43e5f4b7...5238

C:\Users\FD1HVy\Desktop\ubnumr.exe

Sample File

Binary

Malicious

»

Also Known As	C:\Users\FD1HVy\Desktop\NWOBtfNd.exe (Dropped File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	1.24 MB
MD5	2455a10f2236cbe8cf77e5f9209fe4a2
SHA1	8c82e1a680aa0b64ca34935137cf337f941de4b7
SHA256	43e5f4b7207951d79124b27d02deac8e1d9dfdcd1b0ceceee9f62867a8ee5238
SSDeep	24576:R/SA+2lraRrjSJR5ezmT1dM9tZBb5t+wb8fq/81mkvfWCw:3XlayIsy81hvfG
ImpHash	12679be776260472e438f0b9f6410526

PE Information

»

Image Base	0x400000
Entry Point	0x4dca54
Size Of Code	0xdec00
Size Of Initialized Data	0x4da00
File Type	FileType.executable
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.i386
Compile Timestamp	2018-08-08 00:01:49+00:00

Sections (10)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0xda4a8	0xda600	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.38
.itext	0x4dc000	0x4434	0x4600	0xdaa00	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.67
.data	0x4e1000	0x5af8	0x5c00	0xdf000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	6.19
.bss	0x4e7000	0x63f4	0x0	0x0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.idata	0x4ee000	0x10ba	0x1200	0xe4c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.84
.didata	0x4f0000	0xfa	0x200	0xe5e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	1.89
.edata	0x4f1000	0x64	0x200	0xe6000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.19
.tls	0x4f2000	0x14	0x0	0x0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rdata	0x4f3000	0x5d	0x200	0xe6200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.36
.rsrc	0x4f4000	0x46600	0x46600	0xe6400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	7.96

Imports (8)

»

oleaut32.dll (12)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SysFreeString	0x0	0x4ee338	0xee0b4	0xe4cb4	0x0
SysReAllocStringLen	0x0	0x4ee33c	0xee0b8	0xe4cb8	0x0
SysAllocStringLen	0x0	0x4ee340	0xee0bc	0xe4cbc	0x0
SafeArrayPtrOfIndex	0x0	0x4ee344	0xee0c0	0xe4cc0	0x0
SafeArrayGetUBound	0x0	0x4ee348	0xee0c4	0xe4cc4	0x0
SafeArrayGetLBound	0x0	0x4ee34c	0xee0c8	0xe4cc8	0x0
SafeArrayCreate	0x0	0x4ee350	0xee0cc	0xe4ccc	0x0
VariantChangeType	0x0	0x4ee354	0xee0d0	0xe4cd0	0x0
VariantCopy	0x0	0x4ee358	0xee0d4	0xe4cd4	0x0
VariantClear	0x0	0x4ee35c	0xee0d8	0xe4cd8	0x0
VariantInit	0x0	0x4ee360	0xee0dc	0xe4cdc	0x0
GetErrorInfo	0x0	0x4ee364	0xee0e0	0xe4ce0	0x0

advapi32.dll (7)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueExW	0x0	0x4ee36c	0xee0e8	0xe4ce8	0x0
RegOpenKeyExW	0x0	0x4ee370	0xee0ec	0xe4cec	0x0
RegCloseKey	0x0	0x4ee374	0xee0f0	0xe4cf0	0x0
GetUserNameA	0x0	0x4ee378	0xee0f4	0xe4cf4	0x0
CryptGenRandom	0x0	0x4ee37c	0xee0f8	0xe4cf8	0x0
CryptReleaseContext	0x0	0x4ee380	0xee0fc	0xe4cfc	0x0
CryptAcquireContextW	0x0	0x4ee384	0xee100	0xe4d00	0x0

user32.dll (10)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MessageBoxA	0x0	0x4ee38c	0xee108	0xe4d08	0x0
CharNextW	0x0	0x4ee390	0xee10c	0xe4d0c	0x0
LoadStringW	0x0	0x4ee394	0xee110	0xe4d10	0x0
PeekMessageW	0x0	0x4ee398	0xee114	0xe4d14	0x0
MsgWaitForMultipleObjects	0x0	0x4ee39c	0xee118	0xe4d18	0x0
MessageBoxW	0x0	0x4ee3a0	0xee11c	0xe4d1c	0x0
GetSystemMetrics	0x0	0x4ee3a4	0xee120	0xe4d20	0x0
CharUpperBuffW	0x0	0x4ee3a8	0xee124	0xe4d24	0x0
CharUpperW	0x0	0x4ee3ac	0xee128	0xe4d28	0x0
CharLowerBuffW	0x0	0x4ee3b0	0xee12c	0xe4d2c	0x0

kernel32.dll (114)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
Sleep	0x0	0x4ee3b8	0xee134	0xe4d34	0x0
VirtualFree	0x0	0x4ee3bc	0xee138	0xe4d38	0x0
VirtualAlloc	0x0	0x4ee3c0	0xee13c	0xe4d3c	0x0
lstrlenW	0x0	0x4ee3c4	0xee140	0xe4d40	0x0
VirtualQuery	0x0	0x4ee3c8	0xee144	0xe4d44	0x0
GetTickCount	0x0	0x4ee3cc	0xee148	0xe4d48	0x0
GetSystemInfo	0x0	0x4ee3d0	0xee14c	0xe4d4c	0x0
GetVersion	0x0	0x4ee3d4	0xee150	0xe4d50	0x0
CompareStringW	0x0	0x4ee3d8	0xee154	0xe4d54	0x0
IsDBCSLeadByteEx	0x0	0x4ee3dc	0xee158	0xe4d58	0x0
IsValidLocale	0x0	0x4ee3e0	0xee15c	0xe4d5c	0x0
SetThreadLocale	0x0	0x4ee3e4	0xee160	0xe4d60	0x0
GetSystemDefaultUILanguage	0x0	0x4ee3e8	0xee164	0xe4d64	0x0
GetUserDefaultUILanguage	0x0	0x4ee3ec	0xee168	0xe4d68	0x0
GetLocaleInfoW	0x0	0x4ee3f0	0xee16c	0xe4d6c	0x0
WideCharToMultiByte	0x0	0x4ee3f4	0xee170	0xe4d70	0x0
MultiByteToWideChar	0x0	0x4ee3f8	0xee174	0xe4d74	0x0
GetConsoleOutputCP	0x0	0x4ee3fc	0xee178	0xe4d78	0x0
GetConsoleCP	0x0	0x4ee400	0xee17c	0xe4d7c	0x0
GetACP	0x0	0x4ee404	0xee180	0xe4d80	0x0
LoadLibraryExW	0x0	0x4ee408	0xee184	0xe4d84	0x0
GetStartupInfoW	0x0	0x4ee40c	0xee188	0xe4d88	0x0
GetProcAddress	0x0	0x4ee410	0xee18c	0xe4d8c	0x0
GetModuleHandleW	0x0	0x4ee414	0xee190	0xe4d90	0x0
GetModuleFileNameW	0x0	0x4ee418	0xee194	0xe4d94	0x0
GetCommandLineW	0x0	0x4ee41c	0xee198	0xe4d98	0x0
FreeLibrary	0x0	0x4ee420	0xee19c	0xe4d9c	0x0
GetLastError	0x0	0x4ee424	0xee1a0	0xe4da0	0x0
UnhandledExceptionFilter	0x0	0x4ee428	0xee1a4	0xe4da4	0x0
RtlUnwind	0x0	0x4ee42c	0xee1a8	0xe4da8	0x0
RaiseException	0x0	0x4ee430	0xee1ac	0xe4dac	0x0
ExitProcess	0x0	0x4ee434	0xee1b0	0xe4db0	0x0
ExitThread	0x0	0x4ee438	0xee1b4	0xe4db4	0x0
SwitchToThread	0x0	0x4ee43c	0xee1b8	0xe4db8	0x0
GetCurrentThreadId	0x0	0x4ee440	0xee1bc	0xe4dbc	0x0
CreateThread	0x0	0x4ee444	0xee1c0	0xe4dc0	0x0
DeleteCriticalSection	0x0	0x4ee448	0xee1c4	0xe4dc4	0x0
LeaveCriticalSection	0x0	0x4ee44c	0xee1c8	0xe4dc8	0x0
EnterCriticalSection	0x0	0x4ee450	0xee1cc	0xe4dcc	0x0
InitializeCriticalSection	0x0	0x4ee454	0xee1d0	0xe4dd0	0x0
FindFirstFileW	0x0	0x4ee458	0xee1d4	0xe4dd4	0x0
FindClose	0x0	0x4ee45c	0xee1d8	0xe4dd8	0x0
WriteFile	0x0	0x4ee460	0xee1dc	0xe4ddc	0x0
SetFilePointer	0x0	0x4ee464	0xee1e0	0xe4de0	0x0
SetEndOfFile	0x0	0x4ee468	0xee1e4	0xe4de4	0x0
ReadFile	0x0	0x4ee46c	0xee1e8	0xe4de8	0x0
GetFileType	0x0	0x4ee470	0xee1ec	0xe4dec	0x0
GetFileSize	0x0	0x4ee474	0xee1f0	0xe4df0	0x0
CreateFileW	0x0	0x4ee478	0xee1f4	0xe4df4	0x0
GetStdHandle	0x0	0x4ee47c	0xee1f8	0xe4df8	0x0
CloseHandle	0x0	0x4ee480	0xee1fc	0xe4dfc	0x0
LoadLibraryA	0x0	0x4ee484	0xee200	0xe4e00	0x0
TlsSetValue	0x0	0x4ee488	0xee204	0xe4e04	0x0
TlsGetValue	0x0	0x4ee48c	0xee208	0xe4e08	0x0
LocalFree	0x0	0x4ee490	0xee20c	0xe4e0c	0x0
LocalAlloc	0x0	0x4ee494	0xee210	0xe4e10	0x0
WaitForSingleObject	0x0	0x4ee498	0xee214	0xe4e14	0x0
WaitForMultipleObjects	0x0	0x4ee49c	0xee218	0xe4e18	0x0
VirtualQueryEx	0x0	0x4ee4a0	0xee21c	0xe4e1c	0x0
VirtualProtect	0x0	0x4ee4a4	0xee220	0xe4e20	0x0
VerSetConditionMask	0x0	0x4ee4a8	0xee224	0xe4e24	0x0
VerifyVersionInfoW	0x0	0x4ee4ac	0xee228	0xe4e28	0x0
SuspendThread	0x0	0x4ee4b0	0xee22c	0xe4e2c	0x0
SizeofResource	0x0	0x4ee4b4	0xee230	0xe4e30	0x0
SetThreadPriority	0x0	0x4ee4b8	0xee234	0xe4e34	0x0
SetLastError	0x0	0x4ee4bc	0xee238	0xe4e38	0x0
SetEvent	0x0	0x4ee4c0	0xee23c	0xe4e3c	0x0
SetErrorMode	0x0	0x4ee4c4	0xee240	0xe4e40	0x0
ResumeThread	0x0	0x4ee4c8	0xee244	0xe4e44	0x0
ResetEvent	0x0	0x4ee4cc	0xee248	0xe4e48	0x0
ReleaseMutex	0x0	0x4ee4d0	0xee24c	0xe4e4c	0x0
QueryPerformanceFrequency	0x0	0x4ee4d4	0xee250	0xe4e50	0x0
QueryPerformanceCounter	0x0	0x4ee4d8	0xee254	0xe4e54	0x0
OpenMutexW	0x0	0x4ee4dc	0xee258	0xe4e58	0x0
MoveFileExW	0x0	0x4ee4e0	0xee25c	0xe4e5c	0x0
LockResource	0x0	0x4ee4e4	0xee260	0xe4e60	0x0
LoadResource	0x0	0x4ee4e8	0xee264	0xe4e64	0x0
LoadLibraryW	0x0	0x4ee4ec	0xee268	0xe4e68	0x0
HeapFree	0x0	0x4ee4f0	0xee26c	0xe4e6c	0x0
HeapDestroy	0x0	0x4ee4f4	0xee270	0xe4e70	0x0
HeapCreate	0x0	0x4ee4f8	0xee274	0xe4e74	0x0
HeapAlloc	0x0	0x4ee4fc	0xee278	0xe4e78	0x0
GetVolumeInformationW	0x0	0x4ee500	0xee27c	0xe4e7c	0x0
GetVersionExW	0x0	0x4ee504	0xee280	0xe4e80	0x0
GetThreadTimes	0x0	0x4ee508	0xee284	0xe4e84	0x0
GetThreadPriority	0x0	0x4ee50c	0xee288	0xe4e88	0x0
GetThreadLocale	0x0	0x4ee510	0xee28c	0xe4e8c	0x0
GetSystemTimes	0x0	0x4ee514	0xee290	0xe4e90	0x0
GetProcessTimes	0x0	0x4ee518	0xee294	0xe4e94	0x0
GetLocalTime	0x0	0x4ee51c	0xee298	0xe4e98	0x0
GetFullPathNameW	0x0	0x4ee520	0xee29c	0xe4e9c	0x0
GetFileAttributesW	0x0	0x4ee524	0xee2a0	0xe4ea0	0x0
GetExitCodeThread	0x0	0x4ee528	0xee2a4	0xe4ea4	0x0
GetDriveTypeW	0x0	0x4ee52c	0xee2a8	0xe4ea8	0x0
GetDiskFreeSpaceW	0x0	0x4ee530	0xee2ac	0xe4eac	0x0
GetDateFormatW	0x0	0x4ee534	0xee2b0	0xe4eb0	0x0
GetCurrentThread	0x0	0x4ee538	0xee2b4	0xe4eb4	0x0
GetCurrentProcessId	0x0	0x4ee53c	0xee2b8	0xe4eb8	0x0
GetCurrentProcess	0x0	0x4ee540	0xee2bc	0xe4ebc	0x0
GetComputerNameA	0x0	0x4ee544	0xee2c0	0xe4ec0	0x0
GetCPInfoExW	0x0	0x4ee548	0xee2c4	0xe4ec4	0x0
GetCPInfo	0x0	0x4ee54c	0xee2c8	0xe4ec8	0x0
FreeResource	0x0	0x4ee550	0xee2cc	0xe4ecc	0x0
InterlockedCompareExchange	0x0	0x4ee554	0xee2d0	0xe4ed0	0x0
FormatMessageW	0x0	0x4ee558	0xee2d4	0xe4ed4	0x0
FindResourceW	0x0	0x4ee55c	0xee2d8	0xe4ed8	0x0
FindNextFileW	0x0	0x4ee560	0xee2dc	0xe4edc	0x0
ExpandEnvironmentStringsW	0x0	0x4ee564	0xee2e0	0xe4ee0	0x0
EnumSystemLocalesW	0x0	0x4ee568	0xee2e4	0xe4ee4	0x0
EnumCalendarInfoW	0x0	0x4ee56c	0xee2e8	0xe4ee8	0x0
DeleteFileW	0x0	0x4ee570	0xee2ec	0xe4eec	0x0
CreateProcessW	0x0	0x4ee574	0xee2f0	0xe4ef0	0x0
CreateMutexW	0x0	0x4ee578	0xee2f4	0xe4ef4	0x0
CreateEventW	0x0	0x4ee57c	0xee2f8	0xe4ef8	0x0

ole32.dll (2)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoUninitialize	0x0	0x4ee584	0xee300	0xe4f00	0x0
CoInitialize	0x0	0x4ee588	0xee304	0xe4f04	0x0

shell32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetSpecialFolderPathW	0x0	0x4ee590	0xee30c	0xe4f0c	0x0

wsock32.dll (5)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSACleanup	0x0	0x4ee598	0xee314	0xe4f14	0x0
WSAStartup	0x0	0x4ee59c	0xee318	0xe4f18	0x0
gethostname	0x0	0x4ee5a0	0xee31c	0xe4f1c	0x0
gethostbyname	0x0	0x4ee5a4	0xee320	0xe4f20	0x0
inet_ntoa	0x0	0x4ee5a8	0xee324	0xe4f24	0x0

netapi32.dll (2)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
NetShareEnum	0x0	0x4ee5b0	0xee32c	0xe4f2c	0x0
NetApiBufferFree	0x0	0x4ee5b4	0xee330	0xe4f30	0x0

Exports (1)

»

Api name	EAT Address	Ordinal
TMethodImplementationIntercept	0x50868	0x1

Memory Dumps (3)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
ubnumr.exe	1	0x00400000	0x0053AFFF	Relevant Image	32-bit	0x00407620	... Memory Dump Actions Go to Process Go to AV Match Download Dump
nwobtfnd.exe	5	0x00400000	0x0053AFFF	Relevant Image	32-bit	0x00407620	... Memory Dump Actions Go to Process Go to AV Match Download Dump
ubnumr.exe	1	0x00400000	0x0053AFFF	Final Dump	32-bit	-	... Memory Dump Actions Go to Process Go to AV Match Download Dump

Local AV Matches (1)

»

Threat Name	Severity
Generic.Ransom.Matrix.B20F99A7	Malicious

C:\Users\FD1HVy\AppData\Roaming\nStyPXNq.vbs

Dropped File

Text

Malicious

»

Mime Type	text/x-vbscript
File Size	261 Bytes
MD5	15ecf473d58445f254b39b9bced16bda
SHA1	9d6cb0ff25af35547cff3989800ad246b17c0723
SHA256	f1a8e287dbeabddc11fc18fda319dfcb360acfa7de08069f754473f069778e22
SSDeep	6:LBiPCQLBB4FaKEjoNxiaZ5/M7QsryviNLBB4OwMVR:LwPCQL34FaKaovNHUcsryviNL34OxVR
ImpHash	-

Local AV Matches (1)

»

Threat Name	Severity
VBS.Heur.Laburrak.11.Gen	Malicious

C:\Users\FD1HVy\Desktop\PxsB9fTz.exe

Dropped File

Binary

Malicious

»

Mime Type	application/vnd.microsoft.portable-executable
File Size	181.13 KB
MD5	2f5b509929165fc13ceab9393c3b911d
SHA1	b016316132a6a277c5d8a4d7f3d6e2c769984052
SHA256	0cfdbfb9c4a2a80794462f06cf0da43c5977aa61bd3bbe834002703fe44ef0b4
SSDeep	3072:hnQr0ryqPlGGyPAPNIfG+QWx5sOjw9i8yxulNpsl/DXHcd6Gu9XQBYWW7tpT6azN:hnf71rClQWjNw9i+psR3g6G4SLILT6aR
ImpHash	5d6889a7abcff395c3e35a021207cf6d

File Reputation Information

»

Severity	Blacklisted
Names	Mal/Generic-S

PE Information

»

Image Base	0x400000
Entry Point	0x475810
Size Of Code	0x29000
Size Of Initialized Data	0x1000
Size Of Uninitialized Data	0x4c000
File Type	FileType.executable
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.i386
Compile Timestamp	2017-12-10 21:18:46+00:00

Version Information (8)

»

CompanyName	Sysinternals - www.sysinternals.com
FileDescription	Handle viewer
FileVersion	4.11
InternalName	Nthandle
LegalCopyright	Copyright (C) 1997-2017 Mark Russinovich
OriginalFilename	Nthandle.exe
ProductName	Sysinternals Handle
ProductVersion	4.11

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
UPX0	0x401000	0x4c000	0x0	0x400	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
UPX1	0x44d000	0x29000	0x28a00	0x400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.93
.rsrc	0x476000	0x1000	0x800	0x28e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.04

Imports (6)

»

ADVAPI32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegOpenKeyW	0x0	0x47666c	0x7666c	0x2946c	0x0

COMDLG32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PrintDlgW	0x0	0x476674	0x76674	0x29474	0x0

GDI32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
EndDoc	0x0	0x47667c	0x7667c	0x2947c	0x0

KERNEL32.DLL (4)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
LoadLibraryA	0x0	0x476684	0x76684	0x29484	0x0
ExitProcess	0x0	0x476688	0x76688	0x29488	0x0
GetProcAddress	0x0	0x47668c	0x7668c	0x2948c	0x0
VirtualProtect	0x0	0x476690	0x76690	0x29490	0x0

USER32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
EndDialog	0x0	0x476698	0x76698	0x29498	0x0

VERSION.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VerQueryValueW	0x0	0x4766a0	0x766a0	0x294a0	0x0

Local AV Matches (1)

»

Threat Name	Severity
Trojan.GenericKD.40672878	Malicious

C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_xcdpdtcz.yvt.psm1

Dropped File

Text

Whitelisted

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_o0n113jq.hx2.ps1 (Dropped File)
Mime Type	text/x-powershell
File Size	1 Bytes
MD5	c4ca4238a0b923820dcc509a6f75849b
SHA1	356a192b7913b04c54574d18c28d46e6395428ab
SHA256	6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SSDeep	3:U:U
ImpHash	-

File Reputation Information

»

Severity	Whitelisted

C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	120.29 KB
MD5	1a1899e6e34ee6eefe93acf5f58ceeb7
SHA1	e5560de17941f298a13aff833242f862f1da192b
SHA256	4f21f4366bde72589368193f5aa662ab0e91789c971771e41061cf47310dc556
SSDeep	3072:HRMlTrMOe9ynykUXh3Tf0Rx0nlR+rcvfK:HnyMdf0R+lwcvfK
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	13.15 KB
MD5	e835027fcbbf9f1ca876f99efc7c93c0
SHA1	c5df3fe9b585b84e77416ba0df6c2048f4520dc0
SHA256	8c8ce7e8f3d20832be90bc547292bc265c2cf0d5c36f746164eb1adef6999ba7
SSDeep	192:aNwVfG7LUgIABhZFcXv6C2Zp5m3KSBVg4nhRprZUrT+hz9jtov8/wntHC7TYeW67:aUfMNlhZh1p5mdpnhRlZ6ejnjHW6jX
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	222.51 KB
MD5	a8dcb24ea9616c3784d31b04443403fe
SHA1	35d7de31e50a8c0b26ea17ffef66d6fde13bc953
SHA256	5e34bb8e23baf6efacdf6e8c143dc283d85cc68e7ccc0cd46bfb1c5a54f8cec1
SSDeep	3072:hNGATubUIhX5PnJz1hnTG4hF+6x5rDm6qv8rQtwu8z27iSa6vzGtR:rWvLJznG+Tx5rK/krvpK7hvzG
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099185.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	4.59 KB
MD5	3e396b6ce8b37991e9260f2696974861
SHA1	58bc8b7a12e1ac0d00a58a5cd5af5942c3575d8c
SHA256	302701ae510ee59c4f7a71937adf96cfe785f09b2ec8296798e4fc46449fa53f
SSDeep	96:0SEIn2369VemdBlJ6zFYVlyg8wqLm0Uc8QqTYIDWzMJxRf4OzI:0SfG6CmOJPnLm0UfTYeW6jI
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145272.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	49.47 KB
MD5	80e5389e6e89bf87835835ec18d38962
SHA1	16ad0ce68dae13b00abb484331cef6d5d0ec997a
SHA256	18a872966f0c17990c5eb4473319f905264ef902cabc651f312659a1d80316ae
SSDeep	768:gCalvy3NynuxgHx3pU/1sfTiLdGBTgSjDgVY0Uu9Z9aaOv0d7oeR9mQiqFwT:g4NH+R5+tLdEkSy47vA75/
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148309.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	44.03 KB
MD5	3d101a7debdcbe95c95689c653d41412
SHA1	11dcc3bdf736404482036ff76d66b20908207a5e
SHA256	ea7b1dabcaa16f033030f99eec1fc0a224f20a5f8330e7ddbd0193c7107aa4ec
SSDeep	768:MtdX8HHJPNLg/a7uHUxS3JckY4/67YnaoaVxXAR//2ZcLrCIpjVaJzfHyZ4T:Mtd4HJVc/RHmS3qW/taoabXg2ZcnC2gO
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0177806.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	55.63 KB
MD5	dbb10e12c3d7ea2672d615bd9b8de935
SHA1	67435a46f28af44e9ac7b7154056e0c5eb54faf0
SHA256	8a2554d09a185b81a649a119bd8830865184743b26455c1e83142bc81fd352ff
SSDeep	1536:9+DjOMK81x4aDJ0O4gWQ14bzpHV7caxTuQGxxme:9SOMfrRJ0OHWmEzpHVbExxm
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\xh_znJ7\Hi-ajVo7T.xlsx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	30.48 KB
MD5	7ebf358745570ea1b13416bd2810a097
SHA1	92538d3d85e15c97ddccf113078ace8ba7689122
SHA256	770ab7e83e4ef55fcb394cf322b59a36ec5e81f872a4b2f71b254dd79fffc744
SSDeep	768:YEL7uA67/fIaWrlc1QM3bcaAhx1sjEe23kUchkvT:r/uT7gred3bnwZ3kUc
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	13.16 KB
MD5	078d1865b48d0dba1b120bcd25a913af
SHA1	d35c27690dee2b043c45e6851fd6386887e2edb0
SHA256	709037e01da0e2127e3a55b6d5d1845ecd92d2ed8244045eaf62ae12d6efb020
SSDeep	384:Z/YYcHqf0NNU1UbwRVsTXDCLIdq5dPhiiJHW6j:uHG0NNU1UbRTXTQdJiQT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	13.33 KB
MD5	d8a7264aefa32814dbaae221cb3e03ee
SHA1	bfef526a66b9e95586db51ed9574cb5152b40ab3
SHA256	47eae6000ec2f33be5b167af35485ea5f9180bc44941238365be1c9808c40b92
SSDeep	384:cjN3yKncQfaKYpxrJo4DjNn8ufsQfyUHW6j:cjsQfaZpxlt35T
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	122.69 KB
MD5	11c7213dd489cc097084bb2918ff8113
SHA1	ee3f3ffe966748f068026b510b95112d715f51e9
SHA256	8fc9b9e6160f58cb9b0086f4c0a683229d581b9469ccd7008d5fef03c0954444
SSDeep	3072:OmLOMbodtetbsK0hF4ckO4dm2Vv+S5LaPP5uMap22+:OSb5Ghackzk2Vvx58P5uMgC
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\xh_znJ7\FwH7eJDZC.docx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	20.95 KB
MD5	7e8b9463f0f1c7f5a59ed56bfe7845a3
SHA1	53a940beffc8cb78c8c0204c668b71d49e1f809f
SHA256	ba42af2c66a88f9cb5de0ff6a11d6b9958aba37f816ce342e2840d8c2b8dc426
SSDeep	384:mhixrgJ/vXdCT/7HBAerneSLrU7zWrCuafWyyZ8WGSe4Q98Z3A0HW6j:iv/v4LjBRPUOrOfWyke4Q985lT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	13.05 KB
MD5	c06c2b2b117ef915aa59fb7eb70cf138
SHA1	9ae0ab45e20c6eb1af0e197358e7bb47f129c38a
SHA256	d4dcc8f57b373b48170ec82a651ade60f2d4f180dac08e6ec6d492100116bfb2
SSDeep	192:XOtUSR+gykawKxgd2Zbk50pGfr4NMebWdu7vy86JY2aXW97CEIgZqbuTYeW6jI:qwgAwVUbN48IuzyjYt8ZvHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	13.18 KB
MD5	767762c225e8ab0d9ef74476e8a2e708
SHA1	15bcdb8ab90cc299e1cc69e94d24e51d3c18bd2a
SHA256	9449f2720f93e444d1b0e15d8bdce7d6040e993979271d8ba9b78829eb94f006
SSDeep	384:LVBZSGisQHXORP4jr+virfzNsxF0Hm+6QzHW6j:LVEpHeRyaarfRsF0HmliT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145373.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	18.83 KB
MD5	005d739991e7a33f3cf0c109b5de5dc1
SHA1	1383c6bdfb372609770a51aae0f1771932d5ff06
SHA256	5708da1e7a1e635b7d60d1c032fc52668a5d0855510045c2b1d34b9f8c33da34
SSDeep	384:XkGtYoCJXBFsiEb7AdnC8k+P8ay7uQ7Q2JUZyVulQBTUyHW6j:UGm0ElLPi7/7LJU4ukVT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178348.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	37.50 KB
MD5	827681eea6ee5db2677940ec556be260
SHA1	f0c42099a86a12a819cfca67c9356deddacd0dca
SHA256	3b96d614fc61c08d823ff351ad91c8c670f648c609769652ad6d2f22e922d74e
SSDeep	768:66qCj/XEY5egZbdztJ536u0iY1K+quG2BO0QmaMJ0aXEnpT:66qCYY5NVtJ5385qp2BO0kMqT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\LoginTool24x24Images.jpg

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	9.03 KB
MD5	e118a837fd540b16eeaeb2171f495d70
SHA1	84921b761af11afcf6046cb6e7b2b60b862eefa7
SHA256	8e5dc4395e57bfadaa1db6ca8255e13a578817ce692d2807f33c9937f0e938af
SSDeep	192:1HCJeKUt6ju3YSakkmZhmnA48a2QRK/fUQ38IVE215uUpTYeW6jI:XjDakWsQwM8EC5HHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382961.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	100.07 KB
MD5	ca800c9071fc5a849ff2ea6a338dba09
SHA1	5b60051bb09beabab1741d3da42b14f4eead019a
SHA256	87a8b52265df04c56ec5e11d646bfb0dfdb205c44f728f7d4013821e196ca59f
SSDeep	1536:JCH2gAJhdCnlMr2E0rVBJ2RPhn8jKZ4Jk5pLZr9OZPk51axd/7w4G/XlCdNOlt:AoJL2rE0r4RJn8jv4r9OI1axRBkCrOr
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145904.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	40.00 KB
MD5	60d762e226632e3674f04804fc61ac2e
SHA1	86021e1722b8e7bfc86791f90d1ae3dfe3e00213
SHA256	5742940148f3a7459fd21b180a0bd1a795eedd48b48b9be355d42989b6ddfbdd
SSDeep	768:Y1POSFBvK+TylhooTf12raYEtCWnXV2IzvqnEjh7aKelBcJmIR8XcO6T:qfrdT27N2ZEtCWTzSnEtaflB/IR/
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099148.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	19.21 KB
MD5	2fdfb25cc7bef471a57cd459f6d5f880
SHA1	68a2856dc65ccee4a79e9a87d580c564b2b43d19
SHA256	45a6dfd577d49d2234df96772073b9f18df8092330b376ab08271fa680605845
SSDeep	384:rd5Cxps/VDSwkL0JIKA4owj/ewkBl2fTKva3gE/i7dRHW6j:Jo7f0JRARwjRkb2t1/inT
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	52.82 KB
MD5	0cdeaf9ee1f241dd7758cd7d19232b58
SHA1	c77647f84373e713f23b0c9aff6369cedbdbdefd
SHA256	c9208ca73172830e69d5447b4609bafdabb0e7b049302a824447da0f9312fad5
SSDeep	1536:ninNos/WieVQDX5KRpTDv23zyczjarYRO8pGCK:nGNosMbRFMzyc/YYROGGP
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\MessageAttachmentIconImages.jpg

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	10.86 KB
MD5	a6441eff79faae5735aa9b324493a414
SHA1	ca87348ce8006a2d8862689294ed4254fb49520a
SHA256	ece74cc9c35032d01e414ff64e27a14fc624dd6b37dd9226f85e209ce4b4b9ca
SSDeep	192:jbMmDQZGNTR0wP8CgW4hLH7JhGHvSF/u7crNeiy9rCJzGd5pYpAkiud3hxpTYeWZ:jYZGV+kjg1hL7qQob9rCJzGdjYrHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\UnreadIconImages.jpg

Modified File

Binary

Unknown

»

Mime Type	application/x-dosexec
File Size	9.38 KB
MD5	dc5e75e2c93df00826515f3e36b7021b
SHA1	0ed8c569916ad896b05c8cbb6bcb5fce2a925a44
SHA256	ede93ca57c5522d09fe8fb9702498dd63e41585c1ee4229bd37df7dd277ab520
SSDeep	192:2FONJkfecneDyPi4DzvgSAe+TNliShExTZQP8T+kJTYeW6jI:zkfecPi0gSAeURqIPxGHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287644.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	18.33 KB
MD5	a1c79be2be4c820054cb912fe18d2f90
SHA1	454f6be6c91031df5f00c255404cfbe94a9b66c6
SHA256	a67d536f69891ebb9b71b0e92402173bbcaf79ab1c2050b26873816b22eccb7b
SSDeep	384:y20n/lYFxefiXT94gyLUfstQJRCTuI9tVtZ8p6Y6EVHW6j:P0SwSCzLUf1ReuI9tVtZ8p1bT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382930.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	111.44 KB
MD5	bbc04ce54374a28cabc5d4659ab3471d
SHA1	6d7e605b5d5995a121894b11b9437b7846de2e2c
SHA256	1d0fb35eb3042100d5bb238b4f9e68fdf00ed10546c24aff99b8fe00039d9bd1
SSDeep	3072:gbMAtEXRt9hW7cEFTxyEkB4fhh5bmoPGZlSj6c:gbrumVAEuCblmsklA
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382966.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	99.52 KB
MD5	cdfe277c1c1eaf411d743fe19166db11
SHA1	7585191a286c44406065f46a2a081dcf3b73b233
SHA256	66adaa48aa72c3670f44ed9706806731bca1f900f5cdfb975fe250509b0c1961
SSDeep	1536:w1gkIy4VCAMxd0u+a7AjSccDYFRQChomNa9nViYF3zrFbtF5oSnla5PuIfXWYoF:OgnENxm7jtwChoZVRFjh1nlFYCF
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386120.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	31.50 KB
MD5	c31b3006606f0a0dacf9ef48c21711f8
SHA1	a45fd0c1732634b7b799ce34dd47d18c04ccb211
SHA256	03510e46a1b2d4161de91e5e8bbf764d82f5adf466374bbae1caeab7285b8776
SSDeep	768:s6elmlfmO6eSab90sZbDT57yuavyHvuBQh6izT:sPqOVva5T57oyHGM
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145879.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	35.97 KB
MD5	12359a86a945487b5ae05f18e07a912d
SHA1	9985429c3d55ea248a19709e536a7152449ead23
SHA256	d1c9daafc9aabeafd1f70fc423411cedba9ca48f56b54c35aea5a9b3392ac56d
SSDeep	768:Shq/ARkrxXT71iPaaAXjHpV66x2sDkTd2p1azJbeW0ZqaZfL+f9OOT:58+vYPaa0Dp8MDkTCaNbe5ZLL+f
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\InformationIcon.jpg

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	4.36 KB
MD5	8ef0e91637907fa63412fc9a46cfc56f
SHA1	72c49a3999fc39d16c79b87a78f63e7def967c89
SHA256	2f6ddf446735baea72dba27d7dca9ba377e248d892392d210be5d00812f44138
SSDeep	96:3MuXIl0Sgs3QpeRxiO2mrZyhazFWyTYIDWzMJxRf4OzIw:ZGhGeRxiObCFyTYeW6jI
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0174952.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	25.78 KB
MD5	95d67cd78e3ae601f3cb5de2248a6449
SHA1	4bf8e55578e93c3ed317f5c78fb8359710c2ba95
SHA256	8a58caeac4488f7c7c2e030213d2968cc1a0da72ff492bc7f7679159b925526f
SSDeep	768:CmngbXgfhQXhLNiOWIWpyrNZabD17E+7AuRDT:CmngbXLLXImQ9E+7XR
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287642.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	18.09 KB
MD5	ec89f77117e2c59c68fcc1bfdbcd9c24
SHA1	d9891659c6b8dcbe28898cb0bd90648ed032ce6a
SHA256	d654d5b698fe0a6b51fc0207c6d9a39515aaf0424fc362a8b70e3204e4e2bf85
SSDeep	384:n8BdRqL4Mx7tCUi8VZ3RUY0SMDLZ5531zEJVwkHW6j:rL4MzRXVZ3R50SMDrzO3T
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309705.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	20.10 KB
MD5	1cbfc718d7d0ef30164a1f232030ecdd
SHA1	05b4317121ebb2d89c9e439c60e9e981436731a5
SHA256	aa14b4c835cd2e3649b29c7959e27178b917a50262b9f3103680855ecab24e0f
SSDeep	384:OsPTOc2f6W2H1WdWov7tfrg1xAvNk0o9z655gRq/mJcKaDHnJCcsQHW6j:OTc+2VWdWoDpru+e0od6v/a8T
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackReport.dotx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.71 MB
MD5	d1fb326c332863977777fd5ffd2b81bb
SHA1	b2808901cfe21741bd44ed50bfb0d2d88944cc08
SHA256	c66a870201e5327812b08269eca7ac7b2ce6ecf952087e0ce1922063161d9c57
SSDeep	12288:l4IyryOZ1BmOWdnmMrGl5EHLLNxwd4rGl5EHLLNv9BSDWxZF:lirydNpmMqX6LZxwd4qX6LZv
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341554.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	29.20 KB
MD5	b8d3315874599248a523f1faaee90b12
SHA1	b941f645dc16df8bd8499018c484d15d229bf13c
SHA256	7563e6c7c6c5e5c1344316de8f34b41b4a1522c5aa1a2ff2231e2d2088efd651
SSDeep	768:u5LqP+aqxAee4D2JVK3g+YETyHacrcnVeT:uBqP+zqepD2f5ITyHFcnV
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\MessageHistoryIconImages.jpg

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	10.12 KB
MD5	e68ccad6c3d20ae5fde5642f1b669563
SHA1	6d801b5dbe8d841441b8c5548767d7e1952b8a0a
SHA256	1b21609a44cbf58ffcf8576f055b67f32d6e80bc2473f9cebaf4215f817470e1
SSDeep	192:rePF7ooRTzpo6tuLVBIUIeo7Xmf6e3WBlZV6r0ExgSKQBsMTYeW6jI:r69NNRmf0K1Wbj6rPShQBsMHW6j
ImpHash	-

C:\588bce7c90097ed212\1055\LocalizedData.xml

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	76.40 KB
MD5	eb5510bb02a66bec83fcb0dbd7630c0e
SHA1	b855ea78599e06a5241dbb9567375baa4689700e
SHA256	cd392852d559d4481a4fcf4c843fa506900d87d1fd15ff41eaf978fb18f01af9
SSDeep	1536:TnhoGuOlVRU+mlQg5IgrbGZzwOS8Frc+iI0jJNJ7rtRpMM:ThoGuIRHmlQg5IgrbGZzwOS8Frc+iI0r
ImpHash	-

C:\588bce7c90097ed212\DHtmlHeader.html

Modified File

Text

Unknown

»

Mime Type	text/html
File Size	17.12 KB
MD5	e92c9bb3ecdd3924287348045add779b
SHA1	40f756b5c2d9af2f490e77f20c19f1e382cf4b31
SHA256	5237572138fba4f52a5e4f36c4721360ee8e3bbadf339fa2ef2c5135ad08dd0f
SSDeep	384:qkQ8A7XP1f7UFJFEWUxFz6cdS2b1A2iNyvnhvjHW6j:wXP1zUFJFEWUxFz6Cdb1A2iNyvhbT
ImpHash	-
Parser Error Remark	Static engine was unable to completely parse the analyzed file

C:\588bce7c90097ed212\RGB9RAST_x64.msi

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	181.88 KB
MD5	0fc5cc55a1f9fde5b0bc4f0406c8c456
SHA1	79227b2d695fcc272b9e8f1ec65c3259cbefa4d7
SHA256	4f6b0090b15c975fff531ecf6d4fe87f26fa624a805bd9ee333b1609d1ad4a64
SSDeep	3072:5oiQJ2NOrJZgzAc4uQ5H0Un0li+G9A7Kve3Hg5BszizUVQzB7m09g47aEqPNWZKn:uA8rJGzAc4u8l1A7Km3Hg5CzizuE99gn
ImpHash	-

C:\Logs\HardwareEvents.evtx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	69.38 KB
MD5	f69d9123de327d28dead6ba8e0f31d67
SHA1	470cdce813089a7f416145524ccc903bb2c24e90
SHA256	b55103633d44881872f6e6045bf30e1bdb9a974904f81c432623abba37381b4f
SSDeep	384:QMuYeWWo1s5V0HAtjQlG07QpSkUm2l3fVtAOpVA0VyGT6MqRgZthMuYeWWo1s5V9:QQWMFif07QwvtAcP4R+TQWM0T
ImpHash	-

C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.07 MB
MD5	7375f8a396b8cc108d09b8c63d5d6841
SHA1	9cb0a8f9856e56a38b19a99ac1532fd13f56e2fb
SHA256	33eedd439893a407a471c780e7f63c5597c0656d11ff6795993a1d10cfafce33
SSDeep	6144:RjeCSKdSRPnV5b6EEPanx+WQeXdicnezHmq2Y:UuS5VJTeax+WjXscezHm
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\DBSAMPLE.MDB

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	497.38 KB
MD5	13a13883d243799d28a94f38841cc95f
SHA1	7772a66502e45a00ec1ed0570ac04f00221a0b9d
SHA256	d1aca9846e2a85e7694ace525d0eb8058f47315bdc35948bd033b5fc61dd36d4
SSDeep	3072:wRiYQcQNVYxryJy8R5s53cIyhpqJ+VbqArbe47e53cIy+t4giTQDgDbetl:wRMpy2sJ+pq1TgD
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309585.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	40.02 KB
MD5	4986b2ef03c55e63088b14310525e52d
SHA1	cd3ba1b392c3fa150eeb03c12111ed901febe500
SHA256	dbd1e5f024cefd259d45d7e0526c5385cf213198475b100fe8b788da9fab4ac2
SSDeep	768:vDfH/KjpI/zcn6ZbWgBmNzlbbLsKbWMSh+7FCt4VEJT:THMI4n6YNzxkzMSsxpVE
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341499.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	17.10 KB
MD5	7e1d171848ab1b6f0ad46208fb6e2aeb
SHA1	d703dfcc13d758191a269432e79f51153cdc98e5
SHA256	cdbaef8ea8c362832a585aa875155485f6f5e0ec6f7a7b56f86ad6e89a7e76e9
SSDeep	384:syfLlLSq0kiCb4nn4wLR+J2h5FzBXQ5C0ch0HW6jx:pp2q0jCb4loUVBXQ5CFh2T
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341653.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	16.87 KB
MD5	b4b2caaf60ff7c8a613f5d44690f3256
SHA1	2aef3b29ff852d3a169c21817c9f25ba11ecb6d6
SHA256	23014238dc5166ff0e555a697070edd6d064275c1bbdb58706b3e44f51a9f7c3
SSDeep	384:19YO+lR62gp+gOtp4wDjanuffQQXz39GyN+kqcDOpAHW6j:PYvoMgPwPanxwRdLOpCT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099162.JPG

Modified File

Binary

Unknown

»

Mime Type	application/x-dosexec
File Size	20.58 KB
MD5	4f7cca9ecebd11bd6ada250699915b5e
SHA1	b32eb1af819593094f848c062d4d3a8908059489
SHA256	38fbf17a12da4d7f90e56ac385b261ee6e8bc091465b07db42c21d853a9d2939
SSDeep	384:6Hokm6FKcHPfVyL0t8ycVqprlddbu3ST7eQ4Db4MvpPoSMdHW6j:6IkmyHP0L0vcQe307yDcJ9T
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099190.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	44.25 KB
MD5	e7574d913b6536982a01975e05baf7ca
SHA1	6922ba4e1fb6322c30a5608a0a315e7213e5c308
SHA256	4528f56913a318c339586eb706c8be724a64e2c893f808fc58262fee0ac28a4e
SSDeep	768:ZtRKQYAMRr2SkAGDJ1ng8LJauaKZ0TE3/cYX3CJ4DepyT:ZLKQ1SUb7ng8FL5/cYHko
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145707.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	37.34 KB
MD5	546d7c3f383540cd006762e594485195
SHA1	f62582ec7e1395686d069022588ca852a3ab7377
SHA256	722ef586e032f7a70c1daab3685b4b4614b7fffa80fc9b71269ad10a399193ad
SSDeep	768:ygFYLYTJT9p1y1mdeNly5hLNACHhEehreWUt+pMT:yyYkTJhy14eXy5VWoxIWA
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0149118.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	64.67 KB
MD5	0e0dfa82ea0cb6bb6a0f43ad1d23209f
SHA1	93dadf0ade8c2f7546323c074fe321f18c5104c1
SHA256	61ac4dc36fe6ba99ebe412b381c2315203918f272672ac2030ace416abb3db88
SSDeep	1536:SjgUr/XBOP+a7SBk+pD8N7CvKJewgBAFOtQXu33l:HrfSBT8IRwROtQ+Hl
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\[BatHelp@protonmail.com].WRmX4D9o-XKUqDUY4.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	9.88 KB
MD5	fb64273e9f09ced0aaf901435aa4e284
SHA1	bc3215a84529fb97ec9cd2b2b0bd689354b1a2cb
SHA256	29d77795160f2608e9030a32eb559939f90ef8ad4d2728a3ed35c865c1f8ac25
SSDeep	192:SrpviqTZWeTyxjOFsQUMp+WJV56qSd8m3hvRMyu2qzxgeoTYeW6jI:Srf7+aFJnpfSdg2+yHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\SAMPLES\[BatHelp@protonmail.com].vN4pvmCL-Z8DMsW6g.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS (Modified File)
Mime Type	application/octet-stream
File Size	117.38 KB
MD5	73d5b755064a860411d2f2e1b02c2587
SHA1	607315cc5344c9c788020d16776015893856e7d8
SHA256	3b860c40db25ca1baca6393ecde5164cc762a39f312afd86b841857028f9b57f
SSDeep	1536:7yfDpaFodMwdRav4XiNJB9EgLxY2VGAOfD8dw1lf5iAli76lbsHtE1WhwhRm1PoH:eflaF6+8VvD82xlbscsdo8M
ImpHash	-

C:\Users\FD1HVy\Documents\FgQZ AN2235G.xlsx

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\[BatHelp@protonmail.com].3gpODdft-ISmSF6LP.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	79.90 KB
MD5	2bf4073322f9585aaaf773bdd670882a
SHA1	484cbcd118df5ab581fc42dd14e85bd9f5975222
SHA256	7739fd5dbf4bc81a8df21416470b848b19f29e9fdb68dbe235c9473fc4104041
SSDeep	1536:93IztVMLk4q0AVxtF6uooI3NK3N9s+a8MkGsRN12OWrlQgIWn:ctx9xaJ3YNC+pGsRX2/BQgXn
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\[BatHelp@protonmail.com].34bH11gA-T4kCvhzj.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx (Modified File)
Mime Type	application/octet-stream
File Size	13.21 KB
MD5	60c4b71cd72c306f5bd04274e950f425
SHA1	611e838e6a3a0ca55140f4b15602e853497325b6
SHA256	56479844f704cbff6ad01b990c0cdd232da31277777e9e73e0bc69083a1a5a15
SSDeep	384:9Vatng1w6j2+TnbwRVsTXDCLJKtl8zeIV5HW6jo:9Vatng1w6LTnbRTXgKrIJT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384888.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	81.43 KB
MD5	12a0d561cd05a8301115092004d9aa57
SHA1	259f7e8446c1dbdc44177ad59b7b9bef273a06df
SHA256	77d55a34d3d4e77d4f5c804239be3a0e470dcfd4f8f8845a518915fbba0f90dc
SSDeep	1536:sOOne1bJWVHV7BcSMWNPqJnaENunTFb2WdyGREdU3nZP5K:sOOiwHLpPqJnrNunp790U3nZ
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387591.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	39.58 KB
MD5	c0be7a61c1908e38817ee8d1cc09114c
SHA1	7d9c719eaf8f6b0a4156d83a77efcb9815328462
SHA256	d0dc89203b8f16906f6f31ad9b960f7522516775dab7442d74983a9f62882292
SSDeep	768:C8/5IPJc8+xkILX6iQp9U39JbV4yDs9YC2SDmKfwxrh2mVCo2EtDT:X51XLqU39ZV4yDRRyk4mVCo/
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145810.JPG

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	37.31 KB
MD5	ef5945c704c7689c9241137575ccb8b3
SHA1	c067cbbd1fbbf126663da897de4b4b93f75c164d
SHA256	e683e1d75996919ebb3f1948cca3dbfb3ded5e1d54e72a6d4fde888c598ce450
SSDeep	768:B8zby1zqlNnMokth9eugsKPUmVV9GG03LXbRCLpaBU9ECH7NKR/xfzlq6T:B8zGzCMdebrPzV0G03LrRCLpaBUcRJf
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\[BatHelp@protonmail.com].Xj39QrBe-EshylpZc.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	13.06 KB
MD5	6d9cd7e7e95ea0eb67721bbf7c96f6bc
SHA1	0321872030ca950d9086343cae77ba3aa99254a9
SHA256	4f5666aa695c3d07aa34a9d38c8d1d5a2485d72bee9c1784b7e772f1aa9e4a53
SSDeep	384:pO/OGxX+NV64I+vanBvGeLytiEjeDSFgw1bHW6j:41264I4anB+eLyRjeSgw1LT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\[BatHelp@protonmail.com].EjGvrASK-nhhZfuOj.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	20.88 KB
MD5	b2bb465107f80b03dae7c067aee4f99a
SHA1	bd6cd68d766578b00731be0cb1a1c8d140f83627
SHA256	efb80ff80541d72bcedf7f4d3077977fbcff2ba4572833f142161c543f6edc87
SSDeep	192:b5SFjnMvQBaxIbH6WtSb4a0ruwEyrhcu+O6Cxdys4SrUDDvKvyf6eRqMSmLea018:bg3RjZt3KuDfdCSrID4yCVm0HW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].G46C7qAk-TQLW9TV4.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx (Modified File)
Mime Type	application/octet-stream
File Size	22.12 KB
MD5	af87382e779d1e325ae788ade0846788
SHA1	e121e63b80995ca95189f8d2d42c06824b46795a
SHA256	902a4d35be8d8ba72fbcef853a8d358f7434c3de751b3f31d0ec9a04783f6b4c
SSDeep	384:JZCf/H6KwB7Us5sdOrLm12opYhxHpA6zZf8ANKJwIOWTb5SaHW6j:Of/zwB7AdOPm1HoHzB85wI7NS8T
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].RUAMJFoA-dHnaX9wz.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	749.36 KB
MD5	d128e548e9361895a64ebb53249c7396
SHA1	5fc58fd36c68dde41b280a8df974903baa2bcc87
SHA256	9c43910b418f7fc1b4006b6ae7cad6e7303aed4ccdf8c1848f7dab705aa05cb2
SSDeep	12288:N0ZwDIlr3nDIct6KBHX2WZOK2iS+llNvwSTaITaSTaDTaqra0oHd:bEF3EcwmHX2kOK2itljvwIaSaIaPaia9
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\pZkrU\[BatHelp@protonmail.com].aT326w3o-N08N3pWu.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\pZkrU\iCDlF2.xlsx (Modified File)
Mime Type	application/octet-stream
File Size	53.99 KB
MD5	caac0e701b89868f5b3c2868d5246244
SHA1	99b8fcd32ce3c6bb6ec2902b4228600d95d8f0ef
SHA256	e9c62294c972054dfdd9a3e1112d1c297397aaa7ac0f08b0ac23272f9a777c5c
SSDeep	1536:E85TvnUuVmT7lNMVo0+3I+wL4Ds4Nw+pe2:PUuyNMktwl4B3
ImpHash	-

C:\Users\FD1HVy\Documents\[BatHelp@protonmail.com].WpvSuxtV-q0MK4l76.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\g0s-r3iH-sahI.docx (Modified File)
Mime Type	application/octet-stream
File Size	84.12 KB
MD5	aefdd027f94582f317c6ca6b01f09737
SHA1	a37432c1f6267f8587fa67943d1482b8249522e8
SHA256	9379c371859e93aad09834347d52abb45e14f429040f070706a49334fc5b7e04
SSDeep	1536:OQo0KRrO7TsOx7/bbdT55F4vYRWj7LzbO9MVhjJKiRvW:OuKRreXbvdTKYRWy25JKi
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\[BatHelp@protonmail.com].QlbFGm1Z-xNGqzpaa.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	13.36 KB
MD5	1ed15ce0bcbcbb75b4cb23c418e7f68d
SHA1	51bc72bd1e29a3aa8a2e94d8a97021bbadda9ae9
SHA256	631550ce1b4f1570dc78d09a9f9fb2ce47d2e6bccc13a676993aca056b2352d2
SSDeep	384:Vu7Jw0XQMjR+GqCnhRnoW/UD754xgyHW6j:oJDXnt/vnbZ/E75GLT
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].AnNN6VSY-8x4Jb1hS.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx (Modified File)
Mime Type	application/octet-stream
File Size	271.21 KB
MD5	3d5ac6b78163168da5667c53879065d1
SHA1	e1586903cf9a4a399294b021319f106d83779330
SHA256	6bb0b868144fc687007cff40fba35d0df6a8498dae244d299d7b6fe5e9129947
SSDeep	6144:9LNr5XXdHPyyJ4gK7C2Dtf3Nf+hkIgzygwbvHH0AJh:9TtHhJ4ddnmyI+wLH0M
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\[BatHelp@protonmail.com].gWFoCr8k-jqtiwzts.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\BLOCKS.DWG (Modified File)
Mime Type	application/octet-stream
File Size	61.84 KB
MD5	e5cab9f6ae33ec7d2707327870c1d832
SHA1	3550b904818e0ffb0d67d2c7604176097b41153a
SHA256	0c013a8ff3b7f8d9b95c301ce94c96b092e20e73266ad53526a01b51f16d4d96
SSDeep	768:V3lhg1vlA85m4OtJ1LgUrtFLJMozx2El6Tl08qvTvS42f6NIgA99T:NlAva84fdVlLJTw/
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\TimelessLetter.dotx

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].zty7kTfG-REqlj0fr.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	53.16 KB
MD5	7bdd8db7fb94fd1d11693db72325b51c
SHA1	801bb0aeb153b5e2429f58752eada00990cf7e1d
SHA256	df9f6cc04f21fb817e2a412abd13c3753d0cedb53a431a4d9a527c2c4ff0603a
SSDeep	1536:PB2zX+FyAZ7Z3tKRpesipw3mfGlfDFrQLm:P8SyE130RI1w2fMfDFrQLm
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].gDw60NxU-MHOkF3My.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	217.39 KB
MD5	eb0a484e1999ee33ea9f06c08cfe063c
SHA1	2f5857e9fb7c94f61c61f5cc04850f71fe198260
SHA256	0a8b6504777a36fb2a1096ed302a8a8eb8284ccbbcac360391b3532bc414d61d
SSDeep	3072:KmMFtrukO0RopGm683AXFcBbhepQJR6Ook/yEQir8nRoYq:Km6CHBGB83xBbQpAYOolKr9Y
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\[BatHelp@protonmail.com].yDXksHWL-AHlCQxni.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf (Modified File)
Mime Type	application/octet-stream
File Size	80.14 KB
MD5	47fc9ddd47ca185227814b7386f74d94
SHA1	9810f967c88caacadfdc430a1ce58b4a79a0d10b
SHA256	b31b75341dc2be4406ef6a9d6fa945d8dc543b38cf370186404cd2ef38a12e51
SSDeep	1536:pneXk1kolHY+70umYYBN9ELwracFbpE86GD+XDKAFoL/oslY654:pneKVaGS0P80XXoLzYk
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].E2cHw8vk-brk36KU0.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341448.JPG (Modified File)
Mime Type	application/octet-stream
File Size	22.07 KB
MD5	bce26754ae3f3bb2fc90b1dcc8c0746a
SHA1	98c06e43994591621c4703fdfb036f9b6ea96a26
SHA256	ec08246ca292dc7bdf10a69a0ec1722bdd7fcd222cba06716490525f05500d3c
SSDeep	384:UamVG10iDVEArjIzyKxWLrbi7cnHZwz5KArnBwoI6gN4LZbYxcxzuw1KM9gHW6j:vT5JEQkVAHaz4AdwBoYxIi09iT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382927.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].2GKZrxTI-DUw5Vi1f.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	127.49 KB
MD5	0b5f75858c2671488cd04e218eea5707
SHA1	b1ee978a7ef027c6ce5a2844e3a3f40c85c127fe
SHA256	7514abc83ab0d5b0fd09af8116db3c3414de347193315c9ca061925a56a8e58d
SSDeep	3072:pOCZYP130JRnHCCj0UfaTJto6ijP79RVUy15eVRxvzzv:UCZjxwXlto6+79ReyyVzz
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145895.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].T24gJCsl-8rYGZNDc.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	34.54 KB
MD5	d2316fa9dfbaa7616eb01d67dc85c98e
SHA1	a07cd4b11197fdd20f6570d59a96f255c5fa9d6d
SHA256	1389f0637c1ab490a3688152bcff5cb295c85c1012d09d65b3bc767bb856f598
SSDeep	768:ZTVbR640CVGpgi3yMLiizrJNm1KBY4diuCxePefSXSbSu3V9NNSuCT:Z9R90pgOyciiBNVkfePRSbSu3V9NN
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].JwBrc8oX-4Kv1OnOT.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099186.JPG (Modified File)
Mime Type	application/octet-stream
File Size	17.73 KB
MD5	82c1bc1a4c6633c37fa519418718ff56
SHA1	04dba106e3a9176599c0a8ee2ee1de728f510bfa
SHA256	0ca9eb1dc54005e1858e7fe39f92157bb47b7239ce357e8ab7daa271a4f731ce
SSDeep	384:2W00x6ac4jMB03L30J6IMZrNCs6ZAUBmHW6j:2W0ScrT6IM1NJy7BIT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145361.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].sub3AZbA-pEn6GFA8.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	22.01 KB
MD5	7057fa0b0b59cdb980ff782e596126a9
SHA1	5b61418bc8f04f9fe7d36ee727c075556853cb10
SHA256	4fe4e5a46994a9ed7026e79a7d68de47457dbb67d229e8a627061317132db27c
SSDeep	384:sd5DHdIzGzapJ6XU5fvqAeSyIlKQJW8N/fCoPXx58pBMGiI+ZoHW6j:sv5NU5uSy5QJDV/xsBMKT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387882.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].XONVamZS-DMdK6QI7.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	39.61 KB
MD5	b10d31a2a1f5cea3b232b1cf3418708a
SHA1	53e95bb736b1630d0efd1d73da683b7e448bca10
SHA256	cc22f12df38769c4690c38c297d97f0423debe4a442b1f12f9e6d5c412c6660d
SSDeep	768:PUvG0dfQXJNQJA/BPwdR1DhgFkNMKMIN0lDS1Pq2j+LB2lbZHgV7FUpO/hq3kQq6:MvG0FSSAtwdCCNsptUFHyFUM/h6kXvPq
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178932.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].eGu6ib9F-W22ZN0SX.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	35.89 KB
MD5	78db37b88ff7564c248244d3653d4b09
SHA1	d0f48160353396c1ee51d99d9856f900766f5aa9
SHA256	207bfcefee452aa93c2e7c6284012608a7484127ba2b74d8057ba6d656ebde69
SSDeep	768:PYUy0Co4Wlyd4fpXORkw9NuDXyvg7Jtny7JX90tqvxsH9F6ET:7y7MVORR9NuDXEgtncJX90AOdF
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].RS51X8U8-oTRcUpbn.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287643.JPG (Modified File)
Mime Type	application/octet-stream
File Size	17.02 KB
MD5	be918e97afce0c06687c800c6178d3ae
SHA1	e3cfbc145ffcd83e0d0811de552100d294fb29f8
SHA256	53a55c01a56044bb7c8df21cf29dbc62635fda345c8335b1308167548f1b5915
SSDeep	384:t2eiAQ/KF/urpRrNSNEISYLMjE9XqJ0qCC0tHW6j:4eh/url8zH9c0DC0NT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382963.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].uKAdsuki-ZLG44y01.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	96.87 KB
MD5	438ddd017972a1c2acb7486d5998bcd7
SHA1	750c3a4711241447a15226fc14bf470ba684c0aa
SHA256	67d6cdb85eff0f4fb30b449d8b936ddb0e11ea610c4b54548bf8ab44f55296a9
SSDeep	1536:7ZuZXoGkGL2SjcVMJ67+f40ftvtb3K4X93uEsNDhlFo6AUWaIqjrJz/GgqGePIhc:9AvL2SoV2w+5FPqDbZAf+f5+gcIuVaC
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].IzK5z8O1-HxLxh99T.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387604.JPG (Modified File)
Mime Type	application/octet-stream
File Size	47.82 KB
MD5	b38e29e4a8aacc83e07d1779c23ea013
SHA1	c85a9cbafb53f7a96560ddb6bf8cc5f023f52f4a
SHA256	f30ebb858dc611efd8edbf727e148ab0f545ad1a4b40f49fbbf24ab9a94b0c83
SSDeep	768:H/DKuC6Q4D8vwj5LCi/KoYDkUHbAI+Nq1ERO7UpIXVS7l9oxh7qmHyZPaRB3T:7zCh8pYZ+Nq1/4pw2l9oxh7qIaPaRB
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341344.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].8dllUaux-PWvr6UsW.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	12.60 KB
MD5	269b22ea09639d4b12de0f51e55977d0
SHA1	3fa422051355eb185535aae4d106bb44cb6b5ec2
SHA256	b151cc83c2a0ca47791c50a27a93609487604547dfacbf413199aefb39199222
SSDeep	384:VCmwANOFotTch1IPpAIdTNSyLeGxAmx7KHW6j:V5wuOG7pv1LV2VT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].tTxMXelH-pMsdwYpk.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341557.JPG (Modified File)
Mime Type	application/octet-stream
File Size	28.05 KB
MD5	cbfcdbade188671189c2ada1cfbcd923
SHA1	aaba02df4edef3998b6df8fa2f775b26603688b9
SHA256	55a84a46686fd053fb681d3c1d8959fd857667796de1acf7cc1c03731ebff107
SSDeep	768:6SFEmTRt7r9JfU2N/3zHKwPICzBd1JYUgp9WnFM0536RT:7ht7rw0/LKw5ld1JKWF7K
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\[BatHelp@protonmail.com].rwnh185G-M1eONyDa.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	275.91 KB
MD5	ed13e2489180a9cd27cb27d64da49ec9
SHA1	1bad711fb6edadee901f32f0bafb1c8ae33c6310
SHA256	4acbd53d1574a4b46dbf30c09c5e955148e0dbbbd2d5ae9048dc95939174cd50
SSDeep	6144:lz7NlsLubjji8ZT2PaFxWajWqoKOcYjeHYbPtdKMS0HeHG:NPs8jjNT2yPLj6o8dd8G
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].xR6c3T1L-xiJKoLai.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099152.JPG (Modified File)
Mime Type	application/octet-stream
File Size	12.80 KB
MD5	48d119a0fe4929960bf2befae66dca5a
SHA1	ef147ae5af9adf8dea7bb5974c3ef18fe93ba811
SHA256	f1d94c1d3afe16e9e41d395fc09c2b68c641875f1a87288b1d76fc30c9679a4d
SSDeep	384:ZDfnp5REZFNS8PdbeosmLd5gskyhVTK8Mvy3HW6j:d7RmrS8AoskNthVG83T
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\[BatHelp@protonmail.com].MthRheOD-3mPIh1fn.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx (Modified File)
Mime Type	application/octet-stream
File Size	13.25 KB
MD5	bce99d2810b488f51b4d55f6190a79be
SHA1	e86642ddca32e67b5ee63fa4ead049a9d464d32d
SHA256	022e9d64c37f6ee5e628bf701c8834861f2641b9cb49aa449f23004bbbcfefee
SSDeep	192:ONR2Wu+8ymBrQ+72Zbwj1VsKUXDCLJB4r93kO9nzteBcOAI95JTYeW6jI:gAXezbwRVsTXDCLcr938COZ1HW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0315580.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].csfTiNED-UYpNiZX8.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	20.13 KB
MD5	f6d537c01941723853e74b919b4349a6
SHA1	d274314aceed86cca1406659eba7a66763b5a9fd
SHA256	9a1ccb0eb227c42ddbd65963412575ce5b87a6aab040a66034df1911a01245b1
SSDeep	384:81xyQCs2pnnFxN0pDeKaLRmfO9M88oD4KUc9fA05dX8kSFFEsrbV1LnqUP7KWHWW:A9CRpn/SnaLRmk/8oD4KFK0EkSPEsrBN
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].h4HjdV2h-snxkQ5af.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341475.JPG (Modified File)
Mime Type	application/octet-stream
File Size	43.85 KB
MD5	a8446019a0be1e53a0b9ec6196ee340f
SHA1	85630240226707fd9b4f0376329dcf3ee0f64f2f
SHA256	1cdf3c0e7b47c77af40ffa2680867561d7da138102dc0e10306604aead7b13fa
SSDeep	768:qWWDuH2lIS9QY1RqjEZD1Ir7sNWdEQ8G+FRGvHEzkbOSFhWqxssjQYemna3+YmT:2uHol9/UjEoEwMCszkbfFxssbeaa3+
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[BatHelp@protonmail.com].Yy12DtwM-h3qztfOp.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	15.21 KB
MD5	811f3de258fc4bf2ab3130841e60e46d
SHA1	1ee9c4db2d695ffeab19b3bc44d1bb3025fcb38a
SHA256	45a873acc42060eee6e9bd962e5cfa3f53d135408068fc15fe7cb324beff4bb8
SSDeep	192:FbDkpKm3k+HkWPYZjMCqs28Z2KSJJmDjUtUyNI8wG+XWhKw1TYeW6jI:FE3k+gHqD2HSJJGIvITGWa/HW6j
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\redact_poster.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[BatHelp@protonmail.com].SJ5Teld5-oNOAdk0i.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	28.82 KB
MD5	022448b22d5a5f072b572c9aa2334c09
SHA1	af24eb56a783f24ed0d9adfb8bfde09fd3055257
SHA256	ecc6989727921725c8dbcd97a5ee86fb461349ccd96cadb3769b7104c577e015
SSDeep	768:kO+RrzrVgijbuzB1Url+TBBbtWhe4H/T:D+Rnxa1AUshe4H
ImpHash	-

C:\588bce7c90097ed212\1053\LocalizedData.xml

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1053\[BatHelp@protonmail.com].kOs292H9-fyJ5GEU4.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	77.24 KB
MD5	e3ef51fa3da2e118736ffc247b7224a1
SHA1	b0dc3896d4640f99b4fe9a209281426909dd2893
SHA256	54382378b37549fd7ca513eabb14a53463ad4e69375da5ebb03b57af2deb47d4
SSDeep	384:xI2ljHDkIf62p/acvKMGqFYWnX7bktDhHfLSGM3zD0q0Xt//Vvcinnl/06N9mGke:xH4S62VacSF9aX7IDkqmGeJsoGUDMT
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].uJFby5Vj-SEFIh83a.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalResume.dotx (Modified File)
Mime Type	application/octet-stream
File Size	72.04 KB
MD5	127533ba77a50efeb57213418e4edb6d
SHA1	f3379e046c96b5674ec2931df8dc2954a562d9c0
SHA256	3999f130951cad6ef2196115701a93a202971f1eea59d35fa46569829a7abcb9
SSDeep	1536:LQ58ExDyPLpnVJ+X/4vV3sSaElyVzyibzvi:6xEVCkdstsazyK
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341534.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].msgI9v6y-bAnSXg4k.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	9.27 KB
MD5	a8fa0d95b2386b1c40333b6144b109d6
SHA1	3b6476d1645c33fccdad0758754dd723a5bdd1ed
SHA256	8014bbdec2668cc4d76d67985d5fe07215e3d2b2fcb339e55f6971a563c1f456
SSDeep	192:rFCm3i87U/TWaUykGE2Avdzsz7ntGIs553rYKTYeW6jI:rj3p7U/TeIqFzotGuKHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].TCnWgin0-gkVQBVWR.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0390072.JPG (Modified File)
Mime Type	application/octet-stream
File Size	14.66 KB
MD5	131c60c50c1022e8ff6b55a5b68a7edf
SHA1	58875e5075467d49922870105e08a94849a3aaea
SHA256	97f1b4aadf01fcb65fb2c9bda2c8374b8dcecf2cc5a859f260cf0421cc940fb5
SSDeep	192:D74XmcHyuON3Rw+wkSupgONHtC+NjnSH7D5lks40vdyw+n5FD9ik9MaMTYeW6jI:fq1ENhtSupgONNNWv5+hSTHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02412K.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].ds1JdVNs-nzp4yp8M.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	4.84 KB
MD5	20af9fcfd3340b797da3e0f2ecd588cb
SHA1	e13672dd08a5c91ca94a499a176c0292dfafa8be
SHA256	ab6c5e5abcb22ad96189cfdaa012e4024984ed6f68bf494a19644914c8f5d410
SSDeep	96:yebrBnq/c64n9Wp11+kXhCozPV2HCSWZ1UQiQ8ZV+4liTYIDWzMJxRf4OzID:yYnIc6Jp14sL2ib17uVRETYeW6jI
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03379I.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].lNFrZZ9w-hrnANqFh.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	12.29 KB
MD5	f0f893cee2bcdbed2eea559b906e65ee
SHA1	79b5608c701232f13d6ba9038b77ec4e06d078e3
SHA256	eb10246dfcbe42e9970c5081ae1c5500a8b8bb803e30e76d32d9e9f51a1db8b6
SSDeep	384:Vuk/ONIbWKYVaktxNy/jII52RR53HW6j:Vuk/OObWzVTQIXRZT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].z5qtHsXn-bO1ZVAJQ.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\NotifierBackground.jpg (Modified File)
Mime Type	application/octet-stream
File Size	17.13 KB
MD5	353cc79d303ad9b4152bbbd2d4c6efe4
SHA1	f95b9cca2386868b422661bba0c78b7c41582607
SHA256	839605cafd40f04f4a0a1e82a4eb08054acbdc274a0653149172363d3c5c9eef
SSDeep	192:kiFsgm/mjHQOzXfisqREx6Qt210MZ7ZbmRCTYeW6jI:Dvr5zTqmDt21tZJHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387337.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].UAsdNMxL-zia0LPDn.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	52.14 KB
MD5	e8a15fa1c5c41e907fa4654439e5845c
SHA1	6a745a8f01fb6fddccbc3583dd37eeab0fd98184
SHA256	31c22805ba52ef71f893a9328af4216ccb15adcda11854ad726eebdf6798e170
SSDeep	768:nmRHA9J+OzkY9zUK5pI24yBPxdGoytZ9tqyAd3HIuiQzN14xyMfgCx7L/bbtKCM8:nmZ8jz9Ffq4PzGh9id3hhN1Y5BXlKC
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\[BatHelp@protonmail.com].aeEZ8wZd-BR3SMnuU.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\adobe-old-logo.jpg (Modified File)
Mime Type	application/octet-stream
File Size	36.34 KB
MD5	15e49f885bf90962afd269ae1d07988a
SHA1	c9e9f037ae72839039bf809978d9e00196a17496
SHA256	54f34592a02bae52bfbeb8b5cb68ac12b6dd01f448698c31cccfe8514815e216
SSDeep	768:KmHHATe1MYal5v03vNDvt8zBU+y+GtZhAkt7NRcv6IVpCthoj4B2bT:3nAqqY+EvNTt8zaXhAk+iRtCj
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\[BatHelp@protonmail.com].02AiAwWk-JWs3l2Zh.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Lync.Model.zip (Modified File)
Mime Type	application/octet-stream
File Size	86.06 KB
MD5	7d90dbf5729ffc8e47199e8ffe4aaf0f
SHA1	4159f1975510ed3f4764fd0328c4fef788c04975
SHA256	7ffb75bc3385d3276e0193c189bf64ecaee3ad751fbbe50ef7d6c25557683a2b
SSDeep	1536:7MMvd1iCecGK5MAC4wl/J3xu6EnAWmg9yya9yc8f0q275aA1/H5x2OCpdURoPlwb:7MMvdRecGK5MD4g/J3c+RgQya4zdqH5Q
ImpHash	-

C:\588bce7c90097ed212\1028\LocalizedData.xml

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1028\[BatHelp@protonmail.com].zD1qjLq8-PNfOgPAU.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	60.77 KB
MD5	67c8f3dca5cf52d4b0df6a3ebdc8b787
SHA1	018841a728ad2355feb720e58b2d14e64b029c55
SHA256	cf07a2185fd3fdaf50ffbf091b7a4b7f95fd4866f9e10c67a31da6797febd817
SSDeep	768:2IiKChQ8UGbfOz3o7MRZIiYTJo4wFV4T:2ITS2xLOME1JBwF
ImpHash	-

C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx

Modified File

Stream

Unknown

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].x48Prdtc-G6HS6vFM.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	92d349d1f5b518f19d8535bb08494c7d
SHA1	ecbcf7f7e9ea3897038024d948ff07a1d01a5b77
SHA256	78c2f7708a327e30575b6a40dd176254697807917d36b4725bac2b292e43acee
SSDeep	384:3zjAXDRYskRlhgS6L7gMn+OQRWPvsqvqzjAXDlHW6j:3mRYskRlhaMZO1gm1T
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].llWdXfPg-4trWuMtu.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\LoginDialogBackground.jpg (Modified File)
Mime Type	application/octet-stream
File Size	53.11 KB
MD5	8bc9a690fa9514552f127b99ae896c22
SHA1	116f853fbc021d8bd3b6da826e4e1aeeec38d00a
SHA256	f1addd3c74296034439b52ee2c8617cf74b2223cf8fc3982cc5a2feb99e0d758
SSDeep	1536:SMg7R2V732hyYEGpz4OB/uisB4+WGwXA/8Ubi9xJc4rqADB3GS/7:S28zLGphp8Ubi9VDBp/7
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\NotifierUpArrow.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].5rXYTWFt-I17z9Oxl.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	2.32 KB
MD5	c28e4c1f6bffbcd6ecc75478ea06d483
SHA1	6a771f9176ae478a34533cf792123157d7b27619
SHA256	e62c061dea53e89ed2c39b97d2b0e8c6c1ced56efd8d1a765435f484bb34862a
SSDeep	48:LipegWsZ6bKByGWmkeXUTlc/ID0hzMo0xRfpiOx349dUTk1:eIo9ByXmkekTYIDWzMJxRf4OzI
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].oNUAj1Nj-4567zw8b.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\NotifierBackgroundRTL.jpg (Modified File)
Mime Type	application/octet-stream
File Size	17.55 KB
MD5	7533898a616cff95c7c759b55e2e6757
SHA1	acae858faecfad42942b5a77765b3cfab0448686
SHA256	02ebcc3f6b157389b4f94d01c5307db23e5428113d1b6f1e8518740e34a3e7ff
SSDeep	192:5NFYrAX8HVFEqBEFV3R8oppIhRcilwxDeTYeW6jI:5Nmr481FEqB6V3qoLucxyHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].sMsQFPp2-s7e3xERj.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\STOPICON.JPG (Modified File)
Mime Type	application/octet-stream
File Size	4.65 KB
MD5	b3c4d20017d334045d832ffd4a515731
SHA1	e95a79df03e2fb1eccc31a7dfd24dc1dadd759ad
SHA256	7ecd522490dea0e0194ede220e9f8438252a4a3814a632f8902bafe03239507b
SSDeep	96:lw5Sb2QVSYM1ZjJb06sPZzugoh8VICxuMSO2TzSub7+Hf9jTYIDWzMJxRf4OzI:lw5Sb2QVXM3jyzrVroLO2fBwFjTYeW6M
ImpHash	-

C:\Program Files\Microsoft Office\root\Stationery\1033\NOTEBOOK.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Stationery\1033\[BatHelp@protonmail.com].zLUp956c-iGIh0c0y.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	4.26 KB
MD5	dd9c945ee703f18e66d04cdc5af88ad9
SHA1	9f41c7121e180580a51e515cc4403b2fe2dfa4b4
SHA256	74840f48f2615f13fea1fd9a1e8132019cda4e6265ffc43ad8f550b12d4be893
SSDeep	96:W7JQ170GShgCPzzmJpgrr7/D7yxVC2JTikTYIDWzMJxRf4OzI:M617ySgzzYpgrz2VlikTYeW6jI
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382939.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].tBed9WXM-15q28tyU.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	108.29 KB
MD5	7ea6847817a9480325155a803b465273
SHA1	c379acff5c020a9a9c696c67fd100fbb3a3b944f
SHA256	1a8b5dd589685e8e51ab7ff41db3e579767653213796ee25c9f67fd14bb2ef44
SSDeep	3072:2EcKinsuCWxQ9vezmqJNV98UJQQle7ibaVom359f:EfnHXQ9WzmqJNUoQyZbap
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\Shared24x24Images.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].PmPC2NFA-VsbKmyVj.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	7.73 KB
MD5	18c54580f87de1424c98e5b5842713d1
SHA1	0ec549606882bd0c451dfacc0fa8cff59e9cfbfd
SHA256	b96f98c30be769e4b17e0e042e90af65bcbd821ff64904efcac881229933b5df
SSDeep	192:4RDl55Kgj0BI3YY9Y9hnqRNQk97i5ATD9ZSrdrkb1+TYeW6jI:4p7PIm3/cqXWUcZRHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\[BatHelp@protonmail.com].WV5waCLG-BgFceWau.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\AlertImage_Medium.jpg (Modified File)
Mime Type	application/octet-stream
File Size	17.85 KB
MD5	647a7a1143900671998aa910189c5c91
SHA1	c1fa9eb11a34adb56da3a3beef4eeb3f011e8ec3
SHA256	bcbdd01f648644c5e04f03be0ae82aacd480c97e0c725260b230ff07b91a9f68
SSDeep	192:pIM2+cpB9PHG0cLLZi3+gxp4G5YJ/8XSxRFpX5ljgux6VcQmkPTYeW6jIT:pB23pXjcZU5xpR+NBpXfihPHW6j4
ImpHash	-

C:\Logs\[BatHelp@protonmail.com].AWqPJGmS-lxlEMWRs.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Logs\Microsoft-Windows-Known Folders API Service.evtx (Modified File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	e96d204c1003248cb1d77e8a79400cca
SHA1	dd1e09611c830c8e5d42eda1fc65f89c59e6026c
SHA256	2aaf9c6f7417260103164d849c2a2ec9fe34a04f01855b7afb74b46d56616ec1
SSDeep	768:CHof+ayytBKv5m+fh9Df20mo2OKzLp7Hof+aydT:z3RBcA+fh9Dwzfn+3
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\combine_poster.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[BatHelp@protonmail.com].p6RR6Qip-FqZtXz4B.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	20.72 KB
MD5	aff61269ef33905124e4ff04b1a4ddc6
SHA1	82351cf04586f823c5d10474891c779c3ca47d1d
SHA256	506cbb2275096d81650816ac34bb4b3b8d31b4d3abb3425589a00274c7307525
SSDeep	384:gf6x6SqQy7Zlllllllgkw4LKK6HIKpWExEZHTpKmppP3uTcLwcbA5IHW6j:tqQy7UKus+EZzAIpP3uYLq56T
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\edit_pdf_poster2x.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[BatHelp@protonmail.com].6TgJeMl9-eImGAR3Q.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	73.73 KB
MD5	6f7ad4a01f171bc78c4e75d5ed0c6547
SHA1	d653f4d4fb808d72a91eaa957e97d0036b19d6d0
SHA256	56832201e104cacdd3faa48cb141f6f53b68414e574a5761cd7b244cdf1db878
SSDeep	1536:XnFRvXji/ibvFqbvxiwIzSXJpTihqMz2VthjUjQM:XTzi/ibkzP+4tzhd7M
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\compare_poster2x.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[BatHelp@protonmail.com].uy7z60Tf-04EdVnpP.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	80.17 KB
MD5	7ab1a31cb59087a2b624b3cf8db7241b
SHA1	552cad67279fab920414ae4451f1ab16ad0153de
SHA256	54343d1ffd14a3aa5a230e5753fc449740bf60e737ef344071e374fac13da10a
SSDeep	1536:D6AUmLsqFttOvPRBV/DxJyYgQ0D++8hhuM5TA1UaPP24ZZIA6VjOrY200F:D7sqs/F8C0D++b40Ua2dA6VOY20K
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\scan_poster.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[BatHelp@protonmail.com].gqD18Qqy-rzjZMQBc.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	31.02 KB
MD5	b62e70fa9dad24ed0cfa83945af3f295
SHA1	5d054a949652083ca95c979701d6275f3240d202
SHA256	e6b7c560c4e2fc4f7ade38a5165929049e24fe5b74a0b12f4e45afa54b82ed98
SSDeep	768:zYvQHfaVdIsOl1uiiuZa+LZiVfkCNbJTn8VYAPKjZsLP2Xg+p2PT:zYYSVesOl1kcjZSlJT8P232
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].PsWJ3mpX-Q8OwnA6G.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386485.JPG (Modified File)
Mime Type	application/octet-stream
File Size	15.74 KB
MD5	12ae076241a5ba310a5af916f9aa2cfc
SHA1	138ea984a551fd5af989da6e7bc3e452b8f7ff87
SHA256	5347a45da275f77de69400fcea30cc2fd2c18d25039976e8a6a3df38b8d56178
SSDeep	384:igM2hueY9Z4AORsfR9N2cOgwHnjbE0Mng8XGvQHW6j:2vr4zRuPQcOgwHnjjWg8XGvST
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382959.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].E2ch477V-nM4iAx0u.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	85.27 KB
MD5	01ec547c690d47aa4a6fc33308b54035
SHA1	0cb10ea1bd07348205f6f0e2e039f0695e9563b0
SHA256	9e138648738f317eaa2e1be6c87687dd0afec728109355c274ba1293ae07776f
SSDeep	1536:adjONNhd6G/UH3n26R4bfU5IZTnr94Jnm5sQatLZ7hpUuKPro98hBi4ehWK16W0:adQUisPR4bf4IZTx+m5sRL3pKMWDi4Kw
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[BatHelp@protonmail.com].V7SJmfLQ-wZPZ7AcN.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\edit_pdf_poster.jpg (Modified File)
Mime Type	application/octet-stream
File Size	30.29 KB
MD5	98fb9f4f09a45b63bf47dcf265493314
SHA1	5c70ba1445fcd0ce921fe2f9c85bf1abe80c0cd1
SHA256	579c8d5ac8f3b0e29b658cf7ff49e904b05249008dfe6cfff85742d2147cc4c6
SSDeep	768:IlJGycjJxYapqDoCuVu/+++++++++hjF86eBjJYwjPpT:EGFJxsMF81VY
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\redact_poster2x.jpg

Modified File

Binary

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[BatHelp@protonmail.com].RtVueazQ-NlBaDvmB.CORE (Dropped File)
Mime Type	application/x-dosexec
File Size	69.85 KB
MD5	3cc86975fa49df4b7954c9a84763329f
SHA1	cc2e3db10486886c1c25f11de122a1a62cf347a2
SHA256	2a872d6865222b84a8143ad5715d434bb094d8e588618dd965cf864d816f678a
SSDeep	1536:vRvgx1nTNpQcU7HhE8rpwfoCIIIDIII2cQsi9V4+M9vz7:vQnJScUT1NCoCIIIDIIIENnAvz7
ImpHash	-

C:\Users\FD1HVy\Pictures\5uqysxV\1XK7 ImF5.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\5uqysxV\[BatHelp@protonmail.com].Y4CQXpcn-IXZhB6ir.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	97.86 KB
MD5	a0dcb784080463257df1237ed218bc62
SHA1	524acfac69ea133ebf7a7d886552223e6e5bb814
SHA256	62b46a7cff06ee93225dba69139c8106bad2ee35f09f26dd889369231e0f92bc
SSDeep	1536:wq6ulU6HPfa70/4Zn1ylwES/QIfEbSHb2mZkJBI/vCMN0OcYQTfnxign1Yp:QqG0/KqwESYIfHSL+3N0x1rnxn
ImpHash	-

C:\588bce7c90097ed212\1040\LocalizedData.xml

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1040\[BatHelp@protonmail.com].in6YC32n-ifO7EBbK.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	79.57 KB
MD5	fb8f3a4ffe4a906d5feb741b8aabf96b
SHA1	8dd18b8343a3c4d93820ced9b4df81c31a036838
SHA256	36fa4856a49ac87bddc7e6e6fbc245f8d0cfbc810e43671382eb6758bfc21ba0
SSDeep	384:teihCL56QLx7y9bKvwv+0nynnaYO1vBnclySO8pYBZ3tMa9eIzNZNs4fzWmJVo5C:teFtR/0ya71vGpO8FaVLJiRV14f3TT
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\[BatHelp@protonmail.com].iiRah0hQ-lcTy6SWm.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\COPYRIGHT (Modified File)
Mime Type	application/octet-stream
File Size	4.55 KB
MD5	ca61bb97a9e3a67d5ba5654716399eef
SHA1	7cbf06d80fc606407a9e78ddced61043126ac508
SHA256	26fb78512a529f9c3e5fd0be968f58a39db357cb6ea33a0dbeeb8c97f0a31485
SSDeep	96:MoflgDGblimhDj5/LPrZQTn5tUmbFtveTYIDWzMJxRf4OzI:MWgKbp5jPGTn5trhETYeW6jI
ImpHash	-

C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\[BatHelp@protonmail.com].NPpAn4gL-6wiIfFA0.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	2.42 KB
MD5	939575352d79f906310702dd176dd7f8
SHA1	643a5a02305be7ade4c9fe468ce474dabced7408
SHA256	c0d0429105503d6b4e27c080c99d3c362e6c2dfca3e927641fd74ec8c1ec2e41
SSDeep	48:UMNgriDkZsC/4eKQ+awqgMgQH1qTlc/ID0hzMo0xRfpiOx349dUTk1:UMpkHP4RH3TYIDWzMJxRf4OzI
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\optimize_poster2x.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[BatHelp@protonmail.com].tEwBxEUe-pyxfSsKi.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	66.71 KB
MD5	b94002c4aaf805699da931593a934a1d
SHA1	9988b69bf573c521a7d01cf667247255c04172a2
SHA256	df1db440a0253628f61c8e81c684589cf78a24ac333a5d556b92a843a18481a8
SSDeep	1536:dY6ULGNz6Wiyl/jstnJ577CvNtj5RSLGCJzlynUQ/x:2GN2WiMgV78BRSLxG/x
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansDemiBold.ttf

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\fonts\[BatHelp@protonmail.com].Bgj7WKKa-VpjhwXCw.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	311.83 KB
MD5	5043ece0fc1149ea80df051c72a3c211
SHA1	65f26fa6711454b73e800d5157b8d0655d30a7c0
SHA256	28fe4e342770d0315a70486435c9c73612e5d81529a3840a6f7b6126e9f96565
SSDeep	6144:cXRK6IjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov:cXRK68CEo9xzJwljXsrhHQ7cMuX/
ImpHash	-

C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx

Modified File

Stream

Unknown

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].e3LRwlRs-owhsdRgU.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	f7c58bf5c97fea1870ed078b1a31f35e
SHA1	3e22ada003dfb803f522b75f1dea1a8d94fd2b65
SHA256	088799dbda26c5f2ef0c50958d02bbc2d5015d47ee25b664190d71975b7a62ae
SSDeep	384:1Pif16J7tLU5ZND51n7kHmMy/oYzAWEaqf//mkyif16J7tLfHW6j:RcCtCjDTn7vMyAYz5WPCcCtbT
ImpHash	-

C:\588bce7c90097ed212\1049\[BatHelp@protonmail.com].6BN30sTc-31yCJGyC.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1049\LocalizedData.xml (Modified File)
Mime Type	application/octet-stream
File Size	80.96 KB
MD5	abdc8fe596367c7374712c652aa20a64
SHA1	043333ed5a8712142d22800b8b255ea78bae8d05
SHA256	be36264bcc6fcbfcfa8616eafa50e7bd2917cf13de439bba5fc198e39522e326
SSDeep	768:W1B/jdtNAtpdlKHIne1+fHqJZVrJLrI6LO1FT:WJtN6iIC8KPxJ3RQ
ImpHash	-

C:\Users\FD1HVy\Pictures\5uqysxV\L6YGoOrS42Gw9k3uMS.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\5uqysxV\[BatHelp@protonmail.com].6Z4XFZ7n-enLfaSFe.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	5.26 KB
MD5	15bc2a6816586f55bbca9779d5a7c650
SHA1	668c3e36bab2099c68c8f6deaedf64642d69b654
SHA256	d5cc0893742e3aba759a27408436234e2834510463f816ec6098546e1cb253ce
SSDeep	96:DWN3+B8UHlkJSovZJ/eJPg1nGQuEFl5rYduzTYIDWzMJxRf4OzI:Dd8UFkJdfedEFfrzTYeW6jI
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.zip

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\[BatHelp@protonmail.com].njQ2yITk-f0sL7wpO.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	70.22 KB
MD5	c75bb4fb4ee3a742bb39928691ef4daa
SHA1	ba15c89a280e1c19dabc54ff2c08c141c8f24d4f
SHA256	537c4defac42d2770875759541f9eff43818e2c4aa630ba53361aa9659c7d349
SSDeep	1536:AuPvVhhfVoUfZ5hRANd+hs3M/zCZ31P7wLK5vT0WTDABrLxR:JHVhhCTNdB8o35VTPTDAr
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\[BatHelp@protonmail.com].z7Y4sMxY-zB8iJC1P.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif (Modified File)
Mime Type	application/octet-stream
File Size	1.53 KB
MD5	dea696221479b483db53cc12a0abadf6
SHA1	15837e59cee676667bdabda253a116de78f9d853
SHA256	c6f0879de7052b20964adda2b6580f3c88f2c87a0d497fac4da3ed1f104ee324
SSDeep	24:uMc02/FOGJMMcDilDqIDdihzrkl4TYHJWD0LRZhqWiOxQI49dUTudRT:j2/FTlc/ID0hzMo0xRfpiOx349dUTk1
ImpHash	-

C:\588bce7c90097ed212\RGB9Rast_x86.msi

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\[BatHelp@protonmail.com].reYfxWZ7-j1eHd134.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	93.88 KB
MD5	f3dacbadd7f88600a658b69b1c0f964d
SHA1	8d37f571e71e0940f8796ad09378f4f7fcc394ab
SHA256	dd2fffb0dcbddf656043a8928338efe25d576fc57cc2af197bbf98289f18b069
SSDeep	1536:NU8i3+iSCAJM41picgCjX3QAoHwDHL0fWi0lrmsIjyG9heHApNR3YHaeAGvZw:69SXZbdgC73Q5H0Un0li+G9Asxg
ImpHash	-

C:\588bce7c90097ed212\1041\[BatHelp@protonmail.com].x48s1QXf-3JPhw2XS.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1041\LocalizedData.xml (Modified File)
Mime Type	application/octet-stream
File Size	68.01 KB
MD5	6ede08b635423b5f9ea988323036d7d2
SHA1	822c005d8741e06e8fb8dae7d3ff66873fc0ac44
SHA256	217cd89d51fddf9f54f7be57083fddae949b9391ef5a63d68ebe160e611b2207
SSDeep	768:CKqdI+m60MB5sqsG/ocYOyCw5SCnkJMlvWy0aO8rRnfJpd1gT:CKq3mjosTcR1CkJMlvWy0aO8rRfJpd1
ImpHash	-

C:\588bce7c90097ed212\2070\LocalizedData.xml

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\2070\[BatHelp@protonmail.com].Qul9oS20-8PNlLVy9.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	79.76 KB
MD5	e3afe5dc7af307b81b2b9416f57268c2
SHA1	c59601beaaff959ca77e59c83eb269854316bc53
SHA256	a8a4a9b004f50217e63e21eebcde05ecc9c8bc73f10721554ab4341796c8d445
SSDeep	768:0rQp2t+7xPjhWfjtz7zqVuXWpFxgJMh230JMCZDThqo5UsjJOTl:aQxFWZWVuXWpFxgJMh+0JMSDTI4t
ImpHash	-

C:\588bce7c90097ed212\1042\LocalizedData.xml

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1042\[BatHelp@protonmail.com].ivSkfsxT-Zh446b3w.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	65.09 KB
MD5	a313b8a927c162282c7b467ebfbedf1f
SHA1	e1547924dab973b46eb5d8ebbcf65e4a092d9c5e
SHA256	4c49234beb2fe4d1c01ed528115481fd8ee30204232fcc2c536f380c0f709b69
SSDeep	768:a+VAPmykco2F2pJ/wGerY5wy8aEKPtqpb5yw5JfMEDNPT:a/myke2pJ/wGerYXvtqpb5yw5JkEDN
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\amd64\jvm.cfg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\amd64\[BatHelp@protonmail.com].RIx4dRks-FvQ7fr95.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	2.00 KB
MD5	5e466d1b2e6ce2374de04e366038a3a6
SHA1	2e6ee92a755a4faf67340e30e95ff5327c888bd3
SHA256	f3c644c0f8ba567dac201cc6c754cc7c526252c72b4041803d9cf2b88fe426e6
SSDeep	48:HnFmPGD6kwTB/sTlc/ID0hzMo0xRfpiOx349dUTk1:HwTuTYIDWzMJxRf4OzI
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\[BatHelp@protonmail.com].RWWk6q7O-lBdiLfj7.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\currency.data (Modified File)
Mime Type	application/octet-stream
File Size	5.41 KB
MD5	b91cb716450ed91a5e97265b3fb04c71
SHA1	381938e7049a338511b314cc3e0c239a8a068977
SHA256	726dcf387d4938f8671ab97953da3493aa8175bb5f1d7bfd5c4d4f3305db58a1
SSDeep	96:2jMVjpmTYM14Lp87ZcBm6D00Orng7KEvANERR6WVolB4zzF//HHrOBWGTYIDWzMy:lBZXp896D00OrngWeUg6LCHZnrOBWGTI
ImpHash	-

C:\Logs\Internet Explorer.evtx

Modified File

Stream

Unknown

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].bujjdvZV-Iusxg4kW.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	6020acbdac5864d15eb357935dd36997
SHA1	a42131820bf37e620b564bc769dd9cc3850cdeb9
SHA256	35aa36b5aeed0c95933d13438637be9b20849e3fff65cee9737c9e4f133d7304
SSDeep	768:cX+XSWXoBlu274bNj+SFqtgX+XSWXoBjT:cySZBP74bNTAuySZB
ImpHash	-

C:\588bce7c90097ed212\[BatHelp@protonmail.com].aUGlgRwc-232BmE58.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\UiInfo.xml (Modified File)
Mime Type	application/octet-stream
File Size	39.37 KB
MD5	edb79babfaceb331793a581a569c4dc3
SHA1	567ed7e7abe34ab1f24074a025ecd24428f95b17
SHA256	9a58dbbd873525f0ae1889a0fc3881c6f6e81618b8c8a67a6b076319de96efd7
SSDeep	768:xKm3OF2vp9NpQEB31sO0Nep3UL9Eu+dOtOcOdOjTZf6tagT:sm3Y2vjrNB1sO0Nep3UL9Eu+dOtOcOd/
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\plugin.jar

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[BatHelp@protonmail.com].DPAkkcQ3-nDVTpNHE.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	1.84 MB
MD5	2cf2cb45ea83a832dff68545e36d0969
SHA1	03b88b57d8647673f9cdd75c38217b107fe619b8
SHA256	255ee4546eccbc845199fcd8d0b524909e73029d2be9a7c6b8b5cddc3ed6e8fc
SSDeep	12288:W/Q+Ewd4ESsiF4NAQasWZJ1JPRzxISO1PH0Q6MUvAM1E0ts:f+d4ESb4NqscJnRzyz1YvAB0ts
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\deploy\[BatHelp@protonmail.com].wHlfZkY6-Rsgxdkn3.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_CN.properties (Modified File)
Mime Type	application/octet-stream
File Size	5.36 KB
MD5	58231ed5fc02f87bee0bf09e3b1ce014
SHA1	3dce0747157d3354b17707ce99232e8f963fa34a
SHA256	67fa70de7b072309279fe96f74859aca256924393c4a906f614a8b46ffaf288c
SSDeep	96:iSvfewDbE8Pq2HKdIjP/8YDuUFCH9V0SOgdfBLLIhDgiqZBrXbosmtTYIDWzMJxu:iSvrHnC2NUYDuUFCHz0LuBAuigrktTY5
ImpHash	-

C:\588bce7c90097ed212\[BatHelp@protonmail.com].ALHtpGUj-JHouXLTM.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\netfx_Core_x86.msi (Modified File)
Mime Type	application/octet-stream
File Size	1.11 MB
MD5	58ac112d6af77f6190949d232510c785
SHA1	8950830c7996bae0de7cd3d56ec233eb564f02ba
SHA256	66d2eb899406b8757ba566cadaae2c7cec7706cafc63469a9b8b16cd18493558
SSDeep	24576:3CpwM4NDy6dsNbQXcUwabPx9bswH/fd6px:AwM96d+QXcWDsK1
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03425I.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].WmvdDRkX-kyANwoxs.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	48.80 KB
MD5	1b2481535d07389ab0a1ca7c022db7a9
SHA1	14eb15daf6636d05c521b6ea9ac76244ce9e7a19
SHA256	6f5f3c4dd88732b871b0922af7b498c76efda1fbe1240e6452ee3da6b968ca3b
SSDeep	1536:J7vpNhE/Q+U06Olvf9Gu4N0R7RytPvGVO:BvpNK/Q+nvf00R7c+U
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\NotifierCloseButton.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].XALtgXKG-ByyRpPAW.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	2.12 KB
MD5	f9310cece32e01146ad72fcc867f4ea6
SHA1	6561f8577f37e28278545bd1c282fd69a61eafc3
SHA256	f400c4153d41c09229efbf5927ad9338864d5d6eab6e93391006175cc18153dd
SSDeep	48:8dOMq3rn6KjVnALxyQMndGTlc/ID0hzMo0xRfpiOx349dUTk1x:WOt7npjaNyqTYIDWzMJxRf4OzI
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].2UTMO6Kx-gN0esGgE.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\TipsImage.jpg (Modified File)
Mime Type	application/octet-stream
File Size	10.89 KB
MD5	24164e5425df1006906527f8a01b4233
SHA1	00354dac36377439a060ca9917cdbd79a0e0aec8
SHA256	77c9909c88a8e39f14e6dbf00c5cb6f98902fcd8cad8cd002a7765296aa4430d
SSDeep	192:1XEQbMlZ+SeG9wpUg/MH3wJ7eE+NufPPp2aWI3tN/vSxofIfieYIHTYeW6jI:1XxSsSPm/MXGPQu3P8BWN/vVfqHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].FvzrAjoH-ZwtZW9wO.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01213K.JPG (Modified File)
Mime Type	application/octet-stream
File Size	7.57 KB
MD5	7803796f8c4847794400dc7092cc5de8
SHA1	e5ac1e95782aac3aa0a52da3315c827e4acb972d
SHA256	630e01a8f97a0088904a3b3d8119e6f637da09713bea8c84f65ae6b5547238f6
SSDeep	192:BUI/DRH45YTGr6xCXYZ+sqkXR3tTYeW6jI:t/DRcSGreYkX3HW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02810J.JPG

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].7jtdGChc-U4owWq0e.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	50.84 KB
MD5	09265a38521d2ac0a0380c15c3b477cb
SHA1	c4ad9b824813577440880cbae1c39ddfe33bb0bc
SHA256	ca6bee5e44a2698e12a45eca744740846e35c4bf59ab1919d39cd03f6f6cc201
SSDeep	1536:zMIWAbORZxixjxtKM1OEo3dIS2D7OuNAa:zxjxjvv4E7hD7Oda
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\ext\dnsns.jar

Modified File

Stream

Unknown

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\ext\[BatHelp@protonmail.com].OksREr78-XWjgT12q.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	9.47 KB
MD5	ef9de13eee795e528e3ad6fb713f2fcd
SHA1	65897b23c023ba63e0307d7afa38a5cce5037a04
SHA256	f23c3113e39f4b6e4d077a57d13cf0acde455f933a0ac76602f2468a03a0260c
SSDeep	192:q5HzC3fihYG/IMLeBK2m5oKMRb8+xnVO52lIqfvmOgTYeW6jI:WmGYG/IMLeBKF5x2I52GdHW6j
ImpHash	-

C:\Logs\[BatHelp@protonmail.com].d8OQPZAG-vpKBN7ue.CORE

Dropped File

Stream

Unknown

»

Also Known As	C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx (Modified File)
Mime Type	application/octet-stream
File Size	2.07 MB
MD5	6fa4c613bd877f5426e7d181eafd4cd1
SHA1	bbf47c84957764dc84a430afc1f76741553ebde6
SHA256	c0e70f260c5674eaf369d712427bf6da8b5a56690371e9b46ad5916caea0c453
SSDeep	6144:K602+il1rhJA/0xzndkvQvfajFaLN3TdxpAyzaO4McPTL6:5Nt1Ve0sGfao5pAd7c
ImpHash	-

C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\[BatHelp@protonmail.com].guv8VoDI-eEYbHgdI.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	4.96 MB
MD5	2273c7b532f64166ebfdc3e06892ccc9
SHA1	b4c503d04235828ca04382c101da354924ef55db
SHA256	21478279df89088a380605349575259800f6084c6b7d91c21a3880910fa9d5f9
SSDeep	98304:twuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhl:t03ZBkOK2Knq45mY4H5OMKkKzl
ImpHash	-

C:\Users\FD1HVy\Desktop\94.114.3.195_log.txt

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	72 Bytes
MD5	cdaa4e87e48bbf35ffa121a1b587a716
SHA1	51824bf2cd8a8cb8adfd7435e5625f442ea609aa
SHA256	2d0c79e8a3527437d9f0f9f7518000f14b791bc1b07f4a5281cae5fe4635eaff
SSDeep	3:JM3cOlpIgWQrWRUWBndpb6MwFlB6Uiy:JM3cMOgWQCRcM8iy
ImpHash	-

C:\Users\FD1HVy\AppData\Roaming\4EKyGq4i.bat

Dropped File

Batch

Unknown

»

Mime Type	application/x-bat
File Size	416 Bytes
MD5	783909b97f84b20bd5fcce1e41a879a3
SHA1	fd83bcc88ac9d60d6a1520d00c21110c5ffc6116
SHA256	68837683b1d7c1e1f63a52d41c187bdeee12739f39addca3c0f4a7305e5be4cc
SSDeep	6:joN/vIoGbgpiA980K8lLIVlCIsDQTFhb7JpxAGR3LG9w0XHKtwkwPsxiaZ5CRH2u:wnOy80DqGDQTFx7HPgKOHBv6NHrP67n
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\#CORE_README#.rtf

Dropped File

RTF

Unknown

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\#CORE_README#.rtf (Dropped File) C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\1038\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\1035\#CORE_README#.rtf (Dropped File) C:\Users\FD1HVy\Pictures\5uqysxV\#CORE_README#.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\#CORE_README#.rtf (Dropped File) C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\#CORE_README#.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\1046\#CORE_README#.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\deploy\#CORE_README#.rtf (Dropped File) C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\#CORE_README#.rtf (Dropped File) C:\Program Files\Microsoft Office\root\Office16\1033\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\Extended\#CORE_README#.rtf (Dropped File) C:\Program Files\Microsoft Office\root\Templates\1033\#CORE_README#.rtf (Dropped File) C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\xh_znJ7\#CORE_README#.rtf (Dropped File) C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\Computers\#CORE_README#.rtf (Dropped File) C:\Logs\#CORE_README#.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\#CORE_README#.rtf (Dropped File) C:\Users\FD1HVy\Pictures\#CORE_README#.rtf (Dropped File) C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\pZkrU\#CORE_README#.rtf (Dropped File) C:\Program Files\Microsoft Office\root\Office16\SAMPLES\#CORE_README#.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\#CORE_README#.rtf (Dropped File) C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\xh_znJ7\F9bVZaLquniqSZ9d_-Pu\#CORE_README#.rtf (Dropped File) C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\#CORE_README#.rtf (Dropped File) C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\#CORE_README#.rtf (Dropped File) C:\Users\FD1HVy\Documents\#CORE_README#.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\1025\#CORE_README#.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\#CORE_README#.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\1028\#CORE_README#.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\#CORE_README#.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\1037\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\#CORE_README#.rtf (Dropped File) C:\$GetCurrent\Logs\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\1055\#CORE_README#.rtf (Dropped File) C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\#CORE_README#.rtf (Dropped File) C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\resources\#CORE_README#.rtf (Dropped File) C:\588bce7c90097ed212\1053\#CORE_README#.rtf (Dropped File)
Mime Type	text/rtf
File Size	8.51 KB
MD5	d424a38bb4b4264aae7f98790031bd3d
SHA1	bca09f5afcf9d8f90dff3843ff9e42493bc7ba00
SHA256	5836d68b1976217762085f03e7dc1b169c9d3c12ba10e2f177a7bdda88199cfe
SSDeep	192:TUVDkh6ojUjcNYPcaOCnv0SkDSliQZYCXh4y:OOISWlLnCy
ImpHash	-

Office Information

»

Document Content Snippet

»

HOW TO RECOVER YOUR FILES INSTRUCTION ATENTION!!! We are realy sorry to inform you thatALL YOUR FILES WERE ENCRYPTEDby our automatic software. It became possible because of bad server security.ATENTION!!! Please don't worry, we can help you to RESTORE your server to original state and decrypt all your files quickly and safely!INFORMATION!!! Files are not broken!!! Files were encrypted with AES-128+RSA-2048 crypto algorithms. There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly DELETED AFTER 7 DAYS! You will irrevocably lose all your data! * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data! * Please note that you can recover files only with your unique decryption key, which stored on our side. ...

Embedded URLs (4)

»

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data	Actions
https://bitmsg.me/users/sign_upnd	-	-	-	Unknown	Not Queried	... Actions Show URL Submit URL
https://bitmsg.me	-	-	-	Unknown	Not Queried	... Actions Show URL Submit URL
https://bitmsg.me/users/sign_up	-	-	-	Unknown	Not Queried	... Actions Show URL Submit URL
https://bitmsg.me/users/sign_in	-	-	-	Unknown	Not Queried	... Actions Show URL Submit URL

C:\Users\FD1HVy\Desktop\elog_43130FA834BB8DFF.txt

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	287 Bytes
MD5	c200cc8c966f43603d0c296560798eb5
SHA1	635aab3a7e0c7738a55527deba00b1afc3ac9072
SHA256	1cc50d2d8bac5458a882bb87074508032571ce8f204843c234698c2effd470d4
SSDeep	6:kwdNIDzD0JOCEfMkb89duGjj6qpV+RMijwdNIDzXOHlUemwHy:h0D0JOb+dJjjZpVQc0OUem4y
ImpHash	-

C:\Users\FD1HVy\Documents\83lt.xlsx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	54.48 KB
MD5	915363f200278dcd7598d30c6a553d60
SHA1	1d2c3714574c2c6cf98de98934ed146290cf02b0
SHA256	c349eb07b3d0a26bafa4facfcc9fc3a7b59fd73966e274cfee133af73f5a0691
SSDeep	768:oCTLrseqo5xZIuYZy1v8/XcvrzXSboYJVc01NjZYT1Ls9SppHZc87YmtLZaAAUCA:tLr0o5xi96v8vzD1aLY87Y04
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.44 MB
MD5	87c8444ee4fee96424a71bb070558d91
SHA1	73619a82a5c9d92da794d91f964244df707b0727
SHA256	2c9f06ece767eb5541344befedf7dc1046266e4f5d78d8e6297b81decd739eae
SSDeep	98304:SV2ymSRfax+BGZGRvGG/iCSRfax+BGZGRvGG/iH:SEmRicBnReGKtRicBnReGKH
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.20 KB
MD5	2a7a7a5782042a6870199e8097dadd03
SHA1	6f8753d556844dc6ccf8a75e93aa28a9899f6366
SHA256	f8c761fb5543fbfdeb35d2992bb0d18be39daa44f93c80782fea9f5d58e1b797
SSDeep	384:NLNNWJ6pPeQyWBeRTafEpQLOZe68bbHW6j:NNNWJ6pP4WMRqEpG88bLT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099154.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.15 KB
MD5	d2a10f086ca5eb3d1caf59ae958e1ce1
SHA1	80434a0239ad2afc9c045049751b3588efc81bdf
SHA256	ad8bac8edb3f2280ed2d684c8873336342572dd2bbaa40f603741d6ec93a8d1a
SSDeep	192:7PLvgUaJ8DRctuuKBzEtTqldt3Ndvc/yM9445koVTYeW6jI:/oUY8Dys935Ndvc/w45koVHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	160.28 KB
MD5	406b562f32492d0346455f626210908e
SHA1	87456957c0b870855967c1e24cbc4234d0864a48
SHA256	42246b4544bfb7572b454a6ea4650f531f56978490e1593bc0ecb5b113b58d6e
SSDeep	3072:+g/MPCREbati4TGPY3o2CLqSaek179uYHmWG:+g/MPCREbati4TEYYNtu79uYHJG
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\BLDGPLAN.DWG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	459.99 KB
MD5	c4a0146cee8f11f16d5e5eae8c80b0b6
SHA1	c3d28ee4a9a88fcd9b0633825e49f691d22b424e
SHA256	a75d67c70105be3edfbf8f12abb3bd3916cc360f69b9eac8276161ea56265241
SSDeep	12288:GK89G/xixpjFsiB/PhAz9kkY3/BWOJkJR4QYbcn:LnxiDCQ/Po9kkY3/JJkJih
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099168.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	21.09 KB
MD5	b28e9cf057331e05b989316bd290e6a5
SHA1	79ca4705cf42de70bf300df9fb08176a446be1af
SHA256	145a5348ce208af5e7db462c4376b6f6698fd41311c8aac8e4e5b68499b6813e
SSDeep	384:n4PIZ9WjSbOS6KjDpEwKJqnZz91Tk3dozteKtvyaEYtAwh58ZkdHW6j:n4PIZoS7bZKyG3mThpEYt7iIT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145212.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	61.57 KB
MD5	bc09e7f35680086913b72eab57324062
SHA1	77cb432a8091903ebc685e288a4467e857adcc68
SHA256	8c026839685f12f89f2e68609240b234ad6f15cb8d6329c1271681cd30c06a86
SSDeep	1536:iI1zp3BZR4ypPnjl2sju60KX1MI7qb9+w/h76FqBUMXqxcj:iczpRH1dn8sC60KXeb9+A+Fkoej
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\pZkrU\LXlzwcgQ.odt

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	97.82 KB
MD5	52d842f0a91b07009acd207efbace7b1
SHA1	a8f192356846dd06bef7c35542e449f6c65a373e
SHA256	b6459ab5f32f27f3e1afdc9798a2a66abf8ff8d4bf1a5886f66d4d0a511fccbd
SSDeep	1536:dV60WwLyjqSS/gn00GpOh7pl+UCYXHhZA3kk04zkfSrxgSsqLoagasD8Y0b:360WpjqVfOTg/AjAUKgXqsag
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0146142.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	46.80 KB
MD5	a56fd4775b470070db11d62c45e55eee
SHA1	92054ab457e880dfc4a0292f0389aca6262977fa
SHA256	d5fd0a915c7dc535d14b4363121718a9cacfc43072c1f9483a34efd7172daac8
SSDeep	768:1PiMWZuP2eIy7I+1Z76ED4RCSpVMTq9AWGi5s2QzTsgvewUfrQi+D4oD5nT:VJWZu+L+1Z57SpmTq95G4xKsgveNfrWU
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0177257.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	45.68 KB
MD5	bcb98ebd51c14cb2d86ec491b68e84e8
SHA1	760113cdbfcf70dc022f00e301cc6f86b435ae6d
SHA256	b724fb46c518db0eb2da72abe84168fcb00cba2ae0f76dae7d4ddb6a69fe6879
SSDeep	768:NJzblFBek/UNMGVLBMMoT0sqO/8vQpsCjC2xPP0x0yBNc6Z5Ybpz6BcDTQGCT:NJzvM0YDVhOCI1CokGycE5Ybpzp3b
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\xh_znJ7\F9bVZaLquniqSZ9d_-Pu\-MEBj.xlsx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	92.09 KB
MD5	cb107c713a70513203c972df06f8a8c3
SHA1	2b8aea70be59a9af30106c6e580f76dbfbe42923
SHA256	a50bd408ad00495d6578379c8ee0ef72f626792b2086c4596f1eb9f4abe95f63
SSDeep	1536:IxrPFBnUXBuzXVsM4cN7LtYZUCGzQL8cPslGr7WrJbJw6mnO2IvaABbVK:Ixpyupx4cN7LtCwDG7WDw6SIyAlVK
ImpHash	-

C:\Users\FD1HVy\Documents\kAeu.docx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	85.57 KB
MD5	a1dd403916e1a6eef5699b1c412708ef
SHA1	c456dc0662a6244b05b897f8d30e1d405162ef48
SHA256	e97a1dbeca6beef59a43079b3689221bc3e659736b5fd668d798f4436365b8cb
SSDeep	1536:Sj3KhfgOfoBJnYcidpsvfXQHEf5ys2leVTEfiLztNeEFV+PGKn:SLSzQfnYdiAHERysLeUtNeEFV+PGKn
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0182689.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	17.61 KB
MD5	a97e24cd9ade094911e4f9d1922920ab
SHA1	3a1014fefd29ee066a3a8fd0273411848bc1b221
SHA256	b114049c7a4e6f2d4a629374eb08781fcb889dc3b61a63b996d727aa50749eaf
SSDeep	384:nDu1Z7O1gwrLs/exmroaW4Qer4kcnK6dZhttX1ZxJvHW6j:nDu1Z7I5rLsWOovVLkOlhXX7x5T
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287645.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	36.76 KB
MD5	1645e82c5ba85d543f76ab717ad10a13
SHA1	081ade2fc54ba8456fed2d98866796c638f64d29
SHA256	78b3f5fe49a73a0893084813225482aac120817c3e454556ae3b01dccec84b38
SSDeep	768:w6cLuLhIs9+XuLc68DGDmxs0FfhrRM9Pm8CDCSoK3AAyMFEwpT:/cOhTcaoDG10FZr1UdMFE
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0313970.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	33.80 KB
MD5	a30a4cda53c6789ba65484ebdde45e7e
SHA1	8611a16643fa26dbc284ddc187a41cea94f52ebc
SHA256	ae5c13bbcaebd03a6b148531a7f071d39b25c0037d2237ef1baa474a08a1637a
SSDeep	768:PgvW+fFZVbS+mWvovqjPeWhtg89BJ/N3nUWhJrcf5j3/O21SVBkT:PQW+f7VeaooPDhtg+BtN3nvrE5LN1
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341447.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	20.09 KB
MD5	b786125c766d9dee03959ff98e4e5dbd
SHA1	297b417f88a24f78a51a9213a1cd17f153e7fd25
SHA256	b1237611b42f96c4116531cd735eafad99e5c78f0ca2cea8827078bb13f1bffa
SSDeep	384:Ox0VPMw10UvgBkY1WQiXeadZgUFouaa8bEU1pmLfmBHW6j5:OaCeP/y5argSj+7IrmhT
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	183.84 KB
MD5	93cb85a6006a03bf0ed4f1f04787ed69
SHA1	ab240876468ba43c03f621cf4a253e44280745c5
SHA256	aeb1fee700bf5afc3889e0e0d41138c43e18207ab3ba6981d2f521c900129e38
SSDeep	3072:1xaTl7qDI0xwZODn/TJTHuX2T/5/dGc4uka2AtSyNLMDTJ5MtvVmK1YxV:1cX0zbJTuXa5McZd2At7mJ5MuWk
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Travelocity.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	79.10 KB
MD5	5acb0fa68a71fa1d7aefe9659b98c0fe
SHA1	4c095a19d1df612bbe1c7f4cc6f4b0bb0e0e927a
SHA256	0a8cf91406810983e3e5426e229a0a63337425d0827cc1120e6834b2ddba8a8e
SSDeep	1536:sDT0SIggBvgCkciMH7GcIsfXd3K3aJLei7MHehuYtXGsUjt1/RcLEYPJ8Spqaiov:q0SIgg+CkciMbG4N6q5edaRg5jjqNPJl
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	111.24 KB
MD5	8bb53a9e15fa8e4437a028cd0d9703db
SHA1	c6b12bf0ddb41cd08c8686f9266d86ad69fff4e4
SHA256	d718f4532219f85817603baf9aee62d95945b9e2e8798f4dbc76a8ae20d24ed9
SSDeep	3072:X+8MODA7MiaUnDw9JZ8idFejlyAMv30UbLYlsTXEq:X+8Dyk9H8E7htv7
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.33 KB
MD5	ce57109ea5497254a710953515744087
SHA1	fcb869adc23114d72f979f4efd21e4c0f498b4ef
SHA256	b8c3843e8692381ba8cd2e59990696d74dda0491eff7c09db4a3512b7f336933
SSDeep	384:mGyGIdLvpCZEir6gjr1WJRbFbaRv5CF8vMHW6j:VedLvpuEiWgjr1WJ9F+v5s82T
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\OriginReport.Dotx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	361.20 KB
MD5	767e60885f03800491e879820fcb432e
SHA1	e503d8cbc94ee1f51a95fa379154d2b9c0085c11
SHA256	97594076fdf1cde9f3016b23fb51ff556c02d725e4ed41e43e28ad0d2e85aad3
SSDeep	6144:h1NNcKYFC7w1WwLQTrTycqffXEP8BGYSKm7PY2rZibBoABol+0+QMqvS:/IFiwQpTrmcgPtBKZibGAGl+Xcv
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341561.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.53 KB
MD5	1c3590029a4fc08d5a89670016344bb2
SHA1	e308e266979b303d57ce1566a7dfb26eb3981074
SHA256	8eba24fd74dfbd3daeeb2cc0569ef60a8bf0d1dda1021624f8ebd95cc7169b27
SSDeep	768:96jCzn0o7emhqaCrjzmGdbN+kz8mPvSDxZFX7wNBWSp3q7SYpmuLn7paT:96U00emharvmGJfz8gSDp76Bp32JpB
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382926.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	91.18 KB
MD5	c549cec3201e12452704662e76a040d7
SHA1	2be2e16190e0a8e2bed633cdec12c56a97a9ff26
SHA256	5af7d12b677bb50ea1e5aeb1eca1250212c6cf9810821a0e44b3a45e1d36ee2f
SSDeep	1536:N/fMeAjdg7umntZx31gHMwJ99SyxTWW+MsOsD3Wp6oLW+nYNWtmo:N/EeAjdg7umTjgswJ99SAW3X61
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382950.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	95.59 KB
MD5	56b5351ae05048bae012f2290c14f15c
SHA1	2ebf5460dec679fae5ee0cf13e83f8f968e21f2b
SHA256	745a9baae2eaa0687fe7a9ab77e63a5a21fe19edc62bfff1eb3e3cad3696a92c
SSDeep	1536:PwN/flfiCqt9FqwpgTRwRMV/zo9ol+l9UZT1bp5ip6V0B7LI+85I+q3DPbKko+8b:4FNMjFqwpgTGg0P2bTX6B7LS5I+UbKkR
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099155.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	10.00 KB
MD5	1761cfbea017a00ea79596dfed012b50
SHA1	04bd29cd6b71a4e5fc30e37eac343709d4faa497
SHA256	6cec55a5474c57f5e55b998ad548a5c9e62c59f862fb8d469e25d8d72cb8b7f6
SSDeep	192:hs0Zz4SGubyF+9U15IDGL//cmSrSbdnGonpMg1E6Bs8yGZJ/cr9kTYeW6jI:ussC9S4GLXlZnGopf1tbyGf7HW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099150.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	22.78 KB
MD5	1c3285a7cdbd2b8a62b9b0fd91d2f07a
SHA1	25edca57215304d47008957ea5fa9652242b0741
SHA256	90cbe7441d850edfe27bf28a46f77da885cda2e45bab2fe7d750e868c29584e9
SSDeep	384:XVr78Snw8Og3RRqcTMyP3RFnMFOjP2f5RYzfwsE756Qw4mZlUdlQl7XWtHW6j:XVr78Swhg3RRp/3WOjP2f5a7wsE75xwU
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099166.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	64.63 KB
MD5	4717145c00a2b491d79a278b7f7c27e1
SHA1	b5be2402f72881b72ef936bad0628aa7749cde4a
SHA256	daf7fd3ea807fc2d46da47d10d3285f88053e71b829d5e098bc9d0e11d5ee4f4
SSDeep	1536:Ktfa4CKxfpYR6vTADRxhR4VmVFSVjRXMkVZuQDJDs7:aakfpZcomgMc8w5O
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0144773.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	40.67 KB
MD5	e780c8c0647bb116af26bb903d1df705
SHA1	3286e8a7f4ac6d91d0e7221935dab9b143e8618f
SHA256	48a703a53a988a618b552ef1334b70335124c86d53a278ed654ce5c7d008dfcb
SSDeep	768:49Fy/2jQofvqrsGgWwEw3EXf0pKOIWgYZm9BS0PKAT:uFyOUoxGgnEwSfqpIWOOmK
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0202045.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.65 KB
MD5	d7d0ccbddc93aeac9adbd71c3bfef032
SHA1	7d7f1f9911213212cc87632f40ec24c69bfde94b
SHA256	c09b9a8d7102dff1569e2417e8bdb124b31e62e46ede38237bab068663bef45b
SSDeep	768:HRxYWwBmhLPHkQk/pJtSU5zutVEsJgocI4Xof8PqOdXwAAOsYz6gGOKiJHltdT:xKHBiLfkflSU58EEgocbXo5kXRAH5gYC
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0289430.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	12.67 KB
MD5	e5db94dbfb4ed3c623f6ebe5e2a722aa
SHA1	641a5deb551e33a1c59a00e384fecb4c18457f77
SHA256	7f8b5996cff91dc6fe6bf8448ec83f49d176f4f057e4d57d2e7173f68de27589
SSDeep	384:OWpMqxlyrgSq5Xbpw1nrKusPr18JkIyCEHW6j:vPqgr5XSn0r18K/CGT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0313974.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	47.84 KB
MD5	1e7e70d30c7965b457b271a08fe616b1
SHA1	45afea9d97ccfc80e6b569d0fd7230631145230b
SHA256	9d67b289aea4bfd8ffe14bc79f915ead32d68c838b7059b3210b1422ed1ade69
SSDeep	768:Wn/+LNz08A5N8znwtvWJzdpmXjnq/Lr0l2a+R4Tr21D8J97KasO2/PRmkPfA79le:W/+LNmURzdpl/LMe8KWsO2/PFfAJ
ImpHash	-

C:\Users\FD1HVy\Documents\Qsa_y.docx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	78.80 KB
MD5	83ee759e75fc8e8e676809ea0b5903e6
SHA1	0254967b91a731c05cc2e750b725a50d04a71644
SHA256	ffb21337a13a84e79e377e65df02a0b81060a5d1c08834872fad45fb3bd90bb6
SSDeep	1536:qLq4uHZ9L37Jn4WtRulxChJ4X/EjsP+uJLR+jd0kLzFmnWHgUBuw9n6:mEZFLJn4UuymEjsPJJLRCVHFmkB7
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\0VdZL.ods

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	88.24 KB
MD5	b6d1a02e12838b55e66dc1680e120993
SHA1	5b9b3cf08bd4fd1818710a3628e31b8cd16ec6e8
SHA256	6cfa30e85ef82a82251b241f007c14435c39b74c362829032fd5296c6ff82edf
SSDeep	1536:2/aZbqNbOJC9UrUsUphjZftz194Lf2V/HzU9BTTmutjZ8wydntmME:7YNiJCOAsihVfV194Lc/wPmWjZUtZE
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	81.53 KB
MD5	96cd66b1b305f4070c4fc6d07c78fdd0
SHA1	4b8148b7b461567794946808f1db5b39cbefa6db
SHA256	07e63b1b9bf83a3ef8bd70eabb9f7cfb8ce13e03bafa0ae29dd519e04bacb41d
SSDeep	1536:Uf7Rco5pF1wRv+i2TpxY+70umYYBN9ELwracFbpE86GD+XDKAFoL/osl7Xk:Uzmo5pFORmiqQGS0P80XXoLz7
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	77.06 KB
MD5	02c9ee0c66537df00470ae47da13f9ff
SHA1	5c2e0c46626f59011ecf39cc212a7a7d857e9b33
SHA256	c0e40460479797f949b24f37ebe29b7babb49c378fe27960c33f2ac6fcdd7134
SSDeep	1536:JiX21Qu+oM4/HBDGkGIGK7cvQ0VPp/8jsATzV8n6N9:Js21Qu7M4pZ5/7Ap/D6zKn6N
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382836.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	68.35 KB
MD5	e387e8466d9b738695b435b25109f795
SHA1	a88d9390366772646a1a938ada6c1bd01a59cd4f
SHA256	b7a5234fe8637eb7ac2343200aa48eeec75952dcb0ff04f751c47af6f3ee2c5e
SSDeep	1536:+q709mHVSCG1/KRa7MZjK0Cpkvz2872pzIBjyBp1XD8:+7mHrG/cfKlWva8726ZyBp9
ImpHash	-

C:\Users\FD1HVy\Documents\Database1.accdb

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	341.38 KB
MD5	682d75fbdbdd74529e2ac2a79a1f771a
SHA1	18e20cf689b4c85fc128f1e8ca957fe89c206956
SHA256	1821796236bd9db5e11cbba1adf3cb8b7f1cc3d40a0d18abf8d15bf59c4983d1
SSDeep	1536:ZUF6RZqfQBZE2kuxNVnCvSs6Y6Vk/uFMIesyA2kKYjz7ZdGMdGyf/X275PQwFMcK:qF6Rs+ZE2BxNV3GOG+wF/B0h
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	107.60 KB
MD5	aa570ec58cea29821443c9e2329f6f28
SHA1	464062d0e25c5b6d45b64576b6b71c832fc55d42
SHA256	ce8f8707597a94387498d97e98538e540274871fcdb71330a27064bbf67ce7c6
SSDeep	1536:kAA4wMKBDum/lJ8SZyHlZ0ZzQWVAShISqTVjiXPyS:kA3Uh/lJ8S8HlM0WViq
ImpHash	-

C:\Users\FD1HVy\Documents\U1WelNunw87UOS1L.xlsx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	72.48 KB
MD5	597714cf0710b9b6d4bb62f3559895a6
SHA1	9333f495414662bd799122b22fe3459ef2819c7f
SHA256	c71b7d579fd8219656d03d8a1b888eea4bb39a2bd68c88ff305a388e8c5a408f
SSDeep	1536:9Qn6KV+M3wDr4F4STN/C0ChfqxVRw8T3muow:9QnP+MAIeSUDS68zmu
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.79 KB
MD5	6b6f6542805a0e4c2de0f43c1d426159
SHA1	036061ab0af7450ad9126c2b7671581a9132c7f0
SHA256	7d0d9c25e162e1cea6205bfeccb682790f2e43a12cb7ef959d6b154392f2ded1
SSDeep	192:XVbrILEa+qBNvzky0oTtK8i3jRkRJ2s4t77NQxM4W9apj6VTYeW6jI:FURtzkvKtK5CR8s4578lW9aB8HW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099157.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	10.83 KB
MD5	3a530237d82d6123182712ad7905688c
SHA1	5030305bc5bba3c2d0e141cc63ea0082c77fd9a6
SHA256	bedb861d9f199ae39080295265632f63e04a0b4a857afcd2ceebe7bd85f13583
SSDeep	192:2+sCx3tP3FdEKvVxBof61hE7VoBhPwsRQuWsJPoqTozfkYtTYeW6jI:2wP3zVx+f6PMqbP/RQuWDqkfkcHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099187.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	25.34 KB
MD5	fff6df3c1c3e9dfefdf8cd7b68ff0bd9
SHA1	9465e0e8b128c854f5344c9c2583c295ee2debe9
SHA256	3f9c9a0ddfd299bbbce1deceb7e820b1a9d3dcfec1bad642dee024019ab27bd0
SSDeep	768:1DtP4gyy8dRzDngAA9dm9F3Ctrx8ifL3zT:X4g2vzDEdmz3uz
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148798.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	38.72 KB
MD5	1a8d576cadb8e9e8bfb360863bd2c5f5
SHA1	e234be5341509d6e956c0329399db0d1e8a25f74
SHA256	54274a49cce8b115d421cd5f37560c0af9a9bb4fc12eba0dec766d23b6383a78
SSDeep	768:Rf2s1jypctgDRUjmoD5iAK6luLGXot0f+OiE79b0WESq+wVaRYT:92ejCggD2al6suoC+OL79b0WESq+wG
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0216112.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	43.26 KB
MD5	f09ff72d0d5a6a7efe5cfaf7333ee47e
SHA1	0ad76eeb3463d209bd69cd714b33b83dd95b300e
SHA256	559df9a7ff85d14808e520a7e3a3601ce9109e64f762991f39f864b47a43d580
SSDeep	768:ZtOWh0tL4de4shrUaYQ7A/T7C0D2hfuXGsKmperfcR+yibfbMgY7EPNQrsZT:Zxh0Qe4shezXF9yfi+Rf4Z6h
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309480.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.82 KB
MD5	61a72a7ff95c0473ef716c620972cb56
SHA1	25f2564ac84acf000d5de9b42515bf66a5254488
SHA256	270053bbaecd02e7f30590b02f56ec4668b67308a775d2735498dad386777a4e
SSDeep	192:zyxTlzagH/muVZHzRmQUrEYPkSQvLoUJTYLwSnR9kuDawue6qfgnVuTYeW6jI:zyRlaCe6DUzNQzIBnRP+G6Ug8HW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0314068.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	17.62 KB
MD5	23fbcf1f23f3d571527e2ff47c53cc9e
SHA1	29058dc246a8271ec165659d721799d149d4a13a
SHA256	ca6d6bef9f3a4c5e05ea790029e6bb49b786ad6e2a132cf20c10c532994ecdfa
SSDeep	384:JkkGncLHrcLIg8a5qtBIXL60cBlFs/l5ttv8yHW6j:WkrLmh8AuBIb60olFsL3T
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02053J.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.13 KB
MD5	38147468551b2cf9e170b71cc3d1d9c9
SHA1	1ffc4e887254c46c8ac46840bd33d6614f57e1d0
SHA256	ae25855d947760ab5ac905688429e595b6e143e5aab598a3e724e5a61946f9b7
SSDeep	768:krvRj30te6+ciN+LqM58paBJtZBkG0ShT:kmte5NY58KHZe7S
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03205I.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.20 KB
MD5	4b087f4dab0bba932fdcbe912cc4922a
SHA1	3ab05aa790ca9cac4b72965946a6a0a202577557
SHA256	cb1ce134b96020cf1774bb4d2f10f2bfb5f276c7e7bb54c63129f4eee510cc99
SSDeep	768:VEpVj6Na2eVtlqeoPQ9n6Q14NYD8vrSzac7fag8wdS1StpJoK9qJnjwAUsMQqT:VEpcg2eseoQEAISzJb/IVKK1UL
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\OutofSyncIconImages.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.27 KB
MD5	5e59a3b1053268e987f9cfc79eb34479
SHA1	60dbb907a4d0695b41707402dfa361b93c601438
SHA256	f921c211e1495800277cc0b62a1006d11ebbb5b4654c809eb1c6b5621b6bead0
SSDeep	96:tmtOVyfTdhFZXAqufIxld3gzXRQUm7HMsTYIDWzMJxRf4OzIM:s8VqdhFZXAqYKlSqUmrjTYeW6jI
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382947.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	86.16 KB
MD5	461483c644cf64411e4cd0295d14e624
SHA1	c498a5a2fe367ac1bfe27cabba3f9cf0f92a9301
SHA256	ad28ee58ec77f601a583dd47da378644643a5497a580c7f74f11cc773ee763e6
SSDeep	1536:oiF2395BuLUwZgLBOq5lncU06/Wm4eiweDYmt0rqpO9whNPIdB+:mnBOU3LBO4ln/rW3seDYMYqrPI2
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384885.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	96.25 KB
MD5	4f4f9f2c00e01c782e356f32fe22b77c
SHA1	d06149910f46cafa3c00f2457245c41f275eaa4e
SHA256	2d39c2d54f0ff81372ec95b3e5a3c55cf6a4d6f5278b45a6f787044a0cf78603
SSDeep	1536:CxZkkFCfr7Rn+N8SVetaLbYvKnETeWZ/A4tHkxIuiyZlildCFAUNRYWVcCAYcUyI:6FCfXRndmLbYinED1RHk8ye6FAUYya
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387578.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.61 KB
MD5	e1b7942800e60effdd453543cb687746
SHA1	b7957c39e9b8356426f021c2fe2716cec9e035e9
SHA256	1a34052473092710697db6f00cd5d8046519118a88cd7988d2170583f210806d
SSDeep	384:7+7rP528hGxNGdUcY/W70BleJZkqCE5I+dAqQ3sMyKpBxBrkc0BWaPgg7fHOHW6j:ANxEGdUcb0HUTPd5Qjbz0DPGT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145168.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	34.25 KB
MD5	0def97a0b65d6d91f4b229059b2ee9bc
SHA1	c39e24380bff30339db2b293a263bd5720a0d9af
SHA256	2432ae8235d110cc20933e979799bfbbaf4f2ef10458f065e048a9da412c06d4
SSDeep	768:5bmAK+1Wp9Hw3UD7vaMOncCdFa0Xpwswhi/9xEJ9uEuh9n293zT:vKx9Hw3k7vanxdU0b/9Ykh49
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0175428.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.59 KB
MD5	2778df53ab2ec43edc598364b5b811c2
SHA1	f84df84caf83e6a513ee593d9d5649122c27d7ae
SHA256	cdbec3b8e4521476d139be021e31570bb71f010811cbf675746103aa5481da73
SSDeep	384:8ArTIr58kmmsGMCn2HCda3hA2L/zQ4D7rWLtRs9rou0tB9djGaSHW6j:8ArTfkr/B2L7L/zQ4nMt+8ZttdET
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0179963.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	32.74 KB
MD5	15f47f9fc678f39ee16dcb914d745392
SHA1	f4bdf381dfb26c49a1f0c7915d32a189787334f4
SHA256	49dce0d380b3fa963fc48bb57d6bba21ac663d0e35dd0720c57d0404b033fef5
SSDeep	768:BQeTeiiO+nqZWZtPJxQu6kno0WqcacPJjGXFbLFM/ZsI7XBKLuBsOT:yeTeLO+bZtIqoFRYLMZsMO6s
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.94 KB
MD5	96001287e74839321bf86366b3567f14
SHA1	e2019f07d225ec06718d3fad832f250d821b47c3
SHA256	2065c05f19ea46f7ca45f5c93b4897dc57b6de3d067bc5b0619efc974fe64109
SSDeep	384:kcxXV4Qb1RWSQeW2GuwS09GhlU2i/h+etg9VHW6j:kmPvWn0lUjhc3T
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\QuestionIcon.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.41 KB
MD5	586367fc299546fedd17a9cfa0db5a18
SHA1	6f076d4613b57bdbfadd4e86fe4b177d3f9d0ce4
SHA256	76b06c613c12db73fa7b149b94a0de4f2b95e6705cb393f93e1cde2269bdcedd
SSDeep	96:5DU2awjVnrxiFvPaauDfUWjWbhITYIDWzMJxRf4OzI:djVnr4vPaFDBgITYeW6jI
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\AlertImage_FileHigh.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.40 KB
MD5	1a04c0b486a7583481e0af9ef688b229
SHA1	567073e8ed36dd35a48a381110ca8660439cb0c3
SHA256	d3b5c235f2cc7959390954bc8eea38d7f80a23953d7cef7c852080b117ff0f48
SSDeep	192:bzlPqKgEnKI2M05Q7ENIgIXiU3tu7jU8EZWhmAM1O2/eV4LcAtqTYeW6jI:bzs+KtMmHnWXu7jU8EsZTVSqHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\AlertImage_FileOff.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.10 KB
MD5	e4268e0d9e34e86e417f8aee6060d455
SHA1	348478bbb87eaaa8a6c6641dacbeb68ddf9109b4
SHA256	dee867c64f7775c8427dedb4aae7fa3432a27406844fdb088be838a802d6183c
SSDeep	192:9H/K9l4p2L9ZjHmP1Um+dXU3C6IiLpYiymxe1g+yXQakrTYeW6jI:9fK9Kp29ZbmPWRd9iFH8ibgakrHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\UnreadIcon.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	9.36 KB
MD5	5f776db05a909aafa545f5870e5bd9de
SHA1	785994d805b5de8eed09b13fcc6de31bb08f645f
SHA256	36e851e4b3ff0c791ce62baaabc42833734c9f23f0c991834bb1fb3aeb7e6fc7
SSDeep	192:T2Z4I7IaD6WAE/GCsyAtw2TfolHruBKsC8gBROyIx+nrSFjGjTYeW6jI:T2ZJMA6WQlyR2Qug8COjArwCHW6j
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\combine_poster2x.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	48.48 KB
MD5	a17cab5cdfff04778b4a12107d2773a2
SHA1	5de284c88b6a930443a30f152c61ecae4c44d085
SHA256	dc4cf62e6d3897713f82a1723fd24121f2c9f54e9c50e23d7a0e8fe63957a74b
SSDeep	768:DVry0tMQP/XShfj8RU8QeYfoIf8g5syHdB47J+HLOc5xKNRCmF+dK/gFT:Vy0BnXShf4RUmYgI7SyHdAwOc5vmFX
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\compare_poster.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.02 KB
MD5	1893c39d3994c0392692b2673f16aa11
SHA1	c7b5836bd0a838cd213319a7a0a5e782b09ec787
SHA256	e4ac24d235d25c2d9f5a41ff800960dc99194c6d7a1e9b98628315eb7d1d9d95
SSDeep	768:8dur7x5hDM6kQfS53adFrQ8keI9dfqv3T:8dqdjDMW1dMdfW
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01239K.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	7.23 KB
MD5	51778231502ee4c9c61827a716a9bab4
SHA1	09c68857c51941c2a1259c8a20179d5f0995126d
SHA256	2efa2c0d07e9de5aa454a886df5c3c4d9ed44826894abb1b507c2b35cb6bc847
SSDeep	192:9VtPE+omB17677O192hwEfakjdhjrfrheBK0RiTYeW6jI:Tt8dW17InNjddfrheIKiHW6j
ImpHash	-

C:\Users\FD1HVy\Documents\YozJNm0q0Pmd.xlsx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	62.60 KB
MD5	e721c60b6443148729e70bb9b4a8eb2f
SHA1	40dde0f4eb832b957445fb13f1682aef519bbb5e
SHA256	838b7d2ca06f11625c695d834f17800a263e0bc185717fcdb87396435fe88f4e
SSDeep	768:fZtCtizy3V120ze3ih3SPJhzDNqaZFSnvuF8Oen41MJYdh3RpJ1dEj9nyT:Kd2+eyQBhfNqV101MJYdpJvE
ImpHash	-

C:\Users\FD1HVy\Documents\XXCQZJcDbe.docx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	95.08 KB
MD5	bf2e2cf44367a8ef82371eddbce69c39
SHA1	92b643653afed8ed8c501a0318b68e4ae793d2fb
SHA256	fbfd71576b9faf82ae5ea677ba999bc8c2c09d07fe1b0010f4c43e24c2537f9f
SSDeep	1536:qOsoC4QHKR7bvm9FIIAeTy+DFtlJz2auYZsKyjmoHCADvLvKmHfRtd:q7oCDC7o7pu+BtlAaxZsKkm+D3fR
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	458.62 KB
MD5	e2a967cb1fc3b26b529c753fc651ba6b
SHA1	064acbcc4ae8a9694cb3941c843a9d5eda400512
SHA256	d6c175494d092bc44ab9a4e62b2927132e535f43e1bef9a313321a00d6b285bf
SSDeep	12288:P+vEbwosc3h+N8hcBk5/732yYLmAQktFgn/AURkOZo8KYCqt6YSAaEM+ZS3VO6sx:P+kYnHN+/3
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\pZkrU\cC_m.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.63 KB
MD5	61be9cd985e600d6248703ddf7f88cb5
SHA1	616da60abbc04d955a1d45e51e0503b11e199872
SHA256	967e45563ced356180eca9fcb5787fa74eb4dc47a520c02ac2b21a5a29f87ef9
SSDeep	192:QXJGOP7+J9DQH+o+tolepnL17OuWKUhEkPdOWlXk76eFDwjB3TYeW6jI:wJGOP7yFz/oAppyuWKwEkPEWlXfeFMFz
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099165.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	50.69 KB
MD5	40500c001ac11744ba7fd747208ef68d
SHA1	7074d234977fb5f878a5689696331184949417c8
SHA256	609ecebe65bd1ff4232b8b85b967de3cb834ce9b82fcf35800bebc98fef06187
SSDeep	768:U4BHzYBRSSpawpIimDLMzf7bi6sLYN8lUkaw6Ap/fr9OL4pwBSZ4yCLE/RGT:UqzY2Zuf7uZalApr9OLRSZRR
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02897J.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.45 KB
MD5	8d9eb8a9c91049e8a26b9cda17817e67
SHA1	ba3e5af535594fb523b5c491b27a31b8a99ba33e
SHA256	72fdf144090dd51a0c83ac7d8b014c11fc75584c262b1e7371639e626d5e22fc
SSDeep	384:roqi1zWXpHayyIAryqVx4ZuIvSNrd2kHNKXy9aM7g9taHW6jD:roqt3yZryIqdSNrd20lk9t8TD
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341455.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	30.47 KB
MD5	17d58b3b95d558dac569e553f1b51bbf
SHA1	4c93ec8375fb675e61d1c0bbcabeb7b6e7c03159
SHA256	155f67179af43134abdeba1f9de5a5f9580218e0df2947ce40bde1d193180362
SSDeep	768:SDjsSd9yhQlz8zngOuVl2FQJgf0IamkF7QBNppwxdfkUT:qd9NcnRuv2F5fpamkRkN9
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099191.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	62.29 KB
MD5	64fba2dbe706d0e9cc79d4aadaa83138
SHA1	897eff9c55777e6fa9db02e9c7a576c594065870
SHA256	017b65e26c3d3aca0a04e8e39b34ca22775f972f56c0bed79061594067a1a39e
SSDeep	768:/QSOFbBqYqTT/zrH7CCQqYZG7D/ku2sLKO2kdXfbCPB8uO1wZC2hzIqT:/QSKBqRLbXf2sWO2kJfyB8uO1wZCiz
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341636.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	14.90 KB
MD5	909a774fdc646698756b7e79ee0c3ee9
SHA1	b34016cd22720fbb9d9b726b27e61c640e50c563
SHA256	7c1ccfd00831c26fe19a924f43ee3434490ba1310eb85e3b1eec163aa3250750
SSDeep	384:NJVwU6bkidojDFYTAxieR0Nsyqv418TroniSdHr9KHW6j:NMjCjDFfRovc4nRdiT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0313965.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	43.22 KB
MD5	2a2cd535f0847b3ecae0c751cf517cce
SHA1	713fe40b7f8ec538c029fd3ead196e901443a364
SHA256	5d21c5509ce32618c418fd6ec23b298292f1c5697e25de2d0df5f1f4e7a4bf87
SSDeep	768:rpVs8xWjsLB7ipkmnVVqu+RNkoLaqowCll26Ze/w11E1mUSBiDPT:9W8kILB7iamnVVq6oGqCKt/S1Eca
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382954.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	88.01 KB
MD5	14214a861d1b77c897855f848825066d
SHA1	aad7be8449fd219d646f95e9d6458cdd0508a669
SHA256	5addfbffd212876d834e7538313c3069b99cd3ce81bd9925a84e1bb73a96674a
SSDeep	1536:wQABmqkOE3q1kl/5lsimTgoN5Yv9PuBYDjyCZjrYZ03wbLZ4jJW+nUwV:wQABm1OMq1c/KTsuyDjL1YKgkdUC
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\protect_poster2x.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	59.05 KB
MD5	b9d55375c84ba4ad7bbd5c97785e5a91
SHA1	6932341651b23cd6a8b49e6623c80c6ef4fec4c6
SHA256	819721dfcb2989506311fb3709e992297e5ee13b80d661cf6def6387265cfccb
SSDeep	1536:OqASJ0GhFXIsq0MtiYbl4TFuSW4vI67V/qN05s1h:OTSJ00ItbiTFumvX5nS
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178459.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	29.90 KB
MD5	61462571b0745f90c0121d0f27585ac9
SHA1	0185094959201b17815d039515a323ebbe4f1dbd
SHA256	f8ecf5abb0143923c8d26dfeb512c05446c4f5da71e7d7ea2af00878603a292d
SSDeep	768:++fhKCUMVXMTLRSVUCCDsYvF+hKtHRINgdYT:+DDf1RCCDR9RA
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099160.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.17 KB
MD5	15c4c3e5d03f448f8d3e26bf14c979b9
SHA1	ac5f3b4291f814024e7a0e882d4143d02a269dc3
SHA256	25443924711babfd69b044bbdb7b3e51282adbdd98c1b56bb4aff3835a87c8ce
SSDeep	384:jxP/ksE/z9HynrNER3QEf6guUlay3Tqm2BUtbysQreKHW6j:FHkzisJLTd2BUtbys8esT
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\protect_poster.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	24.18 KB
MD5	d338cc5c675c5443cc6772d957fad937
SHA1	83445ec3165b119288cad0a70b7cdec8a88d50ae
SHA256	f766c2e44b47870c9c01b5c8c3ec84b8299b735f31df0e67c88e95237c97d105
SSDeep	768:6sw2D11g9oP4K0Rxgsp3C39Y1mG9VxxT:6d2guip3E9Y1mG9V
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\NotifierDownArrow.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.23 KB
MD5	5c4d68ad8eff375437df17b096bd7dd7
SHA1	69f985ef0dab9c9c8def3cc5d3ba2f67f161d93b
SHA256	e930e4f7da919ebac73b7b1a2e903885a4316bf1b176583b2bb72672fc5887e3
SSDeep	48:uF7CTGi3UuU0LECggYj8hhNTlc/ID0hzMo0xRfpiOx349dUTk1:uFY+uU0Fg96XTYIDWzMJxRf4OzI
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\edit_pdf_poster.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	30.29 KB
MD5	2ec75781b3ce645cf8e10d67dae62762
SHA1	711962fdf6148dddc3573d32f993261cbf039f1b
SHA256	b32bdd09c6eeb8fc820f57ee9882365a6dadd7f475d9a993bbeb293c7a621a1b
SSDeep	768:47tWYapqDoCuVu/+++++++++hjF86eBjJYbyxGuET:4RWsMF81VY
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099188.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	10.25 KB
MD5	a091d90bf48e31cea0557410711245a3
SHA1	8d0d1232e47c9ca420d78a6dcd58dcac4af76c93
SHA256	dbb36ad07f7c22345f951a41591b991c9266756a2704b13d65b1d1774e0425e8
SSDeep	192:T99ENzvySjlrX1JnO+56o7bve3+A9XOc0Dm1TYeW6jI:T9Svfxe+Y0bv6+AAc0cHW6j
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\scan_poster.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.02 KB
MD5	7e635f20a3b79357c9226aa171c3e420
SHA1	547d16a53694cc55d74f4fc07316b1d32d3066e3
SHA256	2c5c2a57315bf2bac63c7edfedee81f3977d4b95d231af914961aecf4e6eebe0
SSDeep	768:RcTzG8FVaVdIsOl1uiiuZa+LZiVfkCNbJTn8VYAPKjp5g2nuDuT:R2zoVesOl1kcjZSlJT59uD
ImpHash	-

C:\Users\FD1HVy\Pictures\ZK5QsrvbZC45UoO.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.10 KB
MD5	d272e8ef6dca2e57163ae98035543c0a
SHA1	9f1744b25786f9082df806a558d17c38001d1e0e
SHA256	c3dc37f60ad9ad9493ce5a2e931b442f5a31d6624573448c8c95321ef8237965
SSDeep	192:/wIVpAH2NRB/vdBRorioW0VPxh17LZe+M4G+Vy/ZFGAioXYme15FY7rRs6z7ylUe:/QWVXdBqrB9VHJLZBM4G+w/mAsFaVeiB
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178639.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	32.67 KB
MD5	642d939dd48232fb4a7708daae7020ac
SHA1	c6ca43a2b813b6d20c6cb55f7f6cbe362b2089c1
SHA256	4bafc392a3f69cb621cbdeee72b5081e230a0eef99fa5e901894e3fbd9b50cb4
SSDeep	768:muuVu6e0CdfiwdNLdG3qSuvo7SWEWRz858T:tee0ul5/ZvoLEO
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341439.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	20.49 KB
MD5	f3f31261394e3b9c4c86bfa2d4c3af02
SHA1	e1637cb064177506fb5642bd6c758c7430cd95a0
SHA256	ef172d03236896117f3a68686ac20cf821c3e10ba8e30699b3ba7d7f4b8d17ca
SSDeep	384:JrOFYdCRbJ7iHCJEVlHgXjjm+e0EjbsRYtL46ElBLAG4/WZTYmwQ2lPIoeHW6j:Jl81tFm0EjbsatLRaxG+ZK3PzQT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	14.44 KB
MD5	3f7e70b3f3f3d9a351ce26ec09bf021b
SHA1	0db841c5f5f78b1dc34847897e3d23d4cbada584
SHA256	06b3e67f67822a37a4470b8cc18931fd2b3a95ccef3615322f08403e92a616cd
SSDeep	384:K+ycwXJ6B+QmEFm4MbwRVsTXDCLaJTRplt11vHW6j:7ycwrQmzLbRTXVXvT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0216153.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	22.50 KB
MD5	3f046d9be3f927e81c5da252765c1b32
SHA1	0b587be0d2852a0486837c83657172bf83674b21
SHA256	e3b059a856d2b31b1c664d8450c38b93ea0801fb560ec4a8fe9282dbc25eebe7
SSDeep	384:5Y3idaXwmArC4srpz1lyjcyn0KuvcSCrflkuNFsycYHJVnM28vLHLk37HW6j:5qR6srXlyjrnHuvcDrfbNpVvEErT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.20 KB
MD5	18efa2c48034cbdd115d4287b4539217
SHA1	e05487a3df93321ec0b124f29e083659b176d825
SHA256	85ddb1118b1d539f48c48d95a6e43ef9d789812c49fd91c9127880beb601e584
SSDeep	384:jnmN3Q7MwcaVbwRVsTXDCLGxpI0eR/eLPKZsPqRHW6j:jnmy7MwtVbRTXrBedebKG2T
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	57.24 KB
MD5	45b5bd4412be0ff18dd2c7bc0e9e8a33
SHA1	cf8c0b3b386f946b7cf5baf8bdd388e95daa400b
SHA256	a0257a1fbcb26c537bfb7b0ad00da6048cf9859be5099ab3478a9a59d70a5bdb
SSDeep	768:EIuth3Tsbn+J2QFjit4cKt8XhrA+7nlV9n0fy47iB7qP7t4rO1mXbBIB5m+h+zNj:EIuUSJ2zHXhrZ1tMk7uUO1mrBK5mtN9
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\edit_pdf_poster2x.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	73.73 KB
MD5	d8f71c173904b05ad3fa6d3f6263ef62
SHA1	0326cc12a6e02d17c2931fa911ced43d87d7d6d9
SHA256	11e3f2b0172b9549018aa33a44034ac3dcc4ee4e5c8cf3dba26f954c4b0c27d2
SSDeep	1536:4lCu90OAmjvFqbvxiwIzSXJpTihqMz2VthjUn4P:qd9BjkzP+4tzhdm4P
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387895.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	32.87 KB
MD5	3d30a5cfc076f71a89513ee0c1c221f0
SHA1	3cdbe0c7379517e9cecf1be4d24e970192fbf237
SHA256	87b0864ff90023fd659f84132d6dbbe29928c9c2b1ec2b2fcebd924b82aa9597
SSDeep	768:yWomD/zcPStkmGAORluaevH7nshZhewgWBEZt+LnbklFfps85BK0OT:Nom7zc4xORluJbn0ZhNWeb0FfpsQBv
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341328.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.34 KB
MD5	ffbfd66918e567627a58a400d134086e
SHA1	2afe82fea61590309ef3f9084bd732fe9cb060a0
SHA256	d53dd75ef92344fbd6c496850751dfb943d3dc7b36299f155493d082af135805
SSDeep	192:B+pmKwj7wa13Yc6ewDmGgfJnrdr18UhVWjxnhiV4DRir1XezrTYeW6jI:B+0KAjp5rlm1hP0r1enHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	14.22 KB
MD5	28432abe733924092c90a17ea2e85c8c
SHA1	b05dd1d1c0bd42204915ba45dae1cd0a42406d2a
SHA256	909fd5b79158a978a847214bb3af8f7d707900116799e9383a69078ea17af21f
SSDeep	384:X/EqeM6jDC+Zw+O+uVSEEjzLwShelqHW6j:P3eM6iOw+OZSVzSMT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.84 KB
MD5	f3e21fc1019bc1da52c0de2aa370123e
SHA1	d7eec7a17f4051ebd7a65958c64b0f1f291396d1
SHA256	934c9aab4560cda583d7b0944cfb692e7ddaf68d844f6b7140df53466cc5d8f3
SSDeep	192:nq5grkXc/gAmbf6sDAAiOlW6y7bl/7B4oATx/42/J4MjTYeW6jI:nmePHOFl7Ebz4oATm2/J5HW6j
ImpHash	-

C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\resources\Picture2_80.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	143.31 KB
MD5	f2af3982751f0aecc4e21e4fb9a7fda7
SHA1	78c865149d141d0ea1dfbe3ecc9a52c9245af902
SHA256	740d3c53bc1e9d59dcba1715980a6e57ac3fbcb7df9270e800ce9511be4cf7fa
SSDeep	3072:3iHEd2vTbHr7DNrsro9GKrDtguu2UokHvWzupURkDe0XETfD0dc86Q:D2vn6+Pyuu2Uo039XCKX6
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\organize_poster2x-dark.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	68.97 KB
MD5	0723a26430cc0185e8eb3845f844fdbd
SHA1	b364d7334307d49bbe5bf483c112047ea923b4ae
SHA256	cb1f33f9a0407183e3a4847f67a3fac762d1ada2ae3d6bb7d26c99b4b6fd8f01
SSDeep	1536:klSLZH8MlSdF0KHEdH7Cc58pHy5rHynNaHvXa4v3RYmb4444444444444444444a:/Sz0NdL7DyNmXBvnX2Wd5twwJUk
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\compare_poster.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.02 KB
MD5	b601072883d60ec58f720a784080278c
SHA1	2c1d92f21396129f1f29f198299f0f74a065766b
SHA256	c86e6b6981334d8d604047f59226e2f106390b4fa863b2a7cfd750fb388d32d3
SSDeep	768:vYb50Or7x5hDM6kQfS53adFrQ8oZNR10XTYST:uBdjDMW1deX10E
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341559.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	27.50 KB
MD5	3a315f49c3e3a868e6c91c637313500e
SHA1	23964638470071c43e9734cf801d1ea621010f15
SHA256	58b51cf1a0ddb2ffc6edc58c2c425f131c9457c1ed3c1877ace4deb80260c56d
SSDeep	768:050YeMEmAd7iUhzXLXgY8DghaAecINX1T:G0fxP3YWvp4
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382925.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	116.97 KB
MD5	1866265e3f4c8740a572163b9072f172
SHA1	0fb7826448bc9866cd00a82a5b59d09f59c48dc6
SHA256	0127de6c5086c48c027646da32dcd4741f0ac93cb48fa4ac6ed308d38e831da9
SSDeep	3072:2Q2R/lZfFL2kX60SKDeab+Q3Jtb5MUxb71P4xyONyYBv0zzq:aRLl2d0SeAoJtb1bx4zy08zG
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382948.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	108.69 KB
MD5	1391bff67bd76ac284b29b81e6f35fde
SHA1	36f3db7d9ade335b36eb2c285977a58d3d37d4ab
SHA256	aabba2f8faf6f8bcaf5685eefb7794665df143c2d88e288e0b05cdf1cf2c53e6
SSDeep	3072:ae/km2PGgM6knPRjZxqsI13QeBrCHjMTmxWV9:aaYeMkPNZjImeWvWV9
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145669.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	32.49 KB
MD5	435b7c1939d9a8ad9bfba188d05617d1
SHA1	a1105dfab6f50d15a7f9eaf61132ac29d26afb50
SHA256	d8712b74905331806a5b906b6978ecf6ff3aad2cea4b263e0de59236d1bd0167
SSDeep	768:nAk/Uet8YQumate7HJ/QZQg7VdKdG0X1viftlxQw5qRY2MxRiOT:AXetvst4LynviF3HlDi
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0149018.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.13 KB
MD5	d4875960929c90fd6aabd2003161fb37
SHA1	bc5917fec100fe9c2ab64d63d99125f7f166508f
SHA256	c2ccc03f850c63dff4c204f1a97f86bc610f00e2215148b8da3b7f33418a96b5
SSDeep	768:SIZWDl+EsRJMXGgdKSnWwrcJgFc3MPBt2/R7T:RwJ+xy2oEwISc3g
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178460.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	27.29 KB
MD5	e8702b9b4ce78208dcf22bed3eeb74d8
SHA1	2c06a88a97d54d182101d43f5c69cc02d49e3df6
SHA256	9159b76b4fe535d8714f8f966ce9e7952207aa56b937d94e60efca16aaf62d56
SSDeep	768:PhXEnU2cddAOUdK3os7PJNjNepeOVXKy98iDhT:PhNddAOUQ35DjNPO5Kcv
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03224I.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.45 KB
MD5	946217049de8f90f5bdaa20fa942b97d
SHA1	6c070169e2aae0ae679974348e338021fb2b8d7f
SHA256	35a276e1d11d04fdc07d56bda5fafa67b9c79c6366f43d74bc3a0ac4a33a9ed7
SSDeep	768:i/DeLYef224H/nZ+HNzLSGbI8Er/F78NUXvW+voSiImq/vD4/8zu3l43IzT:xEef2HH/INzLScTEr/FwNU/W+vojImq+
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\Shared16x16Images.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	26.63 KB
MD5	05b168837c597c35a0d6d596a89172e7
SHA1	9866b9c49534af0efacfe553113cc759e7b3a430
SHA256	299f89f728e390c9d9d0a040069a38172677f771e175d1f14b5c43217f2ab742
SSDeep	384:P5EnI2pLkX1HwVglU5f0+avs3+FvqyFkHW6jF:PSI8kX1HwVSA0+avxFSFT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\AlertImage_High.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.33 KB
MD5	570b6d3f01d5d7dcfe3c95875d3542df
SHA1	0101dcf6860c8e3a4bccc7441a207860adbaeb8b
SHA256	a6d441bd6f6e46541fb9a89c270921d4fc6b3c38fd5eafb61881a2b6745bdfcb
SSDeep	192:q6HoZ31M9Iy3nQVuhHQUE/wFMTGTYeW6jIT:fYy+uJQUneGHW6ji
ImpHash	-

C:\588bce7c90097ed212\1038\LocalizedData.xml

Modified File

Compressed

Not Queried

»

Mime Type	application/zlib
File Size	85.80 KB
MD5	b1e1cf32b9c58c341bfeec8b560b7bb6
SHA1	03dacfbb8d27f05b0231b80993fa66b51095eacd
SHA256	bd28aa5a91dbc8a8e641b1c437d191b6da315d4893bffbba3e3e92c2ea3bd466
SSDeep	1536:1f+uyLLuNF70SNjPBzuXrXdJHbdi3kC41HxkXWb:oNLLyF70SNjPBzuXrXdJHbdi3kCgxkX
ImpHash	-

C:\588bce7c90097ed212\Extended\UiInfo.xml

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	39.52 KB
MD5	688bab3ec0aff2ded5ced3495f3856b1
SHA1	c3ef739c54d0f48d1f49dda6d5570ec827191529
SHA256	e0bc17abdf5c0a1d57f733e917f1892351b28f706d22356eaf640aabb9805bff
SSDeep	768:RnXsstfjZTQaAFMG7YDt/FcHwbQ5X1oPr1UO0NWpPUb9cu+dOtOcOdOjTRvg1LPs:ys5BaMG7YnFWloPr1UO0NWpPUb9cu+dt
ImpHash	-

C:\588bce7c90097ed212\SetupUi.xsd

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	30.80 KB
MD5	a137de01b5b2becf9fea97aaa918c14d
SHA1	980464f73cba218aa26c4ca6e640d636cecd817f
SHA256	08d0c9afe7ea8385155d1e12f35a2155017e560c12390645f1d293ac7fef96c2
SSDeep	768:U33s/ET/chT+cxcW8G2PoR2DRtDWlRLT:23kwchT+cxcDbVW
ImpHash	-

C:\Logs\Key Management Service.evtx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	69.38 KB
MD5	8193cc5dffcfde5f4bd0bf9cf8f136c4
SHA1	a06e48bb2771b829669eaf296c8325347cf4a290
SHA256	16dd66cb55969cac56e1e67b5e03dd7f2e087b9620b5b4a2da223b7a7e1787f1
SSDeep	768:KBMKE7jtoCzbF/47erfdRWE9BMKE7jZT:uGPzBAKBYEHG
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382962.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	113.12 KB
MD5	e96eec7d83b82ba6e664acccff4ffd19
SHA1	940319e17efae2b5dd2d8abb62ed803f3f69ed27
SHA256	475b66acba91ee28d83f51f697e19e4ae4532a238d811d8777842f13b5066bba
SSDeep	3072:m8I6Ezqrjuzk5EWsJlg+EG3OFVq+zcDPCoKq2:g2rKziQjvpS
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341742.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.81 KB
MD5	35719fa77ab26431004879ffe7282a16
SHA1	48b35f0cf548deb471d3173beb57801d308c5808
SHA256	c919e232776ddbd6da340cabbc3ca152173af0c1fdd35d2eea773e5c2bbf2d89
SSDeep	384:/OFEuHQm/sRKCp/LDEobGK+T21QFfkvBQBq9jC3++HW6j:iE2/sRKY/3BbH1+fGQI9m35T
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0227419.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	36.09 KB
MD5	97a9ea562719ae605794aef5b1079c4b
SHA1	b8e2bb1e1b12155c3d12125da4b3cdf3d1904f62
SHA256	9e6bc6f0569da92610e3d498518525fbaa9d24bc76c6f475b645b0e76ad54ade
SSDeep	768:LgHeUe4xfy3AnEX53Gi67A4duYtcXUFUHhKPSTSw6QmiDaNx7M2hUB4IpgM3wT:E+Axfy74izYtkUFUBGS2Ia7fUFpgM
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	57.26 KB
MD5	28afc26d0f01eb360d21c96898b7c995
SHA1	e4bbceee0fa96f7fe7c4a760012c7411f76c32bb
SHA256	03ff460640e0c068ed488b9e0bdd1959c5e5133b5a7f03b7b35c37d4b2ed74a4
SSDeep	1536:fUj9w5thyNpHevPvAnK3Vvl8RwyoSTxQ57:fUmt29enInK78k7
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382931.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	121.20 KB
MD5	d6d512e410428fe54a67baa7f159cd10
SHA1	cd2a22a301c6419bcae022d7cba660e2e86e3a01
SHA256	3e283050743472bd07ace46cc3d5b2a1e99f33366da8db5cae9d9fb4bc63d6b7
SSDeep	3072:fi/PMIvYRegPlVbuLyRq7YizOfhvTxOOeX/LQmecJrVsde5:K8IQReSlJMiOgTxORMzcJrKM
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382944.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	80.91 KB
MD5	e8d6a8266d313fe8dd288d9fb4015c84
SHA1	b4a74447e37c35fa63f5c00650c0933a46cec24a
SHA256	b70031301e0b162d2ddd8da40cdd6158b87f185e1bb3f6b6fe8730e82ac6f15f
SSDeep	1536:YPFcA10ZQhXZtWKcJa8MtKhknvy4DHLLIdBabf567h6rWVpGNMMdkIV:0Fz0ZQhPcJa8loDADATd/
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0315612.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	17.94 KB
MD5	d2f16170d58baa024525c3a05138814a
SHA1	ce36c4a92ba8e125931064e93d6fafd4217ae0d4
SHA256	c9c38ffb42a00cfbdaffef0dde747adc2b783d47b4776f8a04d332e8d53a3c42
SSDeep	384:3izBK2WfZRRmSwv0kDkVk4SIl7PxbPpwLKt0dpPN0yOLbHW6j:y02WLRmSwv0kGk9IlLbwLKmWyOHT
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	41.15 KB
MD5	cdbac70363d261c9c7cff2bb7d45894c
SHA1	604bfff06966b3b8697cb4b492084fd29e20f862
SHA256	aa5e3eda038aaa5c335064f0cd767f7ade79211594cb7bbf6b90f8a4a9cc3f37
SSDeep	768:T5znFPe8mKXbyvnDBk4kYlOAP4sHcSpp31tPiMBn9gznvy0BUn4tLTlJeT:T5znVjmW2vnDBkf9AVHpXPRzgLi4ZT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099147.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	25.19 KB
MD5	6d9a3f22f21d797065c65a8495cee536
SHA1	860ecc1b04e5f763f64c03bd7071cadafd217ac2
SHA256	91aa47ac5abd109944301738545b10a0770e56c07c57fe22da7e46e6c40e6703
SSDeep	768:0ThDRB4phHVBexjlPl7dZzvsLa8Vk05DT:0ThDRm/etD2J
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382938.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	98.59 KB
MD5	5aaec34aaba6f7bd09f571a453f0d1eb
SHA1	85a5de09890fc4cd8042e19a852b0df583fa6ff7
SHA256	03f68e51d083ed2dac06de65e36ea0841c790b6317e9071b8403728469a9c6b5
SSDeep	1536:uWz/b/g9Mknm80bblUtjdVKvZe166P0ilBQZbC3wcjhlAuyjsKCe:l/Nkm803lUBdQBe130gQdDZC
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382957.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	107.86 KB
MD5	d3bee8395de20db7a159421bdfa1c9c3
SHA1	3003f893432e4d5fb2441318d1a686fff045125a
SHA256	35f45ffa3f6e8c837999d00146c4cb75f92ceb154e38d74a992df0eba2e801cf
SSDeep	3072:oOPf+lbOMgRrw8CXjGNGKUaQAwkZEsuD6tr:oif+lbOjRrJGGGKuAwkGsu
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382968.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	111.23 KB
MD5	7c5419dc23dbf8be41a695e46a0ed7a1
SHA1	467797c1d2eca5822f9c61e5777d3e494615cb8b
SHA256	c4ddeda6588869b15c2546bb49aee6b1271b1e8a47d4f96bfbc9bd35f9a7d13d
SSDeep	3072:xbD8OV3OpsM0ptAnG1BzwD8Wuqs8tSzQtSsbe/:x/r+psDu48wtF8KQzA
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382955.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	89.37 KB
MD5	46d2688e5a4016f5767fae31f9aa9afe
SHA1	b55e599f88f60f818cdaa301a85fe83424bdf9bf
SHA256	77534b2e61c7fb1a3befec0a7360e463fbb4ce6e49de0dc5a1d5c2603988ead8
SSDeep	1536:tUd0AiK+fQ0L/4Elwzw7wCSWr1HVn3iUjLR5RGnbZUHCKmkM7UzyVAOlF0hH2rIh:t5AiK+fHRwzecWV3hLn0qHCKm7eyVAOi
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382967.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	92.64 KB
MD5	5c088b0d359a938a2bbdebf923eeb60e
SHA1	da602b50d01f59fa9fc6a1f161df42229d95a542
SHA256	8e4abe802930ce1ea87caf7c094ffaf4ac5bd00a4a204b121d8b4ab5f2d6c5e1
SSDeep	1536:hRO9+/jVYwxpdDzjTihC8+mRASyO/XVmzJCEJLmr+BHBRQIhDJp:hf/j6wNPjKTpj9VmdCF+HgI/
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386267.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	43.66 KB
MD5	4547f6a386c1dd891683beb7da92386d
SHA1	d384edf97bada99faace11552f7464a5db774303
SHA256	5a69d65437a0a0b687661bcbe688763f426c22c84474248147ac710518404b7c
SSDeep	768:2mnBzJyz7bzALwNdjU1UX9gSQEHFU+3iHY8geJ28e2lupq9JuzStTI:2mBQz7bzAkNdumlbHP3i48ca0qru2G
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382960.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	106.37 KB
MD5	b97323c4629e1f09e0f4f423e584429f
SHA1	ac6ebe00222f083b1648243494f181d41e2db7ef
SHA256	378edaeb9e5370ea6da7568bb2ebd85148d6fe1782b0be6dea9ddf131a7e0d61
SSDeep	3072:hKzHAqDWtv0zSHCX649EI9LQz1yFVif3a+B9yQe:hYHAqKRMPq42iLMyFVDx
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099145.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	25.56 KB
MD5	e8e19a57f8293d26aba7491f5e5d0d05
SHA1	f00b04fd4ee89fb2e215ccfb2c093b3d18d02df1
SHA256	0cc5439a8cbe382a5147b106d9ac19ecb9df68ec3140275c1ae44e383996c1d9
SSDeep	768:gNHQChTM+m1oppvP1uE9oaguZiECMIKxbYuecjT:kZAOpZ9tJUMXce
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099161.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.37 KB
MD5	8fef8fbab9d046a85c7cc359924eb550
SHA1	1fa4b5ef1e249b117c2f5e36bfd73c25754b1c32
SHA256	9256f4db2f5feb85d02d98d1933c2d8236b3fea95d64fb602e84bbd987530373
SSDeep	192:ezFX7wPHffQif9iykzNhzsoc7Qd6mc4Gu2TYeW6jI:uZw3plipZhJcpmc48HW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099189.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	9.27 KB
MD5	0661b2a0ec1e13ebb819c46497e3ca43
SHA1	e8defc6fa52092c3f529db42d07acc27db0b5f3b
SHA256	c62117235039a5011a0b3925a2187583627011edc9ea00eb3d3f954b9bfc388f
SSDeep	192:g/RSwmC2pW8bxTYqxIfJvK+Y38stAAcnMalqyAgGrITYeW6jI:n7txXqZK+Y38stAUXIHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\Computers\computericon.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.91 KB
MD5	7332365440dd1932f1532ade9c23c6f0
SHA1	ab985669cc25c401b3f95c8ea29470b79396fd01
SHA256	7bcc534f1d9ce72862320ca05b28a5a7f104981425a8e011791f727743d7ebb3
SSDeep	96:UXAKb0fz0/rPxI6O2rojzQzXKauG4nQ7jscTYIDWzMJxRf4OzIy:mAU0oPO6OIGsjNulQPscTYeW6jIy
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\compare_poster2x.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	80.17 KB
MD5	fc935c729111240d45a96882fba5708b
SHA1	adbc6c64c9a03130532bbd98d33716cdb3c5b983
SHA256	f52da5e1a4d192b6ada62bcec29c37236ede15682b27e16c377e6fbbe59f2807
SSDeep	1536:PLFcymH1/DxJyYgQ0D++8hhuM5TA1UaPP24ZZIA6VjOrY200hklWFbyd:PLFcys1/F8C0D++b40Ua2dA6VOY20eDY
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\redact_poster.jpg

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.82 KB
MD5	34a863a7bf1f286a7935347bcaa94b2c
SHA1	af004d0d8574d6de9dd9a5d0ff3b529a0431c7c5
SHA256	6cbd64becd7eae2c413adf6f179d8f4ed7ce567046b04b4abb77e8cf9486308f
SSDeep	768:2Hl1v/mAKT6MCtVgijbuzB1Url+TBBbtWpBEQJsQXT:2PHy6a1AUsDf1
ImpHash	-

C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	69.38 KB
MD5	bb1ed179e082efbf12393f975d7b27d8
SHA1	976eb9c5395d59a6d3148993617473a7a9bf391d
SHA256	4697b4b992676d45f08763003fcf26dcff39bd5479cb57acab9ca15531726ff8
SSDeep	384:/+UcH5QfUowSAmnDC8CC1si9REV3/FWdnSNINcRNj2NUN/NoSNy/C9N2NpNdNyxA:WU67o1AFSbm35bUXCn5FU6oT
ImpHash	-

C:\Users\FD1HVy\Documents\[BatHelp@protonmail.com].2WMyIjjZ-Zibtgo4S.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\busMi.xlsx (Modified File)
Mime Type	application/octet-stream
File Size	85.91 KB
MD5	fda34ff976cad3820feebe5e2bc64d49
SHA1	23e0a2efa02a9dd468f8f808fe152cdaa4400619
SHA256	30349d481a8748cd42300f144ed98108863cc744b7ff500df4a17353615f1823
SSDeep	1536:JVLFN0tMUFpfUCAhpMsQ5k8CScV+Zj8KBGJmja8o2nA0tmUW0x+8dAdXI:drUFp3iCsQ5k+cVMjZBGJ+DpUUvx5dk4
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\[BatHelp@protonmail.com].YxVKXJVQ-POzTyMd8.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	20.88 KB
MD5	0b71f023e5559588283d31c25e49764c
SHA1	21f7066818203a075417fdc9205275e171b1c425
SHA256	34419d3995f811be70ef73a5b50c9b5f3d395550145327e4127a2c4fce77b429
SSDeep	192:XACCSQ/UQqhMSWXzFapMHJwEyJ0cKQwGmUEP6EDzDuUlaHYpMsTYeW6jI:XAkPlDWDspMDGmUE9zuUla4pMsHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\[BatHelp@protonmail.com].h2xpRrQ1-KfkyZCNO.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\ORGDATA.XLS (Modified File)
Mime Type	application/octet-stream
File Size	26.88 KB
MD5	ff0b472cd0d5d1390df94f66543576c0
SHA1	043ee910e03d4ceb8b22b78929cf3fd7212d93f5
SHA256	0c589f52366866d36b1bca96d2315d5215593df7f68db9e3d9521ebb6ebde223
SSDeep	384:HJu4p1ofGQjlRZ87/OjNRH7nnNGp8Ffj2zNzz62bEDvpCSqPdXkW0+UHW6jx:V1ofGslRVjTHZL2zN36EopCpOOWTx
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\pZkrU\[BatHelp@protonmail.com].KGPKio4x-ctoSoYFA.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\pZkrU\qnARkE1XWKioUOoPDJcc.doc (Modified File)
Mime Type	application/octet-stream
File Size	32.04 KB
MD5	29492d417fb1f33101714bdb3c930ec5
SHA1	05f0ba3ba1541dc2d1e023d7603096fb24ec2aea
SHA256	ac51cad131894128d18a7c66cd1e4143525b31ba27c6ed6873f96eae7ad55df2
SSDeep	768:moV18REw40GaAafXz/kgBVDipX+gsMQ1Ss2vvfAYVak5T:DVZw4Mkg/l03fH
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\[BatHelp@protonmail.com].h3rT8oJW-V44J2jsu.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx (Modified File)
Mime Type	application/octet-stream
File Size	13.26 KB
MD5	f742cc63ab7b91cef8e56f060e1f9427
SHA1	e8566c68c7c5daa9d7703bad27f4a47aa70998cf
SHA256	0c16a40a285543dec40bbe7a6be57f8c6fc0f8dec8a0552fcc6dbacecb3eba2b
SSDeep	384:rcL0vx2aCpteQyWBeRnrYAaEqs+oTQ+HW6j:rcLM4aCpt4WMRrXRQwT
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\BSVme3D0GWueayfOs.xlsx

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\[BatHelp@protonmail.com].nOY3L4b5-ryCimBO2.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	60.68 KB
MD5	1065f558797b39559b848783da164bf1
SHA1	a54eef615e77f4ae11226b3d3328c50f47288d82
SHA256	38ab7a5e69c370810e29bf30b10d649cc6494f39e5c435cfab0573689a46132d
SSDeep	1536:OZroffGuZdMrxgR/JukKHgUb9tzjc5i9gS/QqDxmoHO:Y0fOuYe9Ju1B9NY5iF/Q6xmmO
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\xh_znJ7\[BatHelp@protonmail.com].tTOQDQME-ppS1PkUj.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\xh_znJ7\mqABKFffYPb0w.xls (Modified File)
Mime Type	application/octet-stream
File Size	32.81 KB
MD5	fd6feb125b1bfa37aee355e97d556a7c
SHA1	32a1eb826ce2db15da6badf67ff8bf6307bc16fd
SHA256	595d15b32848957b4ccf384af7fd26390baa665a8264a9859709eff836cb945f
SSDeep	384:k47cHIGj7oHMWwIgUo+WgooWUUSqGBSYVSSSt+NsEM6sW37rf4w+KKbZyUeDccXC:77coG4gIooVFTwYVcNEMA9+KKFveDqT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01931J.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	40.07 KB
MD5	3c9a19a7103573868a4e38a813b80556
SHA1	24d7ee3486a08bdfdabc02d2d89fe45686910fed
SHA256	16981e4cf4c0542b865c048c17e61aa9e09bae734ea82e577ce2c66c1a6c4b99
SSDeep	768:lki42qsfD/+K256tgxkl+Or9a+WkoBDI6u+guvbxhBmZT:ZxqgDmWWxkAOr9ZWk+DIPWbLBm
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03041I.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.55 KB
MD5	853855686e55a2f05f41f26837d9d75a
SHA1	ac84248bfabe0cf029e6f208c383295031ecb2ee
SHA256	9b54b194d38a3b4b52c71b24ce1f485df9103d3834664b99d333ea09b5380d5c
SSDeep	768:m7ZCgN+nmLqG8Pg2QXx2POaLDd/DpOd9GeT:Pg9G7Pqh2POafx9Odc
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178523.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	24.85 KB
MD5	33fa71912ab3a15c7e548db751b23808
SHA1	45808c1fcdb11f032cc7faeb0807e319d05236bf
SHA256	02a8562131e7f90cc22683573ee43da0ba9a0116e3421bc242cb2efc53d2e252
SSDeep	768:2R2o2/fdZtrKwdUW6ks+AsiyAPnh/t1T:2R2oKLObW3s+AiAPh
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0227558.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	58.11 KB
MD5	64e6e264f5a48ace00855c7545457cfa
SHA1	5d638831ac52a8245f1c236cb8064406525d7281
SHA256	5511b13eeb1f71d15ed85a1e1aacb1efe58e551a3c0d8e297286db610a911e02
SSDeep	1536:rV7vwfEbnPwxPaxD/Qc38hIrNs7jWNYJaeejGW:J7IOPwSXK0mjWSJatD
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309598.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	33.87 KB
MD5	9470fe3e1e3cccf948945e1d8ec41c67
SHA1	75ee43fdb812bd42de427677af10ceb514357fa2
SHA256	63de82be40edcda521cc01ec5ea92e14b657a3d419f7f3b999516f7c85f29355
SSDeep	768:eNt/JBqn59ZlxjoDvGLPsbIZ6UkymD8gYMj4OZrRg5lxH1EujAn94yVgLE2qGb0V:cRBmTw7G7sU38DBB4M6lxH19k9Zio6p
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386270.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.20 KB
MD5	92a1f87aed9eef53ad49c5c5dfdf0f10
SHA1	3ad14be79a0709ae68cb5bdf3e4247f4cf94bc73
SHA256	76b476aced5680ac6bfaece1ad8278029d594623071d9bb7078cb6b7a3037ff0
SSDeep	384:a2GR5jZLm/dBhjq3MSFIPdz0kKxGUeHW6j:g5jZcvlq3MCf2UQT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01046J.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	133.82 KB
MD5	a07ee31f79647a62dc5a8e68de4f462f
SHA1	9cf1d78946643043adc9cb3a056f35596b8205e4
SHA256	d3d58b9a50f0c354b11d300d00a624284669c3ba27d2e24272a1e4389b7d4927
SSDeep	3072:wyyEUt01hQT6KAfm/QoI4eB0J+KEauMpvnBOaBn2ViiK8k0nb:wMdkT6NfAXIL0J+KrumJF2Vil8db
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02567J.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	34.53 KB
MD5	dea352e4afdbf4d6a1fb02f1d230e69a
SHA1	9d1a225272f9d5a09722de7d7e868e8e0c1af7da
SHA256	1346badc62191ce0b365b6b4354ee40a3e15d14b2b48bbe485fefa36a5cbed67
SSDeep	768:BwNkAk3lXm7u9+S+c3Kcgt9QkC/z8bWrKMyhC5eT:ekAkxuc3Kcg8ke4CrKMyh
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03380I.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.91 KB
MD5	245181adeaba56afe35c47e03171141a
SHA1	810c9ec5b30ec51749fa2df0483eabc1679e7127
SHA256	8452bebb103560c7dfd818658db25dfdb01cb125109a2577ae284ae3bdb07d4c
SSDeep	384:S7TaoIkLcJdyL9bB/mefY17tDAYp8NgHix68HW6j:S3ZIpTewtD8GHixdT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0164153.JPG

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	46.78 KB
MD5	52113a2aaceabada7db89c4cbe9e5bca
SHA1	0f41d8967d696ab55f16a05b935070e3b546c03a
SHA256	cd52f814e0f1459c89d6afc351ad91f9faeca1057d024760f03f8c3dcf84164d
SSDeep	768:dl5nYeiLQCxZwAwuLIte8q5PILo+CgfPTrwqT3jpzdV4cOpzabCgCugk9T2:xXOpwFuM3qqLopgfv7jpxecOhaBFY
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\[BatHelp@protonmail.com].XkIh1kNz-O48Yv5Ac.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	13.20 KB
MD5	18f227253eb550fdaf26ce99e92b6623
SHA1	d3e1ffac19084d65a164a2204593db274ccc48cd
SHA256	573ab2fbdbf323ec7ce7134bb8c2d81fec05d111df13963c5ae723a7abb8928d
SSDeep	384:ztV/GniQ7b2rJ8pBe796O/t77cFkFHW6j:LCiKb2l8OB6ot77cFCT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\[BatHelp@protonmail.com].I7CrCKIE-rJAR5ZFi.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx (Modified File)
Mime Type	application/octet-stream
File Size	10.26 KB
MD5	1b278f945df06a7eff59008253e825f9
SHA1	cd34d5e9da2b3c581107f9ca6f2820b407b2e515
SHA256	9ca8249ab3cfc46af67b5ba7e8426d5e60d08392eddf3620ba0e471eb261b67b
SSDeep	192:KfzKpwgS6gp1NLTu3PcsDPAWKDEO/09WPwtxrwNID9cY3OmGngjCxJHGKXi0QbEF:EK/0uEQAWKgEPbGJcY3ljwHPPQIbUHWW
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].saAifv9A-IFoGlyBP.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx (Modified File)
Mime Type	application/octet-stream
File Size	197.14 KB
MD5	699427f6651c150f3cb8cc6963ece9ad
SHA1	e1aa8e9b0e0e5fa8ee0e1521d19a0f620d5c1fd0
SHA256	ead2e75f624bffc07f0aecfeee1ab5dbb0564877182a55e13155b0db5dc773bf
SSDeep	6144:0FV55U9B7foUIX64pJnMtg613aLojNBiyyaMbVaMr5:45SOIjLRBb2ay
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].T8tZT987-RDSsxgho.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	234.61 KB
MD5	5cb9e1ea0a5176cbca5828ea9661d102
SHA1	a5f0cb5a0a284fb6210e46a03d6d307a889edd54
SHA256	40fbca4922f3aa362713f5308ab42ea534d7519c9238fc0f31ac936399465408
SSDeep	6144:sS/10R+0MEaWfn2NZYM3KJKEwkWKvSMupEkeB9dd:sOC0EyKM8ZjWK8pK9d
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].7OZSjLng-k60Nry99.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx (Modified File)
Mime Type	application/octet-stream
File Size	28.33 KB
MD5	50b49fc4dc7c75610c55c2e621aa6f2f
SHA1	6d496c8ad696228f5f3d96e72fc01e4bf5242693
SHA256	b158f86d8b50327f4f4ba8f045d3e4457e7a5798ef3d00416da6717eb6e3614f
SSDeep	768:Ij2Atvo4cWHXOFpqlz7xVh0PHq6fHsYTk:IvtvoDWH+Mz7xV8NfH
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\[BatHelp@protonmail.com].tELM9ekl-bdqME4uu.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	183.84 KB
MD5	b37ef5a360b791f186c0c974ecc19791
SHA1	2aaa202f8b44da9b0350f07cb83f6570b5beb8b7
SHA256	216dbed26dcf13c51496cbc6746316243e6d1ade89cfbeae7aba30af81844508
SSDeep	3072:afNIu0xwZODn/TJTHuX2T/5/dGc4uka2AtSyNLMDTJ5MtvVmA4Re:6Iu0zbJTuXa5McZd2At7mJ5MuA4R
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Document Cloud for Government.pdf

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\[BatHelp@protonmail.com].xHwtJXjm-wZAjb6lt.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	112.15 KB
MD5	8b6ebccbdf3833bd2083cd2fb342253c
SHA1	041dbc4dcee2496b923730f12e217ed73933ed5e
SHA256	ebfb3cfab7a2c91e64bca243e69029b8ac35c28c9fee494adf2bc43123f6ad45
SSDeep	3072:XyGjoSa0de/FwtHM8eZDxF58hQwiLurTUrt3fo:iGD+/Fwtit382RurY
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\[BatHelp@protonmail.com].zUJKnIx6-uv8uY0hM.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx (Modified File)
Mime Type	application/octet-stream
File Size	3.54 MB
MD5	090a3b3bf617f159fe0f76a1e3a0ef60
SHA1	e8d37d8cd80dbdcc2e435d1fadd9fcf87019247b
SHA256	611460fc04db4923153649611f78a80937732fb785574487aaa9cda63c4f9fed
SSDeep	98304:bR9Na7kNEeEukdHe3mBQlqZ7kNEeEukdHe3mBQlqgNsf8P854annqjGaGahP:VK7kHbkdHe3p+7kHbkdHe3pDsEPuDn92
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\EssentialResume.dotx

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].gozL3GqP-dK4UNpxw.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	279.69 KB
MD5	26c3eba354a76fafdb5450fb1faf0ef8
SHA1	229730cb1ff5c1dbce9e6b956e04282386c9988b
SHA256	7329998d0b2f581fab80380ad00e0babe2cde288e3570adfa43508eff9692c40
SSDeep	6144:p2PJqK/1Si7oWiUG9UhGuWqvnea3DU7N1P3kyphj+kqXoE:QPJqujBiJ9U0udvlTU/Zhj5q4E
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].cJjz9vTm-PjjAqFle.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessResume.dotx (Modified File)
Mime Type	application/octet-stream
File Size	48.99 KB
MD5	c76cddf12244c933badf0df29b811f57
SHA1	abf9f9041c98e55acead90a19e1ac153cea9aab7
SHA256	9dec53e9d08bb34afac3196a0161cf2f4078d9a8f27beb94d23102cc68179966
SSDeep	768:+2MzE5VrHAANrs4n+SooHsR1tymtBsFALpOL5wwS0c8MdfU40BU/0TS1mzq1ZT:+2MSAkI4/vsFPsqVOL5wHX1FUU2S8zq
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\OriginResume.Dotx

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].x6YzwuXh-yMKoFjHs.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	136.04 KB
MD5	70ad6612c07d8a1fb8dcc54b63411592
SHA1	172233fc4b2ff9b2aafb8557e19bc31045c554d0
SHA256	f748505843c642618779ddf95fd440439ae608e4cd0ae1a3b4bc5a8a25ce02df
SSDeep	3072:NMClb+tbTOqS8I9zAUtK7mgKdO6qUZdK56aML5:NM2WTfI9fUi3xGIao
ImpHash	-

C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\xh_znJ7\[BatHelp@protonmail.com].9G1kLYCy-plngnyIS.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\r_VHw41UzadZthkfi\xh_znJ7\fqQNC_2Qn24mu.ods (Modified File)
Mime Type	application/octet-stream
File Size	8.45 KB
MD5	ed5b69a5c33ca26972806d11bb178aa9
SHA1	f88a0cd1949795c8604f366f0505f2409db5f066
SHA256	ff6a0b54ecda0d92ee86b22a83bcc288e359b5107e072fe5534b1fb1777ea692
SSDeep	192:QvyF/um0yNT/SN0E/xC60Zpx3sTdrzbNboP46wCmTYeW6jI:Qvy1uy7Q0QC6YfsTdrt8PLmHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].2PPsUTHD-em2HoxtQ.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341634.JPG (Modified File)
Mime Type	application/octet-stream
File Size	9.00 KB
MD5	ef6f6e3a22a4a495c27f911a83bca53e
SHA1	f1c8c8b85740c3764189cafbc9033f08266a1cdc
SHA256	68472276cecee04165ee97cd59a8bd3692ad41be91af84447136a73c3d6a6b1f
SSDeep	192:L4kYjy59rmLDKuEIXtdZURxeI3DSwuZz1Q+GXATYeW6jI:L4ny5wLDKodZURxN3uw4zEQHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382952.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].SjAGtec4-YV7ndN4M.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	95.20 KB
MD5	8e6734bad00026f6d809d94c2a4982c6
SHA1	4d510e1f868a0e18eea56729ca554ea16ca75ed6
SHA256	7d4121c055522cbb3155a997a53808ee9e1a0b2fe608675810d8af92e8c66754
SSDeep	1536:qIgmQozpqQ/hPCLe6g8mQ7wXhEzQVbXpeqh7nZtnwg09DKi5F0/RT8Y2k9SDGHtZ:qIJpF/E66g8B+haQfeuLZtnwz9DiRoYT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].JlSELpWz-SvOOtY1p.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099156.JPG (Modified File)
Mime Type	application/octet-stream
File Size	15.01 KB
MD5	5306650b0e2f74d52f3da5130e923f13
SHA1	cdf3fa51f9181cabbcb9c532aaf96eb9b30990f0
SHA256	a1631e16e8294fdc7655a56df47c9ed247aaba55a9577179b4c92948b804f154
SSDeep	384:83Ws3QNSGs/HPg8O2fjP4ae1+WM62eO0a7Z7DcmE5LsrI+HW6j:YtfPg8O274aA/EB97VxVT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148757.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].vlsyRNTH-TENg6E6P.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	67.34 KB
MD5	4726a7f16e8729816cfb6982f5281b89
SHA1	c095489e4bd56873a661235e7705791c5a8b8682
SHA256	e887075d7b9d0ab9df96cd580340c29f90ab3f26365c6757809c1e71249b673e
SSDeep	1536:33C+QlTjm6hcuPszffdwEeT812TcVmsES/:C+QNKaPsz9wNT818c0Fe
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].g7FoHP1N-JuKHcseT.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382965.JPG (Modified File)
Mime Type	application/octet-stream
File Size	112.13 KB
MD5	28c3a0930d5899b0ace817d55b4939cb
SHA1	ee0f82a7e3d6be6a954d27187e68189a751c254c
SHA256	a1314dec107c938818cdbc0104603703f340c968b95701eec8fb5df584310639
SSDeep	1536:e+/R8NQzsKrhSHS6VlqCeHaO1p2oyaZOdkdibKHiZfVGre5gY+u3L/+3zA60oGLY:eiRxRC+NTGJbZNVOeScG3cZoGLqkj
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].h3HjncGi-xmXubEYI.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384900.JPG (Modified File)
Mime Type	application/octet-stream
File Size	71.26 KB
MD5	1241342bc56fcd2be6a8c2f8e0e9e8a1
SHA1	a0b601593bfffaf51b5c15ab0a2dc726e180a608
SHA256	5b0132e02e4e1202258a9020349db4dbb5d8492252ab81981e910cdad6e7afbe
SSDeep	1536:HlizaHTGj0YGkqHul6/qzbQ4Un0XhMlBq9ZW7jRAKKpUbIQFU0Ghi6:Qzb8OlhjC0XhM2IRmkIeo
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].69XVNavj-ftVNDfQ3.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0175361.JPG (Modified File)
Mime Type	application/octet-stream
File Size	46.75 KB
MD5	028250cfd0df8f8ef33641ec6ddd8e62
SHA1	a0bbc8cbdfa2f552c319df2c63143ed0d634b578
SHA256	dd08f67b39971e177228ab1ba9f630bf9244e0e5e7add006ae38829660047c06
SSDeep	768:M/+6RHmxyFBEKy0eohIW3/HKekG0xBl5TiuKrtxZXkT6uEkfz9FQ7p48gRdvbxVk:McAFBEvDE3/4xf9YrjqEkfz7Zdjx
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0313896.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].tt7ZSNGu-AcJRdG46.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	37.66 KB
MD5	166788870fe60b3df3521bd29fa747f3
SHA1	8aa3c9bfa457f6c157cd7f1251dac407f52b4ce2
SHA256	44a0ea116335f8f7240fa8e7c9e998ca3429562a8b3545efe37ffc0f65dad57a
SSDeep	768:9QqDU5hE1JrmXtuqo32OC7ekfAuMNaMtYSGT:9QqDUjE1Jye3DIM
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384895.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].t8b64OAL-7tBCgS44.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	55.62 KB
MD5	e26b93cea014e209440f7704edfc53ab
SHA1	ce861ebd61f2cb6f5f4dd50bac97d52f28af1514
SHA256	3d9d752838ad82cde026b3104c776cbca6bc0ee1976ca79b9558baa6ddf2ea6f
SSDeep	1536:Bv007zsoQ6s1xV7F0ImAsOezjoXdr5JJ:R0CzU6QP7F0wshM3J
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02028K.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].yxX4v6Vn-3J3MtpVR.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	18.66 KB
MD5	5b644f26c448de56cffdfdba5af19e32
SHA1	4d1683938a28132f1e85644904ddfb030c39f26a
SHA256	983677822d6d291afaaa24f323e191344ce0ed314a3e6c5d2f2ea8aec2c59912
SSDeep	384:QFFcU6YccDk5/fk7EYGrp0vNXf/FpfQONRcQeT1cmcMqWHW6j:CeNfcDkVs3IMrfQO7B21tcR4T
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03143I.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].5VhDTw3i-pYhu2hpw.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	30.46 KB
MD5	281dbea987304c1990bbb92fb8bf9da8
SHA1	c582ccbd21ba03f7ac2e8d7abeb0ba261d016fd4
SHA256	193b64648487639bdae99bae1f37bf6743fedbd298fcaf92d003d2c957e539e0
SSDeep	768:Z8biwOuMSZv0F+bo29MeaFDZExcfYSt/mq0HpT:ai32VaPW+rO
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099167.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].0ap1t9vw-WmduzXnl.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	44.30 KB
MD5	65252494de853b56a8a1bd0704a9bb3a
SHA1	cb7f5534a9559849d35a73201c19e298ec9f3ced
SHA256	651dbf3803240b9c20bfcd5f6566b5770fdbdc3a10bd13086ef69dc5d9571a97
SSDeep	768:r6/vnzn93d1zTc72f89Q+WrWZIaMhtZyhKVqTS/O68/T5VBvuw8SZAouQSNZNM7T:qb93Zf89KyL6chtzC3Q0NM
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\[BatHelp@protonmail.com].17dCm4O2-iJ4rRM1X.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	9.88 KB
MD5	6e52d557dc6550858f6efbe13d296256
SHA1	ee86b40fc8ace3d08f13a7c7d5db2059bb43e5d8
SHA256	44a54a2b621352edea6eddf915082ce898747da8c25c514b361c9826d26d056e
SSDeep	192:QNgpV1UJtnndDbaWTANJtRyBBk9CSJBbYNdchJTYeW6jI:4gnpBN3RL9CkMdcJHW6j
ImpHash	-

C:\Users\FD1HVy\Documents\zsCv_tUZIKY rg1hXz.docx

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\[BatHelp@protonmail.com].UNjYSHN3-5g6sJuCU.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	38.51 KB
MD5	3ab0cb5833d784644b20baec02555c0b
SHA1	55f4ed98805479eace50ffcc15f5d8aeeff97e88
SHA256	2dfcb1464eb00c3d5ccdac1fb26a4ac6a7556b761245664ff65adf112a280ced
SSDeep	768:TVXTOG7E1M6npuqgcADT3sZzMBcnH92jsX6t1MaoDIFFOoyT:FTOG7eTpuqgTDEMBewje6t1zoDEOo
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\[BatHelp@protonmail.com].mA2QnaNU-gKhunEjg.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	13.15 KB
MD5	e878109e7ed99d4bf0ed1ad128999a52
SHA1	7bc3c031c1e2cfc273a11b8b9f8ac84315ac8756
SHA256	49235cc285632cfb903b231315610e54335f24c79e098296dc209edd776fff24
SSDeep	384:h4/TtebwRVsTXDCLGhIvJXZ1CTaQC4bHW6j:h4/JebRTX4XZtQC4LT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309567.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].RDay5biZ-70tKYubi.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	22.46 KB
MD5	bc7e74179ed830650fafd46434b55445
SHA1	8170be5334ed9978762be7163b0832db660c0348
SHA256	d537a163476aa9ab76531cedb7ffbfe3d434aa463d7c99737c3dfccd6d47869a
SSDeep	384:c/VO+LX7xMIG7TF5NxOrFU8S1d0FViJgaNQR9GKvSkjdxjdCTXj6MuqHW6j:c/dr79cYef0/iJ/S6KakjHjdC9T
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\scan_poster2x.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[BatHelp@protonmail.com].KCdkNb13-a7TnrFBV.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	83.86 KB
MD5	f42fa1020eb6a9e93f94dd8279875d3a
SHA1	1f58641a7778db30ef576ff314e94c2013428508
SHA256	1d5d21a024e2491f3bd8210bd7b3084006f22ed1bd312c3a1f22b38e2d2a5ea1
SSDeep	1536:ta7LoaQdLwm4IVRppppudICBTOnQLfV5ZhEwDsR4444W8Rxu+Amj8Q2KpJ:0LQqCIxOufV7hB8Rxukb
ImpHash	-

C:\588bce7c90097ed212\1025\[BatHelp@protonmail.com].WDg4xgLa-yp5ZZ2zx.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1025\LocalizedData.xml (Modified File)
Mime Type	application/octet-stream
File Size	73.86 KB
MD5	f1a89040d32dac4ab8e441cfa8acb8ad
SHA1	6b61c02a7cebb6bfc029bddfacbd5606f1c8720d
SHA256	19b49db2d0ccf50b80e80931ec27ced5de52047acfc84f16de789db50daa9ba3
SSDeep	768:TcB+VpwybdqMb5lVA4MfjF87AVBijTJ3eWzXbIT:QwHbjHVAfKNjTJu
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02069J.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].ldTAv7ou-A5VCDAFm.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	30.03 KB
MD5	b058a27baf9658dfc723eec348f404fe
SHA1	f03c5d64e9091ecfb5524ecaf1dd6c8e12f3c67c
SHA256	018d99c2e0331e0648032b28408e8bc853bbf7437904aa93af5e864085e9c826
SSDeep	768:o8pLAJrytInrD2urwR3vXy27xfEuo1hsT:o8lGrD25fi531
ImpHash	-

C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log

Modified File

Stream

Not Queried

»

Also Known As	C:\$GetCurrent\Logs\[BatHelp@protonmail.com].mECploe5-5hwTKcC6.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	1.42 KB
MD5	5b3e7ffbc1794d1a2841521ff1e2d7d8
SHA1	68e7aeddbb92726cba2c395bc47dfa191c858468
SHA256	82d0ea211fd19e1315b9220e6730a98a2390a95620c60041e49c3e5ed9260969
SSDeep	24:sApOGJMMcDilDqIDdihzrkl4TYHJWD0LRZhqWiOxQI49dUTudRTTq:npTlc/ID0hzMo0xRfpiOx349dUTk1T
ImpHash	-

C:\588bce7c90097ed212\1037\[BatHelp@protonmail.com].Z4WxQ9rs-CV6cHNFx.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1037\LocalizedData.xml (Modified File)
Mime Type	application/octet-stream
File Size	71.77 KB
MD5	1abc15f1d0a014cc23f4d959d18957a4
SHA1	4d2617b57383156ed8d1bf275a2f9836ad535a62
SHA256	36ad2f5074ea437b1125db67edb70432f30a3741460787fcecb744315b30b32b
SSDeep	768:ygMpAluiJAXWmQwgtBq8EGBoP8JNJyCX0Tx:ygMpZiJSWqgzkxP8JvPXm
ImpHash	-

C:\Users\FD1HVy\Pictures\5uqysxV\xUzSh.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\5uqysxV\[BatHelp@protonmail.com].HsMgjt6d-Jy33ABUb.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	52.44 KB
MD5	4d4fb29f1ea1f4c2f844bd763796ac53
SHA1	4b9d7633686b033c7e16a074f1d35b34ead1de5d
SHA256	b88943ef45aff8d31c78bd87ccae6f7adaff9edbcfc3de7bf06b4e67d3f63437
SSDeep	1536:805sLGY0N/C4bfHpngBMo4Bx1mWtrZrhQW:Jj7C4zHpmMnmm1e
ImpHash	-

C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log

Modified File

Stream

Not Queried

»

Also Known As	C:\$GetCurrent\Logs\[BatHelp@protonmail.com].6hVKFjsZ-HFcraZ0m.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	43.06 KB
MD5	6a2029f76fee86ff75a4a8ba62571c7f
SHA1	8ba9edadd7acb74b9caa34371b89b2a1ad08ac15
SHA256	e4865de48d95503d3b13190aca3afbd984447676062f0a5a94953bfebe172fd3
SSDeep	768:hKjpIC3dAh2gUwsmrKPZ7ODfy0Fa7d7NR4T:hm4Yg/KPZ7yFa3
ImpHash	-

C:\588bce7c90097ed212\1035\LocalizedData.xml

Modified File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1035\[BatHelp@protonmail.com].89gSpj0M-I2jNGFTz.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	76.60 KB
MD5	38819b3e268fcee229a54531e43db870
SHA1	2573910c79b3d54a6f86270a4905d2febfcfcf0e
SHA256	b691d3e3da67fd51c97d3c9c915a0be2c72f4c27aac84bcd5ebe262a780cfd61
SSDeep	1536:0Vfne4lhQ5h92kEMeeGOCOUJPePJiWGICG+Jbik:knNhKh92kEMeeGOCOUJPePJiWGICG+J
ImpHash	-

C:\588bce7c90097ed212\1046\LocalizedData.xml

Modified File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1046\[BatHelp@protonmail.com].cXz996Nq-ymmamJTe.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	80.23 KB
MD5	85fb33a9bb5ae3bc2f69315f91fc7fc3
SHA1	34a446bceb4e24f4f547376dd4e91001709a5028
SHA256	98c84561d25223e7977bcf1d25e90c16bc9bcca5a9dc3cac893663c6a82580c6
SSDeep	768:PBNK9DLs0vZJ5dsUGw1pC2z1uK4bxbCkyJtTsJpfgT:PBNK9DLfhsfwbC2z1WbhyJtTUpf
ImpHash	-

C:\Program Files\Microsoft Office\root\Templates\1033\[BatHelp@protonmail.com].SlmjD8na-7HroCGbS.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Templates\1033\StudentReport.dotx (Modified File)
Mime Type	application/octet-stream
File Size	640.46 KB
MD5	4179fa35febbf3156fd1f161e1bc928d
SHA1	a0c84dd33cba66b2fa3652979275b4ec6a4a263a
SHA256	ea6ecb130cdeacdd162bc0ce06229361bc6de3f0755ac6ac2b56b9e670d4c3fc
SSDeep	12288:uAgWpjO88RZiltQIw3JMW6ELRyH2EaWbnS8RZiltQIw3JMW6Xdee23:vgWpjpltvOJjbyaWbnSltvOJj7J
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341645.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].prmPIT3N-knlUDQBa.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	9.42 KB
MD5	5d153c1d60bc52b618ec8ed00dedaed6
SHA1	8b9aae007a8d0d1b0d8aff76a0ef0bc14b1c9a38
SHA256	e6c499b4fd20efa9e508df3e76a96f1e2b182d1ea9c0e07fabb2dfcda8cb4a34
SSDeep	192:D08I6gmI69G36uUM1TJ7SvfZA1HL4ndYrWfsGTBiafKtfMBDjSFTYeW6jI:Qn6gmVG36uf1dSvwL4dYrEBiwwUkHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].TPD9nPBb-7hbB8FqI.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0321179.JPG (Modified File)
Mime Type	application/octet-stream
File Size	10.59 KB
MD5	cdc7697a5c1c898e574c7123290ed788
SHA1	652444be0d6cb246d9cf3cd61c8fbeba0627256b
SHA256	1eed5aff0bc584c6b0f43eb01fb381366285d8683cda675b7e69323a332abd57
SSDeep	192:xCwhBiNUfZ66QWYBwTDqY61tc2wmt9lNdlN/YRsPsrrIWZnMrTYeW6jI:ze8dG19hflFNwsPsr+rHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].74nxuiFo-dKQEVM4Z.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178632.JPG (Modified File)
Mime Type	application/octet-stream
File Size	24.17 KB
MD5	ad01163b2d776cbfa146e84ad3083847
SHA1	f3990236479e9d7a9e88863f1edf1aea21dd00cf
SHA256	703848fd9b640f97b91581740c564f58dd69e19741d19578a1e14f9b4f53eaf5
SSDeep	384:Ccq6aVRGHqReHF06eJX4SRyPeTqsDM2NW7sG85m+454BkN3UXP9tBb0rMrxDx4Cz:DOV0HqUDeHqeVAoc58s+454Bkk50AT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].NeE4qfee-ZVG3S43N.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341654.JPG (Modified File)
Mime Type	application/octet-stream
File Size	16.76 KB
MD5	ba8b27258b320c929af66cf44523f50b
SHA1	911157217903f7e218a2722234f7e5c01a49e9e3
SHA256	582b8628e7d753e29037d1a96f2255a66dc695a6d603a87595ef4d1bab6d046c
SSDeep	384:VjW/lsIFabiLUrZaQkXE03fbRfwpAcYgFy+Q6Q/BlRNRHW6j:VjW/lsGJsZhKpmvYFgMRNxT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].2wRQOIHN-GO0osZnX.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384862.JPG (Modified File)
Mime Type	application/octet-stream
File Size	101.61 KB
MD5	046ad001027f5bc32d6af36b9dd1f0bf
SHA1	c6297c50ae61a47393f8cdeba43df2493eb3488a
SHA256	b9aa4aeb88800c18d4a2c69ae068de26b20746ba2270e14a687ae099d2abad44
SSDeep	1536:rD/9bfZtDN4kGPZeRStaDoACzpZes31jp8EvnvTTW5fE1yjC4wADR:rJbRtWe8gDsis319bvnLME1L5
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].CcsOqnci-6WHMaxbf.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01221K.JPG (Modified File)
Mime Type	application/octet-stream
File Size	8.53 KB
MD5	778b90a605b7f715eb4b9b30071296f5
SHA1	8fadd9a1a4aea6c149e0d6bdf160142cd2085f6e
SHA256	093a17c74c1e20b6e65fa25f37080bf6528526c9c50472c201bfe6793571517d
SSDeep	192:xNste4vSX7PFlRet1whvjLEJNjskKpTYeW6jIA:no5IdetahrLeN4k6HW6jN
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[BatHelp@protonmail.com].Ic5eAF0a-oC4oMUbS.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\optimize_poster.jpg (Modified File)
Mime Type	application/octet-stream
File Size	24.84 KB
MD5	8617ff909f9cebf1b452553271bcf066
SHA1	641fa39349b3d973929139ed44d2a50b53a3ac15
SHA256	98c89a281636d14a4d3025ef9f933392b4466146b1e5a6a4f104c53fc42c9525
SSDeep	768:g+Sj9OpnSpdO9CRBlXiT4zrFF+je4VsLrXT:g+SIJSTkqjY4zxF+C
ImpHash	-

C:\Logs\[BatHelp@protonmail.com].QT0vApFx-AGmwkiBa.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx (Modified File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	2e54226724b45d3bfed7edec242956da
SHA1	86ffb34765ea49a19319f1436572d9aacf463670
SHA256	2ac9a15f8431509881620401707a9e8df6f8ab92ca76414aeae16fee68ebd208
SSDeep	384:2W6+DkLj7w27p8Wc9SjAbUyk9edluvJLgwMCdViW6+DkLiHW6j:2OkLjMC8RbUycCuvJMw/dcOkLUT
ImpHash	-

C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx

Modified File

Stream

Not Queried

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].YuyHSdhc-Llb0G8SS.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	ed152cfacfe203299655d4cca1c653b7
SHA1	5a776321b82df044d281d22ea8f0fbacc0e7798f
SHA256	b76ac9d74864b6602fbc3fa840245eeab575756a83000dd6865b3172fcf33fd0
SSDeep	768:lsA4gskW6hvzgLuDzldQDjLsA4MV6FsA4gskuT:lpBs36hbz7o6pBs
ImpHash	-

C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx

Modified File

Stream

Not Queried

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].DX9fIvUZ-xdKprRK6.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	24f98e5b99c68a5040b00685950240e9
SHA1	61a4134eb4874886a88c102960de88898eb37009
SHA256	fffd03f43e20aedba87771da2b3aafa505fa9acf337334e11f46def8535b2a71
SSDeep	384:Svs5kygI9UcS2pDSaCMfYIqDWXYFv4YFJNTQ6nevs5kygICHW6j:SlI9UczDdCMAIqDWXaJq6elI0T
ImpHash	-

C:\Logs\[BatHelp@protonmail.com].Vx4PzvGc-LKG6H7gf.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx (Modified File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	a50d06a2166a3135a1817a201dc95d80
SHA1	5275bfef2c8a8d041107dc076654f6cfe0067310
SHA256	aa97092df4775c92dc6d63a521ba80d0c11aa28f89da9b0ed0dd5448218ecfc5
SSDeep	384:aVgnNJVgcYPa4xOTIFCz9UxwY7vCsvKCjKMmtUkHSu8YDkalVgnNJVgcYPAHW6j:aVklr0l/z76sTUFenalVkl/T
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLow.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\[BatHelp@protonmail.com].rKQxoxL7-lJ6xFSUO.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	13.25 KB
MD5	4c8fb20b24e40dbacbbcaba4ccd1c7e4
SHA1	d8232bf59d5d726cb96a453b58b3129f7b2a2414
SHA256	1e0859b51d69340ce565f1ad58150275696b4789ae5d211bbfe2c43e70e5572a
SSDeep	384:URn9saTXgBUjDM7SwPOMZhuteNQxyCHW6j:URzQus7SwPOMnu8UdT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\[BatHelp@protonmail.com].g3AUrGjU-ltfYFq7W.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\MessageBoxIconImages.jpg (Modified File)
Mime Type	application/octet-stream
File Size	11.28 KB
MD5	9313c0f05f2f9924378c3cf92a350b5e
SHA1	e0d82af8dcd18eebea4bf32bdac8eef36b02b5e0
SHA256	b279d53edf127fbe39ebb15c6553f2f20e89920137a5084c5ea72fe6eb9566f1
SSDeep	192:60V/YlhW7WQpdUNMUlrkgMe1lLvzPO/TXKh9ipFhCbw4fDnKggTYeW6jI:6U/2hW7WsUMCwRgx649ipFwbw4fDnKgi
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\[BatHelp@protonmail.com].xFTzrpLU-ZNVyyZ23.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\AlertImage_Off.jpg (Modified File)
Mime Type	application/octet-stream
File Size	17.00 KB
MD5	81e1a43ac38f84aa62ee8b3fa4d4128d
SHA1	b0e0f35105ff6fc0ea7f486d71949618f2c25211
SHA256	c0b515be27adc326aa19fe62dea1330a928f76579973cf74b89a356cad1e5181
SSDeep	192:BjQwDl5ldeEXG0kIRlsUMN0Fh2OOy+4BoITYeW6jI:JQAl5/er0HLtreIHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382958.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].ItONZRWN-7fUU8dxw.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	102.36 KB
MD5	3de3eb6c23861e25f7e0aa5d6cf3f585
SHA1	3c56a64d550d2464dffa3c6b7703bb02581e73b8
SHA256	057182b5450a0783e7f17f2be17f805b9d2f20f821a883f67a9e24da1217f3f0
SSDeep	3072:q1QgyCEWvd66gMRos8erciz+M8mkoKcEqzOpLVh0:qllEy5RPcK+1mkbm8
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287641.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].AhontKCP-n0MI6pU5.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	35.79 KB
MD5	f6374ff9f398ba1abb6c51d126e51144
SHA1	0c3481431db543f2aaee6ffe044bb1ca66ee1d11
SHA256	f85cee5107d1b7e7f44d39087fbbd6e2d6ba0a0b1d407bd124151aa42c3e26ca
SSDeep	768:9XCjZhbAhqilsjWqs3tNrWvj+KlmiPzcsvsuHXNT:9yjZolEudNr0j+WI/uH
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].j4FCOaPP-R4iWUO38.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309664.JPG (Modified File)
Mime Type	application/octet-stream
File Size	44.07 KB
MD5	c67227d60f29bacb3373ee45b10866e0
SHA1	d799dd6a48146c9dba7c9555e1008ed24f198b16
SHA256	2efe40bbc1da3cf391f6eba881441b73f345840d11fc596968278e41d0e4c0cf
SSDeep	768:ek0Dt0koEtx0CQ0nveKiyxf3mmsbAlGq1qRBEnETtavuEq5aCyQgpncLAv0IT:ekm0kXtRBht27nN5Ouj53yvnbv
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0337280.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].2nmovHGJ-tEgQQqhE.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	13.98 KB
MD5	d8cc6cceffda980e2c1bf97635033e56
SHA1	61c432c039e0604ee6f4217b80c279a1cc577bbe
SHA256	48c3ceb36fb7dc21d8cb44ce6ea77a297328bc096b68e55eb59d703547b2fdd2
SSDeep	384:fb2pAm5Mg9CaupEWDhUMGelrs0D56b2nY1pUHW6j:iPT9CauNDHGe9D6b2nIpWT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].L0Fbq90y-OOW6LbqE.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341551.JPG (Modified File)
Mime Type	application/octet-stream
File Size	23.97 KB
MD5	09ceb84c98a94f6a3348baee8492f995
SHA1	fb334fb488fc1b7baaf2cd02c6f9b30b0a3563b6
SHA256	2998bd44271560a2efcaae3b6f55c2566b77619a67addb20539e8d9185480c56
SSDeep	384:UwIttroxrwO4CLKqRuvUPMiYVh6LJQd8IJnwiaQ4OH6Md6xF4OgLxVgD5PmHW6j:UwIRUKqLPMiYBkVM/oYtUuT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].262JoRnp-WIA1TuRP.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341738.JPG (Modified File)
Mime Type	application/octet-stream
File Size	21.08 KB
MD5	db3c9b5e3ebadc00d59384128ee072ab
SHA1	6fc1f3f3100a1ed66004a05bea6c81ac4672a09e
SHA256	531df701db232b76499c37da0572c5ed5e5b9efa957183c33175f6cd11c7d953
SSDeep	384:ASl7kqTRNdSo1Hahofoz/C9DOamG/fHmGU2XcjcVQ5jloGtY5D83qdQVBO/HW6j:ACDdSo16Gfoz/CVOdYWDTtYBEEQVBOvT
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\[BatHelp@protonmail.com].QJO5lWIF-UzjVkxZL.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\BLDGPLAN.JPG (Modified File)
Mime Type	application/octet-stream
File Size	55.80 KB
MD5	a2c2d78c95b45fb6acf8977a298656f4
SHA1	aa9a35ef39d1643b17288139b8202d60551a2b7d
SHA256	f47e18d553f5dc11fdfe0769b7abbc13195ff6b8e470e32c59e79de20bbdc015
SSDeep	1536:lFfsgS+qWqXBPc8UAVn4nQdQ7FSnpncSTAausdNEG:AWqa8UAVn4nQdgFfwAd
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].oG9lfWvQ-7zw2C7sc.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02829J.JPG (Modified File)
Mime Type	application/octet-stream
File Size	62.44 KB
MD5	de8894d5778329b72893ec882ed68b41
SHA1	81f537d792018735c6774ef70825d15355cbfc59
SHA256	6965c13b4d2b8d10c4261544f8efca8fa7f56013820b47798c2f12e1a7807c77
SSDeep	1536:I+cluwuAIbz+QhlwJ+oTDaRpjKfv11Y/TEeK+uivOyGxiMRiH:j+uHAIP+68IRpGfvn4Eew
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].3sFop9W1-JjJgd9Rx.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\GRIP.JPG (Modified File)
Mime Type	application/octet-stream
File Size	8.67 KB
MD5	750923e267a416bc27a2e056e5242189
SHA1	0786ce0f60a9162960fa94ff726873f1f7c7f7d5
SHA256	91a9247ccc2f43e109f4266e56f0189e21a1a265b83f6f057884141c1593b901
SSDeep	192:XVngZcJQMafn005OpoN1iW7FxPAIJSbnu2GfJa5gqPBpv25FTYeW6jI:XQcJQH/RQ0fauRuzPLv2HHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].skNkMVng-mg9g71wM.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\NotifierDisableUpArrow.jpg (Modified File)
Mime Type	application/octet-stream
File Size	2.14 KB
MD5	93256fa1fe09c296ec0fd67699a52dd3
SHA1	3edf02f184074dd7c74f00db9f8ff8f264d8a60f
SHA256	0d9d0e281536c9d0d4810aa55d4efabd26808e70a390d0f3c74806d93f6836a5
SSDeep	48:Izx8MjMC127y5+BGjTlc/ID0hzMo0xRfpiOx349dUTk1M:I6RC1fEB8TYIDWzMJxRf4OzIm
ImpHash	-

C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx

Modified File

Stream

Not Queried

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].rvMdCYhl-KUnLnq2z.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	0dfb11a8364d46a7cb32e2c1f5b05b1e
SHA1	1436de360bf6bae5a845c8383dbc21bd8c8b96bd
SHA256	c5a35c89bce0162f966c55022a477bae863119385238902adc8cb82dbe9f9f3f
SSDeep	384:PptFugJoEuwj1aXeTdcZJYa4L9XTbUX1ZJw5Cdu2QhptFu6HW6j:rIgJ1LB3K4RXXUXjO2YIcT
ImpHash	-

C:\Logs\[BatHelp@protonmail.com].gLTG2O1b-Al1zVNJn.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx (Modified File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	3bb9d9f8b5dcde65e0a6fbb5852870db
SHA1	8a0a27c47eef3cee3025f2afae3fe3c9d5587f66
SHA256	e0fa31968dcca38a60e99cc39464a422958c3eefaa4b5f9bdc8762a55f5925af
SSDeep	384:ojLXwgzp3k2XCd6JDOh2/I1ZAqQCOg4or2G6eXjLXwgzp3k2WHW6j:ojLXw2k2SdmDupAdg5rPXjLXw2k24T
ImpHash	-

C:\Logs\[BatHelp@protonmail.com].34L4m3vc-CKj8YymE.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx (Modified File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	e4a73040b4f72b4e2853de2fb6762a28
SHA1	9657de69ce9aa9e0635da430ee0485fb1de8a989
SHA256	16b8ba423a48e9280526a58fa3af254d2c597845953afad859e4993745bb4e5f
SSDeep	384:mvXXmNFYwtD54GYgXEQT7SG4C2tvE8LxzCCvXXmNFYwtD54LHW6j:qXXm7tDqGYwJXVZWsOXXm7tDq7T
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\organize_poster2x.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[BatHelp@protonmail.com].VxY4ABn3-Jiu3Ki5z.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	68.97 KB
MD5	a4cd385fd57c63e75826471e085c5921
SHA1	d765a413f403d166288f7da5563d039d99417ccb
SHA256	54eaeca531d7346b548c7914d21cb5adb400941d184054ff55212744a840fab3
SSDeep	1536:HyeaDDc1ZAbHEdH7Cc58pHy5rHynNaHvXa4v3RYmb44444444444444444444443:SeanzwdL7DyNmXBvnX2Wd5twwJU
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[BatHelp@protonmail.com].jcOG0KwU-XEFnpTTz.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\redact_poster2x.jpg (Modified File)
Mime Type	application/octet-stream
File Size	69.85 KB
MD5	cef295d04410a130a3ab4648a63a9878
SHA1	124f13dd873ea902939b65644d4e35edd37f6e06
SHA256	574dfb224a1741798df99e220800fba8d32796f9fb4b4c42be3aae85a3377e9c
SSDeep	1536:3kiTvaziEMA6pQcU7HhE8rpwfoCIIIDIII2cQsi9V4+M9vzV:3kiObz6ScUT1NCoCIIIDIIIENnAvzV
ImpHash	-

C:\Users\FD1HVy\Pictures\uxdqyWK1lZa0AaDqM.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\[BatHelp@protonmail.com].MsX1xClo-PzTLmAEN.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	21.94 KB
MD5	06a8739faf04cf0bb4e71c872e100551
SHA1	1f04b28bd1d115bb96275d2b547a08a78012a85e
SHA256	95760d558b7b0727a81179924c77b45505ce1458094a735bf3fedce6678eb66d
SSDeep	384:8MrB3PPMIaaXIpeUtPXYRx4PlVRMPGLYNJSC1oWLHt0bO2IPCw6kNfnHW6j:/9/PMdaeeUlXYRoV6GLYNt68FJfHT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].6PUdhlVr-SWT1G6cJ.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382969.JPG (Modified File)
Mime Type	application/octet-stream
File Size	95.29 KB
MD5	490c2a32ddde181396aff4052925ad32
SHA1	17b72f6192cd67490010a7e5de0a65db06fafe81
SHA256	ccdb3df427e074da4e9daab448a670a89d99f02f28baf0a8188f3c42499a9106
SSDeep	1536:MMzLTj8N8XSebFK9MBSUjMwq+8i0y0o84CLJOXq/rDv73GsAvkE9sqcU1w2+cC5:xL/8mCeA9MMwORr9lOXsvDCkTmwbD5
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382942.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].w00Lure9-jUlfOY7y.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	90.69 KB
MD5	f9fd21cdfc50a5ce4dc9cadfe2564718
SHA1	0d5aa904571ad36807485a3cf3de7f438ed5e6bb
SHA256	abd1ba334a3e90d04b705d2a4af1d654c95a2d0aa479c1eb19d9c03b02050ca7
SSDeep	1536://oYK8IELCTYXWoP3hPrfGHzJXCJ6pa05hmAqtEXbdCdZqYSrE7znP/DXlIvtKB6:/5fIEL3XnJPDGdXYDAqtEdCPqbrYL3D+
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\AlertImage_Auto.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\[BatHelp@protonmail.com].ykoASYPa-xB0lWkov.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	18.58 KB
MD5	9253376884c991ceaa9e36c833390cc1
SHA1	9697ae2a6b38ea8af144378fda9cd3509fa03c9e
SHA256	80241942656051a64f6d29d479a6b41fac4d299fb39b618ad41071d88f3e9bf1
SSDeep	192:KOsWFklqwdD+g0qw7Ltk0jF8A1KqJM+lCGEV2Vy8yuwUu4scXoTYeW6jI:VelDD+ch0x8EJJBlCzH212cXoHW6j
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\organize_poster.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[BatHelp@protonmail.com].kIKI4BPA-I1iJJF1Q.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	26.42 KB
MD5	babad8e751d732b53b49c4b4d6ac1847
SHA1	9ca7d242c1fd35734293029a723037a3487b37c2
SHA256	2bb17a3c1a8c5a8a589d8a2b04cd154578d692851ed5e99187c4d41eed22d64b
SSDeep	384:U7M5PLOBwTWa6/yZ9LT4VR8sLML6xtNnvQhQ1CIvgnYuo+Yl2B4E5KHW6j:Ucwwr6/c9LOR8g6+1CIvmTYlNbT
ImpHash	-

C:\$GetCurrent\Logs\[BatHelp@protonmail.com].9UWiNADe-PUI3XLxE.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log (Modified File)
Mime Type	application/octet-stream
File Size	7.25 KB
MD5	d5a36fef20ef799a139dfc470baab152
SHA1	5780f31bd66f4a99c3ecd4248c3215be0956f9fe
SHA256	33741fea441dc4a95d9d3dbafdfd6bc859df1a18fecb4f56789dcfb10988a70f
SSDeep	192:ERsPeN/zRtv/PDXCnsJuoqONYstfp36TShe/TYeW6jIi:te3tvnDSkXYsnwShEHW6jT
ImpHash	-

C:\588bce7c90097ed212\1036\LocalizedData.xml

Modified File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1036\[BatHelp@protonmail.com].eLEoRprT-ga2pyLtj.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	82.40 KB
MD5	66e23bbc4343e1bf0c79a86ccb0d574a
SHA1	196fe90c8fd196fe3a2377f2746c3e456defbdd5
SHA256	257ca5ffc2a24d7a15d5f2f3be6bdc2cab818bf4d1815548164417db46961308
SSDeep	768:1ZDt8hcW99+8frNXXdh+vlAuaIJzaZsZR3P19T:1gh5bxnLCtJeO33d
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382970.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].T4JeHgpS-Jf6UZPw0.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	88.28 KB
MD5	f66520cb67f430b491c8431b62e26bf7
SHA1	f6a8b5ffc985bbd4a703dd1c773b02a9e17f7061
SHA256	7ab905b2e233fb1060716de4c24b314da3bc100a43ee8fec13788aaad72f0568
SSDeep	1536:J2MuXJob28o8yFBZwooFyTBEOEd8fE4Rn+eha0Lu2raaZDHN4bPrfYZrS1:MMyobu8yF4ooMVWQZbh/nraIDC/US
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].F5LTFPiT-g0ZEly5O.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01179J.JPG (Modified File)
Mime Type	application/octet-stream
File Size	41.88 KB
MD5	47e105265adb9231a9a4b1d74fdfeaac
SHA1	4f72a9e9bb196f91d2ebe1d96bfa3e6ebdfcdb48
SHA256	02ac664979276d32b74d661ce794ecc79fde79ee180389c743ed126b1b2becc6
SSDeep	768:VWlneWnR5ers+38cZIqiTx0Jh+rECTf5ROSJWrvADHqe7Se494j8+YGCqQUIoST:VnWiQLcZ6eJh+9jkwu88+YdqQa
ImpHash	-

C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx

Modified File

Stream

Not Queried

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].YsYJL4QN-sKtZL6mg.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	ba7aad94da2d575058b0fe49464e0d51
SHA1	a9af8d8b4dabdc57a2d646727d84fcefe8154569
SHA256	37c4d1ed8f478ca348b06bec1a5f1978cee42ec285e79d86d16c8248bbc0d500
SSDeep	768:BBDzGg+Mk2I4zi43RG54yOG9JPlsG3UDzGg+DT:bIuI4m43IzOGXPWGwI
ImpHash	-

C:\Logs\[BatHelp@protonmail.com].pVMZxTZB-wBnJSLGn.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx (Modified File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	8a4e856ffe3c26aea99b958393052190
SHA1	f30de9202a25f31e62725094e7540ed4242ca54f
SHA256	8306678737d8039e22663bf48d224e7c7986e4ff4802bf7edc799841b6509211
SSDeep	384:vYgWvww6Ppzx1DooBCi8EZDCliGMa6UrtbHCTFvjKpyYgWvww6PpaHW6j:c6PpzooCitC8GMa6UxHCRepB6Pp8T
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\CommsOutgoingImage.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\[BatHelp@protonmail.com].FnmNlW4o-Wnlarv5d.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	10.07 KB
MD5	46456402b743bac882ea88cd10506e9d
SHA1	b5232695dea64154c250c1a2b45fc9344890f56b
SHA256	c978e542823c073078e4cd0103f39967a268989201a6d91ff3a42982e8588b8a
SSDeep	192:N6sqDgwQD/eLVzxaYwdofSxeSCxuv2fOY6PRq/CCQrd7q/VXZhTYeW6jI:QlDdQD2tTwm6xr5e2Y6PsP/tHW6j
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\cmm\[BatHelp@protonmail.com].oeUfO03c-Lt2YjVKg.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	4.45 KB
MD5	c4e22f6b8d070e79ae0939e780b1cb92
SHA1	13c40d9e0025f08a00a88ee712fea82b7e254459
SHA256	1fca60a5f77f30d1b6faa1267966690b2fd597044e3127d9c48fc52f85efcd03
SSDeep	96:jtfXNYeR3ghnGtiaggrhLZPy2VMbOxeiju3V66qddcKCTYIDWzMJxRf4OzI:Rfe4IGsaTLZSOxeiju3A64dcbTYeW6jI
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\organize_poster.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[BatHelp@protonmail.com].43ISXPcj-uDfKwxWp.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	68.97 KB
MD5	41a80e9ddf900aa766cadf2cd9ad4ce5
SHA1	311624fcdc631a2e794531a76e349e06c53f6a4a
SHA256	185e6ed2364271fe7e3f9b46a93557a17fc6f0c0b716ea51fa6d66a6e6000830
SSDeep	1536:0LtodFHEdH7Cc58pHy5rHynNaHvXa4v3RYmb444444444444444444444444444N:ktosdL7DyNmXBvnX2Wd5twwJUxr3
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[BatHelp@protonmail.com].UDq1rcPQ-vYhHJnP7.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	4.59 KB
MD5	c8ab85134164d6d0a6af9e374d4738a0
SHA1	859f725c83815b58770e8fe4a728620e3b40ec14
SHA256	ddc7829ad3b2cd677b70bcb78d2bb6e04240f6dc71ba08fbad2444b6f899ffdc
SSDeep	96:wulChU5afU8Unxsmau+T+UN+GAfQfdA7g24fmzTYIDWzMJxRf4OzI:w3hU5afhUnGmaryUN+GQQfdCg24fmzTI
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\ext\[BatHelp@protonmail.com].iBHYiQm0-eyaVgFgQ.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	185.00 KB
MD5	8e2fa675cd1c69ceff55f6b4d775e7a5
SHA1	f4f76e9dd3f07346e1d6607a1697ae2c5756197d
SHA256	4d27e73ffbc5914faa107b27b8cb642a4306188b795a861dbb34ee0bc92d2eca
SSDeep	3072:ndlhaYXcd9q8vLEpzmJIHBH0e8koupc/mFwLehRV2f1cPWZXphdG:djLcjvLczmyHNN2upc+FWt1CWZ5
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\ext\[BatHelp@protonmail.com].0qCzrMJA-hoJtM2dC.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\ext\sunmscapi.jar (Modified File)
Mime Type	application/octet-stream
File Size	33.32 KB
MD5	bad4e0d5a64377a71dca9f2a48ffa861
SHA1	0f4d57927f6342d6fd8ae2c2e8d797b75e2bf800
SHA256	8f6b35c2639bf942db3fa49ffb9aeb8402d9150bd9f3f537946b952119716461
SSDeep	768:mq2OIFtC0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHuoWcHTuo:l000jNVmOCADZpVsiUf3yua5S7tXXvve
ImpHash	-

C:\588bce7c90097ed212\2052\[BatHelp@protonmail.com].ERgxVeOX-7FivMc4O.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\2052\LocalizedData.xml (Modified File)
Mime Type	application/octet-stream
File Size	60.64 KB
MD5	f38e3afd233a1806841715264acc8a16
SHA1	4f0cf47e599c331346a5a1ab92093f4a0bb49f18
SHA256	cdf000fd311d7229fcfe0fc079b8acb010e1e2cfba057d54f76fa5cf0b3112dd
SSDeep	768:QGO7vz3jGf1FeSFJD0z2bXXwoZukC7FQKAuXRgcJYm6/CT:QG23jGf1RJDEJY
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\combine_poster2x.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[BatHelp@protonmail.com].YEQEV1gU-U0BL5eW4.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	48.48 KB
MD5	f59ccc327613c89307c4731a0755aabf
SHA1	76db0525902731a288b3b3ae79c52710e3ed5f9a
SHA256	50414d8f47ac34cfaf2147c7279cac33e875edec3bd696ea3b6347e212237d66
SSDeep	1536:TOhKh2WIINUKiPwmHYgI7SyHdAwOc5vmOz:TrMPRHrIWm1Hm
ImpHash	-

C:\Users\FD1HVy\Pictures\[BatHelp@protonmail.com].s9pRAuGM-HZcIiRiU.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\17xcdgveyL.jpg (Modified File)
Mime Type	application/octet-stream
File Size	73.72 KB
MD5	822ae79379501883dd59490e4a45c741
SHA1	7a583daaa1cb84816aa9470562f98e98f7235857
SHA256	673945c9b7acbfa7e3270b480123af343945cdf1fab4d200a4d3cec97e5d5aec
SSDeep	1536:vIQzeVvWWIqoEtgALLAEGdEvZ+C+J0b4TN6kME6z:CVvW1qjDLL5G4+Cr4Jg
ImpHash	-

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\protect_poster2x.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[BatHelp@protonmail.com].UddgxaZk-GQe2wMYm.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	59.05 KB
MD5	008788d7cebf0fdafc2f032b358e85ef
SHA1	724f0d7881e0ef3a9d443dade1897c4c72375ef6
SHA256	e8b457a5ec9ff12dae754edfc1dc574a3fb204d4c3b55b7f2acb88ff7db342f3
SSDeep	1536:cx6NDqtVZHkZ2bl4TFuSW4vI67V/qN057MMN:c0otViZ2biTFumvX5n7M8
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\[BatHelp@protonmail.com].NWGUXmRd-mnWNJ2d4.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.Controls.zip (Modified File)
Mime Type	application/octet-stream
File Size	29.49 KB
MD5	d7b895e0dea4169ed02952f05167ba2e
SHA1	62431e869b197e8b962418d6e2204962fa0b6946
SHA256	9248024ad49d2d77b0448402f592ffdb6b2e1de2a7d27d51cebda46c2a979b3b
SSDeep	768:CX4ypmG3osbo2yr73PhTmrfzXMmLops/O7VOpT:qhW3P8rfzXMmLes/O7V
ImpHash	-

C:\588bce7c90097ed212\1029\LocalizedData.xml

Modified File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1029\[BatHelp@protonmail.com].bXtPPHii-XCE76CVd.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	80.46 KB
MD5	1176e4340e623ff11b498f70c2969406
SHA1	7affd50716bade0094b21f5a04d3d081ebd28088
SHA256	4da1ba3d48a4fc604bd41b3008bfb6307ac7ce5b9c6ba2215acc410bc36b580e
SSDeep	768:PNn/YT+SUYWbQ2Zqw6rZJZPFw9tGWyH2T:PJ/PhBU2ZurZJD9
ImpHash	-

C:\Program Files\Java\jre1.8.0_144\lib\jsse.jar

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[BatHelp@protonmail.com].OfOOqnDx-V60N7oc9.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	572.26 KB
MD5	8f417ac709cde61ef852d67836ea49df
SHA1	6aca46b68e780ab1b1d2b7048faea5f0b6a305ee
SHA256	ce9cd4edaa255890f9441996e3b8338e87113757720ada47747f5cc920ef170b
SSDeep	6144:3JMyQLNqqS91bHw0em0BWyce0rfvIeLuOSPIbe+XAEyg+26NBcUKKYC2FAd6zcF:9q/SVw0FKWd7oPgX9OFK62FU
ImpHash	-

C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx

Modified File

Stream

Not Queried

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].zM1Z7JuG-HFiybavX.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	3cb82e21fb4c5a5c64443b9f282776b7
SHA1	3e46bccc0e4b688abd4df7eb3830df60cb58df05
SHA256	764ce76010beb51f59eb5bb8ab93d806f9843d375de9ea24252ab8063eda39dc
SSDeep	384:yYO5ATxP5AlnVLOgn7KOU9hKEFPAoFeidzN4mQiE5H7ukzyYO5ATxP5Al8HW6j:RT8XOqxMhKqA6VNGiCHVT8kT
ImpHash	-

C:\588bce7c90097ed212\Extended\[BatHelp@protonmail.com].oSLES2EJ-zfwTtXD9.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\Extended\Parameterinfo.xml (Modified File)
Mime Type	application/octet-stream
File Size	92.51 KB
MD5	b20ff62a099112563bb7c096cd432176
SHA1	9cd9d84c85bffae0d9b3e156fd3254c8ffd701b7
SHA256	432c837b9d01c7712a3bae72c6b1295494caff940c7c218eac2a8f66d72742fa
SSDeep	384:9Io3EbFMzba5NGRHMAvlcjYq8/KkJFwtO795LrKZsrE7w4JUaGMLiqedW0Xecu/p:9ITbOf7HMA9cjgytkPLGZpqaZTEGzT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].vsYWRZaF-LNzF1WkQ.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02759J.JPG (Modified File)
Mime Type	application/octet-stream
File Size	41.59 KB
MD5	0bc9a01e8edce03e4da1573326fb3c29
SHA1	0af96bb2d0f3c112be2a52b4be7c553cf1e6a9d9
SHA256	4641aec3ea7cc528a7c1e5764de4bc0287f414c56013490c5c0588b3ac2e329b
SSDeep	768:19v6TBknI7aYUyG+n9C5rlBUTCfKXv8rj6nNjvn0aEbmoyxLppOObT:1A+I+YUo9C/CqKX+Yjvn0xbmoyxLnp
ImpHash	-

C:\588bce7c90097ed212\1030\[BatHelp@protonmail.com].3G7ZVc65-eTuVws03.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1030\LocalizedData.xml (Modified File)
Mime Type	application/octet-stream
File Size	77.31 KB
MD5	82959670f9c98110dc57d702e0b561f0
SHA1	cd267d95fe152a088cfd6e6dc387a28ce95a0609
SHA256	321d9c0a957b5a2bf59ff9cf4d1627b8f827b7c1987c96c74f98bd552c598b73
SSDeep	384:6lG6JyDH+KrQZm2dUYbzxsfjRzpYPMQJowezlbrAWAkT8mr8yl+JMcf/zmSmRLAp:d6JyNuy4FuweJrAkTF8Me+e/JjnscDT
ImpHash	-

C:\588bce7c90097ed212\3076\[BatHelp@protonmail.com].7KRvyT44-RaZqvfMH.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\3076\LocalizedData.xml (Modified File)
Mime Type	application/octet-stream
File Size	60.77 KB
MD5	e1d43f00b1eb63a692721836ca7936e5
SHA1	0746f25b5cbf0c15aeccca0153f4ca9142369a20
SHA256	5799ffb1e4dee0f5a9e43372038d82d3b031287d4d1500910e374e6a16c701cb
SSDeep	768:Kd558heXQe80zb5449eic7bxIYTJjbX71K+BT:656heQxWbXy7btJjzp
ImpHash	-

C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx

Modified File

Stream

Not Queried

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].Lo6CnNhL-cgveif3r.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	1.01 MB
MD5	12e4b1db10332b644430e477e3b080d6
SHA1	29fe2f08be61739c816aeeb703070d4aeb3176f2
SHA256	e7bca2c40a2037872b572016b4a03cbfdeaff500235dffb5105f0b960ca166ba
SSDeep	3072:TzHAcv/I99FPkHB+S9igQ6VGOxrCk78o/Co048xEtc:AJXPkHB+SEZ6XtCkYo7R8xMc
ImpHash	-

C:\588bce7c90097ed212\netfx_Core_x64.msi

Modified File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\[BatHelp@protonmail.com].eBjEnL1f-Auen4yMY.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	1.81 MB
MD5	92deaa5069bde4a6e84380e410f6e1a8
SHA1	dca22be0d5b2c166c8e503691ffe686339e0ddf1
SHA256	36d35526a903fabfcb20fa005793c6b4a3ea4702de669eb1750e6c08b7b8eaca
SSDeep	24576:sWa60Ap6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw:Ja6L6tuQpcxisfQf2M6FGoML
ImpHash	-

C:\Logs\[BatHelp@protonmail.com].3slOTszv-56zdBfRP.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx (Modified File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	4e0fb4949b7b302502ab9a1200fb441b
SHA1	fff4368f378ad5e5321552e05671e16104c656fa
SHA256	29de33a20d33cc5b4a5ac6d5bcefba8a9c1de705c71579334482d5f4715c8ac5
SSDeep	768:MBjvIZXI7IujuDC11/lDIgwR76Fjm8jvIZXTT:Ml0+INI/ijG0
ImpHash	-

C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx

Modified File

Stream

Not Queried

»

Also Known As	C:\Logs\[BatHelp@protonmail.com].5X8MGex1-iylGdQre.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	6b2038a23ebab81c94e50dba9135ec7b
SHA1	ea057e9571f9c84c06e56eb24ff20bad39439457
SHA256	cce3c10675e9d1a659ff5d083618441cf76f76616b5957c2d73fdd1385ea4b73
SSDeep	384:YxZHTQvu/D/YWi57yg8Im+TuxalDhykDGBVRtxZHTQvu/DzHW6j:spQge2rIm/alDgkDipQgTT
ImpHash	-

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386764.JPG

Modified File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\[BatHelp@protonmail.com].pLyn6kk2-GeBye2JZ.CORE (Dropped File)
Mime Type	application/octet-stream
File Size	27.69 KB
MD5	6595942a07deff3abe278a515aa813e9
SHA1	81388e2abac9dca2d25e7ccc48ef03cec7c475e0
SHA256	59aa49b783a8a16db941760a8fa5412c16ca4377060938dea636084765b8fc98
SSDeep	768:SDWqrKqDKHuldItZE4wTBresaVjJDnQ3f4wax4+GUpnaT:DwK1++XeBres+VnIE4UV
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\[BatHelp@protonmail.com].2Du8QCrv-tx9ydlzj.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg (Modified File)
Mime Type	application/octet-stream
File Size	9.97 KB
MD5	e9ca25355f7139e14b56c630df87ca61
SHA1	49bfd7e5fba8fd062215665aec49d98af38ef81b
SHA256	692f639cfef6bfd62c019b324c333b0279fa349878edd64f520440608ab74b74
SSDeep	192:cz8K9opcTvUlh1WA9kWbirfrfSxaLgTt1LWVu+sfTYeW6jI:AupqvUlWAfoETrLyoHW6j
ImpHash	-

C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\[BatHelp@protonmail.com].YxTZQYLV-FXvSYqrf.CORE

Dropped File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\Groove\ToolBMPs\DataListIconImages.jpg (Modified File)
Mime Type	application/octet-stream
File Size	7.08 KB
MD5	3a7e18c25c0d4db0f3ee1cbf1201e2fc
SHA1	3d7a6ee003e8ccc2b6cd2940769cafe1d94c6c50
SHA256	e4a02a325bc6bbefdf836d193aaa07e4f7374d5e2d67cd1a07f8daf36d999a68
SSDeep	192:4fb9E1fEkdG/p3oP43iyezyDhMhjHkKTYeW6jIz:4DKJEkk3oEEpkKHW6j
ImpHash	-

C:\Users\FD1HVy\Desktop\baxOjf0f.txt

Dropped File

Text

Not Queried

»

Mime Type	text/plain
File Size	14 Bytes
MD5	a8e1b107a01c99d3aa0fef173ed3a2b4
SHA1	9ec4f1dad180af8191d5fc1c8342289344123bf9
SHA256	e4e1c3ec94802b3ee0ffbbe7f78acd57f14b6bccc69ba7c6ec7cf83b5ebcce14
SSDeep	3:gRtWv:g7C
ImpHash	-

C:\Users\FD1HVy\AppData\Roaming\VMbyvQ36.bmp

Dropped File

Image

Not Queried

»

Mime Type	image/jpeg
File Size	74.77 KB
MD5	45275caa6b1a325997908fa6dfacffea
SHA1	9762a79d4e3dcd09b6e31edf256cb3d83c24dd1f
SHA256	803925bf6eb8bf9c6d00428a18438348e99af3c6b20297503ef5b5490638105c
SSDeep	1536:4pXqcW/PjQKfa+sJfSRTUToFMe4Q5jPpb4aKSePz2FUGCFDhboYq8VLiNsk:XcYrQSaxwRTUE1BPpb4adeauH5ZXq8Vm
ImpHash	-

C:\Users\FD1HVy\Desktop\IElZnuGN.bat

Dropped File

Batch

Not Queried

»

Mime Type	application/x-bat
File Size	246 Bytes
MD5	f3264163dc02e861cdb0648b1b5c4ce6
SHA1	0c7034f9e9ce4f895bf027792e106d284dc5adf7
SHA256	e88d5676dce331ca9a8315ba2c3064b055b7842de1b2443df57638b20072d426
SSDeep	6:4xMm6ECC2Cv352Xu1mRTFHxOfSX2fVYLZIfVDFcVBn:4xMmPiCf52XumTXOf6yVYLyVD6Bn
ImpHash	-

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After