleted files: 
background[5].jpg, 


[\\?\c:\Users\Username\AppData\Local\Microsoft\Windows\Caches]
New files: 2 Deleted files: 3
New files: 
{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000001ac.db, {3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000001ad.db, 
Deleted files: 
{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000001a9.db, {3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000001aa.db, {3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000001ab.db, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\Safe Browsing]
New files: 17 Deleted files: 17
New files: 
ChromeExtMalware.store.32_13366106524064053, UrlBilling.store.4_13366131583221971, UrlBilling.store.4_13366133385353761, UrlHighConfidenceAllowlist.store.32_13366113208974838, UrlHighConfidenceAllowlist.store.32_13366115014139043, UrlMalBin.store.4_13366131583226733, UrlMalBin.store.4_13366133385366997, UrlMalware.store.4_13366131583201312, UrlMalware.store.4_13366133385336669, UrlSoceng.store.4_13366131582376000, UrlSoceng.store.4_13366133384523126, UrlSubresourceFilter.store.4_13366120714811579, UrlSubresourceFilter.store.4_13366133385357814, UrlSuspiciousSite.store.4_13366120714802717, UrlSuspiciousSite.store.4_13366124328947001, UrlUws.store.4_13366131583211999, UrlUws.store.4_13366133385346768, 
Deleted files: 
ChromeExtMalware.store.32_13365844486988116, UrlBilling.store.4_13366006179984800, UrlBilling.store.4_13366007977126550, UrlHighConfidenceAllowlist.store.32_13365941323271670, UrlHighConfidenceAllowlist.store.32_13365943097839527, UrlMalBin.store.4_13366006179995458, UrlMalBin.store.4_13366007977145580, UrlMalware.store.4_13366006179942491, UrlMalware.store.4_13366007976742491, UrlSoceng.store.4_13366006178626354, UrlSoceng.store.4_13366007969689858, UrlSubresourceFilter.store.4_13366002546326798, UrlSubresourceFilter.store.4_13366007977133003, UrlSuspiciousSite.store.4_13365979156188350, UrlSuspiciousSite.store.4_13365984573449521, UrlUws.store.4_13366006179961355, UrlUws.store.4_13366007977078924, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB]
New files: 3 Deleted files: 5
New files: 
000137.ldb, 000139.log, 000140.ldb, 
Deleted files: 
000126.ldb, 000128.ldb, 000131.ldb, 000132.log, 000133.ldb, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\Sessions]
New files: 5 Deleted files: 5
New files: 
Session_13366115042247993, Session_13366134671023188, Session_13366134734183400, Tabs_13366107681567505, Tabs_13366115108123252, 
Deleted files: 
Session_13365746743093193, Session_13365789103757048, Session_13365819104167708, Tabs_13365675577104711, Tabs_13365759555804496, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache]
New files: 2 Deleted files: 2
New files: 
5e4347324dc68f91_0, 5e4347324dc68f91_1, 
Deleted files: 
f09b6147ffff62aa_0, f09b6147ffff62aa_1, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\7f5e6d1a-f56f-4a09-a19f-8482ee38a9d8]
New files: 460 Deleted files: 321
New files: 
0028cb6f1a7f81a0_0, 00986ab94bb5ab6e_0, 00cf96c030976efc_0, 0115043fea4a1cda_0, 01839bca1d1cc6bf_0, 01880a4cfd084c6a_0, 029026309b435300_0, 02d8acd02a5dd222_0, 02dac4d47b7a32dd_0, 02fb38d1a14a7cce_0, 047ab3d5ad4b0df9_0, 04d1b1c2f923fd39_0, 05f16df9c4b07693_0, 05fc418f26b3030c_0, 0612a84d89fb9fc6_0, 06550434370b1fcf_0, 0682adf80ff819ca_0, 075eabf26d36af13_0, 0780188e2723534b_0, 086a90b4ddd39505_0, 0879b3029ac48afe_0, 0a3f52c55866cdb5_0, 0a6f24722ea37742_0, 0b061c4822985561_0, 0b58f02042f4842f_0, 0ba472b2c3309028_0, 0c473fcb868ab7d1_0, 0d74070cec587f0d_0, 0dec59dd0b15bf0f_0, 10658630028cd5c5_0, 1066f690903f893b_0, 114fc15beec32e57_0, 119c3c003367b3f1_0, 11b006475ab7b963_0, 11cfe612c7bb1f8f_0, 11e83e9aaa0c3ff7_0, 1213133e2d9b0874_0, 122fcb55462969f9_0, 123ce34b82a46f05_0, 129e01ebdad2faca_0, 131cf190a9c476e7_0, 13bea235371ec99d_0, 13d0e6fde2f0c0ac_0, 140e25aabe3fe879_0, 147742a1ffc0fa3b_0, 15386f8d7c36537a_0, 155152375142d113_0, 156af1a121bdde0e_0, 1653371f1d4502ff_0, 1710d608ee796d34_0, 17fd6bf9c9a82730_0, 18c74a05e6505c7a_0, 1966ee5bbba4d5ed_0, 1a2e8fed1085c4f1_0, 1a7a2650d42cf765_0, 1a7c8a43ca117e4c_0, 1ab1f83095900cff_0, 1aef085ec99c2996_0, 1b0b6f722f556a74_0, 1bdf9fc2ed597891_0, 1c57cbb85d94759f_0, 1c8e91ff68f520e5_0, 1cfb50b6e7006035_0, 1d0c0d393799b583_0, 1d621814dcbf0ef0_0, 1e3a3f3a14f94f1c_0, 1e721e67823b303e_0, 1e842e949a2415dd_0, 1e9c34e572e2e9ec_0, 2076d81781800841_0, 20989c2935ac8454_0, 209e1dac26c4c1d9_0, 21183474a1b217bc_0, 21b0309236599695_0, 21e8ec3c0cfdff0e_0, 2208de4db2fb1dae_0, 224e624a44dd0af2_0, 24f1341870d46352_0, 2542a3e55d9cb431_0, 25b44d19d7ee5b83_0, 275ce9f5271f25eb_0, 27c9925cd3897021_0, 2872c4a088d0accf_0, 2a19e136a8f6f852_0, 2a2244a85623cb30_0, 2ab90de18b3221d6_0, 2b57a169bf8219ed_0, 2c739a9ae6e046a4_0, 2ce1d57dcecd6590_0, 2e93e0af35553b5f_0, 2ee7ba3c5f371d82_0, 2f8a032dfb19ba2d_0, 30039e6dc41cfb5a_0, 310406b2107368d8_0, 312ad37c6e17af65_0, 31f6b1d19b798eea_0, 324b632dd4d4a340_0, 3282f9aa32c91226_0, 339647ee8c084e41_0, 340231bbed9549b8_0, 340dcff5a528f4b4_0, 341c4a25e0a9f26d_0, 35119db74eb1e2dc_0, 35214248ba4ea72e_0, 35ccf3ce3369026c_0, 36a35ebc50954a53_0, 37dc93d45bc4213c_0, 37fc8e504ee7af69_0, 393224caadba9375_0, 39c2c065dc276f67_0, 3b30af1d37e76e9a_0, 3b892acffd9ebef5_0, 3cbc81810eea2134_0, 3f9100aa5fab32b4_0, 3fd1b91311c97c05_0, 407dc24fd6d8380b_0, 409000658817b364_0, 40992a7f4945f96f_0, 409f0da6e3940920_0, 40e8f71fac6ebfd7_0, 40ea30698548d933_0, 410506627f64a3a5_0, 4170e5c193a3b3e6_0, 45763cc3a937aa2a_0, 45b1848574085412_0, 4675662f9b2d24ac_0, 4699632061f67b1d_0, 46aad524fee428cd_0, 4848e7474d29d848_0, 48af0716330af584_0, 48eb1e16fdc9c153_0, 4a1ceaa4942835b2_0, 4ad0e6547224dc6e_0, 4adb3a4f935e5830_0, 4bd654e9e99900d1_0, 4d1b9194906fa325_0, 4d5c0cb27188cb87_0, 4db9a658f13a9a87_0, 4dde88a16fe353d3_0, 4df0b2f182934c6f_0, 4e3fb946c06f6990_0, 4e5835b89eeefad1_0, 4f39a338b11a5163_0, 4ffb109b1d62db6c_0, 5027a8a6d2d990b4_0, 51ae2607481b8251_0, 51ba0e3f8276f326_0, 529c89885ec656aa_0, 52dfbdc872d141d2_0, 536ca750f5d340b7_0, 53bc961469a23dc2_0, 545a7ab3043b1a81_0, 55bbda2cc14b1091_0, 56e2862f3d2ab979_0, 5704c139d10b848e_0, 57cf30fe54df9600_0, 57e30f5f4a73fdde_0, 580fba1766c27362_0, 5901aa5d0e7b60d1_0, 597462ef1cbbf8c7_0, 5b32a23d142be95b_0, 5b3b79abd3a339ea_0, 5bd810db5424ed66_0, 5c73c7f05b194ea9_0, 5d4aba52adba2b4c_0, 5dc847e1de5500b4_0, 5ddce5a9d46a9463_0, 5e35296cf75fde34_0, 5ea887b5077cb5d7_0, 5fa4991919e526e0_0, 5fc32428721c5e2f_0, 604d8025a829e2c6_0, 60c74f749c4e1f9d_0, 60d7bc18480962d0_0, 60e1304a1bff1751_0, 613e6a2ad6ded888_0, 6197e2ce5cd5be76_0, 62708e7c241f5b41_0, 63329f4b7f32f56b_0, 6394600c93d6fb36_0, 651c3c0fcf7b12d0_0, 6576e0aad2f63d25_0, 663b77c4d43a0127_0, 66731effc268e8f7_0, 668624ed00226e6e_0, 66be27f71d6e6813_0, 67a4a843546bcfbd_0, 686bd0d483663e4c_0, 687b8325f2047a87_0, 6895a8bae56e71f5_0, 68e5d1ef2809eb56_0, 6912ad0184d5e058_0, 6966847edc44701c_0, 697d3c273d3650be_0, 6a6b4aac2d6d3909_0, 6b066b9441f0076c_0, 6b2bea5f1c81ae83_0, 6b8d83c35c7b0a85_0, 6be49d8c710e2b9d_0, 6cb7a09eadb1226d_0, 6d2ceaeb1a2589d1_0, 6da38a42c9473fd0_0, 6e792b1072186dea_0, 6ef25af2087e4cd7_0, 6f1ce7a277ace7cd_0, 6f7932d12e32c23b_0, 6f8ea3e5ad699ca1_0, 705daa79ce5dfe7b_0, 70edfa8f64865cab_0, 7281f48d28645fa5_0, 72ddf29740bfc189_0, 7305f5abc29d222c_0, 731c39cca8c85fb7_0, 7331e8cdb8b604f5_0, 74480722ce9c1d47_0, 75744a89d34874fe_0, 757a000a0a10cf6a_0, 775fb8b1a3e10438_0, 78f39d14ec79904d_0, 79805b40fec85c6c_0, 7a6fcb7c5a5f9247_0, 7b77627dd9fd8e1b_0, 7caa3d91c7eeb6d3_0, 7d235fa953570651_0, 7d3f8edba1656e37_0, 7d4203b8d4aa8097_0, 7db5af52c2f931da_0, 7dd9159577c5d9a6_0, 7e15e58e32c309df_0, 7e53853233148e76_0, 7e6c5b966ebbd1a9_0, 7ec031adf22dc693_0, 7eff05ec6b99de4d_0, 7f9f68e9f2f6be4c_0, 80153b6e46880c79_0, 802b07850a2a43fb_0, 8127b2a4c494d262_0, 818824ec164a8cb3_0, 828ee5470ef71498_0, 82d50e582ea4f165_0, 85285e026114c75d_0, 86076b065b2a5bf3_0, 867fe17795354972_0, 86f8fdf0b71a80f7_0, 87a6bf90b40da85a_0, 87f058425ffe2d84_0, 87f31bdac710550b_0, 8859ffec1ed222c7_0, 885fd31602cd6add_0, 88622ccdec96fa6f_0, 88d202acf6575bb7_0, 88d22a1413efb772_0, 892e90ab9c0fd352_0, 89868fdc22c98723_0, 8acf24b5b86aa2b1_0, 8b878abde0701697_0, 8bd6ff9586044b4e_0, 8d25d9e00347d5c3_0, 8d28812f731ff2c2_0, 8d51f4c09f0f45dd_0, 8db7ca4e348bff76_0, 8f724de5057959c7_0, 8f78d5229838b999_0, 8fd8fca3e0afca7c_0, 9046aa531547fd29_0, 90792bf19916c54b_0, 913de17a429ce346_0, 914b81879f0caacf_0, 91bd0898ad13a897_0, 91ea88e29b92c0e5_0, 92301acddd77f51c_0, 925b7eafa45cbf84_0, 92606212def8895f_0, 94530f75a43ea3c2_0, 95f3b4d4ffab6238_0, 9610603a8c513898_0, 96217e1efc848374_0, 96384a7e0d2e483a_0, 972ae99ffe78c3a8_0, 980441ef558766eb_0, 985d0a5ef962c280_0, 987df403d42fd6ae_0, 989c35aa28a50812_0, 9906c77d88ae43f5_0, 992d0598840bcaea_0, 99a182b1102b2c2a_0, 9a58471fd0eb7830_0, 9b412748cc2a83ab_0, 9b5259a459df8001_0, 9b89781eb4d95b30_0, 9bae524ed4a00419_0, 9ccadbc3b77c6c90_0, 9cded6b7709bf5fd_0, 9d495e4d0392747f_0, 9d6760c228df3dd8_0, 9e62f0bb88200a07_0, 9e6b005dc3697fa0_0, 9e73dcda3574210a_0, 9eab3aa291465128_0, 9f01eaa94644f19e_0, 9f7d73e753269032_0, a14c11a8f1ba1b08_0, a197f39da0c837d7_0, a1ac464f0f46bef7_0, a1d53addc17ec7ef_0, a1fd08d56ee5f417_0, a375b25849008a9b_0, a3e93dd2ed4430bc_0, a403eccf8b0f31d5_0, a50e74a3d6428614_0, a56d5e8056bc17be_0, a572aaaa65f08ad6_0, a57ce1675b753c96_0, a5fd5dcabf24ab55_0, a680592b16694736_0, a740e9283d0ddf42_0, a76683910e049edd_0, a89e3a6251887a3d_0, a97b0ee295917292_0, a9f9adb8b72ae979_0, aabe022b47bfb8f7_0, ab180336f9483e35_0, acd4fd8ea743d32f_0, ae90a872bc42f3f0_0, aee562a2ff362115_0, af318793b2c8ad6f_0, af58c233954898e4_0, af914db690550dc5_0, afb6bbcd3e443832_0, afca7f7ab4fc8893_0, b18471eb5bee348c_0, b19b67c365fe9f04_0, b1fea0fb9a8a8279_0, b2b4eff9b717eed8_0, b5127eecf22ffdbf_0, b5fd2006d9217a70_0, b609dafe1aa7582a_0, b7b8417ae9349575_0, b99ccdd1e7e0e93e_0, ba836677b9d5aaf1_0, baa95b45be5821ef_0, bb9ceafb1ef8b4e5_0, bba4fa3b826968a2_0, bc2c900f8aa6581d_0, be8a8599612591b8_0, bf5a0009acaa8ca7_0, bfb1748a199a28df_0, bfc4cf7ab1885643_0, bfef5953bab4aa16_0, c053aab6e96ea804_0, c13a01443942c14a_0, c1d1ac6cc5e5826b_0, c25454a7423a35dc_0, c38ba168c823f991_0, c3c75508ae258503_0, c43c1a1d1eb5808d_0, c543733f6d2f80c5_0, c556d3bc34cceb07_0, c56c25ee1817811e_0, c72627bc6f13f0a9_0, c774e520291b982b_0, c987782a2b77c981_0, ca4cc620e6549f2a_0, cabb7db985039bdf_0, cafd5a7f8b39fbaf_0, ceeea6ef0eb2194e_0, cf476dfd2ad25982_0, cf683c4506e15b2e_0, d02ee6f7a9cc6c9d_0, d0c738fecf1fdabd_0, d0e4e2ae44df04eb_0, d178f4eb5aa73dfd_0, d39ea385bd9106de_0, d3d2c3f304aff8c5_0, d3e08934052e93b6_0, d40aa06a2ab2a5a5_0, d4659ca73e5852ee_0, d4dae6988cd56c85_0, d5592539a0ee1a93_0, d57daa77e45e2f1c_0, d58b062bf3c02f6c_0, d5aadd2cf3afb011_0, d5ce2331561dbeb6_0, d613f25cb3b189c4_0, d7e9d87a9aedf6c7_0, d8018d23525e7946_0, d8d0f0fdcf3920a2_0, d8ee1d596e6a2003_0, d9837f42b44269dc_0, d986f3ec52d1c821_0, d9b001192d097fb5_0, dae00d05ce1014eb_0, dbe51e15f1d1733f_0, dc1917e919865c11_0, dc244d90d3ed4576_0, dc86d52b93324545_0, dcc802613d8feee5_0, debf0ba38386dcd2_0, dec75487d0b69fda_0, decf4199d5eb1a57_0, deda7eb59ea0b01e_0, e00504525b7543d4_0, e0d7ec98fe0b23ea_0, e10fc48554e5e43e_0, e137e89cb13d9380_0, e16026eac7f7065b_0, e1f193414b0f74ca_0, e27694b46e1547b7_0, e2bc985f4c2b4e68_0, e37fc7ad59010add_0, e3a7df814b2313bd_0, e458fa74be842862_0, e4836b1c00e5f68f_0, e4ae5f87a1a5647b_0, e5302e9fabcae34b_0, e53c8a433452b33b_0, e561e2f3aa0bde71_0, e62675129dd29d12_0, e7420d33585aa771_0, e92f3e8ef06a2772_0, ea7dcbfa48cc9d7f_0, eb2903deed42803b_0, ebcd0b7555e5a557_0, ecc6e18b10790be0_0, ed609363f1ef1771_0, eda54b7f7bac9506_0, ee360cd991a88525_0, ee4a83ef0d17624c_0, ee4b225d65004b7d_0, ee6cc96425d8acd4_0, eefe0697d5c74cc6_0, efbaf98033b96bfa_0, efc9a676b684bbdf_0, efd270521a82dfda_0, f07ef2f83a323157_0, f1d69f3b194c94e2_0, f35d88b43d00c938_0, f3753d9773936fa4_0, f38fdc3d79a34ff9_0, f3a21af7b31f23d6_0, f491435af220ffe8_0, f4d39969d302ce88_0, f4ff67291e552c3a_0, f51b86e180f57dc6_0, f528914599b8386f_0, f7854161946b0be1_0, f88b600bba97800d_0, f9029b50775c86b6_0, f9126c92a37f9cee_0, f94f0a107d564b7a_0, f982d7e998d5ea91_0, f993db11ac8f460f_0, fabe0dbe68e0d220_0, fb90fe46261469df_0, fbf18ee8974f775d_0, fc369ee68cac4e2e_0, fe239e8a896e6684_0, fe2e1c73f22c43cb_0, fea1ecb9ed4a00c2_0, ffbe425fc7b959c4_0, 
Deleted files: 
025aebfbdb607238_0, 032806f557a10be1_0, 04458b6db7dbeefb_0, 04dad0b703c7ca53_0, 0579c452328b2a41_0, 0648f62e9f6ce8c9_0, 06626e67b53ef3c0_0, 06f1efca99394f22_0, 078bb8a5d842db78_0, 079cd1e9ad0d57d5_0, 07a9e7ef651723b3_0, 08688ef8cc4acfa6_0, 096004434d77d7b6_0, 09646f1740fbe1eb_0, 09a143cf3087e6c1_0, 0b0a47724d36588a_0, 0b3db9f93a3b0ccc_0, 0b6789d363f4d930_0, 0c1b61875293ea38_0, 0c587714233d1862_0, 0d3c28aa2b5951a7_0, 0f4aaf4bbfbd89f2_0, 0f685489fcd4f929_0, 0f91a9f61ebd4e68_0, 0faeb26f918651cf_0, 0fe663d24926be81_0, 10164302c7213835_0, 125d887eb3e15dfe_0, 12964a1659ba9f24_0, 12b6f744846a3349_0, 12e4ddbbe3656752_0, 17057c15c2a81492_0, 17b5a05b5c88ae62_0, 1afc0b1f38bc7c96_0, 1c63cf924822954b_0, 1c7a00508cbfb382_0, 1d63cec51a5f7e07_0, 1de5699e368a0563_0, 1feb6a791d8f8c9e_0, 2017e81cc97a469b_0, 20d1198c1c13a521_0, 214ed416ca00ecd3_0, 2227d807df47994c_0, 22a93688198334a8_0, 22fd2630e5c57c03_0, 24b8f1be1535a22c_0, 24dd199e4dc5331e_0, 24ec2eaa833ad03d_0, 25983657dc39f343_0, 270048bbf033d825_0, 2ab4937d52d2c42d_0, 2b22a35f2bf80728_0, 2c619f374f82b789_0, 2c72096c882f005e_0, 2c97bdec00503e75_0, 2c99369530f7f60a_0, 3018c227db3685ce_0, 31ded295a270f2d1_0, 3276d1361e7235d2_0, 32a29732c67b2311_0, 32b7ec12d317f622_0, 3330904043065277_0, 3354ffdd7fffe625_0, 34dd1a2bb7f2d694_0, 35c1db475ddf94c8_0, 364bcaae47f70805_0, 36b6d76940a8d568_0, 36e54d37b76f5c0f_0, 370dd8e06115ee8e_0, 38f9a7c41fd93b79_0, 3a6d9069cc314c18_0, 3bd6585ceff89b70_0, 3c3ce1ab57f85110_0, 3c5f3a3652a77d8e_0, 3db7ac78113d5a6a_0, 3f3c2daab34ff217_0, 3fddc6df6c40e26d_0, 403cffb45a8623be_0, 40734f3e039fb6e2_0, 439b6f94ce666033_0, 4410a2e1743ee3ef_0, 441b7214bbeb7b7d_0, 44358992fad40eb5_0, 45f3658a374092f1_0, 45f4b249087d0249_0, 45fc93fbb21d8571_0, 46833537b54ec219_0, 46b307744dad970c_0, 46bb98c0edada9a7_0, 47496bb1b5f0f3a4_0, 47b653b0b493afb2_0, 488594943b4b927f_0, 4aae21f8a5ca025a_0, 4adc8d049c429561_0, 4b641bd8884186b4_0, 4bef3d2cd076d241_0, 4d1c43ba46f3ca8e_0, 4da6f192cfd58098_0, 4e433df084fd1e32_0, 4f1d068414d03961_0, 5103b8d86066995b_0, 510fbf5978bf157a_0, 51319b037afe7b3a_0, 51ab9646c847b5ae_0, 52269cb2992e8dfd_0, 5323fe0d61223248_0, 5383351b0e882b85_0, 53bca76206f6b366_0, 55b0d99dec024cfd_0, 55b4e98ae12768fb_0, 56db27df60e4ef71_0, 57386e43c303f51e_0, 5765d18cd872bcbe_0, 580dd201f2dd3299_0, 58b61f6191a1fe50_0, 5909a1e951a6f72a_0, 5a95e42bd50b183c_0, 5ae03d2e8278cbe8_0, 5d2160355e0e7858_0, 5f20df7144627064_0, 5f562742254810e9_0, 60d11aed30729b78_0, 617fcf4b3a360fdb_0, 619cdd51b9fd32f8_0, 61b95fec433727f9_0, 634d1af9ac61c0d7_0, 6369025b0af1110f_0, 636a113b53b0f2cf_0, 649f69aa7674149c_0, 666aaf7fbbac514e_0, 68981456aaff4712_0, 6a1b05f40c70cfe0_0, 6a1ea6105e9766cf_0, 6ad5d3d76edc3c05_0, 6c6460a94770bf19_0, 6e834312bdbd499b_0, 6f00b7922618e8ef_0, 6fa8b3e8af2b7488_0, 6fefd17505c47f82_0, 7032e483c4a1d1be_0, 70774760cb154ca8_0, 71501fb7ec8226a7_0, 71caf8e8d7b66f2a_0, 72a95e1d6349767f_0, 74f347b14bc06045_0, 751cdc11c4a27e60_0, 75887f8268c0f427_0, 767acefe8fa9da01_0, 76fa0335e84e3f34_0, 77b2f59285376170_0, 79497e6d5c74e953_0, 7983043e144c23b3_0, 798ede794e3bf9b2_0, 79e635f77105f4f5_0, 7b56a5f498279235_1, 7bb424af6e1c42dd_0, 7bc163ce4141f3bd_0, 7e13b56256351ce7_0, 7e55da10742fba74_0, 7e861ca3c30bf17b_0, 7ff06d19aca3be91_0, 806fb46132a3e387_0, 80b231519d6bf473_0, 815d0e5acb84c73a_0, 821d1e2f61e69fbc_0, 825710356b87e792_0, 82e4619a2ac85514_0, 83050e4f364dfad8_0, 847e459bcca141a8_0, 8593c45ee266858f_0, 8a32829115586bcf_0, 8aa9b219f06dac3a_0, 8bdfa5ae0a7f9010_0, 8c108792d1d1138c_0, 8c6ae0eabe66de81_0, 8f3644bc9d4e4559_0, 8f38dd0a0234ed78_0, 8f8afa5695f56080_0, 9157ca217f0ceda3_0, 92ecf6bb8fb12196_0, 93099b74e81c0b3e_0, 9397b42c1eec1519_0, 9408273dc90619f4_0, 943b0f9b4afb1a56_0, 9573658a8a80dc64_0, 95b29263080b8af2_0, 96638503cad1e39e_0, 967d2b605d5632c9_0, 97b0f0a5d9e31116_0, 97caa28ce05e0748_0, 9904b46805cd0979_0, 9952b33fd005d133_0, 9ae93a1a7ba558b8_0, 9aff54198598ddfa_0, 9b6bedb01f49124e_0, 9b784097d9dbbcee_0, 9c7c8fc6fd64ba8e_0, 9c8b0dc02abef03c_0, a12934aadae13204_0, a2cbf3806de00272_0, a3146791ffadc8ca_0, a31886a66ba418be_0, a372509bdf1143e0_0, a482133ef56a3e25_0, a48652349a8fdf92_0, a4e78f42b9717283_0, a55fc928167b4489_0, a634a7604328651f_0, a751cd661a762324_0, a7b360fa52168952_0, a99ee9fceb32d087_0, a9b039274a1d0720_0, a9b5c243f8e17a70_0, aa2ff9dffb80e200_0, ab0118339bc462bb_0, ab540e9049cb4ddf_0, abc301f37ebf7bf2_0, abe373eb16a66971_0, ad8b01ac06b39f37_0, ae267a1022ef3039_0, ae5ece2be01ee0ae_0, afb6993bab0a1162_0, b2b5430d984c7bc4_0, b67478574037c000_0, b7c2b06bad9a058b_0, b806e4ce51e246bf_0, b8309770fb4538f4_0, bb5ea8ec8a262ce0_0, bc4f7da7f6134926_0, bc7127414e07f261_0, be2dd688b22be109_0, c05af75a20181cfd_0, c1e5289930d29dd8_0, c262e2ada8b35c21_0, c3450e16435b6c28_0, c412d12c7f784e05_0, c463d31b5db7e5a4_0, c5826b7436c94cc6_0, c5dbad6268437ded_0, c631e42d2a6111a2_0, c6d65c56328a045a_0, c910f363ca25ae77_0, c9cea335ebca69e1_0, cae555264c484793_0, caf5318e048fde89_0, cb6d306661514213_0, ccc0815d49e79adc_0, cdfc34383fdc86b2_0, ce45e9c4eb68d645_0, cf37ff6e5c399cd6_0, d07463457df703ea_0, d096ba7988994004_0, d0d9e012bbf42754_0, d0e2c41f895e0edf_0, d1adc7fcfc3d7551_0, d1b872fcf91e938d_0, d2c2201cbd11049c_0, d3387bb44b3fecbd_0, d3897332ad3d8cb7_0, d47e5193e1987f39_0, d500620967d0b640_0, d51dc1a6bb5d110c_0, d5692a146fc1d0d8_0, d75415f0cf0e1871_0, d9b319c7965f564c_0, daca2a1986d33428_0, dbddf159f40bf1e1_0, dc13e544004deaaa_0, dc6073f506ea589c_0, dce05f05d2fc3bea_0, dd10c7b4abaf5a13_0, de3c913c2122dcb4_0, e04ddac4693306f7_0, e0dc2adda0347635_0, e19b5c52fbd3a6f9_0, e2667c5fd4072388_0, e26f6a1c1cc6559e_0, e27fbd315ccc194b_0, e39d6ba80163ffb2_0, e4c848e92dece5d3_0, e5ce186a72c22439_0, e5fe58f46e7d8f04_0, e603a7ed12099c50_0, e6efa24402adbc20_0, e83afe9f73c2f5fb_0, e874e45c777f8e15_0, e993e87b84306d0d_0, eaede1e74e807305_0, eaf4681a6f964890_0, ebc36bfc61328947_0, ecbdebf7471f2b05_0, ece65436557b22db_0, ed4bd66a4c3b98e9_0, ed5da33ead83ccad_0, ed72ff1e788e5fc6_0, ee024e875d7a5f6d_0, ee30fd598752c0e3_0, ef6c0b0d55330766_0, f0743f62c1965039_0, f08568925c979d7d_0, f2618be58ce11bb0_0, f2b37b72a7448671_0, f37ef1fc4e96b037_0, f3d1732f77f67d13_0, f5c993a2ffc48b3e_0, f601fcadfbaa7772_0, f8174119e689145c_0, f8ccbce18514814d_0, f8e2a833e0c2fbdb_0, f94bb924b2d4bff4_0, f9ef73ec62050a3f_0, fbbc45c48aa41375_0, fbbf22b27a1a668a_0, fbff0550326a674d_0, fcb3f46fb66c4170_0, fd6a3eb605b81654_0, fdac4c8b4c046e7f_0, fdbef54d00e5d00a_0, fe721cb6a81d3512_0, fea7b534a4c1d897_0, ffda3995a01a9ed5_0, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb]
New files: 2 Deleted files: 1
New files: 
000283.log, 000284.ldb, 
Deleted files: 
000280.log, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb]
New files: 2 Deleted files: 2
New files: 
000011.log, 000013.ldb, 
Deleted files: 
000007.log, 000009.ldb, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js]
New files: 365 Deleted files: 3
New files: 
00df9eb0e4519169_0, 01355c287c6c0bf1_0, 023e08a23cb743c2_0, 03fecba3a28c882d_0, 04016fb96b70823a_0, 0533f3623f92fdc9_0, 057f218d2b7e23e3_0, 08470813f78b2760_0, 0a46e5f3b06df611_0, 0bd0e316b0065249_0, 0d634c5b39d19645_0, 0d87d26a647ffa4d_0, 0da78e3d48154260_0, 0e12c1135c40781b_0, 0f586bc4c0f1dd62_0, 0f947011818f50cb_0, 0fd50fef683bd56f_0, 112ef35d6f63da62_0, 129eee9f60f114ee_0, 137c178f31b04ed5_0, 13f30a1ba6520676_0, 14208c1dfa8fb56a_0, 14775b2278b4b260_0, 14afa7f5758a2f51_0, 162ebf41e95beadc_0, 16931e1e427c2a87_0, 172d407a894ed0f2_0, 1959a6a8dcf121f9_0, 195e0ebb1a61a4a8_0, 1a2e89e9f17c3ac2_0, 1a8cf52e2c173823_0, 1b1bbebae045f130_0, 1ba8716abeb15eed_0, 1c8e00816325e07f_0, 1f998eb2a552ad01_0, 209ba0305605eed3_0, 20cd7b1311a8e73b_0, 226258700eb3564f_0, 236a14f608d15a72_0, 258d93c6f3152173_0, 2736cac48b0a31ff_0, 2804be5cee62ac56_0, 28179ca2605d8938_0, 28d10fc124a46c92_0, 2919b5f316f4731a_0, 2926ac0f29910dc5_0, 295f2e2f7cd4d181_0, 298c56cf73f8e8bb_0, 29ad70c17fb54a33_0, 29e92882fa9ff377_0, 2a1191e6db2fca38_0, 2ad8702059b55371_0, 2b8b5d8931e160fc_0, 2c63473f71b25490_0, 2c722d97d58c7154_0, 2c7c784282cd6d2c_0, 2db9275f15a4ae52_0, 2ea18795b5a604ee_0, 2f1978ca8c97be8a_0, 2f437598371af1a4_0, 2fad00fb867dce9e_0, 3072510023be1ecb_0, 308fb9635a94f578_0, 30a86f0dd31600e9_0, 31fe695920b056ee_0, 3224a5bad821f0f3_0, 32f0e284637f57d3_0, 338cba65bad7588e_0, 35277986f14b00d4_0, 35a0ce48ced145e7_0, 36366a42d01b5ef8_0, 369f4eff46d8cd77_0, 3733ec430962ebc4_0, 38c25a77cd7ede84_0, 3a4d48df0f20f0b8_0, 3c915dc9cd4003f8_0, 3d36542f8e5f55a6_0, 3e81060522ab07d5_0, 3ec460aebf0b6bf3_0, 3f3332cecbda14f6_0, 3f5c57995a5223a6_0, 4024d95c6005b40f_0, 40a67d9663175973_0, 40d94564e2d70501_0, 40f8f32ffdf90ef9_0, 41ca1a750b8cd248_0, 41ead140f523d501_0, 422cfaa423f640c8_0, 42facb3ff1f45fdc_0, 44188af1d4e9df68_0, 44a1000d32d8c4d6_0, 44ed1d9fc34ec906_0, 46215992241fb93b_0, 467951f658d6b2e1_0, 46cbc428610a2c90_0, 479d0de9ee385a94_0, 490789c8b890b65a_0, 4a92b4dddd015095_0, 4b44197208098f53_0, 4b5d51b22b1efacf_0, 4b68bcd49547dcf0_0, 4bc678b824602c17_0, 4c5d2f6feb20fb04_0, 4c8b44acf334ef17_0, 4db14bdcc6aeb12b_0, 4dbd1d1e6d3bab8f_0, 4f121306cbe5308c_0, 4f93429570b21446_0, 4fc47e35e90058c1_0, 508effdd00d0d435_0, 50db46d5728275ba_0, 50e5f8df216a0622_0, 50ecb4996e575d33_0, 53db80f6e45ec711_0, 5471c68087183b9c_0, 55258f35051051bb_0, 57692f47843b2b73_0, 5868b43343b061b4_0, 58b748c2c52e3206_0, 58e163c3ea8926e7_0, 595ea968b8aaeb56_0, 59e7b9b363901b37_0, 59fe078703339343_0, 5ab526b4627eeb24_0, 5ad7672fb12ce42a_0, 5ae10e00b9a82220_0, 5bcf2477b3f55099_0, 5c3a89c2e1ba5a01_0, 5c56a7e10017bc17_0, 5df8b6ccde317180_0, 5f42f2f73d68d150_0, 5fab2f31913319e2_0, 5fbe71f1e661c1f3_0, 621a1921b400c00d_0, 627995f5e8c12c6c_0, 62d7019a73cc1182_0, 63346592b1283f0f_0, 64beabfd319a8917_0, 6505534f79475992_0, 65d49f7936f1f6ad_0, 67b0873d29b4f4da_0, 687c0d0d1a652cfc_0, 68ccbc8b81efc16c_0, 6a94cc6c21f4c33b_0, 6a97fb1d78a7dc89_0, 6b2a6e033ddd4b60_0, 6cb90ec9841aae24_0, 6cc9beb589c97fd7_0, 6d1188a3254d0ce9_0, 6db706f7d0d8428c_0, 6ecf5f98d007e4f8_0, 714969554c3751c0_0, 7184433f8e819bd9_0, 73e746d805671b35_0, 73fdb2f5119f12b6_0, 740549ae5010108b_0, 744ef697437aa11e_0, 748a892619aef53e_0, 75dca34670ed2913_0, 75ddc50f6a7a4fd6_0, 765002939d1d8d31_0, 7709df05070e74cb_0, 771f35434e4d76a8_0, 77cfe05e7c2bbaef_0, 7846f28499574f5f_0, 78cfb484dd344ca0_0, 7987bb2c5bb8eb59_0, 7a276d3ab388b4d0_0, 7aec786c98ca33b1_0, 7b65c168e257b9b6_0, 7b73cfa5910853b5_0, 7b92ec080ea16c77_0, 7b93bcccdbbe521d_0, 7b9ded181785658e_0, 7c6535b97d4eff57_0, 7cab648275c21b14_0, 7cda95d18a00d6b9_0, 7de5552434141a16_0, 7e257053eaaec400_0, 7eacdf3883fa9c5a_0, 7f233d0cef361bee_0, 7f5c68cf16aad469_0, 7fc2e8a2dfd664a6_0, 7fcd3764e5487d37_0, 80d3e1a5cc8f485e_0, 824ebfd946f59ebe_0, 827cc0be3c4e30d1_0, 829733c5a1d40f4e_0, 8367c54759e1d98f_0, 8432c13cc44886b5_0, 8569f6763faa772b_0, 85895745032afc4d_0, 8719a469483a9dd4_0, 873cdd0e94a43073_0, 883e8d0b247667cf_0, 88f33294b7c3a5c9_0, 895316a732654b81_0, 89723a4ff3536629_0, 89c010fc311e09a3_0, 89da00615b6df3b8_0, 8cdfbd58100e6b9e_0, 8d4035e8078a6712_0, 8e3cb6cab5045a8d_0, 8e9d2a7882a17508_0, 907809641e9b7ca9_0, 9111c32813499d47_0, 91142b0cfa1ed3a4_0, 911e59509dd7d5a2_0, 928c849c3b3620b5_0, 92b739125baf9a99_0, 93bbfe7be7742e52_0, 94130ffbab18cbcb_0, 9474f142e7b21e5d_0, 94885bf00959449e_0, 94c503d2fd0c22e7_0, 958b573f5fa3a204_0, 95c2f6b0daf39b64_0, 95cc8eb1a987040b_0, 971fa7200d34d370_0, 972e8524571ab5c3_0, 983b7b9fe02d9d40_0, 98c7668197e3c22a_0, 998838a323061d3c_0, 99cd13bf5573e43c_0, 99f86a3a817639e4_0, 9a7c76cf098bcf6b_0, 9b6a0ecdb277c84b_0, 9b9cc2a5ae0defe8_0, 9d818b5c0aa3111e_0, 9f2eda7ab57e8be1_0, 9fc3d4c445a988f1_0, 9fe7b1eb38e7c361_0, a053d54de4f69f06_0, a0c59d98e1ec2489_0, a13884078b1d4585_0, a1e0ea980633c788_0, a204e1d0184e9a76_0, a205ecfa29620a30_0, a2e736655a1b72e4_0, a3a6fa922c089ca2_0, a409b2e5a5114ffa_0, a4988a8efd0b14a3_0, a6da3c6893f48f4f_0, a6e8aa41d5f1d15e_0, a7b1e03ecf55c4b4_0, a7b46e7c59e57990_0, a7ce4606bab9773d_0, a851196606a5ce27_0, a949eff570f4f0d1_0, a9a6cb110b047fa5_0, aad1978a974674d3_0, abb7cfe5b0d0df8d_0, abea5b718c911cdd_0, ae414fa0406378d8_0, afbd5a3036ada7de_0, b10955e39130ef69_0, b3c7664f71372075_0, b3ec8e12a701f583_0, b5a57229d7a9f69a_0, b5bcf6e0a1358ed6_0, b5fd70a1ba979330_0, b6d3627be6f96124_0, b80664f2ca16c41a_0, b9c7a68534f46556_0, ba0f1e45e8eaeb72_0, bbea268f2acdd040_0, bc009191165fb33c_0, bc7c6115236217a9_0, bc7e46816f88fa65_0, bcce58eaf6aaf0d4_0, bccec85ebb7d2aae_0, bd024645aab7b705_0, bd83acd64c8a7fe6_0, bdd43dd8c838d640_0, bddc63bd41cd2067_0, be0fc878a9a4abb4_0, be7312b2fa835aa4_0, c103e4340641179e_0, c16efeccbc3cac39_0, c19a8f6a45f99e03_0, c1cf9f656291e1fb_0, c21c2c2afa881f47_0, c7832e54cd944aa9_0, c7a32d08d330fc1f_0, c9a6ea13513c5146_0, c9ffe3084e361ae3_0, cb5f42fe8e09b4ec_0, cc0918e7be21f00a_0, cc169cc991d88e06_0, cd911b0f6b509ceb_0, cecfe4e926ab7631_0, cf134d76638c3cd6_0, cf4ee14037938386_0, cf4fc800084a3598_0, cf821a38dbd3dcf8_0, cfd3dd521a33cc95_0, d0363861d8a96620_0, d1f5dcdca4d128e9_0, d236070195b12967_0, d28cc52021b45477_0, d38a6dfac17b2fbf_0, d3a68b72b95b0acc_0, d4692fddd8627873_0, d70c90dd6ff57028_0, d80621c4565730de_0, da688fbf8c984f3f_0, da94e9b684d0745d_0, db71f6502b4feadb_0, dc0877286a37c65a_0, dc863203f22b3b63_0, dcecf2f78fb20030_0, dd65e7789ecec70f_0, dd66fcb2fb9929b2_0, ddc00a952d7558c9_0, de0c8cb9c4f9fb7c_0, de98fae516abe236_0, deba5c1de60990ba_0, e085978c22c96fde_0, e0fde945a05e676d_0, e176e47b7e0df6fd_0, e288e7f56bb95d6c_0, e2ec163692a4e33d_0, e312b0b02e030456_0, e3974050edb75bd2_0, e3e24d81417e5292_0, e40dea80673c179a_0, e41b7b7d8b42b2ce_0, e5ba2d523718020f_0, e65e81b5e61197bd_0, e6bd5ae350e86f22_0, e742ca12e72928ba_0, e9261720be350120_0, e9526e1f40941e0e_0, e98450efddfd2d2f_0, eaec08aedcc83cb4_0, eb276a9c1a4ad3fa_0, eb2aa2f9179bfb38_0, eb85e8d9c1598af6_0, eb9137e91a6e0179_0, ed6aa724ca874f84_0, ed7e098557db4887_0, ede50e9794cd61c0_0, edeb47d4865012f7_0, ee7cc6276f705e4d_0, ee9cf46c4cb15d39_0, eec00e2b33bdeaf7_0, eefc9957d4502904_0, f04eaae929f1bb88_0, f097a7c7062f269a_0, f0a63e251d9ce26d_0, f1519c209bdf4e20_0, f3bf3bc842dd2f54_0, f4d0425b7f65d9e9_0, f537ada124e9038b_0, f5b6e4504312b3c8_0, f64cfddcf9b03e75_0, f655ba222192496d_0, f7d53367cd94ae84_0, f905d4955f6acfe6_0, f909fa7029740511_0, f965946723f9d184_0, f9bb2b0ccf1683fc_0, fa44bedee6dfd62a_0, fa8653547cba499f_0, fbf40f4291d32dff_0, 
Deleted files: 
814056ad940b2f8d_0, a379cc96aefa8468_0, e5e1f57f071689b8_0, 


[\\?\c:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data]
New files: 656 Deleted files: 292
New files: 
f_000e55, f_000e58, f_000e59, f_000e5a, f_000e5d, f_000e5f, f_000e61, f_000e62, f_000e64, f_000e66, f_000e69, f_000eaf, f_000ec1, f_000ec3, f_000ec4, f_000ec5, f_000ec6, f_000ec7, f_000ec8, f_000ee6, f_000ee8, f_000f30, f_000f31, f_000f32, f_000f33, f_000f34, f_000f35, f_000f36, f_000f37, f_000f38, f_000f39, f_000f3a, f_000f3b, f_000f3c, f_000f3d, f_000f3e, f_000f3f, f_000f40, f_000f41, f_000f42, f_000f43, f_000f44, f_000f45, f_000f46, f_000f48, f_000f49, f_000f4a, f_000f4b, f_000f4c, f_000f4d, f_000f4e, f_000f4f, f_000f50, f_000f51, f_000f52, f_000f53, f_000f54, f_000f55, f_000f56, f_000f57, f_000f58, f_000f59, f_000f5a, f_000f5b, f_000f5c, f_000f5d, f_000f5e, f_000f5f, f_000f60, f_000f61, f_000f62, f_000f63, f_000f64, f_000f65, f_000f66, f_000f67, f_000f68, f_000f69, f_000f6a, f_000f6b, f_000f6c, f_000f6d, f_000f6e, f_000f6f, f_000f70, f_000f71, f_000f72, f_000f73, f_000f74, f_000f75, f_000f76, f_000f77, f_000f78, f_000f79, f_000f7a, f_000f7b, f_000f7c, f_000f7e, f_000f7f, f_000f80, f_000f81, f_000f82, f_000f83, f_000f84, f_000f85, f_000f86, f_000f87, f_000f88, f_000f89, f_000f8a, f_000f8b, f_000f8c, f_000f8d, f_000f8e, f_000f8f, f_000f90, f_000f91, f_000f92, f_000f93, f_000f94, f_000f95, f_000f96, f_000f97, f_000f98, f_000f99, f_000f9a, f_000f9b, f_000f9c, f_000f9d, f_000f9e, f_000f9f, f_000fa0, f_000fa1, f_000fa2, f_000fa3, f_000fa4, f_000fa5, f_000fa6, f_000fa7, f_000fa8, f_000fa9, f_000faa, f_000fab, f_000fac, f_000fad, f_000fae, f_000faf, f_000fb0, f_000fb1, f_000fb2, f_000fb3, f_000fb4, f_000fb5, f_000fb6, f_000fb7, f_000fb8, f_000fb9, f_000fba, f_000fbb, f_000fbc, f_000fbd, f_000fbe, f_000fbf, f_000fc0, f_000fc1, f_000fc2, f_000fc3, f_000fc4, f_000fc5, f_000fc6, f_000fc7, f_000fc8, f_000fc9, f_000fca, f_000fcb, f_000fcc, f_000fcd, f_000fce, f_000fcf, f_000fd0, f_000fd1, f_000fd2, f_000fd3, f_000fd4, f_000fd5, f_000fd6, f_000fd7, f_000fd8, f_000fd9, f_000fda, f_000fdb, f_000fdc, f_000fdd, f_000fde, f_000fdf, f_000fe0, f_000fe1, f_000fe2, f_000fe3, f_000fe4, f_000fe5, f_000fe6, f_000fe7, f_000fe8, f_000fe9, f_000fea, f_000feb, f_000fec, f_000fed, f_000fee, f_000fef, f_000ff0, f_000ff1, f_000ff2, f_000ff3, f_000ff4, f_000ff5, f_000ff6, f_000ff7, f_000ff8, f_000ff9, f_000ffa, f_000ffb, f_000ffc, f_000ffd, f_000ffe, f_000fff, f_001000, f_001001, f_001002, f_001003, f_001004, f_001005, f_001006, f_001007, f_001008, f_001009, f_00100a, f_00100b, f_00100c, f_00100d, f_00100e, f_00100f, f_001010, f_001011, f_001012, f_001013, f_001014, f_001015, f_001016, f_001017, f_001018, f_001019, f_00101a, f_00101b, f_00101c, f_00101d, f_00101e, f_00101f, f_001020, f_001021, f_001022, f_001023, f_001024, f_001025, f_001026, f_001027, f_001028, f_001029, f_00102a, f_00102b, f_00102c, f_00102d, f_00102e, f_00102f, f_001030, f_001031, f_001032, f_001033, f_001034, f_001035, f_001036, f_001037, f_001038, f_001039, f_00103a, f_00103b, f_00103c, f_00103d, f_00103e, f_00103f, f_001040, f_001041, f_001042, f_001043, f_001044, f_001045, f_001046, f_001047, f_001048, f_001049, f_00104a, f_00104b, f_00104c, f_00104d, f_00104e, f_00104f, f_001050, f_001051, f_001052, f_001053, f_001054, f_001055, f_001056, f_001057, f_001058, f_001059, f_00105a, f_00105b, f_00105c, f_00105d, f_00105e, f_00105f, f_001060, f_001061, f_001062, f_001063, f_001064, f_001065, f_001066, f_001067, f_001068, f_001069, f_00106a, f_00106b, f_00106c, f_00106d, f_00106e, f_00106f, f_001070, f_001071, f_001072, f_001073, f_001074, f_001075, f_001076, f_001077, f_001078, f_001079, f_00107a, f_00107b, f_00107c, f_00107d, f_00107e, f_00107f, f_001080, f_001081, f_001082, f_001083, f_001084, f_001085, f_001086, f_001087, f_001088, f_001089, f_00108a, f_00108b, f_00108c, f_00108d, f_00108e, f_00108f, f_001090, f_001091, f_001092, f_001093, f_001094, f_001095, f_001096, f_001097, f_001098, f_001099, f_00109a, f_00109b, f_00109c, f_00109d, f_00109e, f_00109f, f_0010a0, f_0010a1, f_0010a2, f_0010a3, f_0010a4, f_0010a5, f_0010a6, f_0010a7, f_0010a8, f_0010a9, f_0010aa, f_0010ab, f_0010ac, f_0010ad, f_0010ae, f_0010af, f_0010b0, f_0010b1, f_0010b2, f_0010b3, f_0010b4, f_0010b5, f_0010b6, f_0010b7, f_0010b8, f_0010b9, f_0010ba, f_0010bb, f_0010bc, f_0010bd, f_0010be, f_0010bf, f_0010c0, f_0010c1, f_0010c2, f_0010c3, f_0010c4, f_0010c5, f_0010c6, f_0010c7, f_0010c8, f_0010c9, f_0010ca, f_0010cb, f_0010cc, f_0010cd, f_0010ce, f_0010cf, f_0010d0, f_0010d1, f_0010d2, f_0010d3, f_0010d4, f_0010d5, f_0010d6, f_0010d7, f_0010d8, f_0010d9, f_0010da, f_0010db, f_0010dc, f_0010dd, f_0010de, f_0010df, f_0010e0, f_0010e1, f_0010e2, f_0010e3, f_0010e4, f_0010e5, f_0010e6, f_0010e7, f_0010e8, f_0010e9, f_0010ea, f_0010eb, f_0010ec, f_0010ed, f_0010ee, f_0010ef, f_0010f1, f_0010f2, f_0010f3, f_0010f4, f_0010f5, f_0010f6, f_0010f7, f_0010f8, f_0010f9, f_0010fa, f_0010fb, f_0010fc, f_0010fd, f_0010fe, f_0010ff, f_001100, f_001101, f_001102, f_001103, f_001104, f_001105, f_001106, f_001107, f_001108, f_001109, f_00110a, f_00110b, f_00110c, f_00110d, f_00110e, f_00110f, f_001110, f_001111, f_001112, f_001113, f_001114, f_001115, f_001116, f_001117, f_001118, f_001119, f_00111a, f_00111b, f_00111c, f_00111d, f_00111e, f_00111f, f_001120, f_001121, f_001122, f_001123, f_001124, f_001125, f_001126, f_001127, f_001128, f_001129, f_00112a, f_00112b, f_00112c, f_00112d, f_00112e, f_00112f, f_001130, f_001131, f_001132, f_001133, f_001134, f_001135, f_001136, f_001137, f_001138, f_001139, f_00113a, f_00113b, f_00113c, f_00113d, f_00113e, f_00113f, f_001140, f_001141, f_001142, f_001143, f_001144, f_001145, f_001146, f_001147, f_001148, f_001149, f_00114a, f_00114b, f_00114c, f_00114d, f_00114e, f_00114f, f_001150, f_001151, f_001152, f_001153, f_001154, f_001155, f_001156, f_001157, f_001158, f_001159, f_00115a, f_00115b, f_00115c, f_00115d, f_00115e, f_00115f, f_001160, f_001161, f_001162, f_001163, f_001164, f_001165, f_001166, f_001167, f_001168, f_001169, f_00116a, f_00116b, f_00116c, f_00116d, f_00116e, f_00116f, f_001170, f_001171, f_001172, f_001173, f_001174, f_001175, f_001176, f_001177, f_001178, f_001179, f_00117a, f_00117b, f_00117c, f_00117d, f_00117e, f_00117f, f_001180, f_001181, f_001182, f_001183, f_001184, f_001185, f_001186, f_001187, f_001188, f_001189, f_00118a, f_00118b, f_00118c, f_00118d, f_00118e, f_00118f, f_001190, f_001191, f_001192, f_001193, f_001194, f_001195, f_001196, f_001197, f_001198, f_001199, f_00119a, f_00119b, f_00119c, f_00119d, f_00119e, f_00119f, f_0011a0, f_0011a1, f_0011a2, f_0011a3, f_0011a4, f_0011a5, f_0011a6, f_0011a7, f_0011a8, f_0011a9, f_0011aa, f_0011ab, f_0011ac, f_0011ad, 
Deleted files: 
f_000444, f_000445, f_000446, f_000899, f_0008b7, f_0008b8, f_0008b9, f_0008ba, f_0008bb, f_0008bc, f_0008bd, f_0008be, f_0008bf, f_0008c1, f_0008c2, f_0008c3, f_0008c4, f_0008c5, f_0008c6, f_0008c8, f_0008ca, f_0008cb, f_0008cd, f_0008ce, f_0008cf, f_0008d0, f_0008d2, f_0008d3, f_0008f0, f_0008f2, f_0008f4, f_0008f6, f_0008f7, f_0008f9, f_0008fb, f_0008fd, f_0008fe, f_000900, f_000901, f_000902, f_000903, f_000904, f_000905, f_000907, f_000928, f_000929, f_00092a, f_00092b, f_00092d, f_00092f, f_000930, f_000931, f_000d1a, f_000d1b, f_000d1c, f_000d1d, f_000d1e, f_000d1f, f_000d20, f_000d21, f_000d22, f_000d23, f_000d24, f_000d25, f_000d26, f_000d27, f_000d28, f_000d29, f_000d2a, f_000d2b, f_000d2c, f_000d2d, f_000d2e, f_000d2f, f_000d30, f_000d31, f_000d32, f_000d33, f_000d34, f_000d35, f_000d36, f_000d37, f_000d38, f_000d39, f_000d3a, f_000d3b, f_000d3c, f_000d3d, f_000d3e, f_000d3f, f_000d40, f_000d41, f_000d42, f_000d43, f_000d44, f_000d45, f_000d46, f_000d47, f_000d48, f_000d49, f_000d4a, f_000d4b, f_000d4c, f_000d4d, f_000d53, f_000d57, f_000d5b, f_000d5c, f_000d5d, f_000d5e, f_000d5f, f_000d60, f_000d61, f_000d62, f_000d63, f_000d64, f_000d65, f_000d66, f_000d67, f_000d68, f_000d69, f_000d6a, f_000d6b, f_000d6c, f_000d6d, f_000d6e, f_000d6f, f_000d70, f_000d72, f_000d73, f_000d76, f_000d79, f_000d7b, f_000d7d, f_000d80, f_000d82, f_000d84, f_000d86, f_000d88, f_000d89, f_000d8b, f_000d90, f_000d97, f_000d9a, f_000d9d, f_000d9e, f_000d9f, f_000da0, f_000da1, f_000da2, f_000da3, f_000da8, f_000da9, f_000daa, f_000dad, f_000dae, f_000daf, f_000db0, f_000db1, f_000db3, f_000db4, f_000db5, f_000db6, f_000db7, f_000db8, f_000db9, f_000dba, f_000dbb, f_000dbc, f_000dbd, f_000dbe, f_000dbf, f_000dc0, f_000dc1, f_000dc2, f_000dc3, f_000dc4, f_000dc5, f_000dc6, f_000dc7, f_000dc9, f_000dcd, f_000dce, f_000dcf, f_000dd0, f_000dd1, f_000dd2, f_000dd3, f_000dd4, f_000dd5, f_000dd6, f_000dd7, f_000dd8, f_000dd9, f_000dda, f_000ddb, f_000ddc, f_000ddd, f_000dde, f_000ddf, f_000de0, f_000de1, f_000de2, f_000de4, f_000de8, f_000de9, f_000deb, f_000def, f_000df3, f_000df5, f_000df6, f_000df7, f_000df8, f_000df9, f_000dfa, f_000dfb, f_000dfc, f_000dfd, f_000dfe, f_000dff, f_000e00, f_000e01, f_000e02, f_000e03, f_000e04, f_000e05, f_000e06, f_000e07, f_000e08, f_000e09, f_000e0a, f_000e0b, f_000e0c, f_000e0d, f_000e0e, f_000e0f, f_000e10, f_000e11, f_000e12, f_000e13, f_000e14, f_000e15, f_000e16, f_000e17, f_000e18, f_000e19, f_000e1a, f_000e1b, f_000e1c, f_000e1d, f_000e1e, f_000e1f, f_000e20, f_000e21, f_000e22, f_000e24, f_000e2a, f_000e2c, f_000e2e, f_000e30, f_000e31, f_000e32, f_000e33, f_000e34, f_000e36, f_000e37, f_000e38, f_000e39, f_000e3a, f_000e3b, f_000e3d, f_000e3e, f_000e3f, f_000e40, f_000e41, f_000e42, f_000e43, f_000e44, f_000e45, f_000e46, f_000e47, f_000e48, f_000e49, f_000e4a, f_000e4b, f_000e4c, f_000e4d, f_000e4e, f_000e4f, f_000e51, f_000e53, f_000e54, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\component_crx_cache]
New files: 2 Deleted files: 2
New files: 
gonpemdgkjcecdgbnaabipppbmgfggbe_1.a8d1ba34e89015541755249a2edf6469ef1c7c35a44aa940100656c64b5f3f11, hfnkpimlhhgieaddgfemjhofmfblmnib_1.d3f3a04c2bbd112ddf294d239c0f7122f085b479f6929d340d999c91f8e761ce, 
Deleted files: 
gonpemdgkjcecdgbnaabipppbmgfggbe_1.343f89ab78af0e534d007c36c58633f186f14da683423c364db6a8c86b394ef3, hfnkpimlhhgieaddgfemjhofmfblmnib_1.ecb11b1890992d1b820bd9e1947794f42f5756382fd2cc0834b6dca4b0e9a080, 


[\\?\c:\Users\Username\AppData\Local\Google\Chrome\User Data\BrowserMetrics]
New files: 1 Deleted files: 1
New files: 
BrowserMetrics-669E2A20-DA0.pma, 
Deleted files: 
BrowserMetrics-6698BD40-3754.pma, 

[\\?\c:\ProgramData\MspPlatform\PME\CachedMetadata]
New files: 1 Deleted files: 1
New files: 
74e734c8-858b-4438-92f8-92b639597f91, 
Deleted files: 
96d6bf66-d712-4354-91cb-ab338e3bcea6, 


[\\?\c:\ProgramData\Microsoft\Windows Defender\Scans]
New files: 13 Deleted files: 13
New files: 
mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.01, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.67, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.6C, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.79, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.7C, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.7E, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.80, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.83, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.87, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.A0, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.DB, mpcache-BCAC676A9F9AE76B5A4946DF44A1238E8E713A47.bin.E6, 
Deleted files: 
mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.01, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.67, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.6C, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.79, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.7C, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.7E, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.80, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.83, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.87, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.A0, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.DB, mpcache-3AB15A560DD5A2E1871943ACB5A8E9FE92CB55F0.bin.E6, 


[\\?\c:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data]
New files: 1 Deleted files: 3
New files: 
70798691db6122fe20b10531d274838ca8724924, 
Deleted files: 
0c6853a8f1fb14d45287767a7a436a2289532bf9, 0ee1106d9c13ccbf0bb187d714a33e8978d4d209, 258b9f09bd3fc066934dac3820610ae85e95803a, 


[\\?\c:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick]
New files: 1 Deleted files: 1
New files: 
{D9B7818A-BE88-4B40-ABE6-EE2FCFB09943}, 
Deleted files: 
{441D6A13-1BE9-4F64-A24C-4432CC662DFF},


We are wondering if these are possible malware files. But as you can see there are new files and deleted files, and they are almost the same. Does anyone have the same issue with non FSLogix Profiles terminal servers and a possible fix?

And the weird thing is they come and go. Sometimes we get the malware detection two days in a row and then 5 days its all fine and then it comes back with the AppData detection.

Veem Version: 12.1.2.172

Hi @b.tanke 

Welcome to the forums. 

On quick glance, these looks like normal application files. Have you tried running a stand alone malware scan on the system in question?
Additionally, what are your settings for the malware scanning in Veeam?
I’d also suggest opening a ticket with Support to further investigate as when it comes to malware, you can never be too careful.

 

Hi @b.tanke -

First off...what type of scan are you running within Veeam? File System Analysis (FSA) or Inline Entropy?...or both?

Veeam came out with the some pretty decent updates to both their engines. You’re on the latest version, so you should be good to go there, if these potential threats were caught by the FSA. The only way to be sure if the files in question are potential malware or not is to run an antivirus (A/V) scan against your server. It’s real easy to do → just rt-click the VM from the Backups > Disks, section (expand the Job the Terminal VM is in). Then rt-click the VM > and select Scan Backup. You can select to only do a scan against a certain time range, specifically up until when Veeam detected potential Malware. If the A/V scan come back ok, then I recommend doing a YARA scan. If you don’t have Veeam Data Platform editions Advanced or Premium, you can’t run the YARA from within Veeam. You’ll have to do it “manually” on the Terminal server but is quite easy to do. See my “Veeam Malware Forensics” post below on how to create a YARA file and where to download the YARA tool to manually run a YARA scan; as well as how to interpret the results.
 

If both of the scans come back ok, then you can, with high confidence, determine the files you have questions on are false positives. As such, you can then configure your Terminal Services VM as such → configure exclusions if the above was caught by the FSA engine, and/or configure for a ‘general false positive’ detection by going into the Inventory node, rt-clicking the VM in the Malware section, and selecting Mark as clean. But, do not choose the ‘exclude VM’ option. You only need to mark the VM as clean for the false positives Veeam found. If you exclude the VM wholistically, Veeam will no longer even scan the VM, which you don’t want.

Hopefully that helps you out. Please don’t hesitate to let us know if you still have questions.

Best.

I would suggest scanning the location as noted and take a look at the details Shane shared as that is great information.

Hi @coolsport00

we are using File System Analysis and we ran a antivirus scan. That came out clean, so we ran a YARA scan with the YARA rule FindFileByHash.yara. That created a log with a bunch of data that I don’t know how to use or what to do with.

 

Here are a few examples:

SearchFileHash aSuppressMalwareDetectionNotification] C:\VeeamFLR\VMName_b3b60ecf\Volume1\$33598FA7D1894F33881FF0C22CA1FD95\3B09086CC3D14AD69536D6346F7C693C\8A412B486DFA40EA972A6655660157943.pdf

SearchFileHash aSuppressMalwareDetectionNotification] C:\VeeamFLR\VMname_b3b60ecf\Volume1\$Recycle.Bin\S-1-5-21-935034633-3516943619-776674318-1351\$R3EBAAJ.msg

SearchFileHash aSuppressMalwareDetectionNotification] C:\VeeamFLR\VMName_b3b60ecf\Volume1\Program Files\Adobe\Acrobat DC\Acrobat\Assets\Square150x150Logo.scale-200.png

SearchFileHash aSuppressMalwareDetectionNotification] C:\VeeamFLR\VMName_b3b60ecf\Volume1\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner-4x.png

SearchFileHash aSuppressMalwareDetectionNotification] C:\VeeamFLR\ VMName_b3b60ecf\Volume1\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\identity_proxy\win11\identity_helper.Sparse.Stable.msix

SearchFileHash aSuppressMalwareDetectionNotification] C:\VeeamFLR\VMName_b3b60ecf\Volume1\Users\$DF877CC0AFDC44329BED33D8DABE1236\Documents\4F7F4546115142E587529D1890201248\8A412B486DFA40EA972A6655660157943.pdf

They don’t look harmful to me, and the log has an exit code of 0.

 

And you said if the VM is clean that you van configure exclusions. You can do this with a path or extension, but that’s probably not usable in our case because you can’t use wildcards yet. Because all our malware detection come from \c:\Users\username\AppData\. Do you have tips about that?

Thx for the useful information so far!

Hi @coolsport00,

we are using File System Analysis and we ran a antivirus scan. That came out clean, so we ran a YARA scan with the YARA rule FindFileByHash.yara. That created a log with a bunch of data that I don’t know how to use or what to do with.

 

Here are a few examples:

SearchFileHash sSuppressMalwareDetectionNotification] C:\VeeamFLR\VMName_b3b60ecf\Volume1\$33598FA7D1894F33881FF0C22CA1FD95\3B09086CC3D14AD69536D6346F7C693C\8A412B486DFA40EA972A6655660157943.pdf

SearchFileHash sSuppressMalwareDetectionNotification] C:\VeeamFLR\VMname_b3b60ecf\Volume1\$Recycle.Bin\S-1-5-21-935034633-3516943619-776674318-1351\$R3EBAAJ.msg

SearchFileHash sSuppressMalwareDetectionNotification] C:\VeeamFLR\VMName_b3b60ecf\Volume1\Program Files\Adobe\Acrobat DC\Acrobat\Assets\Square150x150Logo.scale-200.png

SearchFileHash sSuppressMalwareDetectionNotification] C:\VeeamFLR\VMName_b3b60ecf\Volume1\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner-4x.png

SearchFileHash sSuppressMalwareDetectionNotification] C:\VeeamFLR\ VMName_b3b60ecf\Volume1\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\identity_proxy\win11\identity_helper.Sparse.Stable.msix

SearchFileHash sSuppressMalwareDetectionNotification] C:\VeeamFLR\VMName_b3b60ecf\Volume1\Users\$DF877CC0AFDC44329BED33D8DABE1236\Documents\4F7F4546115142E587529D1890201248\8A412B486DFA40EA972A6655660157943.pdf

They don’t look harmful to me, and the log has an exit code of 0.

 

And you said if the VM is clean that you van configure exclusions. You can do this with a path or extension, but that’s probably not usable in our case because you can’t use wildcards yet. Because all our malware detection come from \c:\Users\username\AppData\. Do you have tips about that?

 

Thx for the useful information so far!

Comment


Terms & Conditions