1c4e647f...965d | IOCs
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

udxgjs.exe

Windows Exe (x86-32)

Created 6 years ago

...

Remarks (2/2)

(0x200000e): The overall sleep time of all monitored processes was truncated from "1 minute, 30 seconds" to "30 seconds" to reveal dormant functionality.

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Indicators

File (3734)
»
Filename Hash Operations Source
\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\Decoding help.hta - Access
\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\BOOTSTAT.DAT.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\cs-CZ\Decoding help.hta - Access
\\?\C:\Boot\da-DK\Decoding help.hta - Access
\\?\C:\Boot\de-DE\Decoding help.hta - Access
\\?\C:\Boot\Decoding help.hta - Access
\\?\C:\Boot\el-GR\Decoding help.hta - Access
\\?\C:\Boot\en-US\Decoding help.hta - Access
\\?\C:\Boot\es-ES\Decoding help.hta - Access
\\?\C:\Boot\fi-FI\Decoding help.hta - Access
\\?\C:\Boot\Fonts\Decoding help.hta - Access
\\?\C:\Boot\fr-FR\Decoding help.hta - Access
\\?\C:\Boot\hu-HU\Decoding help.hta - Access
\\?\C:\Boot\it-IT\Decoding help.hta - Access
\\?\C:\Boot\ja-JP\Decoding help.hta - Access
\\?\C:\Boot\ko-KR\Decoding help.hta - Access
\\?\C:\Boot\nb-NO\Decoding help.hta - Access
\\?\C:\Boot\nl-NL\Decoding help.hta - Access
\\?\C:\Boot\pl-PL\Decoding help.hta - Access
\\?\C:\Boot\pt-BR\Decoding help.hta - Access
\\?\C:\Boot\pt-PT\Decoding help.hta - Access
\\?\C:\Boot\ru-RU\Decoding help.hta - Access
\\?\C:\Boot\sv-SE\Decoding help.hta - Access
\\?\C:\Boot\tr-TR\Decoding help.hta - Access
\\?\C:\Boot\zh-CN\Decoding help.hta - Access
\\?\C:\Boot\zh-HK\Decoding help.hta - Access
\\?\C:\Boot\zh-TW\Decoding help.hta - Access
\\?\C:\bootmgr - Access
\\?\C:\BOOTSECT.BAK - Access
\\?\C:\BOOTSECT.BAK.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Adobe\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Adobe\diary.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Java\Java Update\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\DAO\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\CsiSoap.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\msdia80.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia80.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Services\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrwbin.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Decoding help.hta - Access
\\?\C:\Program Files (x86)\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.VisualElementsManifest.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Google\Chrome\Application\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Internet Explorer\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\bin\axbridge.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\bin\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\lib\alt-rt.jar.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\lib\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Java\jre7\LICENSE.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\README.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\release.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\Welcome.html.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\INLAUNCH.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAProject.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft.NET\RedistList\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\application.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\blocklist.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\chrome.manifest.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\components\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\crashreporter-override.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\MSBuild\Decoding help.hta - Access
\\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Uninstall Information\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Uninstall Information\deviant-potential-mistakes.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Defender\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Defender\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Defender\improving-birmingham.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Mail\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Mail\ways_get_musicians.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Media Player\Skins\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows NT\Accessories\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Portable Devices\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\settings.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\association ongoing artistic.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\DESIGNER\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\DW\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EURO\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Filters\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Help\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPLACE.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.ITS.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1CACH.LEX.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VC\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VGX\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Services\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\ado\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\ado\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\msadc\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\msadc\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\MSMAPI\1033\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\Ole DB\xmlrw.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\xmlrwbin.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Decoding help.hta - Access
\\?\C:\Program Files\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\en-US\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\Decoding help.hta - Access
\\?\C:\Program Files\Internet Explorer\Decoding help.hta - Access
\\?\C:\Program Files\Internet Explorer\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Internet Explorer\SIGNUP\Decoding help.hta - Access
\\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmgdsrv.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\centuries.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\detected-persistent-luther.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Apothecary.thmx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Aspect.thmx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Austin.thmx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.MMW.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCOLKI.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCVDTUI.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Office14\1036\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\3082\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\ACCDDSF.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\ACCDDSLM.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\AccessWeb\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Stationery\1033\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Templates\1033\Access\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Templates\1033\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Templates\Presentation Designs\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlcecompact35.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceer35EN.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceme35.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceoledb35.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceqp35.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Sync Framework\ceremony.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Sync Framework\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Sync Framework\hometown_estate.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Sync Framework\reproducedmelissa.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Sync Framework\silicon_mu.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Synchronization Services\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Synchronization Services\outcomes-increasing.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\MSBuild\Decoding help.hta - Access
\\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta - Access
\\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta - Access
\\?\C:\Program Files\MSBuild\pursuitbed.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\MSBuild\role.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\Decoding help.hta - Access
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\Decoding help.hta - Access
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Decoding help.hta - Access
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\Decoding help.hta - Access
\\?\C:\Program Files\Uninstall Information\Decoding help.hta - Access
\\?\C:\Program Files\Uninstall Information\israel.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\Decoding help.hta - Access
\\?\C:\Program Files\Windows Defender\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Windows Journal\Decoding help.hta - Access
\\?\C:\Program Files\Windows Journal\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Windows Journal\Templates\Decoding help.hta - Access
\\?\C:\Program Files\Windows Mail\Decoding help.hta - Access
\\?\C:\Program Files\Windows Mail\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Windows Media Player\brooklyn variations nothing.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Media Player\Decoding help.hta - Access
\\?\C:\Program Files\Windows Media Player\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Windows Media Player\Media Renderer\Decoding help.hta - Access
\\?\C:\Program Files\Windows Media Player\negotiationsbadge.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Media Player\Network Sharing\Decoding help.hta - Access
\\?\C:\Program Files\Windows Media Player\Skins\Decoding help.hta - Access
\\?\C:\Program Files\Windows NT\Accessories\Decoding help.hta - Access
\\?\C:\Program Files\Windows NT\Accessories\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Windows NT\TableTextService\Decoding help.hta - Access
\\?\C:\Program Files\Windows NT\TableTextService\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Windows Photo Viewer\Decoding help.hta - Access
\\?\C:\Program Files\Windows Photo Viewer\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Windows Photo Viewer\ensure.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Photo Viewer\methods.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Portable Devices\Decoding help.hta - Access
\\?\C:\Program Files\Windows Portable Devices\large.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Portable Devices\mambo_prediction_hiking.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Sidebar\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\frederick_manufacturing.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\settings.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\Decoding help.hta - Access
\\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft Help\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft Help\Hx.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\IdentityCRL\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\MF\Active.GRL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\MF\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\MF\Pending.GRL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\Network\Downloader\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\OFFICE\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\RAC\PublishedData\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\RAC\StateData\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\RAC\Temp\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\RAC\Temp\sql3793.tmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\RAC\Temp\sql37B3.tmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Support\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\Windows NT\MSScan\Decoding help.hta - Access
\\?\C:\ProgramData\Mozilla\logs\Decoding help.hta - Access
\\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Sun\Java\Java Update\Decoding help.hta - Access
\\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Decoding help.hta - Access
\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8YZI9tbYOTKzo.ppt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\BA-yZXQD61PJRw.flv.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bDIINWA2WJqh.mkv.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bmxWLLNd8TjkPhuK.m4a.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\CH4x6fQHSG1JHPS3ch5A.mp4.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Fwp3Te.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\hMGP-F3 obcDjp1HK7.xls.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-otFpnJAZYdGZgph-w2t.mp4.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0QFeq.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\34Y20Hy8prQawh8W.odt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3lrLEIdmVjd2 rgfcu.wav.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5NyfavX8M SwrLA.m4a.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\81Y6laQwMZt0iND.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\AB_vXOL0ok.avi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CbGRfnknZGA7NbXr.pptx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ffy2.mp4.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fW6GLbq3Ftca.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fxONycb0H.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gXq1w 2VVTzCJBe Hq.wav.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS115HKsxh5.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\hXTeLs-.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\IUA5z.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JYhU_0gVh.swf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KjsS.m4a.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O8t8zV01Bvm4sS9lF.xlsx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\odMVujhZ6CV.mkv.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OSIlz2Qe-sd.wav.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\9gTfF.mkv.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\_rfQRjmmEg0sPjEn\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\b1Sb6k4ypsm.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\NxoB945ki\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\NxoB945ki\MW8uM.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\QbAGsrc4RZ.avi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\QrIRPNJMy\AJZxWOTa_h16WU06C.swf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\QrIRPNJMy\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pXo9jRY.wav.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RB4vj.mp4.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RGRq4.wav.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RHlI3aC51oLl.avi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vf3m51G_2GmTdwKx.wav.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VT-1Mu2yHHu90r.odt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1 2o4p5zHCb-fvAtztO.rtf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\3gVd0.ppt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AIc9Isj7ADRjNzHWRWF_.pptx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\cn-HP5pWv wNnDGY4YF7.xlsx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\jN9TBQMyqFYmB5Rvq.ots.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\LhqwkdHvHp.pps.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\O86Jsoq0pVAcuu.docx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\uqnC-qDAk9uWzh2.doc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\vRdpPed7cbcKAIsGT.ods.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dilf19.docx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dmhLA6w_YLOh5kl hnV.pptx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dso03pCxSlJZc_V5rD.xlsx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GXhem_I.pptx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\imbV OAx3F1cWZTn03J.docx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KqudnBky5y.docx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\L33cwZgAwdRp0L9II.xlsx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lrVIyqwWp.xlsx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QaD66G.docx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OrzHNREAkWyGRcOhFv.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\28F4t8tm71.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\4AhrnACXRo8vjDqPzc.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7rpWX8QM.m4a.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7szc_Fu5fkpO.wav.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\F7VVSodfwxzw.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GYpujz6bZyZcO-T7R.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HIFLZmmHRuFv.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\JNTkGdgD9rpv-.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\M8_m4DClqwU.m4a.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Mwf6Kw2ezkWZ 06_k.m4a.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\8y51R.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\awj8XMkA\7E-_mMah slMT.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\awj8XMkA\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\BBgQlMYHL _2TA.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\m zp2v8n\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\pjZy-sspEQyllHo-q.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9yivo5.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Fw8HolHjfbNy4TO.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PcaDFoPfMRf61DpJA\1m1Vmuba.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PcaDFoPfMRf61DpJA\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\58 _CW2YhTWDYT.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\A-ruelEk.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\aKHBF.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\g-knkuKhkJ2I8jMff9.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\L6TZ6kzRLOi0t-.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\Nabr7D0X8dDzA.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\sm3 s8GK5IZhRurSKMel.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\UQpc.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wOarRpMQhZLo-EiPn.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\yXV940v9tS3ZrnFx.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\9lMGhV91NDMpqht7Q.avi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\fP I YrA_L5y0L.swf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HhnogPUR3.avi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\i5-I9YJ6OWOgcrAXv.swf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jTcc1pHis-E.swf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Microsoft Help\MS.GROOVE.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Microsoft Help\MS.MSACCESS.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Microsoft Help\MS.MSOUC.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Microsoft Help\MS.MSPUB.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\IconCache.db.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Feeds\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Media Player\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Temp\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Roaming\Microsoft\Protect\Decoding help.hta - Access
\\?\C:\Users\Default\Contacts\Administrator.contact.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Contacts\Decoding help.hta - Access
\\?\C:\Users\Default\Contacts\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Decoding help.hta - Access
\\?\C:\Users\Default\Desktop\Decoding help.hta - Access
\\?\C:\Users\Default\Desktop\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Documents\Decoding help.hta - Access
\\?\C:\Users\Default\Documents\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Downloads\Decoding help.hta - Access
\\?\C:\Users\Default\Downloads\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Favorites\Decoding help.hta - Access
\\?\C:\Users\Default\Favorites\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Favorites\Links\Decoding help.hta - Access
\\?\C:\Users\Default\Favorites\Links\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Favorites\Microsoft Websites\Decoding help.hta - Access
\\?\C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Favorites\MSN Websites\Decoding help.hta - Access
\\?\C:\Users\Default\Favorites\MSN Websites\MSN Autos.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Favorites\Windows Live\Decoding help.hta - Access
\\?\C:\Users\Default\Links\Decoding help.hta - Access
\\?\C:\Users\Default\Links\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Links\Desktop.lnk.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Links\Downloads.lnk.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Links\RecentPlaces.lnk.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Music\Decoding help.hta - Access
\\?\C:\Users\Default\Music\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\NTUSER.DAT.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\NTUSER.DAT.LOG.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Decoding help.hta - Access
\\?\C:\Users\Public\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Desktop\Adobe Reader X.lnk.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Desktop\Decoding help.hta - Access
\\?\C:\Users\Public\Desktop\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Desktop\Google Chrome.lnk.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Documents\Decoding help.hta - Access
\\?\C:\Users\Public\Documents\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Downloads\Decoding help.hta - Access
\\?\C:\Users\Public\Downloads\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Libraries\Decoding help.hta - Access
\\?\C:\Users\Public\Libraries\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Libraries\RecordedTV.library-ms.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Music\Decoding help.hta - Access
\\?\C:\Users\Public\Music\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Music\Sample Music\Decoding help.hta - Access
\\?\C:\Users\Public\Music\Sample Music\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Pictures\Decoding help.hta - Access
\\?\C:\Users\Public\Pictures\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Pictures\Sample Pictures\Decoding help.hta - Access
\\?\C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Pictures\Sample Pictures\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Recorded TV\Decoding help.hta - Access
\\?\C:\Users\Public\Recorded TV\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Recorded TV\Sample Media\Decoding help.hta - Access
\\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Videos\Decoding help.hta - Access
\\?\C:\Users\Public\Videos\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Videos\Sample Videos\Decoding help.hta - Access
\\?\C:\Users\Public\Videos\Sample Videos\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini - Access
\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 95d8074dc6a2e8b5930219f9d4c749a2
SHA1: 64be513a8c5709c9d133ff78ac84794cec1af4ce
SHA256: 3481df06b6dd3f55431cf65837ea22ea34c39d629242b779f08aa281792ce37a
SSDeep: 24:OmbHS5i+T9GxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:OmbylXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\BCD - Access
\\?\C:\Boot\BCD.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\BCD.LOG - Access
\\?\C:\Boot\BCD.LOG.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\BOOTSTAT.DAT - Access
\\?\C:\Boot\BOOTSTAT.DAT.[ID]hWWph9uJUOOy4hF1[ID] MD5: 2a3fda4440143527cda355e9faba8f15
SHA1: a28ccda79e5f255f9f8c377d99790fb0f0db5659
SHA256: 3ab0ebf7e675a87edd8920517641ebaf25052bb6b9e1c6c7a825e8f988af1127
SSDeep: 1536:UrA15HPsONqvwzOvZ4BMlNQMeacZHnfEjDaha0TjeBF:UuUONdzJylNkJf0N2jCF
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\cs-CZ\bootmgr.exe.mui - Access
\\?\C:\Boot\cs-CZ\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\cs-CZ\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\da-DK\bootmgr.exe.mui - Access
\\?\C:\Boot\da-DK\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\da-DK\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\de-DE\bootmgr.exe.mui - Access
\\?\C:\Boot\de-DE\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\de-DE\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\el-GR\bootmgr.exe.mui - Access
\\?\C:\Boot\el-GR\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\el-GR\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\en-US\bootmgr.exe.mui - Access
\\?\C:\Boot\en-US\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\en-US\memtest.exe.mui - Access
\\?\C:\Boot\en-US\memtest.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\es-ES\bootmgr.exe.mui - Access
\\?\C:\Boot\es-ES\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\es-ES\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\fi-FI\bootmgr.exe.mui - Access
\\?\C:\Boot\fi-FI\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\fi-FI\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\Fonts\chs_boot.ttf - Access
\\?\C:\Boot\Fonts\chs_boot.ttf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\Fonts\cht_boot.ttf - Access
\\?\C:\Boot\Fonts\cht_boot.ttf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\Fonts\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\Fonts\jpn_boot.ttf - Access
\\?\C:\Boot\Fonts\jpn_boot.ttf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\Fonts\kor_boot.ttf - Access
\\?\C:\Boot\Fonts\kor_boot.ttf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\Fonts\wgl4_boot.ttf - Access
\\?\C:\Boot\Fonts\wgl4_boot.ttf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\fr-FR\bootmgr.exe.mui - Access
\\?\C:\Boot\fr-FR\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\fr-FR\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\hu-HU\bootmgr.exe.mui - Access
\\?\C:\Boot\hu-HU\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\hu-HU\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\it-IT\bootmgr.exe.mui - Access
\\?\C:\Boot\it-IT\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\it-IT\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\ja-JP\bootmgr.exe.mui - Access
\\?\C:\Boot\ja-JP\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\ja-JP\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\ko-KR\bootmgr.exe.mui - Access
\\?\C:\Boot\ko-KR\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\ko-KR\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\memtest.exe - Access
\\?\C:\Boot\memtest.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\nb-NO\bootmgr.exe.mui - Access
\\?\C:\Boot\nb-NO\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\nb-NO\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\nl-NL\bootmgr.exe.mui - Access
\\?\C:\Boot\nl-NL\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\nl-NL\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\pl-PL\bootmgr.exe.mui - Access
\\?\C:\Boot\pl-PL\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\pl-PL\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\pt-BR\bootmgr.exe.mui - Access
\\?\C:\Boot\pt-BR\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\pt-BR\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\pt-PT\bootmgr.exe.mui - Access
\\?\C:\Boot\pt-PT\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\pt-PT\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\ru-RU\bootmgr.exe.mui - Access
\\?\C:\Boot\ru-RU\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\ru-RU\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\sv-SE\bootmgr.exe.mui - Access
\\?\C:\Boot\sv-SE\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\sv-SE\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\tr-TR\bootmgr.exe.mui - Access
\\?\C:\Boot\tr-TR\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\tr-TR\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\zh-CN\bootmgr.exe.mui - Access
\\?\C:\Boot\zh-CN\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\zh-CN\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\zh-HK\bootmgr.exe.mui - Access
\\?\C:\Boot\zh-HK\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\zh-HK\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Boot\zh-TW\bootmgr.exe.mui - Access
\\?\C:\Boot\zh-TW\bootmgr.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Boot\zh-TW\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\bootmgr - Access
\\?\C:\bootmgr.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\BOOTSECT.BAK - Access
\\?\C:\BOOTSECT.BAK.[ID]hWWph9uJUOOy4hF1[ID] MD5: a8db206ac143bbf54bccd0351da00d69
SHA1: a4c0b126a899c1263648bc3aef3ce6d1126121b4
SHA256: ebf68423cc03e99ff52e5bb72872af9519c2ce99f71be3fe8d65e55090ba4059
SSDeep: 192:uKzLRTnhLfELhZN6mlFjiHBrEzMCzsGzsqtftRx:uqHL8LhjQHeIKsIbF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\hiberfil.sys - Access
\\?\C:\hiberfil.sys.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab - Access
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9c6a05313d957057386283f55a2af8e0
SHA1: df01899301c8b1875f1ddf7a5e7363c9aa3b0d58
SHA256: f58630043dd69f2259295e5f66011be2395a3cfff695a274980cf1b4413da9e3
SSDeep: 196608:HmUOjHA7fKP0ReD0wXKLUEfRrDXP2ifogB+jHcSBLWiyvyWJRMLhdPWfi:GHcDKP0q0wM9JrL2ifJEjhW/6vL3Ai
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi - Access
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] MD5: f070518cf54af88c61e15a0fbd7017f0
SHA1: e172ba1940a4b1eaeff512a57ebfabe13dd7d872
SHA256: d51fe394e4e8753c2ec42d5741d9b56f6e457f8c71a669b2a7b4de8c1f3f0415
SSDeep: 49152:j5DMr980wyNPGfhBmAN/tdTex4S120ytJyha16CZtw:kK0wSPmN/q1o+
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml - Access
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi - Access
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] MD5: f8e1b3e4d990849ccd1485c3e325f45f
SHA1: 212b90f66ac5dd569eea127e29672fdb2bcee7cf
SHA256: f6301bdc3bd9895fc17f9bf326a6ccd0beee8b4542fc3f624d0a28cb432e3e18
SSDeep: 49152:wxzu8NlM5AyHE7oDdRiDH4qKx3dTex4S120ytJyhaLz6CCHmq:wxzu8QayHE0u4qGQ1oLS
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml - Access
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab - Access
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.[ID]hWWph9uJUOOy4hF1[ID] MD5: 072e08abdaf34906a354065bd94ad28b
SHA1: 36a375fba5f0c9484eb573ab1cad7a58595eea71
SHA256: 873427e2cfd1480a241800f42807751592aacd014fc1efdc1857bfd2450f6af2
SSDeep: 196608:XXOnh3NVAl+ig71eZ8FclBElWHp8byLbyo9crpLlR8ioLO0ZF9CrpbQ:HI9L71eiFgepGHyo2rpLkcoCrpbQ
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml - Access
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.[ID]hWWph9uJUOOy4hF1[ID] MD5: c6091b7201ddca9bb2a5360dd916ffae
SHA1: bd49c332bbe606436634ac72d758d45120097ab1
SHA256: 0c47817f68fc22bb6359af86c494f45396d85deaafd45c6f63728aefbf119834
SSDeep: 96:BfOATVziWL3Cq+suHVat6OTDsjLbziletqsRVwaI3lT5C0tRx:ZJTVzvL3RAagOsjLukhRYltftRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab - Access
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.[ID]hWWph9uJUOOy4hF1[ID] MD5: 93362be092ff357eaee70977e1a6fcde
SHA1: 689ccbcc61bfb484ddfed5dcfc61c68949086b38
SHA256: bb50c942c9d34564ae44b46a4085189585879983a404f4b4097abf62ca16510c
SSDeep: 196608:wXejc1FYH/R0M4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:4eAYpRn8IQkM2BFEx96G3AUf7FnzKj
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Decoding help.hta - Access, Write
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Decoding help.hta - Access, Write
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi - Access
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi - Access
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.[ID]hWWph9uJUOOy4hF1[ID] MD5: ae591acdb9576c1d033f9076157e3e66
SHA1: a3f314c3b88231dc288a7a6f123552ed61761f0e
SHA256: dd5ed022780358aa7107da4178010866f8fe2e8c3e580be55c9cf63123105938
SSDeep: 24576:rOjKeTZkhwaW4Ai3Cu+qy5T+KmUAlw9zgBMzo7rrzhJV:rGa1xFyp+KmUaXMzGzd
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml - Access
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab - Access
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.[ID]hWWph9uJUOOy4hF1[ID] MD5: e20dd64b9b9bdc16a8b3ae7105df5868
SHA1: 571bffd6a6cd2497be880b2ce55d1c4be90aa11a
SHA256: da6ccc88ff504654c87a015ad785aef5239f3a6ec815c7c3c6a4980762517bcc
SSDeep: 196608:+b14RdH9F7/iHXDI2CPKBUq6qMuGm9vqrRxoi93nnedBwzSlmKwDhANZbPhn:nRddFDX2J5uuGyCEi9uIQmlANRh
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml - Access
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.[ID]hWWph9uJUOOy4hF1[ID] MD5: bb7e7924714fa3d00216c20d140e3a99
SHA1: 967d7660ff235ce55933487c2ca384b29bf63743
SHA256: 15e5f4ef99b73f21444d5ccdb834a64573a4cf5f6daa3d330161dd2123114bbe
SSDeep: 192:mW+NC5y4YG2IADwL8PHPjQZx4rzzmVxBftftRx:ssy4MIADwL4vjQHhhVF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab - Access
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.[ID]hWWph9uJUOOy4hF1[ID] MD5: 78641a2385f568132d66ea7330bfe459
SHA1: a80352581c25ebd47866ff495227ad2a458e929e
SHA256: 75461c72f5dc777e1af0f63b2dabe1a46824f6355fb1595cac2285360f64b20e
SSDeep: 196608:KNi4K6k459i4hS7Zj1WNf2KvALmtl9ibbbL:wOm7iEYj1WMSALS9UbbL
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi - Access
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] MD5: cf5b5c610c0a99dfb5ce2f7c3ff6e0e8
SHA1: d6f6695c8ff78617e6f398c6b40995b2468fb812
SHA256: 0edad2065a290304695c7b52c93e47dac146db4b30efada4615bcf446d86f327
SSDeep: 49152:qYOdZqMNbdPWG+BoAmQWXUidTex4S120ytJyhaK6C3ow:OqMNbduGIoA1oY
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml - Access
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi - Access
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] MD5: 17a5daa3e6e78fe157e89c7e47903559
SHA1: 1a319318139f69de734a09ab2e0a553fd056fb20
SHA256: 79461c22e77e1233ee528d6eb9117695cb406a6ae046449bebe071064f9e6543
SSDeep: 49152:v32v5JT8pbUskqeD/AqRfVYI3Cip45HRYnSt20yeJji34mElfa6:v3k5JT8pFeLAq3TpRqA4n
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml - Access
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab - Access
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.[ID]hWWph9uJUOOy4hF1[ID] MD5: c2ca132560d386856c38a48ff27e6e9c
SHA1: c9f7197bd461d09a878855f6b34a810fbc647a33
SHA256: 14dff0dc7ce173102061a5740b149061288ccdc6863803dc5b27b6f1f253a5ce
SSDeep: 98304:Q5HZWogObOYiWppe38Cq3Q3o4go90+8DInrjxrXg5l3P1LV:Q55JcPWppQ8Cq3Q36/+8DOx76/1LV
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi - Access
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.[ID]hWWph9uJUOOy4hF1[ID] MD5: 555da9cb89ef0833d537ef183ec07326
SHA1: dca4fc207bc5dc426b06e9e4e3937ac6344ae7c7
SHA256: f816ed3a72d171d92a9f0051bd5022f140f98377323c071dfa147b9783873e35
SSDeep: 12288:TACS+WCZSJpU6n8nQ/5N5X4fQKbrWvJh8a7pwK7eNA/n:0CuCZSq+OP32pd7eNA/n
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.[ID]hWWph9uJUOOy4hF1[ID] MD5: e3d6c528ab2c09b8d14266085ae5e899
SHA1: 3473863a1391c949d69d190f8cbe1cbd1eb9771d
SHA256: 887fed475e5bd9de5cadad2f389ca09c36f2ca2a067042125393b376a53cef73
SSDeep: 24576:VkFPIq0t26S1SdKp3sGKXxu8fAiZSOTgrvN50:KihS1Dp8xjJkOUw
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll - Access
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\Decoding help.hta - Access
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi - Access
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.[ID]hWWph9uJUOOy4hF1[ID] MD5: 065128657e83885f16dedfba28104ece
SHA1: be79ca8613d03a62508a26605b7efe2b80dc4fd6
SHA256: f5bcea323fd4e8bcdebf56eee9ea8606b979b9ed1e38d1d4b47cbe6ae0d6a939
SSDeep: 24576:e1gUDrsQhfd7s8BHBya99zQl9ImEE2EsNvO:MxV7soRzQlymb2nG
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml - Access
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi - Access
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.[ID]hWWph9uJUOOy4hF1[ID] MD5: 3e1bc3f8310917071d47a233495d3bac
SHA1: f5c9485bd51297dbbfb9b7cac19ce512c4d7b3ec
SHA256: 9d7ad3c86f4cbe2a047fb43f61f7ee2c48ca2ab018c22cd4d87e7a2e27a79923
SSDeep: 24576:YLzGfMrmsLrHLe7AUEOsQBVdqsWS5RxzxIzRQR9pFkQIy0BqEI2S+o0k4Xqb9S:2qfFgLecQBV8sWS57az+zpFT0BqEI2Sw
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml - Access
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi - Access
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.[ID]hWWph9uJUOOy4hF1[ID] MD5: 5fa1285d79f61c0aad47fbd21da5c73c
SHA1: 358ebea406fc7adec24704580357a2f3186cebc6
SHA256: e2e6f2a7c325c2719ec527af5d5e5990c21dbb3b3fd547c6013b7a65b0004738
SSDeep: 24576:5WNhPEMz67yA07kg+X31EEoAKvopOhSxrSqDc8by0BqEI2S+o0k4Xqb99:5+PEMSyA07kg+e5oghSxrdO0BqEI2Sf
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml - Access
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi - Access
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8592b701caa1659f41dc54fe6582bd65
SHA1: 9a33279a7d7858568adc1e8c83c2f6f641db9e63
SHA256: f6a92b393dc5361bc5974ff46489d47e94e9a429f9f937672c66cf713ebd9973
SSDeep: 24576:GnrpEVeBxluQHDtDZuI2n5krPK5mqiZvk9Q7y0BqEI2S+o0k4Xqb9F:Ur6e9XHDtDZt2Ce57i89d0BqEI2S7
ImpHash: None 		Access, Write Dropped File
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml - Access
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\pagefile.sys - Access
\\?\C:\pagefile.sys.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Adobe\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Adobe\diary.exe - Access
\\?\C:\Program Files (x86)\Adobe\diary.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 89f1aa91aa276623f33209326370d669
SHA1: 2270f053fc7a0cb3bca325a6ef32a61ea567b3de
SHA256: 298b9869132846b49a2ef17ec5b8fd10c9cb7e0dd78b2b7f0d8bb179312d2f7f
SSDeep: 1536:gDgZoO1T8wC0CROfxe0+MOaEdLdw9xB0IwixQH1p7ZsocgQaD:zZd1ojRQxe8EdRICiSHX7ydeD
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm - Access
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm.[ID]hWWph9uJUOOy4hF1[ID] MD5: b83ddb0d9080b4f7285cade1cc38d556
SHA1: 3fa372b64b10a7beaf2692a4619ce15fac89a57b
SHA256: 3f7000b52561b5e6c4096dabc69d8eea231d03e3d8f1a9f788011fa55ff7a9f2
SSDeep: 192:sAXp4tiE8PBMCf57wJRWmRllFns8DEemqNeKnIFAGgsey6iq77l4tHAcYgjbP4ZG:XZb9dwJR9RDi3zFxeI9RlH0s5++sj8F/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm - Access
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Reader_10.0.helpcfg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\Java\Java Update\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe - Access
\\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\DAO\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\InkDiv.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\InkDiv.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\Microsoft.Ink.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\Microsoft.Ink.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwgst.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwgst.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwLatin.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwLatin.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\penchs.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\penchs.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\pencht.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\pencht.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\penjpn.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\penjpn.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\penkor.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\penkor.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\penusa.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\penusa.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\pipres.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\pipres.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\rtscom.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\rtscom.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\skchobj.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\skchobj.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\skchui.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\skchui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\tpcps.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\tpcps.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\CsiSoap.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.htm - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\msdia80.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia80.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\VGX.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\VGX.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd.[ID]hWWph9uJUOOy4hF1[ID] MD5: ebdad8bcef49a5b9e86b333c6fdb7d1a
SHA1: b3e6e0d33a8091a44a9c9fc5425cf5979f9130bf
SHA256: a0190f6b575d3813f9dd544f3eddacc750783b09467a61a4fe33f311cf9498e2
SSDeep: 24:M8NcFBudSsFBgGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:p6FUbcXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\Services\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp - Access
\\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSDecWrp.dll - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSDecWrp.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll - Access
\\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\adojavas.inc - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\adojavas.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\adovbs.inc - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\adovbs.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\System\ado\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msader15.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msader15.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado15.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado15.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado20.tlb - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado20.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado21.tlb - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado21.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado25.tlb - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado25.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado26.tlb - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado26.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado27.tlb - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado27.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado28.tlb - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msado28.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadomd.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadomd.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadomd28.tlb - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadomd28.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msador15.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msador15.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadox.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadox.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadox28.tlb - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadox28.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadrh15.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msadrh15.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msjro.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\ado\msjro.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\System\DirectDB.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\DirectDB.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui - Access
\\?\C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Common Files\System\msadc\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\handler.reg - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\handler.reg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\handsafe.reg - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\handsafe.reg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadce.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadce.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcer.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcer.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcfr.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcfr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadco.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadco.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcor.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcor.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadds.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msadds.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msaddsr.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msaddsr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdaprsr.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdaprsr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdaprst.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdaprst.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdarem.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdarem.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdaremr.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdaremr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdadc.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdadc.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaenum.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaenum.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaer.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaer.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasc.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasc.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasqlr.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasqlr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatl3.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatl3.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatt.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatt.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaurl.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaurl.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msxactps.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\msxactps.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbjvs.inc - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbjvs.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.rll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.rll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrwbin.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrwbin.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\wab32.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\wab32.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Common Files\System\wab32res.dll - Access
\\?\C:\Program Files (x86)\Common Files\System\wab32res.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\desktop.ini - Access
\\?\C:\Program Files (x86)\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9a08f7741e3f99bc70204e8e7bf9daa0
SHA1: d759574863ba7e37c6bce550f575197bf2f3af3f
SHA256: 9a079e8c848ac71dda04cc6e18d62fc7e80e92158457751f5793128fbd2e1ec0
SSDeep: 24:Jsp0GNoAaFI3Jsd+lhV9k13GxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKx:WhNoAawJbNuZXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - Access
\\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.VisualElementsManifest.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Google\Chrome\Application\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Internet Explorer\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Internet Explorer\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Internet Explorer\en-US\hmmapi.dll.mui - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\hmmapi.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\iedvtool.dll.mui - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\iedvtool.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\ieinstal.exe.mui - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\ieinstal.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\ielowutil.exe.mui - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\ielowutil.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\jsdbgui.dll.mui - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\jsdbgui.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\jsdebuggeride.dll.mui - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\jsdebuggeride.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\JSProfilerCore.dll.mui - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\JSProfilerCore.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\jsprofilerui.dll.mui - Access
\\?\C:\Program Files (x86)\Internet Explorer\en-US\jsprofilerui.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\ExtExport.exe - Access
\\?\C:\Program Files (x86)\Internet Explorer\ExtExport.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\hmmapi.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\hmmapi.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\ie8props.propdesc - Access
\\?\C:\Program Files (x86)\Internet Explorer\ie8props.propdesc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\iecompat.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\iecompat.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\iedvtool.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\iedvtool.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\ieinstal.exe - Access
\\?\C:\Program Files (x86)\Internet Explorer\ieinstal.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\ielowutil.exe - Access
\\?\C:\Program Files (x86)\Internet Explorer\ielowutil.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\ieproxy.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\ieproxy.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\IEShims.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\IEShims.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\iexplore.exe - Access
\\?\C:\Program Files (x86)\Internet Explorer\iexplore.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\jsdbgui.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\jsdbgui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\msdbg2.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\msdbg2.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\pdm.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\pdm.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins - Access
\\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7ab383c771765cc91318c559cd98536b
SHA1: b936b804b3c8041c0e27ce1c93acd5696e35b64b
SHA256: 98fb1fd3df0ea7642c602ef7ef322046769d2b9eca4a0c75d770086a4520db59
SSDeep: 24:Uji8eCpqEzZrirJiF507KSKVlGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkc:UWAzYYF5jVJXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Internet Explorer\sqmapi.dll - Access
\\?\C:\Program Files (x86)\Internet Explorer\sqmapi.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll - Access
\\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Java\jre7\bin\axbridge.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\bin\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT - Access
\\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT.[ID]hWWph9uJUOOy4hF1[ID] MD5: 78f8416a480d4f3f4f71311ce7fd038d
SHA1: 157d05a9066de31d6cd46a2321050dcb844753a9
SHA256: d987ef7cb8bfcc79b0ef07cdf64e52f2c7424c9fb7a45c53c3582828deab0434
SSDeep: 96:/23rZJVmWtc9GimX4NPumww2Q9mT5C0tRx:/2bZ2Wa9G3Kumww2QstftRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Java\jre7\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties - Access
\\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Java\jre7\lib\alt-rt.jar.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Java\jre7\lib\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Java\jre7\LICENSE - Access
\\?\C:\Program Files (x86)\Java\jre7\LICENSE.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9b039540fc45fa5f2b843b7945b4676b
SHA1: 4275a61f3552dc5e36df041acbea1e7e175b8659
SHA256: 1b1cd24ff6750c966c48809cb595c524ca0cf04ff08e55237590933d900d1681
SSDeep: 24:bIM082Fdry1rVk4vGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:bIM0FdrS7DXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Java\jre7\README.txt - Access
\\?\C:\Program Files (x86)\Java\jre7\README.txt.[ID]hWWph9uJUOOy4hF1[ID] MD5: 711d41945b05f70e2155bf548c623fb6
SHA1: 0c4bbc77f1f321c88ba3aa9868387214a7d3f5d5
SHA256: de41d5af7c616c00ed7b28f0e18764090e8dcea9d544ecf74795206c4bb0c32b
SSDeep: 24:s71EWF4mbCGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:6WWFJEXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Java\jre7\release - Access
\\?\C:\Program Files (x86)\Java\jre7\release.[ID]hWWph9uJUOOy4hF1[ID] MD5: 6cd86daa0fba91ed541b1c5ee31f5d77
SHA1: b4197840076016890234a28475aa2ebb9dc2660c
SHA256: 955d278986efb6894e60b15b5f43f58579c09a242667f2cc1284559c12d605e0
SSDeep: 48:77B8ggbql0VEvIKkDMJadXLXdvu4VHl5C05XKVIxx:77BxPtBPJapT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt - Access
\\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.[ID]hWWph9uJUOOy4hF1[ID] MD5: d7ea3acabb72b6aa7e91c444d61726bd
SHA1: 6ee970ee8f98a41bc6b2bbe6aac1a5cf8a622829
SHA256: 0e4e4ef78481c64443aa7a45e06e80f3c228af0eb54416ef55269ace3977598f
SSDeep: 3072:LdpYoXx3BME1m6enaCmOKuoyYmDUVJOJFvmY8pM:zdXxqam6en8JyYXLWvmY8W
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME.txt - Access
\\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME.txt.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9f5155f844b9d4ade1487ca779fabd9e
SHA1: c118cff382329d09a07c7d4d7a308f5ec3bdff7c
SHA256: efdbbf114b37762a03ca4007eccda87c193ae5d21f525521f5bd127ac6e88bb3
SSDeep: 3072:przCywTfzsjkYU8ZB+spCQfCtmxHob6YFfCaZ7Cnrt3sCLoK1sU0Qx:praTbLlK4mxHSAaIrWeoKmcx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Java\jre7\Welcome.html - Access
\\?\C:\Program Files (x86)\Java\jre7\Welcome.html.[ID]hWWph9uJUOOy4hF1[ID] MD5: 92f5438fca2fa71bd573361054f44f67
SHA1: 1bbb150b5abbcbfa500ff888fe2a6ff03d744078
SHA256: 78fbc1dbd7f6420273a02efa45b7fdbd1487e21f709107257d72a6f9271ca143
SSDeep: 48:7b5LqsfYWdOpFsfCba7XLXdvu4VHl5C05XKVIxx:7mjWhTT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll - Access
\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: 0fbbaca82035a44d8e9a21840312cfa6
SHA1: 09a276361369d3f288a9c20ca3bf865af3937fad
SHA256: 87b8959657bc66fb2ab3a570222993cb9cb3fca3921324c8c72735a51d814a64
SSDeep: 98304:Thi0uFx7/riiIQoCztyvh6TAzncofzE86q5U1ACwOVI/JHF0skAdo:T8nFFrIQoOwlDLF6qwLMP0skAdo
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmgdsrv.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: f9998c83baa36f040418a5858699a462
SHA1: d02b3eb1c89a559ef490dc99236cfa636fcaa3c7
SHA256: 5dc5cd340156de13d8f00915ca65a4c5424435e55dad050cb7923fdb0673f526
SSDeep: 768:HILmmCwbKYfaGOBmVby+jfcSXc5wjeQ0jL4Ub6vWk8RzxrrKTq44MF/:H2OiaGOBeW+wgc5vL4UWvgRtrAqvy
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: efc6598935b1b999b536c4bb54d41f5f
SHA1: 08b1a3e4ce152765ec58c5939fa390f4d3bc3609
SHA256: 705b93e2aac60c42a4d5677fe1f40fd3a694d430e9554c8e84cfdb86a897a20e
SSDeep: 1536:z2E9LQG7dZHoYD8jXAa9jnn/1RHgoEQ0cxW4Q:zHnZK28xlnnvHzXWN
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Office\Office14\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: dc081c370d7b28892d2a576bc968f2f0
SHA1: 998e75d26cd2d53e726b87386d714f6d5ec6c020
SHA256: 783bad63da879ac1180136ccf0bfcd28cf6c56db32d1c1f0bbf10f2e3c45b653
SSDeep: 1536:dEveICoec3XncYZR1O1fU9HFwm8NLKB0EvXUHZCDVGIAVANZWsZ:dcWi3XcYZR1OUFwnNKUHRVy9
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: fe48ee8b1e73f8eca7f00ee297eb9ce6
SHA1: 326db75d1f6884bfd817eac8f3fdab8edb65c07c
SHA256: af71c6d5f5463b8d3ccdd5f603000beed542a80f682723775bdca1677a36a3f6
SSDeep: 98304:sqWBJzjGiP0Z9Dd7+BTwINUccJkrDQrDfy:cBJjuJ7kgzy
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Microsoft Office\Office14\INLAUNCH.DLL - Access
\\?\C:\Program Files (x86)\Microsoft Office\Office14\INLAUNCH.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: 619c1f4750646401d70ca0a63d533560
SHA1: 968881e8d191871b461ee653ab31d50e5c053227
SHA256: 6e9ff627d563ff5063b4bb2c901ff739618f1133b905077ed26c6e9b8d3ae6ec
SSDeep: 1536:Ci53JCTZhKyJW9IAOaj7APzXitbfnUaci916sqMBoNJ0ZiyA/:fdMTZhvo9IAvgrXtU91ZqMBI0ZiZ
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAProject.dll - Access
\\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAProject.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: 2984e0d660c638eecd844f544f1bc94c
SHA1: 005c9e6590599acc583aec0794993eb8bbbc5d0e
SHA256: 3e5accbd039a25f1eec2ffb499a71194b0a8b006a493ace37d73be8ee4f979d1
SSDeep: 6144:FRexYDEkNJehtnPqNIwJQa/OIsLk3+tNcD0N+nvq+bo9URY:FRI4EfPdwJQmOzLnNcd/iUG
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll - Access
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: c4331d287507fc9094fd3c126a5885c0
SHA1: 4ce65d323ae906c0e055505aa8370f4737111a99
SHA256: 42cded4b7ea55064f51b2621e94cc83224d0ce440fe015b9aa3adc4a22493af7
SSDeep: 3072:FOoKZQYPlJD/9PGEqLia4XhBNjtG9jHgQ:goKZQYPlJD/tGEyitjU98Q
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll - Access
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: ba1ac4a89622586ebed8ac3b0d49f8ca
SHA1: d2348d10ac303283f21458e1ceb3e178ed875bef
SHA256: 46f69ad0971e2613d9b69c42e90701663ce4e1e026ee8a15ef04825aae865d7a
SSDeep: 98304:w7qrA+pDdXJIeLAiyAB84gPjKVuH62NhND7BMe8AlG:w7qM+pgSDStD7BMe8AlG
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml - Access
\\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml.[ID]hWWph9uJUOOy4hF1[ID] MD5: a3cc09b0cd2576842202076e9c55333c
SHA1: 31c5089e45a26a2de0cbf3ea4ddb6e07e77d193d
SHA256: 9be97811043ee266fc685365e3911979069864f5ae63e379da7972acfed9ec57
SSDeep: 384:5GKVjmzQ/olBCRpu/MR1KKfJx0t3w1PYteJY5dMF/:1ZmE/omRMkBJxPl8dMF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml - Access
\\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.[ID]hWWph9uJUOOy4hF1[ID] MD5: b6150dab72bfaa12f992a75688f7e0e1
SHA1: aafa20bf3f5cce9290c53322630dbcc6d8806dd3
SHA256: 53a8e4077702ebb3045e324a614abea49c78d1ba7b1da21c2829693f8316c85b
SSDeep: 192:awj11W7k4tTLUuCpm6fMn+zjl/K+AQOSMZdx5tftRx:HSA0mptf2+jlihQdARF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Microsoft.NET\RedistList\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9a7bc668dad24dd0c391d9aa38bca0be
SHA1: 862e6d591ec03f70046fcfe9b921d944530e6b54
SHA256: 1f15ab60576887e30379a566bec3a3f3b6366a7ce61348a504af59c65e2eeb11
SSDeep: 384:B3u4ZVnUndHrFgLz3CPOOWxjEeFctFtlwQi2CovHZZ6zkhF/:B3u4ZOdHraapbtlwQPLPfkkhF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Mozilla Firefox\application.ini - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\application.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7fa40ba6516b034bae832f8cfd442b49
SHA1: e842fba3f487673d5bd08fc0673d3328dac1b5a8
SHA256: dec37bcc6d144347843cc185067ef1757c0fed9e11a05d9423b9c8cc8f1f19cf
SSDeep: 48:J6FPcdd/AxwaqXLXdvu4VHl5C05XKVIxx:AZU/AxeT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: 6fc6adb3534b09ea1352208d57880032
SHA1: 99be33ac52099836497d057531df66dfd34006bf
SHA256: 59d996ebfe48b7b4e55d5503f5e8d55bc0ed0731ab25b120b4f782bce4c6c99f
SSDeep: 1536:BHQgLCNfTh29iMxBJ9ISYpr2V6zOdtf13xqCw7ME+0j1ehytml5YcE:NBLETh2FIt2V6ydtXqCqwAtmrE
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\blocklist.xml - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\blocklist.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\chrome.manifest - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\chrome.manifest.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\components\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\crashreporter-override.ini - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\crashreporter-override.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: fb7022a48ce2bad888bd5751657195fd
SHA1: 6e57dbfb9042843e02d943694f4440b0a1881625
SHA256: ec5e5bdb2080d7fd980e4f8546d5c90a38a55cd44ad3f9e50de0bd15a8eaf647
SSDeep: 3072:v8nqmq5BDDki8XA7Z7AjmyDAoVOWNNcxwoZhm+:UxVsVwmy4yUZA+
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Mozilla Firefox\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe - Access
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 18f98150e165a25a6bd1d8953ec540d1
SHA1: 00b889f0bf5c57832f52bc8094384747f9a8265e
SHA256: e865d5d8f29b05323ae7fea21740975b3a58c033d835a9a8587b26d4b803cc6d
SSDeep: 3072:1QJkU870fxBVWrjp9cPwbBOO4EQFzyLk7C2xhU4:14F8sEvp9mFO4ReLk7C2hj
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe - Access
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 74c8387319b3ed192c2ca29438065617
SHA1: 69397a572d69f31f42351ff431578c013d9a8496
SHA256: a7661bcb7b74b3d2cf6ba721aa3bfbd817424ba712cc43bbf6b766fa59fca32e
SSDeep: 3072:ocH10d6hrEFowMZs+IPVlBw0SrE2Dbl20n85:U6Zn5vr1I0ni
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini - Access
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files (x86)\MSBuild\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets - Access
\\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets.[ID]hWWph9uJUOOy4hF1[ID] MD5: 71b4a5b34691ac8df0d4ad3200eec78b
SHA1: bb207ac07d91c9742022d5fbd96abc99fb41bcbe
SHA256: fbcf832a77bfb8538349c29fb57f02037c0286c0fd852e0ed036d28bd983173c
SSDeep: 48:/9Wmt5tlLfqIjBL2knpXLXdvu4VHl5C05XKVIxx:FWi5WIjBL28T5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Uninstall Information\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Uninstall Information\deviant-potential-mistakes.exe - Access
\\?\C:\Program Files (x86)\Uninstall Information\deviant-potential-mistakes.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7f68c9a6204c7818bf59fa1a299b7f9a
SHA1: 344cef85c44624123028f0c8dd9fd543b9a36869
SHA256: 33d863a3bd0e2d2d90bedf0fedf5971fde0a5971a86eb9e973b35609a198bd6f
SSDeep: 1536:GC/YwF6Owwfflb+PBpfo9g9NDAMjpav4czkAadEi3CnaBY1:B/YwFbftkoG9NDAM0QkFaQa+
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Defender\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Defender\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Defender\en-US\MpAsDesc.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Defender\en-US\MpAsDesc.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Defender\en-US\MpEvMsg.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Defender\en-US\MpEvMsg.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Defender\improving-birmingham.exe - Access
\\?\C:\Program Files (x86)\Windows Defender\improving-birmingham.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: b0c4e6686ba0ca2e16f41e345c406782
SHA1: 3e0622f91f511dce33427cd9eb0a285660c85caf
SHA256: 17c25c370cd6eee93fb007c3397dc424553b1c0a3c21944504b6fcd60c970a57
SSDeep: 1536:5/gG5pzxMJIdJqAqMBTfriHVQ98el3JY7FuGY0o9Tz9/ttBdeUV:WGPFMJSqXMFriHVoZqF5Qzn
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Defender\MpAsDesc.dll - Access
\\?\C:\Program Files (x86)\Windows Defender\MpAsDesc.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Defender\MpClient.dll - Access
\\?\C:\Program Files (x86)\Windows Defender\MpClient.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Defender\MpOAV.dll - Access
\\?\C:\Program Files (x86)\Windows Defender\MpOAV.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Defender\MsMpLics.dll - Access
\\?\C:\Program Files (x86)\Windows Defender\MsMpLics.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Mail\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui - Access
\\?\C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\msoe.dll - Access
\\?\C:\Program Files (x86)\Windows Mail\msoe.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\MSOERES.dll - Access
\\?\C:\Program Files (x86)\Windows Mail\MSOERES.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\oeimport.dll - Access
\\?\C:\Program Files (x86)\Windows Mail\oeimport.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\wab.exe - Access
\\?\C:\Program Files (x86)\Windows Mail\wab.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\wabfind.dll - Access
\\?\C:\Program Files (x86)\Windows Mail\wabfind.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\wabimp.dll - Access
\\?\C:\Program Files (x86)\Windows Mail\wabimp.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\wabmig.exe - Access
\\?\C:\Program Files (x86)\Windows Mail\wabmig.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Mail\ways_get_musicians.exe - Access
\\?\C:\Program Files (x86)\Windows Mail\ways_get_musicians.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 83d3c6781e39c43ba23512edaafa27bf
SHA1: 64f4b077addc5824aaea5647b670434394235fee
SHA256: c9085a05085cc99898f80fb9e95703075abfd58ae1a450295f13cff3b5f48c83
SSDeep: 1536:bl2+ETboIbVM4p8Kxp6pNFbnBrI1PBwbUEinVM/lMAZotvT04WMXZkDbLXIN:bl2+5IbVmIpEFzBs1Pq0VCKUmvIzMOzE
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Mail\WinMail.exe - Access
\\?\C:\Program Files (x86)\Windows Mail\WinMail.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Media Player\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\wmlaunch.exe.mui - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\wmlaunch.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPDMC.exe.mui - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPDMC.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\avtransport.xml - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\avtransport.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\connectionmanager_dmr.xml - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\RenderingControl.xml - Access
\\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\RenderingControl.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\mpvis.DLL - Access
\\?\C:\Program Files (x86)\Windows Media Player\mpvis.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\setup_wm.exe - Access
\\?\C:\Program Files (x86)\Windows Media Player\setup_wm.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\Skins\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Media Player\Skins\Revert.wmz - Access
\\?\C:\Program Files (x86)\Windows Media Player\Skins\Revert.wmz.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmlaunch.exe - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmlaunch.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmpconfig.exe - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmpconfig.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\WMPDMC.exe - Access
\\?\C:\Program Files (x86)\Windows Media Player\WMPDMC.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\WMPDMCCore.dll - Access
\\?\C:\Program Files (x86)\Windows Media Player\WMPDMCCore.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmpenc.exe - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmpenc.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmplayer.exe - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmplayer.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll - Access
\\?\C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmpnssci.dll - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmpnssci.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\WMPNSSUI.dll - Access
\\?\C:\Program Files (x86)\Windows Media Player\WMPNSSUI.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmprph.exe - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmprph.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmpshare.exe - Access
\\?\C:\Program Files (x86)\Windows Media Player\wmpshare.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\Accessories\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe - Access
\\?\C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll - Access
\\?\C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows NT\TableTextService\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt - Access
\\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll - Access
\\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Portable Devices\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll - Access
\\?\C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Sidebar\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Sidebar\en-US\sbdrop.dll.mui - Access
\\?\C:\Program Files (x86)\Windows Sidebar\en-US\sbdrop.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Sidebar\en-US\Sidebar.exe.mui - Access
\\?\C:\Program Files (x86)\Windows Sidebar\en-US\Sidebar.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\Decoding help.hta - Access
\\?\C:\Program Files (x86)\Windows Sidebar\sbdrop.dll - Access
\\?\C:\Program Files (x86)\Windows Sidebar\sbdrop.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Sidebar\settings.ini - Access
\\?\C:\Program Files (x86)\Windows Sidebar\settings.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: b1f6df5455659558bb9e5538abbff19a
SHA1: 0c609936af57797c50ed59478826293f44ab6b78
SHA256: d1913d3ca9497d123749d315d664926084e217254da3b9a8d2f3c8efb000b1be
SSDeep: 24:PySOEUqhxh1/iAlYqGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:P3OEZhZlXXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files (x86)\Windows Sidebar\sidebar.exe - Access
\\?\C:\Program Files (x86)\Windows Sidebar\sidebar.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files (x86)\Windows Sidebar\wlsrvc.dll - Access
\\?\C:\Program Files (x86)\Windows Sidebar\wlsrvc.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\association ongoing artistic.exe - Access
\\?\C:\Program Files\Common Files\association ongoing artistic.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: e8755acdd62456182519c9a2aa069ed9
SHA1: e8972a61993465398f25f437a80d8445e02e3aca
SHA256: 7730d94d84c8aed3a6a6d17cc17b75bca11ef8bc1ecc865f7e7a931698aad491
SSDeep: 1536:FU0HgSuMuR/JVOq6VMNm3PY++l/Mf+dM7ngWEN9VAMh5yFqjzqOABpCWJGWx6y:FbHZUO7im3Xrfjns9VAMtGOUxB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\DESIGNER\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL - Access
\\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: c1f2e61ff4bc462be409171329d08151
SHA1: 703f67d332c1488253179eef782c8c49f5ad8526
SHA256: 41c06ea9d77d7aba82e54126eccd427ff06e6e4eeeca6dd9ba073166d27eb7fa
SSDeep: 3072:G0ln2JCbFM1loWnNy/PWWabkBjaCD25HWaCuc:Gu2KP30b+aCDLuc
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\DW\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EURO\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\Filters\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Help\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8a90b0a8d3a7644bb32a4fe34eb9bf36
SHA1: d6ccabbafc19c057df775cc56fb6e6f79521d17e
SHA256: b72444c118fa989e43b0705cfde912c813072ef367435e4b98e8835ae1afcfc7
SSDeep: 3072:/dvzRW1fa0vRnzchfPpHiZhjlDVXjUu410L4w/z2+l4sl:/drRWlhvNwhfPpHiZdlZXT5lVl
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: 68ddac5745f1cf552b92e6a1e29a5497
SHA1: 994b193c149ea2c2245697199d7f0680c2889d4a
SHA256: 5ebf4673e6bee8bde997bb55ccd6941e987138b5ba5bd759066aac0de7c75e65
SSDeep: 1536:tHI0q9cOgqBZ+ooenVlwE+oQ8mAzyTLlCdCxmzmUkD+UsMazE8gL2K7RFeD:tH5O9+ooS+EvltyTUdDmlD+I8K2h
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: 45fb0eb4b6e53f8cab535e31a54f7d9f
SHA1: 4c8bcf25582d7e9f17799f374649fa01e94c98d3
SHA256: dfca3445f30d06425418986b5c2c33d2b523cc2d3b179ebca127dbc2e4e8ad32
SSDeep: 3072:6/0QNofzeA7ZFNLoZCs3PZ8Zzt7dkjzmEt1kJfuNDmyOMBVooBQoTG++XjchvUW:6/0JvUEsRcs3mEEJfuNMMj9GrQuW
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPLACE.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPLACE.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FSTOCK.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 18e56f56ffb972425bef8c1a028e74ec
SHA1: 0a74697914611aa2b5e2851436a849c095c92fa7
SHA256: 767b2574a6b6d279b70c166db7228dc33a6c64435d0b4b5a70f85f678711a47a
SSDeep: 48:GkbE6LoFr1qVGwZwpRMv8aXLXdvu4VHl5C05XKVIxx:GkYeur1SZwpW0KT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: c4bb67184afc2c1c3d2e8ec3ee14ee28
SHA1: 612c5ae7f97460c4d017cefd1c7a7dc6008e9c82
SHA256: 017a1c98450fad1a57863e297dbf76c0cd8374d0ee5939cd14400779a85aabdc
SSDeep: 3072:2AxwOdr6lE8KzEhgXcGCB2hro9gxgFcdZxK3NfdzVWKu1oavxVZ:2Cr6lbeEh4CBkgFcANfdzVWKajP
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV.[ID]hWWph9uJUOOy4hF1[ID] MD5: 175fb15063b0d69600c427dad150eee2
SHA1: 3400c01e0100e54d904b34ab913b7c5ab2008353
SHA256: 338ec00d1a2bcd431a6686512eb1e204f91f5a206cc0f33de9e495b5ba26310b
SSDeep: 768:mLw6F2TzLluTf0Nk+a7A0BDG9Ym5dIKaiTfrD8tNdF/:mLFgLluzisU0BDqH5dIKainq
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv.[ID]hWWph9uJUOOy4hF1[ID] MD5: 0fcee0f782520fbb09def60bb45f9171
SHA1: 817af5fc55d6b27bd2b283facbff08bf282328b4
SHA256: bad1a4ca46a376c78485245966ec316493abdef1ef0d380f46f7abf87c54eaae
SSDeep: 1536:I37m8iSKddHHYv5Gg33SZdqGVQ+0QhKU3bi:Irm8FcOvjHSjUbU3bi
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX.[ID]hWWph9uJUOOy4hF1[ID] MD5: 5d3420fb355f95779c41387d288d9e5d
SHA1: 41c1d8b6676453e8e6766df2ade91ec5ec8ad8fd
SHA256: 96403d383f62c759fd349aa9b1fb41d2a8ad139db78b0e73a1fb39035438aefb
SSDeep: 24576:itBxQ/QCzDHIJqKGgjzIrznuYsWR2CmUud0xfpPp+qM3ZHDwK:i/x6TXHIg/t/xVEtknM3ZHDwK
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1CACH.LEX - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1CACH.LEX.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VC\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VGX\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL - Access
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\Services\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\Services\verisign.bmp - Access
\\?\C:\Program Files\Common Files\Services\verisign.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll - Access
\\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll - Access
\\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\adojavas.inc - Access
\\?\C:\Program Files\Common Files\System\ado\adojavas.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\adovbs.inc - Access
\\?\C:\Program Files\Common Files\System\ado\adovbs.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\System\ado\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Common Files\System\ado\msader15.dll - Access
\\?\C:\Program Files\Common Files\System\ado\msader15.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msado15.dll - Access
\\?\C:\Program Files\Common Files\System\ado\msado15.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msado20.tlb - Access
\\?\C:\Program Files\Common Files\System\ado\msado20.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msado21.tlb - Access
\\?\C:\Program Files\Common Files\System\ado\msado21.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msado25.tlb - Access
\\?\C:\Program Files\Common Files\System\ado\msado25.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msado26.tlb - Access
\\?\C:\Program Files\Common Files\System\ado\msado26.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msado27.tlb - Access
\\?\C:\Program Files\Common Files\System\ado\msado27.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msado28.tlb - Access
\\?\C:\Program Files\Common Files\System\ado\msado28.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msadomd.dll - Access
\\?\C:\Program Files\Common Files\System\ado\msadomd.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb - Access
\\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msador15.dll - Access
\\?\C:\Program Files\Common Files\System\ado\msador15.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msadox.dll - Access
\\?\C:\Program Files\Common Files\System\ado\msadox.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msadox28.tlb - Access
\\?\C:\Program Files\Common Files\System\ado\msadox28.tlb.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\ado\msadrh15.dll - Access
\\?\C:\Program Files\Common Files\System\ado\msadrh15.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Common Files\System\DirectDB.dll - Access
\\?\C:\Program Files\Common Files\System\DirectDB.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui - Access
\\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc - Access
\\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc - Access
\\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\System\msadc\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\System\msadc\handler.reg - Access
\\?\C:\Program Files\Common Files\System\msadc\handler.reg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\handsafe.reg - Access
\\?\C:\Program Files\Common Files\System\msadc\handsafe.reg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msadce.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msadce.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcer.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcer.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcf.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcf.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcfr.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcfr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msadco.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msadco.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcor.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcor.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcs.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msadcs.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msadds.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msadds.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msaddsr.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msaddsr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msdaprsr.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msdaprsr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msdaprst.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msdaprst.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msdarem.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msdarem.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msdaremr.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msdaremr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\msadc\msdfmap.dll - Access
\\?\C:\Program Files\Common Files\System\msadc\msdfmap.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\MSMAPI\1033\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files\Common Files\System\Ole DB\msdaosp.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msdaps.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msdaps.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msdasql.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msdasql.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msdatl3.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msxactps.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\msxactps.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\oledb32.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\oledb32.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc - Access
\\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc - Access
\\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.rll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\Ole DB\xmlrw.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\xmlrw.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Common Files\System\Ole DB\xmlrwbin.dll - Access
\\?\C:\Program Files\Common Files\System\Ole DB\xmlrwbin.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\wab32.dll - Access
\\?\C:\Program Files\Common Files\System\wab32.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Common Files\System\wab32res.dll - Access
\\?\C:\Program Files\Common Files\System\wab32res.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\desktop.ini - Access
\\?\C:\Program Files\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: be0d91550b1fc8c0ab40512ef3f23fbd
SHA1: 763f5750e0656de5702f347c0cf2c2010080c138
SHA256: c70e3d952e79136aa6c0498b7a9fafa394657fe8341b216d13a14b79c3268d0c
SSDeep: 24:3hVxBPT49/tR7GdmPWGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:3hPB0t7BPIXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\DVD Maker\audiodepthconverter.ax - Access
\\?\C:\Program Files\DVD Maker\audiodepthconverter.ax.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\bod_r.TTF - Access
\\?\C:\Program Files\DVD Maker\bod_r.TTF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\DVD Maker\directshowtap.ax - Access
\\?\C:\Program Files\DVD Maker\directshowtap.ax.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\DVDMaker.exe - Access
\\?\C:\Program Files\DVD Maker\DVDMaker.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui - Access
\\?\C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui - Access
\\?\C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui - Access
\\?\C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Eurosti.TTF - Access
\\?\C:\Program Files\DVD Maker\Eurosti.TTF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\fieldswitch.ax - Access
\\?\C:\Program Files\DVD Maker\fieldswitch.ax.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\offset.ax - Access
\\?\C:\Program Files\DVD Maker\offset.ax.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\OmdBase.dll - Access
\\?\C:\Program Files\DVD Maker\OmdBase.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\OmdProject.dll - Access
\\?\C:\Program Files\DVD Maker\OmdProject.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Pipeline.dll - Access
\\?\C:\Program Files\DVD Maker\Pipeline.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\PipeTran.dll - Access
\\?\C:\Program Files\DVD Maker\PipeTran.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\rtstreamsink.ax - Access
\\?\C:\Program Files\DVD Maker\rtstreamsink.ax.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\rtstreamsource.ax - Access
\\?\C:\Program Files\DVD Maker\rtstreamsource.ax.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\SecretST.TTF - Access
\\?\C:\Program Files\DVD Maker\SecretST.TTF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\Common.fxh - Access
\\?\C:\Program Files\DVD Maker\Shared\Common.fxh.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\DVD Maker\Shared\DissolveAnother.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DissolveAnother.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DissolveNoise.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DissolveNoise.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Full\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Push\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\Decoding help.hta - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png - Access
\\?\C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\Filters.xml - Access
\\?\C:\Program Files\DVD Maker\Shared\Filters.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\Shared\Parity.fx - Access
\\?\C:\Program Files\DVD Maker\Shared\Parity.fx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\soniccolorconverter.ax - Access
\\?\C:\Program Files\DVD Maker\soniccolorconverter.ax.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\sonicsptransform.ax - Access
\\?\C:\Program Files\DVD Maker\sonicsptransform.ax.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\DVD Maker\WMM2CLIP.dll - Access
\\?\C:\Program Files\DVD Maker\WMM2CLIP.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Internet Explorer\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui - Access
\\?\C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui - Access
\\?\C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui - Access
\\?\C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\en-US\ielowutil.exe.mui - Access
\\?\C:\Program Files\Internet Explorer\en-US\ielowutil.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui - Access
\\?\C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui - Access
\\?\C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\en-US\jsdebuggeride.dll.mui - Access
\\?\C:\Program Files\Internet Explorer\en-US\jsdebuggeride.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\en-US\JSProfilerCore.dll.mui - Access
\\?\C:\Program Files\Internet Explorer\en-US\JSProfilerCore.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui - Access
\\?\C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\hmmapi.dll - Access
\\?\C:\Program Files\Internet Explorer\hmmapi.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\ie8props.propdesc - Access
\\?\C:\Program Files\Internet Explorer\ie8props.propdesc.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\iecompat.dll - Access
\\?\C:\Program Files\Internet Explorer\iecompat.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\iedvtool.dll - Access
\\?\C:\Program Files\Internet Explorer\iedvtool.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\ieinstal.exe - Access
\\?\C:\Program Files\Internet Explorer\ieinstal.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\ielowutil.exe - Access
\\?\C:\Program Files\Internet Explorer\ielowutil.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\ieproxy.dll - Access
\\?\C:\Program Files\Internet Explorer\ieproxy.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\IEShims.dll - Access
\\?\C:\Program Files\Internet Explorer\IEShims.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\iexplore.exe - Access
\\?\C:\Program Files\Internet Explorer\iexplore.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\jsdbgui.dll - Access
\\?\C:\Program Files\Internet Explorer\jsdbgui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\jsdebuggeride.dll - Access
\\?\C:\Program Files\Internet Explorer\jsdebuggeride.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\JSProfilerCore.dll - Access
\\?\C:\Program Files\Internet Explorer\JSProfilerCore.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\jsprofilerui.dll - Access
\\?\C:\Program Files\Internet Explorer\jsprofilerui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\msdbg2.dll - Access
\\?\C:\Program Files\Internet Explorer\msdbg2.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\pdm.dll - Access
\\?\C:\Program Files\Internet Explorer\pdm.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Internet Explorer\SIGNUP\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins - Access
\\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins.[ID]hWWph9uJUOOy4hF1[ID] MD5: d91b55153e05a58cd9d32743fab55eb5
SHA1: f2953f51a301d76d3bea42a84856c9acbd20c846
SHA256: 4816865429e5715e6abf68e3509e487560a6cd260d4923b28ed265b35f62d359
SSDeep: 24:mY1vC8v4l3WMcxQ9MPGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:mkvCpWDQ94XLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Internet Explorer\sqmapi.dll - Access
\\?\C:\Program Files\Internet Explorer\sqmapi.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll - Access
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: 1ed81c1058e47593bc42c17122f77ce7
SHA1: 2daa981b3f30fc57f7b046669ebf7671d8bfa59e
SHA256: 8444371a26fdc171d1db1a0f7ae4a7eba02d91337ec940f54a208429e373d498
SSDeep: 49152:iem7JfsU60JEDmU3UIfPYGnvUgKgkFqcD/XRd9jSJy3BiaBDjilHeTYq4aLsIHE8:iedU60Qm9+oqcD/YJy3BiIGjzkFSW1T3
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmgdsrv.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\centuries.exe - Access
\\?\C:\Program Files\Microsoft Office\centuries.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 4d11f4ed4d0c96c7cb723bdf4051035a
SHA1: 3997dd1e595a0f6dc79d411b8aefcb36d6e818d8
SHA256: 0cd97ccd42e716544ed4ed1f5fd295ce8b6939c60d24089995d56947d3734541
SSDeep: 1536:3nhNNL9QZYg3Gm4zAzbOvWC6TMuMlapTQmYHZjC4oxl5fGAjDx:3TNuW2zqnMw2rOZjepOAHx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.[ID]hWWph9uJUOOy4hF1[ID] MD5: d73248f6844a48a37f2464c800cfb39d
SHA1: 841492c02b56ca35a7cb53d9aa4956398bea4171
SHA256: bc8ed2c41bdf3396d9d797cd628872e3784f8bb1494a6c155817d5f8698822e1
SSDeep: 192:NMtTUFasAzGi5+LHOiRvxNnbhYGl2EVYx6XCjqnZCxKn1HQy/SrT3RtftRx:ytTUoXBFgvBxl23VECQn17S/37F/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.[ID]hWWph9uJUOOy4hF1[ID] MD5: a27c787e76b0be260b6d9cc6a0c01a86
SHA1: 3bb3807da5e8cc1f4d392270fe25d9129b36cfd6
SHA256: 39d5b0b36c117499db8eba181c3bedc4d18098bf24865a321a860cb93d9456fe
SSDeep: 192:3pazUn8Hn0RkpIWHzhnyiOY0Mk6JyaqxtftRx:3bfkGWHztyiO5M5JVkF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.[ID]hWWph9uJUOOy4hF1[ID] MD5: 38877610700e6ec1017cdb238230a25c
SHA1: f7cc170defe485a3eef51dda732c5e40de566464
SHA256: 468b2bf61b7bf53ac4eeaab7ba9887f50ce14f7a8d2f3dd5745a32ceba11d213
SSDeep: 384:BL6VPCU7/cEKJQPnzuo/u0CsLyja2iern+F/:x6RCpTa//tCTa9F/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.[ID]hWWph9uJUOOy4hF1[ID] MD5: a5923efb11d71f4f5ee1a360adee6af7
SHA1: 62a68737da310a5ab552f90684cb0e99f93a710b
SHA256: a72b352a25777e82dbd4380a6b10b92f2e1978f3380dabf57869679435c223b1
SSDeep: 192:SnLSik0sV9fxWbMqXGCKeLPu/z/Da6ELp50jPtftRx:f0I9fYgoJHuTjBF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\Decoding help.hta - Access, Write
\\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\detected-persistent-luther.exe - Access
\\?\C:\Program Files\Microsoft Office\detected-persistent-luther.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 15daef91aa33559acb1b617adff25def
SHA1: 8fcc0c42a5bd43626967c1bd9166be70d82ea33f
SHA256: 5a5b3a0072ae32e86cf81658f94e0b0f8f3221dd25bc2e42489d3aa8f9c315ae
SSDeep: 1536:H5H1SSeXf1icrLL5BksP3MWmonDGmQ0zTUV8IHqoz9F0Dvm0HkMGYU:HpMNi6LL7kenDQ0M3KoB6DvTU
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx.[ID]hWWph9uJUOOy4hF1[ID] MD5: d5d4018cccf280bcb322e0d87b47365c
SHA1: a6aca86d0a115f36067a296e05ade581b5f7930d
SHA256: 71394005e4e9d659eeae1a553f1780e8a9040e05d014f1a4f05ad1e231e87ad1
SSDeep: 1536:ZbproKPkzEOPrMu4dz+se6Xo2lnnKMzRIExnX9R1ca:zMKc5rqz+sYnCRTxXj1p
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 2785e1ae4a563518f9c541dc06194bb6
SHA1: cc92900dc7969ea7afb8d5bfc79c0f6c692ee75f
SHA256: 8c3fb47fdc3a9c6c246777270a7b1bcd93c0b7863b51ef5ec3cc9d50ed576508
SSDeep: 1536:jAlx2Jd2YKUdiCTrOtI6RJQ4zVxSlt+skQo6k8T3ctFaDBIPcA:jA+HJTO84RclwrQo6kM3cCBFA
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 5dc52275383894f20b16d9f6e73b2970
SHA1: 9d6b1b7d1accf52df35bbfb8d76d660a2030a277
SHA256: 39c8cc53f0fbd35d812db60aa1e93f7984a2fd3f9e7b2fb85559b25b2238711f
SSDeep: 6144:Xai5jkqQc9ql765VbyhpaH/eHSrJdymdBNp:XP5ScslW5VbcaHOSrJdyqbp
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Apothecary.thmx - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Apothecary.thmx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 5da87a8e8fa274a4cbeb07ee9fb0095c
SHA1: b6fb7bbe844e2038e56be4f4a80b1c397c38bbed
SHA256: 189d63194ae8a4a1e4daf183e0a738eb37b49f98c60666ac0d45151da29f8b42
SSDeep: 1536:P3jkfHGIuM4KNy8u/ECri0Kb0v5aiZLB9igQNa+BBx9HMNIRN+D2aUFB5t:PYfmIEKNi8CVfBai9BoNa+BjyIK6a8t
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Aspect.thmx - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Aspect.thmx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 6666f733660dc98abab5bd99ca162514
SHA1: 578b49a48cd0103796f58d1da3f162320671c1ff
SHA256: 331f2dc128f6a3d5f867ec0baa37c744e588d9e9c2c4bf172a1e1f8e25318907
SSDeep: 1536:Er8nKfIgRDhOUXgUYVVoPRv2PrsKoSA9AHpjfdqbISQb3ap1KwWDa:Er8nKfIgR0UwPQPly4KubISS3ap0g
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Austin.thmx - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Austin.thmx.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Black Tie.thmx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Document Themes 14\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\Decoding help.hta - Access, Write
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8668d52cf73174eb00556cfc8a7d839a
SHA1: 17b89efaa1bcf2485a57c3b04822dc3b2a48b9ed
SHA256: 822460684e4526e24be15d6ead8440a5d288429f17729432a5c9dd0f3a95b5ab
SSDeep: 384:8jNkp2xHfH1t8CpAHoNQN40NTsTPf/EvexkijjnDaDOfF/:r21v11AINI40NTsjfDxf3mUF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.MMW - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.MMW.[ID]hWWph9uJUOOy4hF1[ID] MD5: 2d7c2017c31b9cdbb3f3ed12b57ab028
SHA1: ffe98bf0533bab172b8b26ef25fbe02923bcc213
SHA256: 3c5612b703b2e70008be2af51ed1d9c013352d379aa8843b7614e22b80f4789f
SSDeep: 6144:ncGdilSLx91FdjvdIcMdacW4zoJmZlemLGm8AREsV8WXuWjCjJlnX79:cGolSl9XxlfU0JwvSO5V8WD0DX79
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0088542.WMF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\Decoding help.hta - Access, Write
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\Decoding help.hta - Access, Write
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\Decoding help.hta - Access, Write
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\Decoding help.hta - Access, Write
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW - Access
\\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: 2d72ed09b09f7a6a345b9ba37fba5bad
SHA1: f8f449c9e3323ab19a3a3dd5efd9d2b4869bf37d
SHA256: ce8d59e44151a8e312cbbd727c4d0d26e7180c52e5db6ffdea9e09c667d07b56
SSDeep: 384:kS3UnXpCRxLB9cERzRUGl3xjp3sCW5F+RbLksfTKbLd6F7GHnA9AF/:5upCV9UiNWL+Rvksf8p6F7GHAaF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC.[ID]hWWph9uJUOOy4hF1[ID] MD5: 174b1b01332edc4ba620e899d933424b
SHA1: e7d7d7a1ec19d19c1bb48c1cb13ad40f4c74cb41
SHA256: fae556581c607df1f345cadc3ee6aabb002343299f873f77a79c3ea1794aa2f7
SSDeep: 12288:WNqqptQzfUM+8hUfAMZLMWUVwMCMtyS0K0aWg4dP:MvOil/ZKwdMGpP
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCOLKI.DLL - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCOLKI.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\Office14\1033\ACCVDTUI.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\1033\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Office14\1036\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL - Access
\\?\C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\Office14\3082\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL - Access
\\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL - Access
\\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7bd33d3d0e72b547bba87dfb51014976
SHA1: f8b806aa60b44b877adde2e3dfa193aafbec26e8
SHA256: afed652c8f6ec069776ea9ffde8265a3af9ca649db6bae64e2e193c041414f75
SSDeep: 24576:BTnjC3WkTS1w+QeKsP9G6TjiKnmKiC0+gJ1lLNhS7P:B9kTS157KEj0ga1lRMb
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Office14\ACCDDSF.DLL - Access
\\?\C:\Program Files\Microsoft Office\Office14\ACCDDSF.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: 00ae5e6c39d67a84680edb172fd590ad
SHA1: 65db9099cf38c12a32b80f89dcaa8cc446d7fadb
SHA256: 0aa7b0c32f2df2b558191562c6ed3091acc2cee01ecdf00d5574bb47a54781c1
SSDeep: 12288:3fg1UfIueSOTp17puyzMZ3oc3flyiE5PJmz3Vb8K1F/V4/:vgUIueTpBMyzafg3xmzlrBa
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Office14\ACCDDSLM.DLL - Access
\\?\C:\Program Files\Microsoft Office\Office14\ACCDDSLM.DLL.[ID]hWWph9uJUOOy4hF1[ID] MD5: fbdedeeabee3630f76da9c53fe536537
SHA1: b5718cd6324b5c42f65b87cb524bebb92b159b21
SHA256: 6be30d79539e18a476201d6e101457e7eb91f10849e01c65b9f5db32f0a7e062
SSDeep: 12288:yLsOOLieeA6yLWOdjzgb7jIr/vjdGJsoiLUH3HZ:yAHLfeA6BILLdGJ7CUJ
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\AccessWeb\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE - Access
\\?\C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\Office14\ACCVDT.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Office14\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF - Access
\\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF.[ID]hWWph9uJUOOy4hF1[ID] MD5: 3ddab6fdd9992be254ae36358ce8cb41
SHA1: 680ca034b245f542b8a269c8142bfcf7b9914d4f
SHA256: fdae132e4f366501a0daff757e6e53e104532ef5f470d515b75244b21ef1db0c
SSDeep: 192:g2calNsFFfa53TF9WLa9Nr6uroaRaxhFE4wBLefIbtftRx:FlNsFFfa5DF9GuF7CFE4wNZhF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM - Access
\\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Stationery\1033\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Templates\1033\Access\Assets.accdt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Templates\1033\Access\Decoding help.hta - Access, Write
\\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx - Access
\\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Office\Templates\1033\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Office\Templates\Presentation Designs\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: d90c1524e23a0f2778394e131e87d452
SHA1: d8a9d0ad266ea2819e57160ca7051fbb7706c6f4
SHA256: a91f637455e9676790e8c904e7a13ab7d9ce07033200385004da1e9d9cc94040
SSDeep: 12288:bqej7ahyN69SF25e+1rkMM98aSbjjIOShxs3D+5oJ0NQblA:Wej7Vkeqrkx98xrtShC3D+oIYu
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlcecompact35.dll - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlcecompact35.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: 20ec8e18c6c76816696a938c45e4d942
SHA1: 39d80c670f9266f76d38a01bc1e5773df2d085fc
SHA256: 20f333fa0170edbd7b63b00979f18e4cfe8c1c51873c76e02338851b4f3f4f04
SSDeep: 3072:G6guXI2rtGYeMEmhf4atZmTb9KKgpekpes4ep/Su1:GBuXI2r8Prmhf4atZiMKKeI4el91
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceer35EN.dll - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceer35EN.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: d6e97a7aaca27b9b4686ce9d5dc58a87
SHA1: 56028000d6856fbd80f97318290cbfcdd2c6c9f0
SHA256: f33f320e04ce2ebc87b8fe051fb0188c517b50e8df5605dd8a147afbedbe19fb
SSDeep: 3072:ybPNDhl0b/Z7oULCIlUS7m6hqUlaDqmNdjG9bCMLE9zzjYovyZTLrCBWe1G:sDhl0b/Z7oU9iS77roewtbaEhwwyZuIv
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceme35.dll - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceme35.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceoledb35.dll - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceoledb35.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceqp35.dll - Access
\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceqp35.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Sync Framework\ceremony.exe - Access
\\?\C:\Program Files\Microsoft Sync Framework\ceremony.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 096284c76ec763807b7270d2e5044fa4
SHA1: 8c86ed2d4eb2de8f378947907c153b40e5ae2dee
SHA256: 6061ec4f1583c8374942d6c5418f7e8190fcc11c6c95a551412614681dc68bb3
SSDeep: 1536:pQy7NXYvAurmc+LYMFriNZ7X34KVV7JdUKNbcgzClTQhc3cBGPc0:xCv/Kc+xBiNZ71zbcfQu3cB0c0
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Sync Framework\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Sync Framework\hometown_estate.exe - Access
\\?\C:\Program Files\Microsoft Sync Framework\hometown_estate.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: f6cad43675d0c17bf28adb3973dccd1f
SHA1: 5d37f4727f85995a0495e87eb89012fbb7346cd3
SHA256: 4d69cde2dacf6fe194628d86b787ae825f99be06ccccb92fd392cd3e181ef7ed
SSDeep: 1536:0aFWysoGm2tWVIZtXcqdZl5KY17g6baDcOmPGACf1dEo9GoWwXIKTK8:5Uysorm6IZtXcYZf17fOmPGACfrYiR
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Sync Framework\reproducedmelissa.exe - Access
\\?\C:\Program Files\Microsoft Sync Framework\reproducedmelissa.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 3a432171ca083c335b97fb02a5765b89
SHA1: 011fdef830f5655c5c5523a88c54b28b0b1b3b35
SHA256: 753343bd64c8edf87df1bbecf4104563a44dc57629fcfb2719a33cdad4a48fbf
SSDeep: 1536:HqXFLl3jvV0d8Wo8npowIOsyukVvYIWRdcI:HcFLl3iVnpQZIsbcI
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Sync Framework\silicon_mu.exe - Access
\\?\C:\Program Files\Microsoft Sync Framework\silicon_mu.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 00821630998bd01cbdf46f370784b5af
SHA1: 44ff9952c5ba12de78809e35f95f267377c667d8
SHA256: 231c17e03b77e95b9fd0bd42efd4a7774790c72c6df1e26e8a06daefd85bfe24
SSDeep: 1536:aI+1OzTcr3dIRfAuw1oIAcsxbtRIjBijzpZclW4rR:anKOdjRKIAbtt6jBGzpSlW4rR
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\Decoding help.hta - Access
\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll - Access
\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll - Access
\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Microsoft Synchronization Services\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Microsoft Synchronization Services\outcomes-increasing.exe - Access
\\?\C:\Program Files\Microsoft Synchronization Services\outcomes-increasing.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: aadfcb626083f5841229797ea6efe4f1
SHA1: 31bbaf1bc4f0fe03b69652babacd1533d8058c0d
SHA256: 2df4028cc95e8d07baef12c241e2acfca3cd1ddbfec8b73e9c49efa14548d865
SSDeep: 1536:hc3aHgiv99GZJtRB5f14VQXtI/8yTFiyN8JwOKkE:hIaHgMDAJT1CQq/PTUCVkE
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\MSBuild\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta - Access, Write
\\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta - Access
\\?\C:\Program Files\MSBuild\pursuitbed.exe - Access
\\?\C:\Program Files\MSBuild\pursuitbed.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7abd227ffa8994bb6dce9b51a2e6d1d6
SHA1: 0e9437bf483628d46768305764e1bddf1e68a48c
SHA256: a9662a7ce20e05119f088a048bf90017f1be7cc4b786ba8b6a7b8a30eba9d6c9
SSDeep: 1536:C9STYaBSf9+liXAyF2xuO4WAb7sOQscTCT4pUWVGmSa6cab/l4CxKlj:sSsTVeyFGGWqIOJcT4Wk9Qab/lOj
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\MSBuild\role.exe - Access
\\?\C:\Program Files\MSBuild\role.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 41d10c76d42f70a41a3042d8603d2b35
SHA1: e541debc758b8162a1a6e6ba091d9172d87c315a
SHA256: 84a5490073b6706f0c20491ac9701c1b3681d6ac58eb81023e06be27ea2d7b6b
SSDeep: 1536:46blxX/TFjzhLfbKf3FBxjDy1p5t8fokCpnpYlo8KXd+EOB:B//5jNjsxjDy1F2C1pYo8KXdbOB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\Decoding help.hta - Access
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\Decoding help.hta - Access
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Decoding help.hta - Access
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\Decoding help.hta - Access
\\?\C:\Program Files\Uninstall Information\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Uninstall Information\israel.exe - Access
\\?\C:\Program Files\Uninstall Information\israel.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8b106975984b74935973bf7446d702c7
SHA1: b511b6f5443877f235a328fd0c491e29f50fc8d2
SHA256: c4e39f170f0eb4f4eea91e1e65932c18602378fd9124a673773fe8e24794ccf1
SSDeep: 1536:X1REBtKPElOERnE3k0eDcUnTiu9XBuflqG2MAO3KRzQ5O/2ch:lWBteEl1nn0ewUTZButqG2MkRzQ5Od
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Defender\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Defender\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui - Access
\\?\C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui - Access
\\?\C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui - Access
\\?\C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MpAsDesc.dll - Access
\\?\C:\Program Files\Windows Defender\MpAsDesc.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MpClient.dll - Access
\\?\C:\Program Files\Windows Defender\MpClient.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MpCmdRun.exe - Access
\\?\C:\Program Files\Windows Defender\MpCmdRun.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MpCommu.dll - Access
\\?\C:\Program Files\Windows Defender\MpCommu.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MpEvMsg.dll - Access
\\?\C:\Program Files\Windows Defender\MpEvMsg.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MpOAV.dll - Access
\\?\C:\Program Files\Windows Defender\MpOAV.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MpRTP.dll - Access
\\?\C:\Program Files\Windows Defender\MpRTP.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MpSvc.dll - Access
\\?\C:\Program Files\Windows Defender\MpSvc.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MSASCui.exe - Access
\\?\C:\Program Files\Windows Defender\MSASCui.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MsMpCom.dll - Access
\\?\C:\Program Files\Windows Defender\MsMpCom.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MsMpLics.dll - Access
\\?\C:\Program Files\Windows Defender\MsMpLics.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Defender\MsMpRes.dll - Access
\\?\C:\Program Files\Windows Defender\MsMpRes.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Journal\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui - Access
\\?\C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui - Access
\\?\C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui - Access
\\?\C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\en-US\Journal.exe.mui - Access
\\?\C:\Program Files\Windows Journal\en-US\Journal.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui - Access
\\?\C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui - Access
\\?\C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui - Access
\\?\C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\InkSeg.dll - Access
\\?\C:\Program Files\Windows Journal\InkSeg.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\JNTFiltr.dll - Access
\\?\C:\Program Files\Windows Journal\JNTFiltr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\JNWDRV.dll - Access
\\?\C:\Program Files\Windows Journal\JNWDRV.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\jnwdui.dll - Access
\\?\C:\Program Files\Windows Journal\jnwdui.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\jnwmon.dll - Access
\\?\C:\Program Files\Windows Journal\jnwmon.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\jnwppr.dll - Access
\\?\C:\Program Files\Windows Journal\jnwppr.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Journal.exe - Access
\\?\C:\Program Files\Windows Journal\Journal.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\MSPVWCTL.DLL - Access
\\?\C:\Program Files\Windows Journal\MSPVWCTL.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\NBDoc.DLL - Access
\\?\C:\Program Files\Windows Journal\NBDoc.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\NBMapTIP.dll - Access
\\?\C:\Program Files\Windows Journal\NBMapTIP.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\PDIALOG.exe - Access
\\?\C:\Program Files\Windows Journal\PDIALOG.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\blank.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\blank.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\Genko_1.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\Genko_1.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\Genko_2.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\Genko_2.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\Graph.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\Graph.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\Memo.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\Memo.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\Music.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\Music.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\Seyes.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\Seyes.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\Shorthand.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\Shorthand.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Journal\Templates\To_Do_List.jtp - Access
\\?\C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\Program Files\Windows Mail\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Mail\en-US\msoeres.dll.mui - Access
\\?\C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\en-US\WinMail.exe.mui - Access
\\?\C:\Program Files\Windows Mail\en-US\WinMail.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\msoe.dll - Access
\\?\C:\Program Files\Windows Mail\msoe.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\MSOERES.dll - Access
\\?\C:\Program Files\Windows Mail\MSOERES.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\oeimport.dll - Access
\\?\C:\Program Files\Windows Mail\oeimport.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\wab.exe - Access
\\?\C:\Program Files\Windows Mail\wab.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\wabfind.dll - Access
\\?\C:\Program Files\Windows Mail\wabfind.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\wabimp.dll - Access
\\?\C:\Program Files\Windows Mail\wabimp.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\wabmig.exe - Access
\\?\C:\Program Files\Windows Mail\wabmig.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Mail\WinMail.exe - Access
\\?\C:\Program Files\Windows Mail\WinMail.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Media Player\brooklyn variations nothing.exe - Access
\\?\C:\Program Files\Windows Media Player\brooklyn variations nothing.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 1b26464e76f992e1aece668985c5202c
SHA1: da490cb95a5b1a81ff5ea9edb9b6b71288608f89
SHA256: 1b889c6e0bef8bf83e5641458f95ad2a119007fb9378e22b856fa7229f13eb18
SSDeep: 1536:f0lAXNVwpLGPODt8tIgNB3NYc3C4OZwWgOJyvT0ZXBo:f0+XwpjtWImjS8WgrYZXBo
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Media Player\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Media Player\en-US\Decoding help.hta - Access
\\?\C:\Program Files\Windows Media Player\Media Renderer\Decoding help.hta - Access
\\?\C:\Program Files\Windows Media Player\mpvis.DLL - Access
\\?\C:\Program Files\Windows Media Player\mpvis.DLL.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Media Player\negotiationsbadge.exe - Access
\\?\C:\Program Files\Windows Media Player\negotiationsbadge.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Windows Media Player\Network Sharing\Decoding help.hta - Access
\\?\C:\Program Files\Windows Media Player\Skins\Decoding help.hta - Access
\\?\C:\Program Files\Windows NT\Accessories\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows NT\Accessories\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files\Windows NT\Accessories\wordpad.exe - Access
\\?\C:\Program Files\Windows NT\Accessories\wordpad.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows NT\Accessories\WordpadFilter.dll - Access
\\?\C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows NT\TableTextService\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows NT\TableTextService\en-US\Decoding help.hta - Access, Write
\\?\C:\Program Files\Windows NT\TableTextService\TableTextService.dll - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextService.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt - Access
\\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Photo Viewer\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Photo Viewer\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui - Access
\\?\C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui - Access
\\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui - Access
\\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Photo Viewer\ensure.exe - Access
\\?\C:\Program Files\Windows Photo Viewer\ensure.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 036909196be87dcb078d1757d177e910
SHA1: c366b7540f04ba52c4de9da2668ab87afe40dd9d
SHA256: e704ceeeb2b0dbfc6a74ebdcd8bc1a4aead66a1ee8bc373c6bf78b19a2677d75
SSDeep: 1536:mPRs1KcNfiEDRJ2SOSsw1d6py9jrh/RZ2Qy0uvFW74syt4zy5tIGut:mJsbNfhRJ7Bsa6A9B5ZDyPY8syt4z6ut
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Photo Viewer\ImagingDevices.exe - Access
\\?\C:\Program Files\Windows Photo Viewer\ImagingDevices.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Photo Viewer\ImagingEngine.dll - Access
\\?\C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Photo Viewer\methods.exe - Access
\\?\C:\Program Files\Windows Photo Viewer\methods.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Windows Portable Devices\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Portable Devices\large.exe - Access
\\?\C:\Program Files\Windows Portable Devices\large.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 1000915421455af099e0153a02b9ac52
SHA1: f2f87dd61e87c6d4b4afb120b958a481c9a9c04b
SHA256: 2cc06f42225e00143c274abea26021113132ab76d525e72248dd4b4b3946fcea
SSDeep: 1536:JB7Hz2H2QBtNOmzeq62DmwGM2/MtBZNx4QJap0qJ8AJTu2h8sf:JFT2H2c8mavwW/MtBVDJapHJLTmq
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Portable Devices\mambo_prediction_hiking.exe - Access
\\?\C:\Program Files\Windows Portable Devices\mambo_prediction_hiking.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Program Files\Windows Sidebar\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Sidebar\en-US\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui - Access
\\?\C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui - Access
\\?\C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Sidebar\frederick_manufacturing.exe - Access
\\?\C:\Program Files\Windows Sidebar\frederick_manufacturing.exe.[ID]hWWph9uJUOOy4hF1[ID] MD5: 785eea9eed724634cefd28e987913f64
SHA1: 42c6e3b2e9bbd6fe799ba734bdb7e02de66d9577
SHA256: a548de042863af88f3d19a90eebc9aaac339f52f49c4f8229fc8a58d5b15894a
SSDeep: 1536:GcQ+Uzzxw1gmZ3+fuJV1K0+Vz7G24PPhl57ulhpx+yksn1l6ga+:GcQ+eiXZ3YU1Z+phShQx+3WX6ga+
ImpHash: None 		Access, Write Dropped File
\\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\Decoding help.hta - Access
\\?\C:\Program Files\Windows Sidebar\sbdrop.dll - Access
\\?\C:\Program Files\Windows Sidebar\sbdrop.dll.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Program Files\Windows Sidebar\settings.ini - Access
\\?\C:\Program Files\Windows Sidebar\settings.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\Decoding help.hta - Access
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp - Access
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\ProgramData\Microsoft Help\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft Help\Hx.hxn - Access
\\?\C:\ProgramData\Microsoft Help\Hx.hxn.[ID]hWWph9uJUOOy4hF1[ID] MD5: f4f1eea1b7de4d8bf97113f530064261
SHA1: b31d8445bba68e6ec6be44f230ba916787dc8729
SHA256: dd8f46c35737fcd5b0810a61dc766f536ed9947af8419a8c467995674d248f55
SSDeep: 48:vaZ7iomBqH1g93/gXLXdvu4VHl5C05XKVIxx:yZmoo19PMT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn - Access
\\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] MD5: 5e6ce678153b356f5711cb37c92132bc
SHA1: e1cfa4372412aa5b7c91c65919d328ee11a29436
SHA256: 877a15a8ac3892ab2bb8dfbbb9503a1e5209b0cb87ba6927c24f619d3abffaf6
SSDeep: 48:+VGl+egCzEoBi4SXLXdvu4VHl5C05XKVIxx:WGlKAST5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn - Access
\\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7be0eb79dc5d1692045fd81f06ad6837
SHA1: b961a9c8e9b274eb57d2286609a6a5f02702b53b
SHA256: 9b4204df764c716c5c3ce0f9aea7bd2ab25cb02efa622dfa68e89dce6f8832ef
SSDeep: 24:hcYnfj/s5F4E6CX03GxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:ht/skE6CELXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn - Access
\\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] MD5: 32806621a4212951967124bda1a07c4d
SHA1: 7a81a6cdfc725ecc1ffca848094e662a6434595b
SHA256: 7c176aab0ff3bd71d7b2bb2c49b40e09391c748a0cf9114e32c78f34db47ddc1
SSDeep: 24:9UhabgSStqaXywpKtGBGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:GoHaX9XLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn - Access
\\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] MD5: 1866102dc0c9c2cbbc25c26fa3195993
SHA1: 0275ad62995e8e923ec898f2f0cc46b6356f43ad
SHA256: 200aaf16742cbc80cff72c89e625351881ccda0241c8054b5124599e07f396d6
SSDeep: 48:EAoRHNo3lgYHAfEncCXLXdvu4VHl5C05XKVIxx:EAoRtoOY4EFT5C0tRx
ImpHash: None 		Access Modified File
\\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn - Access
\\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\Decoding help.hta - Access, Write
\\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\Decoding help.hta - Access, Write
\\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\Decoding help.hta - Access, Write
\\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\Decoding help.hta - Access, Write
\\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\IdentityCRL\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll - Access
\\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: 03c0381f15e49cdd942cbb3e4777c6e0
SHA1: e8f6e316d02e3893cce12aa9da5ead5ce3e25e73
SHA256: 1377046564315be146d835dd03365eb8c6e3c5363de25065c8b8d96f2b3d519d
SSDeep: 384:W7PPfvOia2M1KBjXUevRHhB2Qp8kGe+Yj+BWILt2F/:W7PXvFa2TU0xTj89eR+BWg2F/
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll - Access
\\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll.[ID]hWWph9uJUOOy4hF1[ID] MD5: 6903fb13d4ffd396f2597e1336de0e3a
SHA1: df80ddd1f562362edcbd8a90645626d28c6b41b2
SHA256: 7fe95f8ab9982fc0951f4f38da6ff75591c403b41b6185a0c5ee6fe510e3e29e
SSDeep: 6144:zxje8WMtl0arAqu17dwMAsvA55LrPMtiJf:Ne8V0arRsW3EiJf
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\MF\Active.GRL - Access
\\?\C:\ProgramData\Microsoft\MF\Active.GRL.[ID]hWWph9uJUOOy4hF1[ID] MD5: 3b39b41916b4f5d4fed9f5389efb34a1
SHA1: 1689ebe25ed5615a927bf240c474fab75fb39b89
SHA256: 3de2cfbdfdb6ba6dbc45e1e6b7f98b826fc39604a8e3cbf9c293ac9ac47890bb
SSDeep: 384:TJVJIu4JR61Q4wKp8muwserR5I9EleWUF/:TJc3vh4wKR9IBWUF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\MF\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\MF\Pending.GRL - Access
\\?\C:\ProgramData\Microsoft\MF\Pending.GRL.[ID]hWWph9uJUOOy4hF1[ID] MD5: df2c392cf25159ceb6c4a2c959111781
SHA1: 16237703f6a0a8dec6d227729c943aed2ee9f611
SHA256: 30b3eb55e0cbb77765b7c4ea0bdc2e5d2371397201a25704bb4d4b419e465128
SSDeep: 384:U0Bh/vsG+fvejYMNeg7YcIO9jZlefUeCx/PF/:U6+XkNeg7Y49jXeFCx/PF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\Network\Downloader\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat - Access
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico - Access
\\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.[ID]hWWph9uJUOOy4hF1[ID] MD5: 72457885220620a651d4a99d554dbd3c
SHA1: a406865a85211980d94e4cd50c07560f2f36ca80
SHA256: a16a2d9a510f537a018a4a473d9e17b5b04b081df66ba756f666161db2740d92
SSDeep: 192:s54/1YazR04fZC/NkfUGr+8SXaZFp49aetftRx:sG19xcFkfUvVaZ6awF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\OFFICE\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico - Access
\\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.[ID]hWWph9uJUOOy4hF1[ID] MD5: 74a9376e5dd2872ac3241f939cbc4058
SHA1: cc425dc1b69319da0320b603b1cb3c658098f11d
SHA256: 054cf5fc9f773628d46df4b1e6426724a8fa98833606a838189107aa763eb266
SSDeep: 768:e6lXw9BfwmwozviMel8nR2gEB+jfSWkttF/:zYffTzviMdzjfPktX
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico - Access
\\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.[ID]hWWph9uJUOOy4hF1[ID] MD5: b6db3516bb7569b7164433e5f6fd4d66
SHA1: 3115465de77bee8b3d8e555fa0904177c81d5d15
SHA256: 012bd20095507cd339cc8891884d491124fe96db8c16922bed5ffb0a62e1a3a1
SSDeep: 6144:Z3g58KuNOYOoVbyCF1fad9MXEV2PRoQHdzZQQMvkfHjgy+aeA7SMrAVkJ:y5ZqOYOodyQ9ad/2PyGzZ1/jgNFkJ
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico - Access
\\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico.[ID]hWWph9uJUOOy4hF1[ID] MD5: b276e1f87c48f3782976b29c847ff3a5
SHA1: eadd95a9a24d12000723e1ae94bb89339b39fcf1
SHA256: 616aec976c93812647c7e5f63aa54326245f88fc0a28528f91ed8755fc3b3407
SSDeep: 768:PyuiPCBRqXnDB5Fwo9IIuNr7LxBegR0J0F/:QPCbcprqRrTegEK
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico - Access
\\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.[ID]hWWph9uJUOOy4hF1[ID] MD5: c47d88b8d41848f04d3e768fd2e26104
SHA1: ce6017dfd6c769d668f116819141694493489cdb
SHA256: e344e3e880579340bc0271c48ff09bab6f3f5214b54f786da857df59ddddb286
SSDeep: 768:Kx3s08ZQ9QHCA8ds5msOBXo6wd8pO3cBMF/:K18ZQ9yCPGUsa46wdyO3cBy
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico - Access
\\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.[ID]hWWph9uJUOOy4hF1[ID] MD5: 23e89bcba96c3df7194179e4556a41d2
SHA1: e994e967d660ef8a4e11300c618a7c332f0a2a80
SHA256: 8cd40f4cf0ff470aacc045d2a458b374a5a6638dcc7903eeb3e7b32d264bbf86
SSDeep: 768:sF+/pIRG3WzkxmgdV7P0OsI4eEFsk2o5+WbRROFsiF/:1a8GzkwY0eEGqV+sU
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat - Access
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat - Access
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.[ID]hWWph9uJUOOy4hF1[ID] MD5: 4ac9aaffb9e8931121a2cb16bbd63509
SHA1: 3ec6603be86553545e2997ee76e256bf462cb893
SHA256: 20ce9a6e5ca8a6d150b69588dd80ce1759cc1424ecb2554549e8b8953e87b9e5
SSDeep: 49152:p+ZexdiOaVyNn/pH349OxMN4u/JP3cq2w:pT+y/349OxMl
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\RAC\PublishedData\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf - Access
\\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.[ID]hWWph9uJUOOy4hF1[ID] MD5: 5be03f356078350eff50752e2d0500b9
SHA1: d419f7044e3e32f23d942ea983989529f6aedf8b
SHA256: 322a7909591daee1884c8eb143e413d459ec9325bd3146eeffad9212f71b6079
SSDeep: 3072:wKpdZdlG2mTOt11ShZZ3bF5rkKH6jB7+nujUiga87HVWGApsNL:wvjTa1SPR/H6j9+nujUVa8r8f2
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\RAC\StateData\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf - Access
\\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf.[ID]hWWph9uJUOOy4hF1[ID] MD5: 6c0644be342befe2aaee1db08761aede
SHA1: 40665bae836ccce880e5d6d6a93497864779ee97
SHA256: c8f0cf2420a26891f41058b2b10fe97e6ec15282e9d735994d267672c9d6e962
SSDeep: 12288:58eeAqwxmj5353GtyEaZXWaZ64dFvm8cdh+C/DJa+XgK4i6R1xQ4uR9FJbe:55gN35WY/ZGaZ64nudhJJbSTR04udQ
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\RAC\Temp\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\RAC\Temp\sql3793.tmp - Access
\\?\C:\ProgramData\Microsoft\RAC\Temp\sql3793.tmp.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7fbe32f23b2189eafa8c3627a4d8291e
SHA1: b12821f9ef7c737c200eb1199c43532433187a19
SHA256: 4fa92ecb29bd8596c0d1f64b593340b2e881d5da1b53d977725d70b6433ee695
SSDeep: 384:DiHfM/bvW7awnBcSx1LzE8uwcfAqjbZavZMF/:q6zUawnqSGh5avZMF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\RAC\Temp\sql37B3.tmp - Access
\\?\C:\ProgramData\Microsoft\RAC\Temp\sql37B3.tmp.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Microsoft\User Account Pictures\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7f3eb8ba29284fdd186dce76fc111958
SHA1: 8c4fa79dc1595dcb7a810e97399f5ff2e81c4e3e
SHA256: ef371f787b2948e99f6fae8515c5a487a725397c238a0b68e405fcd9737130ca
SSDeep: 768:HRkWwBltoPg6ZIYMwxUeqzy+NH+QH9HV5Brw3qIPTp/JT1aENKFA8kZd8irMt2Ud:x72lwge/3KxVH9150ThKENekZSHt2q
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp - Access
\\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.[ID]hWWph9uJUOOy4hF1[ID] MD5: e86ba6b80f42e5e28d933ebcc7ca2c07
SHA1: 10a821e2a4c3c2ad57858f0fcf47a68825588c8d
SHA256: 31d3dd6f2bbddd5c3acab2fb2459d3accd9e7ab080a2cdcbd8ec2252f62414dc
SSDeep: 1536:w5zAyDTw6L8oWVedlTSSNrgbKgndsPJ9gfwr:ePJhWVed5XMWgnWh+fwr
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Decoding help.hta - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Support\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log - Access
\\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.[ID]hWWph9uJUOOy4hF1[ID] MD5: 15c76403fdf83abb8ffedc4c9d797bec
SHA1: 2caa7b624ed2586245ffda0b967bd86e7126c994
SHA256: 196a772181698f9c88da62a5721f1d68fe1bad2d0a48d42870939a0fc2d34698
SSDeep: 3072:lWdiSPG8F3F7PMDAcrccrHBpxTtp3miT0Ohf8KLh/mOQvStYCqVNAatwo+:le5e8pnUcc1XmiT0Uf8KcOQK6zVNAam5
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Microsoft\Windows NT\MSScan\Decoding help.hta - Access, Write
\\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg - Access
\\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Mozilla\logs\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log - Access
\\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.[ID]hWWph9uJUOOy4hF1[ID] MD5: 844132d2eee9063ab168e864b0889d9e
SHA1: 321430df180ca6bbacd26cad6a93181044326806
SHA256: fb84abd3813b065928830a611ce9ef1749843c3ae86b35344a7bad5d7d21b0d9
SSDeep: 24:DXYEB+qoux/2Wtw+CKMI6SXGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKx:DoEk8x+1+1RXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access Dropped File
\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm - Access
\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe - Access
\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm - Access
\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe - Access
\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm - Access
\\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\Decoding help.hta - Access
\\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm - Access
\\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm - Access
\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm - Access
\\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\Decoding help.hta - Access
\\?\C:\ProgramData\Sun\Java\Java Update\Decoding help.hta - Access, Write
\\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi - Access
\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.[ID]hWWph9uJUOOy4hF1[ID] MD5: ef3fbc716abd67db25fd2e07de084da0
SHA1: 09fc60801759bfd8269b2c6f649996f1544bb147
SHA256: a6429c6585e93b4a1e95a25d251c720781b0c0ba694aca5babd7bc887e66f06f
SSDeep: 24576:3fkEg/cdLQO8WG8id2wkPGFTmvLh07jbgYFBBH/vL:3fQkdD1NwVFTmvacUBB/T
ImpHash: None 		Access, Write Dropped File
\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim - Access
\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.[ID]hWWph9uJUOOy4hF1[ID] MD5: d9e53a0a8cb76df8a0f9a8f52b850925
SHA1: eeb70f3f8d8564f2853bea0a8d104f89634c3906
SHA256: 8d1cf33202f7c104f2f2cffeb4b99a2b16d927c008b098d2286966912b7a9910
SSDeep: 196608:XvByfyNGwJ1oXgdL+PUl6xqojQRljrffo1feRTC+JO7MAVgqBpiTGWs:f0fyNGwJ18yL+cl6ZjeljrffowRxMMGD
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.[ID]hWWph9uJUOOy4hF1[ID] MD5: 3bf45a7626c12d3e9b6c7d5459af8727
SHA1: e075b6afa3f5b54714fcfe7e41c342e961dacf1e
SHA256: 96514b1a8d16a011bc39a4671e6badc198d0e2dd73a1728c8edc9090280f3cc8
SSDeep: 3072:YpSfLE03UbhTNw9TWA87Z2MHvmuE4p2yLnXGLp:YsfLE0+NwwL20m4ptGLp
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8YZI9tbYOTKzo.ppt - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8YZI9tbYOTKzo.ppt.[ID]hWWph9uJUOOy4hF1[ID] MD5: 0276950ad5625ab6219dd67aa540ab70
SHA1: 13b36bc48f899ab233867b1ec74a493d5d0c16d2
SHA256: 41bcdb2f82cb0636632b7ccb1e781434099b729281fd08316dcc1e704512103f
SSDeep: 1536:yq9t4h3Tu5XhWpgtQ3qxtQGN0s962dzULWxO8kYXJ5HH8u8QE+p4djWsJKhwngo4:yW4hD2xKcFn6mzKW48XZ5LFhsJGoiz0a
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\BA-yZXQD61PJRw.flv - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\BA-yZXQD61PJRw.flv.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7db921a0c72e53dad8f77a67a4e249be
SHA1: 99043fb259d4340a6437b6f655ed89b5d059fa2a
SHA256: 243b30967739251805d8e8456afe9738ce62f8073162c0f0fa9327298630f625
SSDeep: 1536:aEyw2mdtWfzhtHtKDDnpDfP5BsHHGRI2KCiV1c1bQZnPRAyzOGlZgt:aEyw2BbgDFDfsGRI2YV0sBZjz3lut
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bDIINWA2WJqh.mkv - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bDIINWA2WJqh.mkv.[ID]hWWph9uJUOOy4hF1[ID] MD5: 74c571a6626553e9f5a7b1631df93df7
SHA1: b8ad53ed90b746b45813e7d23d60363033906ca1
SHA256: f076db25e1ddf51c6c2ff8955776dbbd1f758f8cfb1fd949bc2144bfb3e72af0
SSDeep: 768:Ioed5rYCL7nlDUS5hlOVnu6VwYnNTQsIaWVsAWpIAMmKeF/:IjMCLDlDUS5iVnu6VlNTQTmDpBh
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bmxWLLNd8TjkPhuK.m4a - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bmxWLLNd8TjkPhuK.m4a.[ID]hWWph9uJUOOy4hF1[ID] MD5: ddcb2918f746427e4dfe350e34a66965
SHA1: 7d7130b7c6695f6b5423b28690efb8e0d010a662
SHA256: 3d97ae1e719b69164ca3f0776774fe28be6614806138f10aca32e123906252a9
SSDeep: 768:5Rk4/pbQm7VCICPVUUQo8O8Hh0MGW+GTNbH4647S5HKNF/:3lZ7VCfVCO829sTR464x3
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\CH4x6fQHSG1JHPS3ch5A.mp4 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\CH4x6fQHSG1JHPS3ch5A.mp4.[ID]hWWph9uJUOOy4hF1[ID] MD5: e5148da3be96015564d73cd584fe601e
SHA1: f8b60a2ddb800e73efd98dbda2c679348bbdd18a
SHA256: b07ea146908ccc8914b99ae5e33ba83ad0e06c2155486c66a42030529b0d84f9
SSDeep: 768:CWykW7byeOiKYD0YzSk8BrQjFYHxYS9DBRlDCfgeM0u+jwF/:TWDJNABMjQYwRRCoMze
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Fwp3Te.jpg - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Fwp3Te.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\hMGP-F3 obcDjp1HK7.xls.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.[ID]hWWph9uJUOOy4hF1[ID] MD5: 3f39b35330f030e8a7c6821596a3a6e3
SHA1: b60ee5f7bab24146f960e5a2abc853ed43bf4db1
SHA256: ee893936aabdea97e7da0160ef06f3fbafe39fb414af0680b0ee8f77530796ba
SSDeep: 48:ZLQr/kh4q5BsyMqO0Dl287KjSJbCc+B6XLXdvu4VHl5C05XKVIxx:FQLk7BBMfWJ1R1T5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.[ID]hWWph9uJUOOy4hF1[ID] MD5: db1775d83f695d3fdaee1586c85c81e2
SHA1: 464785fd84bfffffe2c64e19bcfdd2b893485b38
SHA256: 6e72263e521b9e8935ba8a33e81851e0479983e3553b48f0ec4c3a4b3525c71e
SSDeep: 1536:DT3BY/prZQQ1y31I/zZfS6ApM/gldZcEJpfk/fTK4immlyZU54Y:DjgraQ1yAzZfSbYglwEJkpmWU5X
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9a6510a56fc7abe9295a336c9a1772ee
SHA1: d61f09002c66babdb69b7c22b5622b0eeb4425f8
SHA256: b2555e3945652e076b6f13315ac7c9831856b8ea138d1a41e588fa0ec54e9307
SSDeep: 48:Apjbjtp9lQHlhfymxrB6sO2PSK/aXLXdvu4VHl5C05XKVIxx:AVxlqbNyT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.[ID]hWWph9uJUOOy4hF1[ID] MD5: 26ba7cb0d6f5d64e4e50e4309f841e87
SHA1: a58fc770be8ae3e720ae260fd5d95a45fff17218
SHA256: 51bf00f9ea147006d1c33b274d45f105d989e34428d32cfc9439c36b0d89fc39
SSDeep: 48:fnIoin54A1pe3+i+uMLhJ4ZILN1j1sTzXLXdvu4VHl5C05XKVIxx:fnIoinL1pxn4ZbTbT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: c0ed79ce72892e2756fd01a2b4610feb
SHA1: 26c5168e32fa127eb7559bf6c5d4845c1893461b
SHA256: 740933bd91e768df8b1dfe5f5daab4c7169fd2c0711680b75cd48019eaaf9e37
SSDeep: 48:StO0WM36P8b+z873L+XLXdvu4VHl5C05XKVIxx:Sk0WM48b+HT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.[ID]hWWph9uJUOOy4hF1[ID] MD5: 3871f9ce8925021f5359320baee19c2d
SHA1: 4a64dcc69cbeafc699b7572b422e2db05cc6103e
SHA256: 698c0c3076d94d4cd61830508d0b40402e82afb92a83b1b9720518204b4e37bb
SSDeep: 48:ObrWENKYYu40Nrum9jcTqIxnHvjKXQqVqLcm23/zXLXdvu4VHl5C05XKVIxx:OPWcHYuzx9QnHvjKA+m2DT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.[ID]hWWph9uJUOOy4hF1[ID] MD5: 97bb2da0d53893ef8c4c7ac1ca33078f
SHA1: 57cfc15d6edb918d30f264c7c03238b43aad87d3
SHA256: b88d8317e42c5c58d7649f8c10d783b084cb7e9bbd58924b7ed8525fe4103567
SSDeep: 48:WIIwerbU4ceSr3ZqzgEzSkOXGVxfFNJXLXdvu4VHl5C05XKVIxx:W5we3lRsc9O0PtT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-otFpnJAZYdGZgph-w2t.mp4 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-otFpnJAZYdGZgph-w2t.mp4.[ID]hWWph9uJUOOy4hF1[ID] MD5: ea734df5e1f00696641c2f7f9052d7e9
SHA1: db230473502aefbfce6625cb314fa58075aba824
SHA256: 0fd8d0a8797f0d641c08483fe9a54f0994875bc95b9c7cf8299a617d140d0c21
SSDeep: 768:+Zco7R4TxZDxB6ONb5lgjR4cfgGUebAXPoklj/w/nDVq4igGNDOd54fChI+WSbJi:+ZiTbD6/dfIGF0l0/nDVCUdyCt1VgaEX
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0QFeq.jpg - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0QFeq.jpg.[ID]hWWph9uJUOOy4hF1[ID] MD5: d77058120d2203bf5cadaa65c6e63e69
SHA1: feddad3980f8dd178620d84b4e567178a2a0888f
SHA256: 28d3a950339ae82cc474717f1fd6b53dc3da4aa2846691f775f84988c3be5d80
SSDeep: 384:+Me7e9ZMOHrwQUvkXze4kpSTqUDSC1ZQTQxEhlKQPOmVx26UQae9F/:RXcQcs6mbuWQTQOh0MkQZF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\34Y20Hy8prQawh8W.odt - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\34Y20Hy8prQawh8W.odt.[ID]hWWph9uJUOOy4hF1[ID] MD5: c3a8b470ae825553e39dcbe2c0c09438
SHA1: b69cc98281fb7e85bd84c565d94b496fb56da33a
SHA256: ae4b015e24e70ccf9fcf6fdad62b66421ad51eac739c4274ad8bab9a759cc79d
SSDeep: 1536:QtOJRbnu4VNTc9BY53sO9KthR57IlndDJqXSa4/f2ern8F:QKu4VRH5xE7YJqXSaS2er8F
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3lrLEIdmVjd2 rgfcu.wav - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3lrLEIdmVjd2 rgfcu.wav.[ID]hWWph9uJUOOy4hF1[ID] MD5: 132a320a03788da1f8db96ef8446d368
SHA1: e3c4cb5f8a73b66678016286802ab9f97eec5426
SHA256: a2636da94b0b2c1671c3be33637df5730d3ae388e3e2a5431bd59fd4e26481d8
SSDeep: 1536:LhKK6n+sxe8RxeRzsnc/BfN9vfACEtjS3XU7w:ovvRxeRCUhjIztjO
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5NyfavX8M SwrLA.m4a - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5NyfavX8M SwrLA.m4a.[ID]hWWph9uJUOOy4hF1[ID] MD5: 3bb02cae1568ab1ac46d1bae15c23c25
SHA1: e7b2dac940df0315f6414af59c8e9383541fddc7
SHA256: 87d1472a5b14d67cb08ed50b994e0b2be97a675cd1302b4558fc7e9158aff5ae
SSDeep: 1536:UyZHW8ztf39wtzRhovX7PnxL283eFHU0ncQBGxOJ2b1e:Uy/guvpr3eFRnbgxc8e
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\81Y6laQwMZt0iND.jpg - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\81Y6laQwMZt0iND.jpg.[ID]hWWph9uJUOOy4hF1[ID] MD5: e25193603ffa8943f56a50e8ae426a67
SHA1: bc8d15463a3414821fc6395628e923a2c2ee0078
SHA256: 61c9027d35f3734290baf1e6bb2cfbd405d776c1eb3e249a83761c8984eb2609
SSDeep: 192:Aj6s/1PoSed/Wf2AfuBgz6ng+vqnCTfxqQkckZJQtftRx:AGs/1PrMefLfuGzr+vqn2JicioF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\AB_vXOL0ok.avi - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\AB_vXOL0ok.avi.[ID]hWWph9uJUOOy4hF1[ID] MD5: 564628b3ba7c4bf565f1b5a7ee685afe
SHA1: 6d4747a00067138b94145f0481f327340a8bea8a
SHA256: 6adcb6da7c84f9fea1d607bdaaa4b3c54b4e0fe7a17c63158caaa02ba19b58e6
SSDeep: 768:WG5xgDP3WwFUgk1bWI6ObzYFbVAm85CCoJUhwuuKF/:LDYmwFjQC/ObzCVn8k+
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CbGRfnknZGA7NbXr.pptx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CbGRfnknZGA7NbXr.pptx.[ID]hWWph9uJUOOy4hF1[ID] MD5: d671abc6339afeb38b6c3a5670358b32
SHA1: 5b51043d7809f97f0b58d1d02072d88c015a383c
SHA256: b7097546b6675f9233cf98ff24d03238890abd3f4ad293d38f58b73b50a04f93
SSDeep: 1536:eHzJpF8aRFC8FZ0tVLhpBgS0BXvRp55VTUzKWQ5paqlil:qziaRE9DgFRp55VTUKdAl
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: f7ed35b6d2d900593187853090ac1916
SHA1: 547c981862bb656628ecc9830754526cbe6e664c
SHA256: 7484c23b7d6a55db9eaefadaa2b48e286a4437e1451739ec571b2e4b925034fb
SSDeep: 48:141+EeTSidrvxXLXdvu4VHl5C05XKVIxx:14YEeT3xdT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ffy2.mp4 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ffy2.mp4.[ID]hWWph9uJUOOy4hF1[ID] MD5: e2b4807ceb8573c94a904fd86005f113
SHA1: fc55c436754dd7aa682227c1326ecce7c74f1f22
SHA256: b8edeea45f9944b6bfd4ee5827c0baf4ba759eee6b723bb72b6a2b9f2ac074b8
SSDeep: 1536:ylf3/ESQ0F9S7HZnENLHJl4wtqBCDcfV7Fl6zM4A7Wv5rp8FpuinArg78IKmRt9H:iMXo9S7mNb4SVDw7bv43Vgmg7Rt9sS
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fW6GLbq3Ftca.bmp - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fW6GLbq3Ftca.bmp.[ID]hWWph9uJUOOy4hF1[ID] MD5: f1d7f708b5c5936239120e9551f21281
SHA1: 5281a4553ae394baf19f61b8c352da7e57dbc439
SHA256: ea1be66d642454caf9ae76ab486852957138d9ae5bfd38ac22404f8264b0f66e
SSDeep: 1536:6qSQQjUVKkLWTg2+aOEpYQwvtuO1lZxg5iLeLrI5NJedswBfzgi:OwMTg2+R3PlzT5e4lw5Bbgi
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fxONycb0H.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fxONycb0H.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: f2f7ac125e9c511c04e2610a3b3f456d
SHA1: dd54f91800a01987bcfd048e6501d6f5d91923a3
SHA256: 2d3fc757eb6ba9eae4181511e7b92d35bde82744cc5d109309adaf97b999eb24
SSDeep: 384:KtQQqcWxC8khWk1rE0SPPOlwr196CSK7pPjf9mv/VfLF/:JoWgG+E0SPGlwpzSK7Nz6xLF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gXq1w 2VVTzCJBe Hq.wav - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gXq1w 2VVTzCJBe Hq.wav.[ID]hWWph9uJUOOy4hF1[ID] MD5: 61167e1892e58aa2088ffda3f2cd3a30
SHA1: 25424a39788e92ce9b95cbbfb25e97e34b51c771
SHA256: ad2f199b74575a67b9822d39d48ce36fdb1fabf8dcef89f0aeb337adec6582aa
SSDeep: 192:bCbygOSj/6Bawc1PhR3vu5gJ5WobaWYQKGtftRx:EpOMyNcZy5gumKIF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS115HKsxh5.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS115HKsxh5.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: c43a75527de1b56f04541ff31521cc01
SHA1: da1c53f9b8b1ec9c4d79d200f21e337eab818a5d
SHA256: 7a7df62f929b1be0337d068b3578b26971b671e008862e35f2488440b1ea5ffc
SSDeep: 3072:0EkvJYq4LFVHpI3iJ71JXn3v9NKw1pLLkgHL:0JwLFPaiZjpLBr
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\hXTeLs-.png - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\hXTeLs-.png.[ID]hWWph9uJUOOy4hF1[ID] MD5: 20c372b404f480324007a2e7abbddc26
SHA1: 939196a3bf194f56a79c6d4c8ee7bd666f9e2675
SHA256: 35b5eae5aafef865ebb6c59b332c4281106683c571b406bd293be4c71aa8c077
SSDeep: 192:wfi3Zn0XZEUObPmnpHqGrMj0Yemnh4GCcY4zneOS1NgzNEzIR1zmLZtftRx:w4n2ZEUOTmcGrMjB5HYwex6VgvF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\IUA5z.png - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\IUA5z.png.[ID]hWWph9uJUOOy4hF1[ID] MD5: 6fab5e2cc7856e8b9100e94972dff8df
SHA1: f45bf15e978ea44d45c23504cd65e285edc4b021
SHA256: 4c66d3810d4c959bddba3cc05c5c8a2525cb19041a9a09bef83a8271ceecf236
SSDeep: 768:IxCCgu888HZg3S40NLKaV+yGyDWuv+SjLoep6XA7guUskL3Yr6XFb/F258uOaF/:jS88O638N+a4NyDWuv+S4exFUs0lVbr8
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JYhU_0gVh.swf - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JYhU_0gVh.swf.[ID]hWWph9uJUOOy4hF1[ID] MD5: e4d0a88e87a19e97507b077ab9d1bfa3
SHA1: 7809904681b9202a845240b0b4c030f4377cecb8
SHA256: f200343e985c3baa73a602a1da94feba560c7d4179165567262ccb781f495c35
SSDeep: 384:Zf3qsVFBW4LLgk2qfq7unGhi6EjB7mkAGKj7U3fUc316j8dF/:tqso4LMkTfqCIOByt7UvUcl6+F/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KjsS.m4a - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KjsS.m4a.[ID]hWWph9uJUOOy4hF1[ID] MD5: b5c49d2ff0ab148513fdcc375011f786
SHA1: 3c4874df35cc917834027354251ab327441abda5
SHA256: f69bdd11fadb1e8ae651dfed92bf186c4d122586c3bdf450e8bbd97ed24e1f86
SSDeep: 192:ZYxnVjJUwkIZNVkqw715wKAClR12WkTixh74xZgEvQs5J57wwy46+ESqtftRx:OAxqVT0DAuR12lmj74xZJFJ5UwyZ+YF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O8t8zV01Bvm4sS9lF.xlsx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O8t8zV01Bvm4sS9lF.xlsx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 905c92ecaefa3df3387b8d4e3a9568fe
SHA1: e298a9eeb4c5ca8bcc4a45d1d98ce26d21913794
SHA256: 984cdebd08e5510ae0318855397f985905bc09bee21432653f62262e8a1816b5
SSDeep: 768:GSqvqTWSP7IF5zBmSrD7o7613BY3P98s2ZMkHEgqscNfjh26saqxWBF/:iSYBmuEYYf98s6REgqsdaqxWz
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\odMVujhZ6CV.mkv - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\odMVujhZ6CV.mkv.[ID]hWWph9uJUOOy4hF1[ID] MD5: 79aef556367624da60f8192498d0694a
SHA1: cfd238a833841c571190ac939e0eb0d59e2afa86
SHA256: f352bae845d34dd2b1fd3b8473a299567a5fd6e6e7249aaeffae0cc76ec2f317
SSDeep: 384:pyoffqzV+O0Zt+LT8Q+G36hITWU4noDOAUUs64F/:pVfSqY8Q+7GTWUsGUf64F/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OSIlz2Qe-sd.wav - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OSIlz2Qe-sd.wav.[ID]hWWph9uJUOOy4hF1[ID] MD5: 48e9ef0987575eb1cc261aee9edc191b
SHA1: 46ad1b95703c05e58190b4866cea7445fd6d05da
SHA256: 0acd6eb46577404f1a5016b6efaa144465fd8095a94a40db3e50193a24e7bd7a
SSDeep: 192:uMRIjLVwlVE7y9+FjIS4Gg6JWgBWMZNDbp92jCmE0yMaDsOYIJWoS+YIvcBHb8IQ:uzRmVE7RbKRgBxZNDt9+ZDkwOHJPvCHQ
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\9gTfF.mkv - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\9gTfF.mkv.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9a2a07f8608299a10d26b6443abd6db8
SHA1: 2d13fbb9794d7cfffe50de91426c35ad569d7a1f
SHA256: 47c5470f74351e46b1fd8ffcf93566eddc8acdbff20bb2b3b414f2407c21ca0a
SSDeep: 768:uIZmRuhuyCQB3w5Fp13XZkZvTlTdpMSm++refieGF/:FmeN3w5DdXZwvxTdpMi+Cf4
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\_rfQRjmmEg0sPjEn\A0KaRcvZnWeWlitw.avi.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\_rfQRjmmEg0sPjEn\Decoding help.hta - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\b1Sb6k4ypsm.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\b1Sb6k4ypsm.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: 1461fa65f3a9c66bf474032ee97e0bbf
SHA1: 22879194840e0ba28eefb0cda5930cf47fb78c7d
SHA256: 28dbd03bc44623d1cf03627906fa31594d98009f80253854589ff33e2332bda0
SSDeep: 96:fEJ9r1fswUjqzJd6Tyl5iIW2ZK7RIw20yyZA6un810T5C0tRx:fEJ9Z0Njwsyl5u7RIcZAz810tftRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\NxoB945ki\Decoding help.hta - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\NxoB945ki\MW8uM.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\QbAGsrc4RZ.avi - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\QbAGsrc4RZ.avi.[ID]hWWph9uJUOOy4hF1[ID] MD5: bc4d7eb91650bc125d3b947b193b1eda
SHA1: 82933d852ef90b527dd358cafe6d65b612dd5989
SHA256: d76a3e7707926eb9a10eb629abd5a9ef07f95409e124ec2e7f80c36fab7ba329
SSDeep: 768:ujTy0Gri1M/RglZi+7y1ND01+hzYTf/2f3opJujd2pbCOsF/:2e0UFqc+7iD07ajQpuL
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\QrIRPNJMy\AJZxWOTa_h16WU06C.swf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p5E94XWFFk\QrIRPNJMy\Decoding help.hta - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pXo9jRY.wav - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pXo9jRY.wav.[ID]hWWph9uJUOOy4hF1[ID] MD5: b38accc362254aa1bda2e1271cc966cf
SHA1: 2c19878eee68b99ee5cceb1e3dad98305c61d4d5
SHA256: d8de6bdc60df085c9f5ccbd61a066a3d45e795a96f89f017060228dbf8fe95ce
SSDeep: 1536:th9pIw3BKpPh6UUofgQ7avuVSbRVSgMl+onn1V:Rp6Cofj7atVSgMl+onn1V
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RB4vj.mp4 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RB4vj.mp4.[ID]hWWph9uJUOOy4hF1[ID] MD5: 31c0071e8ca5616d477e17c87ac7a34d
SHA1: 00dc27408783cf9547a370525a9e22ea9e8d8f3d
SHA256: c70947315f5e78e693de63fe70ff2dc6406261b8b43d7f2f8f9c24cc402d055a
SSDeep: 768:6X3UVBRjcBNRNj9PH9HSUCEP0mwcP4OANSXjQxlgPoLYeaJYFmSI5KvrQVn47nLS:4UnUn93vsz/hSXtPsRaJYkR4Du4rsL
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RGRq4.wav - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RGRq4.wav.[ID]hWWph9uJUOOy4hF1[ID] MD5: f5bc9cd7840ebb41a607ac713a6e0f3b
SHA1: 3c520528fe1bd58d0dfde684d4df3b657b94c874
SHA256: bd99a0d9778003572bcfce047ede7a55bf5562d7453ac303152f3feb97160c36
SSDeep: 48:gt9VPQG+kZ9mweZqf0coJphPtzoN1RzKkXLXdvu4VHl5C05XKVIxx:gTiG+kZ9tEO6HPpo0YT5C0tRx
ImpHash: None 		Access Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RHlI3aC51oLl.avi - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RHlI3aC51oLl.avi.[ID]hWWph9uJUOOy4hF1[ID] MD5: a6cff4badfb116f5e5f446205a73b1c8
SHA1: d1d3100dfa944fd9a58ed9877ba20f7cfb3115bd
SHA256: 7cc950758792266d6a214fb5e8f72ef5845c970a5176759df3938ea7e8c2e0a4
SSDeep: 1536:7bMZrPITTItV0K1wYWpDi3Lq67CxXxVRYrJhsN:UZrPI3G0qwYEDmLq6uwJhsN
ImpHash: None 		Access, Write Dropped File
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\udxgjs.exe MD5: 29cc50130b5f6efd01703b6031985e72
SHA1: 96b59c746f660c2b190244f08764bb9d64f90b76
SHA256: 1c4e647f3fbac1eea97b488a7c2600f3c61c8b4d6e2e7b08acc8f5ec2b7a965d
SSDeep: 192:nn829Uqt80RvmDn/GW0YPUWLTwmH+M6r6BmiOxEhGr:n829Dt80R2n/3F8s+LLLC
ImpHash: None 		Access Sample File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\udxgjs.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vf3m51G_2GmTdwKx.wav - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vf3m51G_2GmTdwKx.wav.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VT-1Mu2yHHu90r.odt.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1 2o4p5zHCb-fvAtztO.rtf - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1 2o4p5zHCb-fvAtztO.rtf.[ID]hWWph9uJUOOy4hF1[ID] MD5: b1fa0a6fce8eae2bdc1a2b2ec41d31a2
SHA1: 72bc455bbf9786be55a8c9fc9fa643e2c5713cbf
SHA256: 4824fdbd06fb99e295326d4457e19b33bab9dbacbc2d06a347f55737af2bd8bc
SSDeep: 1536:u8QoFhecTRqSp82K4CxG4HOjyKYzPJYUeA88749kI+j8wRzXBnHI2Yh:9bFhe4qSdXCx4iiUe58WLwRzXBnHih
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\3gVd0.ppt - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\3gVd0.ppt.[ID]hWWph9uJUOOy4hF1[ID] MD5: 57490d2a22f2550832a225c0cd930696
SHA1: 8095d026c85f07e832da47bdc8f6ba3d17938a50
SHA256: 0595383b34a43ee23365ee1ad948c94f8f9126075de43501d4e497045194a940
SSDeep: 384:E1XFFjPNTX7VmqYZ+ygaay51bwCmfHIv+LgLjv5T0RmtF/:E1h3kqf02CWILnB0IF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AIc9Isj7ADRjNzHWRWF_.pptx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AIc9Isj7ADRjNzHWRWF_.pptx.[ID]hWWph9uJUOOy4hF1[ID] MD5: ca4ea9527a0ab704e26ccfe4cbf90f28
SHA1: f0bc3a7099dc4662b2e38d308b3eeabc8a6279b9
SHA256: 696c9600e4e7e626c3efb2d033e0cb3424b303c28911dd0ea27d01d70cf471c5
SSDeep: 1536:TYT0RYgiKc50JtxFlV6nN1cX+SdCPzNbce+AuFHVVtsmoNICP0:ET0RYHZSzanEObPz5r+5rVCmcIC8
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\cn-HP5pWv wNnDGY4YF7.xlsx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\cn-HP5pWv wNnDGY4YF7.xlsx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7ccb5e4683bca0ed35adc953f17f8294
SHA1: adda42d5208746e43f51a6e045f1afaf66d867b1
SHA256: 73107f1d2023b5874c62587cc7aa1e2b63a426aedf184d8fa4e35e3613f5da40
SSDeep: 1536:AQzEpNNjfcUc9seVduLrkaMi6xWE6ejNDKS0MT//JhbhjwFCqR9Mx57scsyX:AQ4N7PLrGiBEBDKS5D/JhbxwFJR9MxZN
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\jN9TBQMyqFYmB5Rvq.ots - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\jN9TBQMyqFYmB5Rvq.ots.[ID]hWWph9uJUOOy4hF1[ID] MD5: 914d61b98aeacac7729adc35b97d844c
SHA1: 555a44c55c5ab79f100911c4cb65c021ff946927
SHA256: 6ab2f5577ae1ed977cac399043573c2a98bbae400c532a8457d3f5937e9af770
SSDeep: 1536:VYvMloRkwcW43ZLhKdI+f4D7PrOmW6xIjPr+86JNJhXBHCzJyg5zHKh:aWoRjcWiLhKkX6n6mjPrH8LXBHyJHzKh
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\LhqwkdHvHp.pps - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\LhqwkdHvHp.pps.[ID]hWWph9uJUOOy4hF1[ID] MD5: dd13c258022773fe62d544f7cd1433ac
SHA1: 0168b6192d6c3542fe8c7fb2a88115f68924de2c
SHA256: f57af20d43466790b83890d168c90ebccfb6171cc1e44c39626bfd857b1b05e5
SSDeep: 192:KcRt+EVQKPKSV6WChGQkaMNL4tEK4qUtftRx:HUItPRV6WC5kami4nF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\O86Jsoq0pVAcuu.docx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\O86Jsoq0pVAcuu.docx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8a8e270eb89ae59b8474f6f5ef24970f
SHA1: 8ba101d258cb55c02fd6cf025177094fea0ad387
SHA256: 863c9ddc28856fc379039d06fadcac04d7d3df67c3b6f2e3897b6a9aa67e57c9
SSDeep: 1536:wNfjLnDNxsG1YgYPzBB0wo4rTBBoKybpedl2MfhINlH+pbnfd/TslMnmNJQKxm+j:ej9xlY95TPB5cQT2M2bybfdrsdJQ4khe
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\uqnC-qDAk9uWzh2.doc - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\uqnC-qDAk9uWzh2.doc.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9649bf1f2aa348b15cae693d9ac692ef
SHA1: baa89c985aa34b4beccbd155d0d249a732bbdadd
SHA256: 5e9a46f93584f5373d5f160c775d3ffaec76b1f75a7fe58c35eb76f26c49e49a
SSDeep: 1536:4C9292L2d9pD0tbiOI7p5ij2ayKhm/UhGSqnS2:h9hCpD0txIl5iMqy
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\vRdpPed7cbcKAIsGT.ods - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dEs-EDIfkd iqMCvgGmm\vRdpPed7cbcKAIsGT.ods.[ID]hWWph9uJUOOy4hF1[ID] MD5: 6a1488f574dca71e5f2da1bcc4314319
SHA1: 9e8fd5a96a33c3a66307f55b564c83a553809a20
SHA256: ce65a9fe6a872da5684f6747bd23bbd24dfc3d09058345ec096a8568e9f2a72d
SSDeep: 1536:NIsMSrE9ob4zlOa7JpORHphxn/hMajD3mfG1/gQYx+/d:NtTrE9ZAaPORHBh1DT1/gR8d
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8f4479b907d67dce17649d5fb236575a
SHA1: c080bfb667cb235d9216c9369eb30b0d02db9be7
SHA256: 387a56fa6d397b45b086626f81efec6cc874784d8c27763d5cefb450f8dce361
SSDeep: 48:CNqhJ+1j5vIxmkWwXLXdvu4VHl5C05XKVIxx:Cd11vIxy8T5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dilf19.docx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dilf19.docx.[ID]hWWph9uJUOOy4hF1[ID] MD5: ae9bda97f56f894d1f3e009d4e25e424
SHA1: df988d3c424a1e64a1840c633871550e20eca27b
SHA256: 6b43d2bf4cfd9ed03c9f657237231bcc6e9f51f67b9e1d65a2721bb57efbd6f2
SSDeep: 1536:yxt9tZYHgg8EqML6/+ssG1SzaeFRDPuc9MSzEpDThTI7yoLhp4yq:yJtBg8EqML2+J532c9XwpDThTdodGyq
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dmhLA6w_YLOh5kl hnV.pptx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dmhLA6w_YLOh5kl hnV.pptx.[ID]hWWph9uJUOOy4hF1[ID] MD5: d697732520782a4888b297dd394cb2ca
SHA1: 3a9ff5e8f737651951ad5964138957368634338e
SHA256: 4dfce3e670adaa379a1fbbad5af06ccd112ef85ad366928e16032af9df51aa58
SSDeep: 768:Xg6v4brthj5LAw8WZ/LTrfi2qa01tbQ8zE/MZyr8NDDiJgnhiIFgWb57fbsF/:XOrthjawHZTXiB1tbQy24DGOkItb57TS
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dso03pCxSlJZc_V5rD.xlsx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dso03pCxSlJZc_V5rD.xlsx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 768d7e3e988d41650208b25d215680d3
SHA1: 5cf28827ead32fc97d0c88f58ca66020bfece635
SHA256: 05e819e57abe23357ed530ae391419bcc54a3d9171a9e45466c11987968f99cb
SSDeep: 1536:csA/FSceR6NzFNi4ALLpuKtD7nv7IyIl5Lted7ckMOK:cT8ctilvAKtcXrohcDr
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GXhem_I.pptx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GXhem_I.pptx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 491915f5b8123938b7f225147a31f6f8
SHA1: ad856e71338c0cb8a9068476ec7347cb97e80502
SHA256: 5c2bdf7b48c2f082d80a287133ba5a75cc832fbedae43eb4267ef55ea1f9fbe4
SSDeep: 1536:ZlSIuIDfY9aTdHU8CRm/YzlXoWLqM1IuqVraICZZDjPRPctBS:X/kghzB/YzlXowquOGZnRUtBS
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\imbV OAx3F1cWZTn03J.docx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\imbV OAx3F1cWZTn03J.docx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 48537ac3f48288be78e076fcae4f4cad
SHA1: 0de9a7aae6045726ee61c46af68d78454e6ae52e
SHA256: da79baa1ba3d429d0c0a7bf005516fd174f39525c0bc6a821c0c8c6292d0c797
SSDeep: 1536:sG4lLShXQTySShLqToGriVS832mBCYdkhGz2x+0Q+geJu1SDEOQLIl4NTKh9YiTo:eL6XrccGe4wBcwkh5TDJu1SYN7i9FigI
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KqudnBky5y.docx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KqudnBky5y.docx.[ID]hWWph9uJUOOy4hF1[ID] MD5: f85cecd31ace784ce5e589d39fe509b2
SHA1: 78b0801a16dd8d3585111e341be36b0e57f7101a
SHA256: f5f5a909fcb2b60527fa0fe22ca4b4f3af17efbe185188b27c97c343cd51701a
SSDeep: 1536:w0aQ2Cq8OHxqXIFEHbkUwSZAfv3mMDrXMrW2o+aZgvst2UDXKWLYfE:w0g4wEYUwSZO+oXMrjRAms06aWLY8
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\L33cwZgAwdRp0L9II.xlsx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\L33cwZgAwdRp0L9II.xlsx.[ID]hWWph9uJUOOy4hF1[ID] MD5: 22a92ccc327adc571dc838a1004bfa4e
SHA1: 5dacec9b84999315be7c930e82ce2d2829a98ff3
SHA256: a0986b5756769851d234f839ab618fd4e3bf82454a3ba0f86a4acdbf587b123b
SSDeep: 1536:IeFyLQYI5/fDIUJg1T4cEO4VD3WPQd3NZd2EgsGzO2pO22hiWdgfFoAUNNO+0JNF:noLQYI5Ucg1TDEOu3WPEd2Ev2pdmAoAn
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lrVIyqwWp.xlsx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lrVIyqwWp.xlsx.[ID]hWWph9uJUOOy4hF1[ID] MD5: e2a1fdb6a1f4fa8784992ecff4b02310
SHA1: bea0bbeddce90262d2616d606be595fa6eb485a5
SHA256: 649195c20cfcd63d5ee097272b33102a9f659edc68e65c12cd5b64acd45f45e9
SSDeep: 1536:2m0a2fMHfLk0QmpTr1EHoxdXGN+ITEN5iEwmOT95yVZhw/nVj7f0VAxiW:202fMQ0hpP2HadXXkoiEjOT9ohw/nKVS
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QaD66G.docx - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QaD66G.docx.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rE1YTVmr.pptx.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 10be11d7eaa24f283b47d57aad5de95c
SHA1: 051056d35c49300abec5311916a251ac6e772744
SHA256: a89bdf80a1b2ff0132d7fa2a975ee0f5ec477aa80c52a07388756d232bd3e33b
SSDeep: 48:RwBP/2hDR97XcwXLXdvu4VHl5C05XKVIxx:2p/oRFXc8T5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: b081f5a94e579497aef9c768f39eda32
SHA1: b57364a6ba58317295ec166eb863c379a8e55a59
SHA256: ad8490c31cb530a5b0bb691cc23cdc8dddbf763e99218052f22adb3912e11d02
SSDeep: 48:a/SSrEEoYfAYjnqhK+cAyiPMWXLXdvu4VHl5C05XKVIxx:WJ4YjeKhDuT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7230250460a5a4d17a2a2a69685156bf
SHA1: 4a93639f1741a24e26fe0631ac8da81b263e3622
SHA256: b44de87e7bd001da2b425e0fe79847bc40d651f30cb4c4aa5241c56c601df9f1
SSDeep: 24:b+zt40FxCGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:b+a0/EXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8b0912b34bc5e9ccfdfedd99b0d02351
SHA1: f5c4478f8afbdb989822a223472810de87f1dafa
SHA256: 8f452da3a0eee400260b0a5a4fca669b94d89bb2ab0e3e8aac24603af802382a
SSDeep: 24:4+SMHw9CV/UfCifVBDlGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:4+oIlUfCibNXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 0de5c0bd8d846b7b467adf8b66454b1e
SHA1: 30888eadc7b89f9194cc67567e25e66c4120ff95
SHA256: 2649490501a5d2042bff54692909095bce9853271c14155e115c0161aece6cd5
SSDeep: 48:InAu24wi/noWm1nXLXdvu4VHl5C05XKVIxx:InZ24wKnW1HT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: be7473cf56ac32ce58ca7d82e2516f4f
SHA1: 2c66a7b6d10e0dbfed9899a2436f0790910daeae
SHA256: d30c04d944cfb4d0b2906eff776b83ef6c6142d4b738acd3bcc28b7fb8914454
SSDeep: 24:JfKpX88JG808vwDLlGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:Qps8JGYMXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 402dd2541194afd6255328094d94c0a2
SHA1: 8a607b1ae3fb65fef6ffbb641e5540529de9d066
SHA256: ada7083e9bd9270182623c24a98443ec3fe4b1ef090eba6236536fc045909c91
SSDeep: 24:G5x3LPqirgQTGroicGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:QVN1TuuXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 57c8c3f6f929cb36ac365a480edfd5db
SHA1: 360aef9aa919a0da71502651144f4f0f1f9abf83
SHA256: 80c2348ed2bfd9e06dd60c5b29e8cf07e3970dfac1a3565eb34c6fd5585de7af
SSDeep: 24:0lnGIBJ88S8aLjy5lnaZ5/xRuGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkc:0nBM8aPyiLxGXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 03dbbf255a2cf7f71541a40c483ee61a
SHA1: 7c94b1c1de93f73e858bc4946289836e16cf7f74
SHA256: da19d2d9c2fd96fced39ee4118893beb86d685134ec9a588379654eeffdf4bc9
SSDeep: 48:VhNtJoj2BAzQEzXLXdvu4VHl5C05XKVIxx:VLz82OFbT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: d21bf1b6df90ff49913d151d70d11f58
SHA1: 4ce6789023754fce9c15fd3c7aa91f20b81d3d0f
SHA256: afa7942d98ffcf852a6a4cb215b676d16f3ab5b65f633d5e860afbc8f2ce9f1a
SSDeep: 48:u8KaYjDkIWMM6XLXdvu4VHl5C05XKVIxx:ulcITT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: b31febd2cb96e296d9e6194e439eda99
SHA1: 000ec2918246b7e0f8fab2d8215bd01ac101ce33
SHA256: b3cbc90a8c9b2e2f8d9f2849e671edf4fe5c63d4ebb2a0fddb2cbea3fc50786f
SSDeep: 24:aPb2LOFgaddVVTfWtC2GxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:aPbDFB3VTfWvXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: d9785af60296f1954d3702be829a6ead
SHA1: 44fccacbac127974a70b7f719df83a8af177d9a3
SHA256: c0364e08bb488272558d4d5daa91f55c98e6405dbb72ac7bcae8ae01fb51e5b9
SSDeep: 48:kamYW7yCjh9hzXLXdvu4VHl5C05XKVIxx:MxtHbT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: b5a491d772017fdd50c054d83ad8a305
SHA1: 83f683a11502357fd8b17a6eca5866feda558772
SHA256: 66853ef9f21bf7e51d0c1a0498551750dc61e733871cb406d9e438b15ccc572a
SSDeep: 24:dR8WX/3ImXJZYaKVeTlxNGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLM:XfIm5m0fXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 4acfd8ef939b2a9cf93b3622cde4313f
SHA1: e229264689de92c2480d5625bfcc84477eb63c81
SHA256: 7554abf2d2e41953b65ef86e92bf4c7dc03e4598595b933e340bce7f56ad939b
SSDeep: 48:ogEjppi0V++PJXLXdvu4VHl5C05XKVIxx:0pY0XFT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7c67898f5f611228201c0b32aa65386a
SHA1: 0c4b86f30c050bcd13943d781312ecd74033b389
SHA256: 43c2ce766e0894b7f1461ae0e82e2db7d5d4701852362e3681c1f7978f5760ba
SSDeep: 24:Rl8e3ip91KVUGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:RKc89XLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 24970d6519a5fe4abcba90bc8cea513a
SHA1: 41f62a2fd2bc6ad2f4df7cea202140ff9f48914f
SHA256: 05840a85951a26432f71a6a1cacb6730b8a806d0a5a8943f4254cd195b0588a4
SSDeep: 24:ygPILtggzO4KtF0T6GxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:eq4YKcXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 39224cd01e42f4b689f7e411a0445065
SHA1: 0b9ef540d081d72f41f414d19cab83eabc43ba07
SHA256: 965fe42e90a587d9502adc478c31ed470ff97cc1d909a0ba7158426f10615d68
SSDeep: 24:/dsOLNleM5OVmXWGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:/dlxsmYXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: a3993f55da39725c1b775224a7b420ed
SHA1: 2dd07af1b823d4f9cf6aa6996a19169bc8e7b695
SHA256: 7845f3f5ef654789d64c48f8951c7eae2229ff16b292e0716f9b19faa2d1df9e
SSDeep: 24:9W1+/3Py4MDHp5alEGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:0zJ5MWXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: bd4d805f7925e420728887e874427172
SHA1: f0f3c5231f9565b53a9e9b2b28215438b3e54b21
SHA256: 4edff5bc0afc4eff226e73634ad044d4c2fd5ef73147617137dd2b4b423babcd
SSDeep: 24:ctffxCM2YHhFozCjr+XzCkGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiw:8fZxPnyXzC2XLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8ff3a2b0d1f2579fe0cfd926c0a4f9ae
SHA1: 949478144bc9e1637908df39a072fef295d0820d
SHA256: 754c6fb72215f5c825fd9054adad9b7bd6c07992d93376b76b4da53ec9122776
SSDeep: 24:2agWB6cqAEhHdxYy2nGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:McuhHv2bXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: e0469e9462595fb3e49182a12849fe7f
SHA1: 9d4bfeacc9994bbd54908c589c4b814b0c7acd35
SHA256: 28a3c123788c34e32e5f7fc71ca4435fd5b1e737dacb3ae69987df6bdde270d3
SSDeep: 48:mVMgBWM7IjWMc08hyjLy8g70XLXdvu4VHl5C05XKVIxx:m1BWmIjWP0MIyYT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk.[ID]hWWph9uJUOOy4hF1[ID] MD5: 4a032ece03243617f3160347ec412b04
SHA1: 82b61ed693c39c6ec031f18cdf7f0fa84a6092a8
SHA256: b3c7c53f3fc1a8ae35db4f466c610cbe2e2f53164775cc5889ef3ebf4cd8d73a
SSDeep: 24:DadeSCnpduXId9QT/eI5sZ73gIGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQf:aetprI2kQgaXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk.[ID]hWWph9uJUOOy4hF1[ID] MD5: 67664919699a2bdd0e51e59fe8b12f23
SHA1: 6e3e422c2a0cd820948ea1ea7be7155d7c932d9c
SHA256: 23c27f05a44e08f87f21e612fdd6e3fe2ae44e6c0ad6c6f8d299f9d6cffbfb1b
SSDeep: 48:2+7hjs6zH+R3ZkBzgwm2JaMR9XLXdvu4VHl5C05XKVIxx:2SspugwBJRJT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk.[ID]hWWph9uJUOOy4hF1[ID] MD5: 0e6c272823efb8ed347fd29ceb0130d6
SHA1: 7fd880ebb47f3aecc3ec2e852e14b4a7ab9ab3e6
SHA256: 962c4e61e0f3c12f765a121af3e60acb36bdb012817bfcfd2c0e35c85ee6624c
SSDeep: 24:vsFoE1WT1BZ3dPT5jHWx7GxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLM:0oJBZ3dPTRWFXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OrzHNREAkWyGRcOhFv.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OrzHNREAkWyGRcOhFv.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: ea333661daf69f0e423638108e11d2df
SHA1: 99c01428fea91610fcce5663f19e0aee3ff01a66
SHA256: 85f6f3218371b05f38b953a5f994ce6ad9f9a9ef2916ef5f7f94f197e876d2dd
SSDeep: 1536:0GjY3Bql01c0n6iEUz0pymS9TGN5sCENwJA9MuNRSANp:zcxKN2EUzK69hCENEA9B/Bv
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\28F4t8tm71.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\28F4t8tm71.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: 2e7c63c2cf827d57521a9f63342c7fac
SHA1: 8699e03867e7d432116c0e8ec357d9a2e064ac53
SHA256: 83f9a590c71219ae3541371cca05a4f61c7c14633a15eaf8a08c6eae84258309
SSDeep: 1536:DiJb0eGyqGNHrLFAluDa6LHovwtDP7sWZrEr:DiF0NyT/FAgHcuDThZQr
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\4AhrnACXRo8vjDqPzc.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\4AhrnACXRo8vjDqPzc.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8108a376f3682fda40258f82f744006e
SHA1: 969cfb97cb8dfe0f538325f708a85fcf102b7877
SHA256: 5eea1365d4b79a0654bc7ef377bd66af9e974e808c1a93d578f97bd10f8a790b
SSDeep: 768:J5mhG7HOoLp7z2zhOzXRNPswwROHPRMo7C1jmn2nnXlATFtKOTuBtPIezh9T3hPC:OGbOoLB6zh6XPswwROH+nTnasPt/xPYr
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7rpWX8QM.m4a - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7rpWX8QM.m4a.[ID]hWWph9uJUOOy4hF1[ID] MD5: cc0909240fbf9a08567384b27b7e6f9a
SHA1: 3ca60a54d8819c868560a098599466f85e1f4400
SHA256: 142c6bfad44a5933bc61b5b07900fcaa10147c6f7d39151bfdde1fa2e5891887
SSDeep: 1536:8lHJvUkaj+I+Z5/gdf037tY44tudLWSEWhmPvhcV6ZSF1QDLsf+63a:SSn+bUf0rtY41dWSEWUGwi1QDLF6q
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7szc_Fu5fkpO.wav - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7szc_Fu5fkpO.wav.[ID]hWWph9uJUOOy4hF1[ID] MD5: b9e8941b9b62b67addf5ad129c6da5a7
SHA1: d27d177e5baabe5577098ceb08687554c70fdb8c
SHA256: 6fb0272b0e34ec3459b657c4f6561c056abfc958d39707978e36856c330f9a1a
SSDeep: 1536:E/O3s589eXfh/3vCPjUt2LWZUzISD4mPhkZzeNJMw1ZeL1eIMu2I:E//5pXpneUcL4SWz+Sw3eLku2I
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 878c9b9dc43564da3db38a443460fd64
SHA1: 205373ad5c2acdfd90322b36282f4e5a46d2435d
SHA256: eb3e3571c7388ff573a86552d4f68ac522ac4e8086b6353d60708348acb9ed5f
SSDeep: 48:sqtxdBJfqkGeK5XLXdvu4VHl5C05XKVIxx:sqLLRqkGp9T5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\F7VVSodfwxzw.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\F7VVSodfwxzw.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: aece5179d2593c32aa0fa620292764e8
SHA1: 01168c7e96bfdb521c8ac75990b4310896c472c7
SHA256: deb3568cfc010cf52406586bbf8befd6c5c9e8a30729e997d27862753985d0c3
SSDeep: 1536:yZ0oKRD1/3IZevSnFh/EI6j5XjtFPS4E7Yx6X9wMOWhw2UXWjnwFDrFksf84a:q0oKf/kecNEI6FjEckXB6GwFDpvO
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GYpujz6bZyZcO-T7R.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GYpujz6bZyZcO-T7R.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: dbfdc062c41e310e43015b597541e6aa
SHA1: 7c953107c489401114e4478921c9e1695eefd64a
SHA256: d1fedf330037e7f459262820cb8d91752df02b1042b6e4d61c8cfa64af67144e
SSDeep: 1536:JkkJWjbm6FoGRCmjy5fQPsCntfToj6EsfuyB7ETZxGX/p9/DEUxVSMMpl1uA4:53yTxy4fEzDyK2h97E6VUple
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HIFLZmmHRuFv.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HIFLZmmHRuFv.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: 6e2944bcce336f77704169175b347e53
SHA1: e05eb61cbbbb806eebe4e3bfe79f8ec2736d7a8f
SHA256: 52f885744e158658ce7277cc290b3fc40f764d3602110f6fe0452674b3e5ec70
SSDeep: 384:noXGd1nxGY44CTDrJr1glXQjiv6C/Ffa5+KTbj2F/:noWnxG7Lr1glX76C9a7TbqF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\JNTkGdgD9rpv-.mp3 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\JNTkGdgD9rpv-.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: c411b14e23ccd24e0328fb9817f758fe
SHA1: f5f0231c984b50dd11418afc51b2d87bcaff6616
SHA256: 9128bec95cc4dcb717e20c108d14ecd80ec2803d9ffbf0372c96c9b632e6f16d
SSDeep: 384:IKiZcXE2VWryaZM9aOzkcKNaSmLVWkdnRmH9fjPFNrjLjvuBuPpYx8TIWQwjtned:YKvWyMOSaB5WCSzNbj28FTINwjFeF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\M8_m4DClqwU.m4a - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\M8_m4DClqwU.m4a.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Mwf6Kw2ezkWZ 06_k.m4a.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1 - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\8y51R.png - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\8y51R.png.[ID]hWWph9uJUOOy4hF1[ID] MD5: 685ad9730afdfec021ff17502fa5e365
SHA1: 5f9aab4fb837823d402564f130826e7a05539de4
SHA256: 3e61345a470e9671c6c4a57a3fca723554282d1539c2f8633d4be258b635434b
SSDeep: 1536:M469hMCnNWJa7HoJxScf44C9aG+renvcajESXbJoUN/ga2QR+ZdBkVkdQ8:rlqNWIuf441GcaASrJXhga2++ZdBykdl
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\awj8XMkA\7E-_mMah slMT.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\awj8XMkA\Decoding help.hta - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\BBgQlMYHL _2TA.gif - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\BBgQlMYHL _2TA.gif.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\m zp2v8n\Decoding help.hta - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\pjZy-sspEQyllHo-q.jpg - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4H-Oizv5lIrvjR1O9\pjZy-sspEQyllHo-q.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9yivo5.gif - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9yivo5.gif.[ID]hWWph9uJUOOy4hF1[ID] MD5: 23d7516b2e2be33e5dd62fbc72b53aba
SHA1: 73891327faa7444383c0f9409a4587f95bb109a7
SHA256: ee7acda7f4730dbac5768e7d3f9f499df3b19f8999f3d8738752dd36be462a0e
SSDeep: 384:feoXK8a8MZ53ulNCabu+F55bmjSwekebquGXgTdF2/9tmDiSgnF/:fDX3m5elg6uYbSjJ6bqBXSu9tYOF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: f0146a55938186a3a9679e078cb0fcb5
SHA1: 72654f81afe36229ce48b26002f12e8682f50103
SHA256: 532ab8f77843d10e671aea8e3ee115820d47aa5c0c486a5cb2ce3728b5973cbc
SSDeep: 48:aNo9tftoiWlPNJWAmq2W4aXLXdvu4VHl5C05XKVIxx:Ko3ftoZlPXmvKT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Fw8HolHjfbNy4TO.bmp - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Fw8HolHjfbNy4TO.bmp.[ID]hWWph9uJUOOy4hF1[ID] MD5: 5ca26d0b38dd46c74cbef0f0bfb8150a
SHA1: 13c1786c06688171c440c8dec4dbac1dfbd189d8
SHA256: e642387bb74428ea939bcae4661d4603c1b3d5a6f309c1e1b26f84f2289d9b78
SSDeep: 1536:+lMSfumE4znjIMQsoWGZKtEGJFlT+gCgob9mAvSTzVI4:U3fLEKMsnQK2GFlagCgC9mAqzP
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PcaDFoPfMRf61DpJA\1m1Vmuba.jpg - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PcaDFoPfMRf61DpJA\1m1Vmuba.jpg.[ID]hWWph9uJUOOy4hF1[ID] MD5: 0a3d198ac31c1ad9d810de7ffa879aac
SHA1: 8d3a215162c9d302dddeecc67c11035c0d89ae65
SHA256: ab6e50609714d4c98553b78b055bd476ee1febb995b10c379f6a90e440aaa6ca
SSDeep: 768:Krxj/iiqgwThD2XCQu2OhlSNKGKrjYGQMVgF/:Ex7iGwTk/uBepcjK3
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PcaDFoPfMRf61DpJA\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\58 _CW2YhTWDYT.bmp - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\58 _CW2YhTWDYT.bmp.[ID]hWWph9uJUOOy4hF1[ID] MD5: f2ac0edb16b14378060528cbd906be19
SHA1: 3a0f43b9081aded7b7f438a5e2e788c4180730c9
SHA256: fe712ba98f2ff6181fa508d53d45fc3faeb9a9fb0318235afac8c0a5e4f5e670
SSDeep: 1536:DY1dcnzZ83HYiO1e4e6tcLpChgR6ea0Gy1LLVj7593DquzL+B0zGjeJYpZ/0Qz0v:D2IZ83H+1V+p0qLL75j+GChptZ1nHjg
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\A-ruelEk.bmp - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\A-ruelEk.bmp.[ID]hWWph9uJUOOy4hF1[ID] MD5: 3d764ed582d29aa6d116e7b3c5049355
SHA1: 826913bea62f7d468a0f81dc403b801a7241971c
SHA256: 6039b35cdbea65dc4edd34747c853c023dfccf7c7ef643329672767dfd3e9903
SSDeep: 3072:++fqG+5MdUxOSpCYPfBG6g2+JxnRIIywXS:+cGOqpUYnY6g2ExnRIYXS
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\aKHBF.png - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\aKHBF.png.[ID]hWWph9uJUOOy4hF1[ID] MD5: 84aeb3f8f44e7950b683c8067458c211
SHA1: ccc5049c85f316e1fa4aaa6e44c9359206ea5eed
SHA256: c97557a556bea225baffc005582e08dda65448e8c39530eeaeb32a6c63bcab43
SSDeep: 96:Rd6zBRl0ni6A719mxYWIyQhv3EWEV6IF1+73YoT5C0tRx:2rlci6ABk6BEWKzFO33tftRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\g-knkuKhkJ2I8jMff9.gif - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\g-knkuKhkJ2I8jMff9.gif.[ID]hWWph9uJUOOy4hF1[ID] MD5: 516780d64424fe604d5813f8eca31d0b
SHA1: 31713fde1bf5ba3aef3a2ed26f883331bcd4a5ee
SHA256: e685ba67fdaf59e59705fa2c56ddba1626b6f99d1e290be024c94da0ac28caa7
SSDeep: 768:3vZNhEyCxrbKOdTSaxL3yKJAnREEGmmfpEbR8ZcUqmZtm8Qjf9RxRNSPrl0NhF/:3vcdpkWARLP6m8y8Ztm8QlR4+NT
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\L6TZ6kzRLOi0t-.gif - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\L6TZ6kzRLOi0t-.gif.[ID]hWWph9uJUOOy4hF1[ID] MD5: 0c1d0b85f45cf2db6bdc8924a2214ed8
SHA1: 36b66aab4e123ae73caf2d1a6ad9b887b881f4cf
SHA256: 80802becab8dc427464ef6918ac40a3476a5f414a7b17064a0dbc92e98dcd31f
SSDeep: 1536:6MQed2hcztODTipHqCE7PieqtHf9cg3rxtR15yliyIMJO:D2hjTipiPFqp9cqxtEi4JO
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\Nabr7D0X8dDzA.bmp - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\Nabr7D0X8dDzA.bmp.[ID]hWWph9uJUOOy4hF1[ID] MD5: b92e53fd25d7ae58b4ec3e9b76d8a744
SHA1: b1fec46a84664634386e707aceaab9bdfc62859a
SHA256: cbc603daaea4cdc11809b413c9217398f0dede2f714beba2de759f952f82bfc0
SSDeep: 384:wqG3plkFGrRhSVEUaYsSPuNuCnSwfcZ77Zu7zAhKvF/:ZG5akrRhhZYPuNMwfcxYgKvF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\sm3 s8GK5IZhRurSKMel.jpg - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\sm3 s8GK5IZhRurSKMel.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\UQpc.jpg - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pjpe1PfeOP\UQpc.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wOarRpMQhZLo-EiPn.jpg - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wOarRpMQhZLo-EiPn.jpg.[ID]hWWph9uJUOOy4hF1[ID] MD5: 96e2d0e3a73d5d23aee96e4f6641dc7d
SHA1: c8ce01ecf64dccc1cfde4a81da6629fca8ed23c3
SHA256: 094a4ad124a780fdf61e1ca82a6383d5bc411847a026f13025e2f172acca9e12
SSDeep: 384:4qUJKCJ4sHKBgT9rV6inNguwyFpC6f4ltCHu0s1/bu/AqJEYaHgF/:4v4/+ZrV6inN8yFpC4e0YDu/AqyAF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\yXV940v9tS3ZrnFx.bmp - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\yXV940v9tS3ZrnFx.bmp.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: b2204a69fed780690832a95e5f2a5e2f
SHA1: b0b41b61b20141d652612dc853e1746142b8829b
SHA256: 041bf64b472763b831387190225b78e6f6ef4d742e6c9404171ca3f74949d66f
SSDeep: 24:bTdgBt5D3YBIOvpWC71GxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:bK1rYBxvVXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 90e185a53e3702813db9b460d2ba1a85
SHA1: 9fccec2e097e368482d1a2628b211136450d7f72
SHA256: d9fa1c4039b71b43ed802f75947de686d61b5a7cf7c126c602e149ca8db4c60e
SSDeep: 48:ZyOxcitNTKa8aMXLXdvu4VHl5C05XKVIxx:ZR+iblGT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms.[ID]hWWph9uJUOOy4hF1[ID] MD5: 2b2b440d12402f6ad68332c507d03743
SHA1: 9802779922d070e91e3dd1c7b3d6ce0eb33d6476
SHA256: 98dfc27af15b68369d57ddcb152df9c42bd0abae1efe0d8eb36f5ad7f09b83fe
SSDeep: 24:payJCT2xeOTYrsKcGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:pay0axeOTYrmXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms.[ID]hWWph9uJUOOy4hF1[ID] MD5: ae1cc8053b95ad99018b49e82492edca
SHA1: 9d77f1568cbcaf9dd2dede2033aa5e1766462a54
SHA256: 2ea82903d403c405897c5a3a16a888931e3b40f47ade8270207846749aed5811
SSDeep: 48:zPYxnY0xGQtnnWWnh7XLXdvu4VHl5C05XKVIxx:zPYxYYiWhTT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\9lMGhV91NDMpqht7Q.avi - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\9lMGhV91NDMpqht7Q.avi.[ID]hWWph9uJUOOy4hF1[ID] MD5: d8aeab30accb7c8095629abd0961108f
SHA1: 9cbea0e4c050a31d0a47188f956b1440961c918c
SHA256: 524a54cafe79934dfad2f76db3e67a7fd6f890f284cb00de5a25b69f5bfb8689
SSDeep: 768:kQzO7TFTVq6FIP1MvMZJxnSTPVsy6WEROBTTCHHC/F/:kQzO7pTM6FZvUVyVsy6WgwuHiF
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: bc65beb2c427c731f4d01962d16d7f90
SHA1: 49bb1215b5fb23701c205147cfeb993fe43c3eec
SHA256: 64dc8f8ad7ac4eaa4b4a79db648c826cfdc0c26408181fb3647bdbf1adf0691a
SSDeep: 48:GMZG30XNClo4JWarZW3IljHXLXdvu4VHl5C05XKVIxx:1ZK0XH4JPrdT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\fP I YrA_L5y0L.swf - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\fP I YrA_L5y0L.swf.[ID]hWWph9uJUOOy4hF1[ID] MD5: 587043aada9815417338042a82bc8fe5
SHA1: 133c4f48b88031906497a097e5edf208a722ed0b
SHA256: 8f3dd3ca7d253234c216877c1736309ebce0571e16a4249ba73f950fd44a97ab
SSDeep: 1536:E+QWf9RXYZaDjFNpUNcTr1UNZVIEtESyc+W8KC1yCVMy:E+Qg9RXsaDRvGc312dycn8H1Z
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HhnogPUR3.avi - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HhnogPUR3.avi.[ID]hWWph9uJUOOy4hF1[ID] MD5: 5ed8289a328ece1f93b2658ad75f253b
SHA1: 7d3d2697eeadb753958057bd8df488ff8db280b6
SHA256: c4865ef01a7edebdcec17de25cb068f5f36abf6111da3fb1bbbeaaaf1fb5c8dd
SSDeep: 384:zQC3pzhodM+K0AwPulpin+3w6bhmrXx20yIC4zmzyc5ifF/:zQC1hIC0gTin0w6bhahTfbmzycofF/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\i5-I9YJ6OWOgcrAXv.swf - Access
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\i5-I9YJ6OWOgcrAXv.swf.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jTcc1pHis-E.swf.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft Help\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft Help\MS.GRAPH.14.1033.hxn - Access
\\?\C:\Users\All Users\Microsoft Help\MS.GRAPH.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Microsoft Help\MS.GROOVE.14.1033.hxn - Access
\\?\C:\Users\All Users\Microsoft Help\MS.GROOVE.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\All Users\Microsoft Help\MS.INFOPATH.14.1033.hxn - Access
\\?\C:\Users\All Users\Microsoft Help\MS.INFOPATH.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn - Access
\\?\C:\Users\All Users\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\All Users\Microsoft Help\MS.MSACCESS.14.1033.hxn - Access
\\?\C:\Users\All Users\Microsoft Help\MS.MSACCESS.14.1033.hxn.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Microsoft\IdentityCRL\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\MF\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\Network\Downloader\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\OFFICE\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\OFFICE\UICaptions\1036\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\RAC\PublishedData\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\RAC\StateData\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\RAC\Temp\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\User Account Pictures\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\Windows Defender\Support\Decoding help.hta - Access
\\?\C:\Users\All Users\Microsoft\Windows NT\MSScan\Decoding help.hta - Access
\\?\C:\Users\All Users\Mozilla\logs\Decoding help.hta - Access
\\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\Decoding help.hta - Access
\\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe - Access
\\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\Decoding help.hta - Access
\\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe - Access
\\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\Decoding help.hta - Access
\\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe - Access
\\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\Decoding help.hta - Access
\\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe - Access
\\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\Decoding help.hta - Access
\\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe - Access
\\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\Decoding help.hta - Access
\\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe - Access
\\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\All Users\Sun\Java\Java Update\Decoding help.hta - Access
\\?\C:\Users\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\AppData\Local\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\AppData\Local\IconCache.db - Access
\\?\C:\Users\Default\AppData\Local\IconCache.db.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7f0dd2d62c2262c76f4057525b2d3042
SHA1: 1b9250e8ab2b953a52c519c4aa6c7bb25523eefd
SHA256: f8f29f9262b8bbca8880c25a826fbec7de2d496d9fd6aef9d27e9ad47a9e4913
SSDeep: 12288:Kkd1UP1FzP8pp+1fOFhxWb17y9oXzARa8RiAAnpU5qKhDFJ6xs3PqkHV8NNqXnxI:K+W1pP8pPm09gzAPRVAngq+DFJ8s/jHE
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Feeds\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Media Player\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Decoding help.hta - Access
\\?\C:\Users\Default\AppData\Local\Temp\Decoding help.hta - Access, Write
\\?\C:\Users\Default\AppData\Roaming\Microsoft\Protect\Decoding help.hta - Access
\\?\C:\Users\Default\Contacts\Administrator.contact - Access
\\?\C:\Users\Default\Contacts\Administrator.contact.[ID]hWWph9uJUOOy4hF1[ID] MD5: 79d0df10f1a243943479e1cb4860e36e
SHA1: e730065105190a961c39ec8f16928e6a5bb42b23
SHA256: 5a51bdf57e29d64ebc3c36209edc9291729142ae90e41cd6d7779562c43fb27a
SSDeep: 1536:x4khbxuE6lo380KvWxawAkYnP0Cu9MeE+rTjmcPHAYtNXn1T:x4Abxu6yoFYPgjjP4YPX1T
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Contacts\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Contacts\desktop.ini - Access
\\?\C:\Users\Default\Contacts\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 6d3a373705e6054feeda9e4b22d15a8d
SHA1: c4452c898fd51e856dd5ec4cf0cb9cf24c17f27e
SHA256: 4c706a0ff9659ca424375fa158dce40a24fdbacb3d338a574356658a89f136e0
SSDeep: 48:q32Mwsct3o3c/EEXLXdvu4VHl5C05XKVIxx:q32MSt3sgT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Desktop\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Desktop\desktop.ini - Access
\\?\C:\Users\Default\Desktop\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 119263769250da9e6738b8423d8ef9a1
SHA1: e3354c4c1029b65c2415041eaa5414fa821a17d5
SHA256: f072d2af4d5d30ec185299b40fa3d7ed612f59656195bbf05dd2176e5eb81628
SSDeep: 24:v8oDO5Giu+k3rz8lT3FoahGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiw:dDhp4xFDXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Documents\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Documents\desktop.ini - Access
\\?\C:\Users\Default\Documents\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 749b02bd9ef3f3ff8c25627eeb993f0f
SHA1: effaab4cc9537f704022db6623c8873a654d089f
SHA256: 65974b2baab416a7eb199bff562c232f31fee53b3c84ea6d9290fffdd1b2011f
SSDeep: 24:ba0IkM/R3Rc/oV3/acaFNYGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiw:mcMZ3eo07MXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Downloads\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Downloads\desktop.ini - Access
\\?\C:\Users\Default\Downloads\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: c62570ca20c833c8d6e7aaac0ba92252
SHA1: da239cf10bfd4309d165125134110f8ab7466e2d
SHA256: f51a2e978de0ce5615965de41a561e6d615e577fae1df583a73dd41d03ce34d4
SSDeep: 24:4XuzegNfil4uq+zjud93ikHGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKx:T56nq+k93ieXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Favorites\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Favorites\desktop.ini - Access
\\?\C:\Users\Default\Favorites\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 686a7ac79a2440ed5ecf800d08a7ec14
SHA1: ce9aa1ea37683f8763b315cbfc4120665bef8d6b
SHA256: 165f30aeb666f22e7449937225da32a48936b9d0ea1a97800bdd9d48010738b9
SSDeep: 48:sPD+EZyx9Crch/37LHDDCnJXLXdvu4VHl5C05XKVIxx:sCEZWsAdDDYtT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Favorites\Links\Decoding help.hta - Access
\\?\C:\Users\Default\Favorites\Links\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Favorites\Microsoft Websites\Decoding help.hta - Access
\\?\C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Favorites\MSN Websites\Decoding help.hta - Access
\\?\C:\Users\Default\Favorites\MSN Websites\MSN Autos.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Favorites\Windows Live\Decoding help.hta - Access
\\?\C:\Users\Default\Favorites\Windows Live\Get Windows Live.url.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Default\Links\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Links\desktop.ini - Access
\\?\C:\Users\Default\Links\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9a765330cc35cbb18271a1dbd8659581
SHA1: a6883a726237c175da84c4b41d2e97cb9e05d3d8
SHA256: f2ec756671c867be136b88d0f694d5a60fcc01498817e796c028534fef45c51a
SSDeep: 24:94l/9joH7mgbIsghvaEJEGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLM:Gl/WbmZsyaEMXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Links\Desktop.lnk - Access
\\?\C:\Users\Default\Links\Desktop.lnk.[ID]hWWph9uJUOOy4hF1[ID] MD5: b9e739ff573c8f981b54bee6328e180e
SHA1: f09fc5c80519666d101723f9e03ad53b9da36620
SHA256: f696df9abae7c3650ed5d417a1a97f67d33e02fbed18dd2a8e4c46f47a350549
SSDeep: 48:JX/144LVw1iT06XLXdvu4VHl5C05XKVIxx:JXNesAqT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Links\Downloads.lnk - Access
\\?\C:\Users\Default\Links\Downloads.lnk.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8f1505b15bda2bd16b940c0342f54972
SHA1: 6c36df07862f702edbfbd249ad093190d79ceb0a
SHA256: 8c1bf186b3f059e6956d36de152d2b269d64dc89642a571b1bfb63d572e294bf
SSDeep: 48:6ocy4fBjbE6YveL6USrRr4VXLXdvu4VHl5C05XKVIxx:61y4fBPYGuUSixT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Links\RecentPlaces.lnk - Access
\\?\C:\Users\Default\Links\RecentPlaces.lnk.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7710ba3aaa57dfde6819cf635bb47bd6
SHA1: e1b91635d5540b630f4b550aaee32a0e69139220
SHA256: e747e7244c304805302d9d78f4e4f14788261afa19b0cf7c24a4675721f70467
SSDeep: 48:DFnY91j+ljvurg/XLXdvu4VHl5C05XKVIxx:xs1Ej5T5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Music\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\Music\desktop.ini - Access
\\?\C:\Users\Default\Music\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9ebf350d31041691d869b342effe42c7
SHA1: cb396f22e403cd6a5a0cc64a2150b04d453608a9
SHA256: b733d7f47a813baff9ef2f81e5bb84d97c35d8e073f3157ca285c97fedd60cf0
SSDeep: 48:4FXwvtFbFVHxIXLXdvu4VHl5C05XKVIxx:WwvWT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\NTUSER.DAT - Access
\\?\C:\Users\Default\NTUSER.DAT.[ID]hWWph9uJUOOy4hF1[ID] MD5: a6f4a1a34c2ed913cd8912354e5f64ba
SHA1: 6d44a3b24f70251825123e8f53e16a4b0a469687
SHA256: b698aeb38f8dee22af22fc4df7fcb56fe2b698baa7560ec30342766d109101ac
SSDeep: 24576:Os/h7AfDn56fJPXN5+1/2bLqmtUN2RLOuhwGNy:Os/hAD56fxN5+29JVNy
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Default\NTUSER.DAT.LOG - Access
\\?\C:\Users\Default\NTUSER.DAT.LOG.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\Default\NTUSER.DAT.LOG1.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\desktop.ini - Access
\\?\C:\Users\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 1fd70a3d7386a1c866a4baeb66c3c764
SHA1: 9c4b52a3131a022fb0d0d1d162e565b95075626f
SHA256: 500179bfc8d07d2de1e16e9400420e29153aaa1be5fe16821e952c001f103c59
SSDeep: 48:A+7/DWwhsALDFcXLXdvu4VHl5C05XKVIxx:xjDWwdlAT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\desktop.ini - Access
\\?\C:\Users\Public\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 38ba48e98f4be5e573f6b55360ed049c
SHA1: dc7c881b967a375bd56cad23860de70e0d95dbe2
SHA256: 4ecbf132f322f5de3597d3fb8219f651081c1f75e5f17fe3b97b4b3aa92d8ea7
SSDeep: 24:5v5LW9EOeegGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:l49E0yXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Desktop\Adobe Reader X.lnk - Access
\\?\C:\Users\Public\Desktop\Adobe Reader X.lnk.[ID]hWWph9uJUOOy4hF1[ID] MD5: cb818c1686d2fc1f13ced633180c38ef
SHA1: a8dc307d6a04bb728afa1e88f65932943711fef7
SHA256: c5d2046e4c6cfeede46eda4ae100d2d8cf40d2c785097841c429decee6d78738
SSDeep: 48:DLylHM+++d+fcF3f0Mu95v6CLnXx8aUznU+5Q5E7+zWE3jtW6q/56XLXdvu4VHl7:Dm++dlF3f65VXxynWMFEzhT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Desktop\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Desktop\desktop.ini - Access
\\?\C:\Users\Public\Desktop\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\Public\Desktop\Google Chrome.lnk.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Documents\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Documents\desktop.ini - Access
\\?\C:\Users\Public\Documents\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7881dbb098f13f6a7a0e7d1660418b4a
SHA1: 8377f3d659f514e8f4548d3d36654e93c603b380
SHA256: faadd74ea12ed376a34d4ffd77f9cf49fc5643ce83190d1eb1d95e6375204442
SSDeep: 48:K6g3smrf5AIwzXLXdvu4VHl5C05XKVIxx:K6geIwbT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Downloads\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Downloads\desktop.ini - Access
\\?\C:\Users\Public\Downloads\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 7c34fcba4439ad8c13c827c48f43f0c1
SHA1: 859c1752949ef36e87abea55b134929fa33c82b0
SHA256: 6271200c678149015c023f7ca9fc79c08f1914ba44861503d37a048b6cee744d
SSDeep: 24:dc6roL6nYRrKe/njbnGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:9ZnY3jbbXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Libraries\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Libraries\desktop.ini - Access
\\?\C:\Users\Public\Libraries\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: af6393e25da846331cd234efe962b4aa
SHA1: 07f5cc729dab3ea947f4ff1e09abb62e8ebbff66
SHA256: 6a2a1ce1d79a07ffe477c269e1024172250b709efa9a5679089f1aafbae31dc9
SSDeep: 24:b2UqAafrg3B7PddeGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:6Uqk3B7Pd+XLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Libraries\RecordedTV.library-ms - Access
\\?\C:\Users\Public\Libraries\RecordedTV.library-ms.[ID]hWWph9uJUOOy4hF1[ID] MD5: 78dfe3a5b7aa07c9dc0ecc884fb07885
SHA1: 4469d2d6284929e91b5629d0651fdd585a6af7e0
SHA256: 9d9b2d9307371b9e0439fedf2d6c843e89e8d6176a247543fb7db8d5f25d8b4b
SSDeep: 48:xsPdFhRFDYUql+ZgKLt75XBjeJRJthgxdXLXdvu4VHl5C05XKVIxx:xG3hRdyBKL19ByJ7fIT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Music\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Music\desktop.ini - Access
\\?\C:\Users\Public\Music\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 5a45f94b4a1663c649e96f862e11c26c
SHA1: ff0a60ef3e7a000cf2a5f3a53ee6739093a79188
SHA256: e362af08a36cdf9f03f282dab95e52f7e0350f6677fd6b847d514e01169b74f4
SSDeep: 24:ZTbv4EGLy8I/477/4fo6GxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFq:Z3Rd8I/4/w3XLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Music\Sample Music\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Music\Sample Music\desktop.ini - Access
\\?\C:\Users\Public\Music\Sample Music\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: f3949b49dadbe5248e6a90e3b3f5b2d5
SHA1: e552897b133faa73aaf3f5cfa405315d104b9e18
SHA256: 173b5960ef6d99b3742fecddd65015f23eda5a0e37db22b49c19a412d78e4fd8
SSDeep: 24:jdAFEaGw1PSbsn+Po472U2fuGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjw:qFvDtTUoM2v4XLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3 - Access
\\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3.[ID]hWWph9uJUOOy4hF1[ID] MD5: 31ea0490d40e946fb350ea3f832beb39
SHA1: 5b8f7be1b7d4ea4272ea7f4ebf06424c0a62d161
SHA256: 13d8a5522040fb95f17491c09eabd037cda5dc6749f0fd11f9bdcf5660a2e2f1
SSDeep: 196608:Zt/BQXfaKblCSIhI5/6ue4Y24qE46IV2qpOosFHGqzcakaYBR6C:Zt/BQXf140NY2HE302qpOHGq4hpR/
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Pictures\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Pictures\desktop.ini - Access
\\?\C:\Users\Public\Pictures\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 8d5e3d33931f5b4a7e4dd4e1e8d24da3
SHA1: 80d26f5b8df33ee72169397a54842d74da81e6a2
SHA256: 4520372ee4a2fb212df05567f196c8c96979a10dffe1eb395cf3d657d54c2d87
SSDeep: 48:PygCcCu/brlt/5ww157XLXdvu4VHl5C05XKVIxx:QWrPS6T5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg - Access
\\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.[ID]hWWph9uJUOOy4hF1[ID] MD5: 27b0701aa119a8d072a32f68b7984152
SHA1: b89f39367ff3ac6ec0a1792403759d6ceb2fc1e9
SHA256: 1fab71c4c76dfeed4869612536cd36d023ba487883c4e2941318c2aad6ca6f46
SSDeep: 24576:0IikijBip1NILDYNf6jYuuGixUKl91c0Zoye7/u15xASbYD446:0Iyj0pPIHYNfxum91c0S/u1HxbYs46
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Pictures\Sample Pictures\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Pictures\Sample Pictures\Desert.jpg - Access
\\?\C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
\\?\C:\Users\Public\Pictures\Sample Pictures\desktop.ini - Access
\\?\C:\Users\Public\Pictures\Sample Pictures\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] - Access
\\?\C:\Users\Public\Recorded TV\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Recorded TV\desktop.ini - Access
\\?\C:\Users\Public\Recorded TV\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: bf0eb37162e939d7f4c52b9f81b443df
SHA1: 9a62e9f62e54a57ef77050eea5bda16c6c5d8b53
SHA256: fe29e511c30cbbf1dab08dfc03e0335a4ec6f4bcb1094a4e26fa7ebd5ad6eb6d
SSDeep: 24:lLn0V0S8/GxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:lwmXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Recorded TV\Sample Media\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini - Access
\\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 9245e2452584b1737d9afbc61c8d6e1a
SHA1: 8807cca085c3eaa86a968c6c45ae581af58c1238
SHA256: 8fcc2b922f35da05b294c5adcbbb4397280229bf4424f6fd821350a5fce1d826
SSDeep: 24:PejWqEFuznmxD07vXGGxK+GIerXLUUdv8RsBWggul5C8kZiGCXKVwmQkjKiLFvS:GjPiu7sA7gXLXdvu4VHl5C05XKVIxx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv - Access
\\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.[ID]hWWph9uJUOOy4hF1[ID] MD5: c0e6167099d76bef0e980704693a079a
SHA1: 95f6de49f64272ed00c18fde16d313bfb4d88ab8
SHA256: 407fcfd4e0bb6d54c73dbc08c92ac68378c60d70f95b8e9c0493a0be5c52e136
SSDeep: 196608:Kb16olO0o90R5A3qzsmmQ7tbq6jZCzZTlkcEEnluDbBHsz8LDa6HojGEo2ijcHP8:c6yO0f5SqZmQ7djSgIluug/a3ucvJ+
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Videos\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Videos\desktop.ini - Access
\\?\C:\Users\Public\Videos\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: af676282b975c6150263d68df2fa7167
SHA1: 2eeb2ab1ede9de3c56ac262d5c3e7bfa71cdca82
SHA256: cedbe8868762cdefd5bd71f61245c44a2fb04cf174710dde0d5779006000a434
SSDeep: 48:59fuVMw6klXTct4utrXLXdvu4VHl5C05XKVIxx:vMvlXTcxT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Videos\Sample Videos\Decoding help.hta MD5: 90c0d80e07358299a9f5cbac04ca8f3c
SHA1: ef7c9a9ceb5720b800698867ee9a4e787bfb2ec7
SHA256: 5484141d3f054081514bd9c6755feb0a40d27ec15c1cfd76fa0f961728ca0b5f
SSDeep: 48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13glfvsbX7KQik+B2l22kncB:cMIhuz6uXjCxi5391xsvsbX7iFA2VcB
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Videos\Sample Videos\desktop.ini - Access
\\?\C:\Users\Public\Videos\Sample Videos\desktop.ini.[ID]hWWph9uJUOOy4hF1[ID] MD5: 989f1eaae3875188fd6f3f49418649df
SHA1: 0e0b8f25fcb8eaf92fdb27af5adc346a585384bb
SHA256: 1da77ec191fe521b913ae67880628ceac0a745fe58e9e33e5aa398c6924aaa12
SSDeep: 48:w9mJhMmpzOLQXhrytXLXdvu4VHl5C05XKVIxx:wOMm0LQYZT5C0tRx
ImpHash: None 		Access, Write Dropped File
\\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv - Access
\\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.[ID]hWWph9uJUOOy4hF1[ID] - Access, Write
C:\windows\searchfiles.exe MD5: 29cc50130b5f6efd01703b6031985e72
SHA1: 96b59c746f660c2b190244f08764bb9d64f90b76
SHA256: 1c4e647f3fbac1eea97b488a7c2600f3c61c8b4d6e2e7b08acc8f5ec2b7a965d
SSDeep: 192:nn829Uqt80RvmDn/GW0YPUWLTwmH+M6r6BmiOxEhGr:n829Dt80R2n/3F8s+LLLC
ImpHash: None 		Access Dropped File
System Paging File - Write
Registry (28)
»
Registry Key Name Operations
HKEY_CLASSES_ROOT\.[ID]hWWph9uJUOOy4hF1[ID]\shell\open\command Access, Write
HKEY_CURRENT_USER\Software\Microsoft\Command Processor Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar Read
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\ Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\\orsa Read, Write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\\rsa Write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\\ConsentPromptBehaviorAdmin Write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\\EnableLUA Write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\\PromptOnSecureDesktop Write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\searchfiles Write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\unlock Write
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar Read
Export to TXT Export to JSON
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image