c2bd7049...52f6 | IOCs
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: -
Threat Names:
Generic.Ransom.Ragnar.3E490C33
Generic.Ransom.Ragnar.9CB61097

iljueb.exe

Windows Exe (x86-32)

Created at 2020-04-23T12:57:00

...

Remarks (1/1)

(0x02000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Indicators

File (980)
»
Filename Hash Operations Category Severity
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iljueb.exe MD5: f7c48ee1f3ee1b18d255ad98703a5896
SHA1: 7c3a082237504d3bf36e47b986e02e014a2b8abc
SHA256: c2bd70495630ed8279de0713a010e5e55f3da29323b59ef71401b12942ba52f6
SSDeep: 768:hpBsvKMNyoq65co7Bjd/3oqab0k3R2pXlj+Bnk:hpPM4o4qFoqaXC+6
ImpHash: 839139e8d46f551df7ae96cb6ef00736 		Sample File
Malicious
C:\Users\Public\Documents\RGNR_FD7BD9FC.txt MD5: ebb1e76a32908e6653c933364985f639
SHA1: 69fc0b1ed4cd4548bb4ebbe3d9f2bf7934735ff7
SHA256: 1c6ab30444efec425084c396107d7f66371bfc526f6f11480263de22a8233c8f
SSDeep: 48:pQ/GpXv4taoUwFSkvE3Ed0HXXgLzsfysqHOKbTJ:pEM2KGS40HObsqH7fJ
ImpHash: - 		Access, Create, Write Dropped File
Unknown
\\?\C:\Boot\BOOTSTAT.DAT MD5: 604b264377b7ee8a4e7abd8faec51780
SHA1: 19af8d43a6c6126f2baa1c0a87b4f4f31e37de81
SHA256: 51b5df02d693059594964c9f83e62f7c3851b09e176f3707d1e225a3b3e47315
SSDeep: 1536:WPd/WDf8u4ZPjc0sjSXGGV6UjAZ69xBrVJjGDc58Z4/PE2:WPdOT8u4ZPjc0MGVxsZCbrVE4G+n7
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT MD5: 894fbaa418de20f8833d377477c79f3d
SHA1: b6adc80d6d1f6e6b3fa3191080580d805746e334
SHA256: ae6a1b3c1c136b43d1b3ca627ccf66e6536e59c8126415ca3aef63e17ea90c8a
SSDeep: 48:XDY9leMmguwI8xgHlHOGYXOhlXaD61ZqdkppVNhbgODY2PXHgI98HeP0BzCH2S0N:XDjMjxE9vc61QdkhNpgOLXAI98He85SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP MD5: a6dfb8c2629237fc79f49f5974d3d590
SHA1: 82b9ae31c032e51aa862afdd19e70b713023c05f
SHA256: f9c4663c1114dea0036db495d608c09e4051fd6e3b3336fe40b76837c5a0e455
SSDeep: 3072:bBMnDmylo1YpKrEdza7oRXb7saM4avdiRggeCxFJzrftCpUNI+QwSTCyDg:dxylJkgx7saM4aICCjFax+ZSn0
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF MD5: 2dbea9cf1313dc57eb7eae482ca75e48
SHA1: 735c036c1ec8f2b3ccb1895d493bd0aad2ce1183
SHA256: 1c81ebc97d0e4101b262fbf5245c2db91f26d77176a7c73d2e2afb07081e0fb8
SSDeep: 192:KTZFPdKFm7nUUHuG9Ux0YhnzQxg0rjSiEx++DO7SI:SZtwFm7nUUpIxzQxg0rjbPUOl
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG MD5: 5a629c69af985aae96121708da36d2a3
SHA1: 330a799fde2b0e0c1771760b129332dc3e9f2e30
SHA256: b687ba75178e4cd5030218d4e5c4efa6fc5afe1274ba38cf30e4a875c145cd70
SSDeep: 192:FBIyB4lZy0G+HBnJeA+AEHWGvRNN2NRJzgj64oSI:FBH4vyN28vF2j1S6j
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT MD5: b53335b02af60d5754cfb6f5e71568af
SHA1: d7ab66bc62270177d6e992bfa1042b03ff86abf0
SHA256: f874b773a2faa4ff590ef55f4b05bed9416759d4d8421aa9035cfd6e817d2e05
SSDeep: 6144:spy8odxkWg6K1DaURxu1Ru3pShJKQ1oRID7WFYEi9xVEtw:8OyWKyRIEJKMnfEi
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT MD5: 2e0e1adc42c9244c2d2b4fe7130b330e
SHA1: c9427610be8ae326f302d3b93508597ae2497993
SHA256: 38f814a2f6080d2525daea7055c3b37b60b9de0e2da62c21b96db8aebcf17d74
SSDeep: 12288:KSp9JCksojX288smAFhbXq08m1fHi3RNIWwqYJaujdNpxK:3p9Jbq83myw7m1cRuWRYAujdNjK
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT MD5: 120640e24fab8e32d92d913266cc5ad5
SHA1: 21a2aaa7165891302de9e30536f11d604fab04d7
SHA256: e42f240f45ae1e79ce9e2863a1366ab7c0eb5c578ea77583aaea48ba7b6d6a4e
SSDeep: 12288:GTLZazZEf7uWnJms/FU6YpUMn9FojB+EuRyJCwUy/Xhjqz1D:G8+f7u0v21Vn9F7ESiRXhWxD
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT MD5: 7e82e339ab72240c9c2c2de4c128ee30
SHA1: 6617849acc330a95379f7aea888ff4f60556d055
SHA256: ae7606c0402f241146520a357913ad9622e8af6c482764fd0f540075d944db7a
SSDeep: 6144:DbtuBICTOpWTJ5cQpiA6fpf+kOfQCM5mAO/YSP7cd+a3glt2nZY2r8uq1AL1V:dVCipeDWA6ftVoQCuKDw5glt2ZYRuq12
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT MD5: cc8f15bc809c2ffa6962ce073eabef8e
SHA1: 3f2a19602551ef7e4a6758a46e5d59d07b13a1ae
SHA256: 22af27d87fdfa27b0c519a7f5e7cc2b88d52cc4b1efa01b5aa9f685b99ec14a5
SSDeep: 6144:5MoS0zJbKk0R8VJsL8rY84GRHZdOAXVGaizWVSyJF8:5MrpkICs4C0HZk+dMa8
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM MD5: 58a03368f51c79d198b30f223ca7e490
SHA1: 6a03b8685c7005e78efa42e652a7ae155b8ee355
SHA256: f5f25da941cc46c6396a3b53ff2d28cc9fe43c3013eeb4c774c3bd1497536d48
SSDeep: 48:oj/wnVWe2SqUSmIC7g/vZAp3+vOUqR3J60Cn6SUSKSlBzCH2S0N:6onVH2SqttCMZ0aO5ZMfhl5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS MD5: 547f401ad01fc4ef545a3d67702eb3ec
SHA1: 360f6297a9dfd1e630712fda5d1809f65898bb8c
SHA256: 99bc66d35a4abc2a694a4f2105639dce6a04fb4fee640ba7f4f58de13da3c627
SSDeep: 384:DI7ZUaSWKMBGfTGBmUvMurtGzZd8nd9AkPl3d:DjaKDr6SzZd8nd9t3d
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF MD5: 2fa98100948c2f2a3685271b16cdcd76
SHA1: 5d056005b90a7f6951dfe8974766de02c815cfe9
SHA256: e079987479dbfcfe49a6334c16cd00ff6d6a62c8537613a9255db16d18699421
SSDeep: 24:1b7IUdCS0sQNYaLBlxClLTMtJRKvn4BPk6oEoSLLQslQcBuKABfLgnf3H2id0PV:r0s0pg3oJR+MkfmwskBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG MD5: 1aa75b55af03df86816bb9aebde33c81
SHA1: a102810d8e10ced911e28f905c91366afae5dfc7
SHA256: 239e00eefb734b53346a11dd4bf533700a5b59bad9929b3d4387264e03880e6c
SSDeep: 24:Anz/PK/C3TpPHL351PcAGKQdti8BW87SQcBuKABfLgnf3H2id0PV:Anz/PK/C3FPHPGKMi8A81BzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG MD5: 6c56924bebcf5c84618ce9202c05cbf4
SHA1: 36fe15d011c08e8b850a96f9cdbff25ede20fde5
SHA256: abdedbc5bf4a368d67a7a242e030d21d75fe3f0912318395ff7e69e2ef5d6622
SSDeep: 48:n4hAgATrUjNVKBgwld9ghPBnkCpkAtzYpPG457NGBzCH2S0N:neHVcghPu++3Ro5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG MD5: 8d82335f928aaf482559b5d362d62aa8
SHA1: e786c58a4911f33cd814e77159ebd82f47bcb8be
SHA256: 603894d1674a02e4567ddd6424c09b609f7c43370740d9520ae2d3fc334f3cd3
SSDeep: 24:wHXjWFyV7aIK0GcfmDqMMDYrlURZBL22YcgucMFo1OEARFNYR7ffofQcBuKABfLV:STCSGcfmuMMD4WBL2v4SqRubBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT MD5: 469e2dc9fa46465be4df61ca363cf9e3
SHA1: 065557bf127780d8a32e77b295c0a6a8ad08ccfd
SHA256: d695d4a71640ddcf40fc325bc3c47681cf19c0da421421467a7ee6148dd730f9
SSDeep: 6144:jjqi32p9viFZtiuLRDJoXbWCLLt5JKb3DzbWZidIvZkvovXn:jYp9oH1D8FhCWM6vZkgP
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM MD5: 79fe901b64fa8a11a51948790dab07ac
SHA1: 2d86a4e9dfd223710419b0517c36b5e53ec4b254
SHA256: 8ddaf5649c72b15000fa925936ec25df143e219bdb1c163dd309e9a34f42c6bd
SSDeep: 49152:fhuCoSfuM2aJFY18c8ahzRxz+4gacwGyT:kSX9e18c8ah+HwZT
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL MD5: 1c6a5b2e6cbeb7390a70f9e2ec0a23ef
SHA1: b3744f9bfe8aa2b599aa8b9146e42853d0a366f2
SHA256: fe86275ca95dd24770806bbd3e2a542a3da21f86298684c21992671e264b90b8
SSDeep: 1536:YH4fkCUdqAep/X6w2bIV6oZ9GK1eIsuniQYMT:YHekCeep/XPikxZ9GKUIs1MT
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL MD5: fec7839bc6819f4f7b79a51994e321a1
SHA1: 83dd42c562b9c7b1ab9e2612f00d66d0e2afb461
SHA256: 0c8c7868bc8064af594206e5491d4d8368cfa503c2bbcd48323a44c13dcfa67c
SSDeep: 24576:2lvj4uDfBRCWeEVz4GF9/JiJrbsQngAxPzLdSnQqWDKoFsasiEpB:25j4urBN94Gr/JDAhwQqWDKJLiEz
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM MD5: 6b8e544ca047ae735b1bacba0fce86d4
SHA1: a5a92aa2c59c2d593b83ba67ed254e04502a266b
SHA256: 9c09e6b423d312beef97115669bb6283c5c1a77ca1dc43a50eb2b76a3c430344
SSDeep: 48:dnHqS2t0M/Pt9gpnLtt4MvOpCJ1FvV6bDqMHlke/+D4/nHBzCH2S0N:dnQZtOFhTm8vVmLH1/+DyH5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML MD5: d40e2a294d40f78924bd8488f053495f
SHA1: bfbdd3bc8693f632f57310addbf144a1c5c692a6
SHA256: 3f35dbb30a22940aaaa55dd3d80544d226026862512927f96922d2e910bb8efd
SSDeep: 48:15qBldvt++hKoQJJLTEfmwY4hyZ0mCOBzCH2S0N:+B/vE+hK1QH7o5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML MD5: e83a1d8cd8909fb508a7e63c55d25af5
SHA1: 2cb3df3f926dc0049dcb66485a51b335bc98fa4f
SHA256: f5fe3926cb64a3433ea449e4aaf9ff12e753cf76806e715c7dab75db8ffeeaed
SSDeep: 24:1e/2po1EV14WbXueYNQ2W47iVuA+S2O183lFkKQmkegClQcBuKABfLgnf3H2id0N:1Yx1AEDNI47inHOj35kegCkBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML MD5: 6cb0b1d65b934a0bee17f597ba6f625b
SHA1: c8b4987e592f45b624b9acd2d4ac434299bac243
SHA256: 13734abe0fe8c8e43655daf29c7fcdc2702fd2956e88c2e512dbe05f4c84d6b0
SSDeep: 48:1WJXMf6tgWfdCKlTwRFT3k/SBOu0BJIPnCaKXvXjJvoXFBI0BzCH2S0N:9f6WWlZWRN3k6MuuInCaKXvXj5A5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML MD5: 464b7b781f49fd3757f26b499f362eb0
SHA1: d236156ffee5da4421e9098fb18545765287edc5
SHA256: 00f7602ecdb284fb87e3c21970b612ca833744e7f40928ec20dca047d9c55bfd
SSDeep: 48:1avNx/Y+gauC4j7v2nlJHpRZT1sPNX2aph+xPs5IH0cBzCH2S0N:0vNx/4auC4enlJHpRvCNXLbMPsS5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML MD5: f47f7cc1c9e9e543450c3a51f83aa625
SHA1: af99e38f3b3e7d539cc31c2c64c377cae8c1e167
SHA256: 0ab924321b240bb4a5cea29adfb88c23c61798aa50f553d21584c71c6c0e11ae
SSDeep: 48:1+IBFceBw5IXH3sRx0woz/XUZA9aIR4Txe/owOE1voi3zSLMHOBzCH2S0N:VDw5IXH3XUZA9VGTY/nOmvtDLO5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML MD5: dc84f394e45a697aed3bf92985c4fdec
SHA1: c8f06bf86968ae24a932ae280f8529530540237c
SHA256: db603840daa29e4bd11d64c3234a2c36e47c7321b62fe2690bef1d715bcef7d6
SSDeep: 24:1ej1KFzX1z+bP1qoAzIkb+/CIMQDeOMsOqQcBuKABfLgnf3H2id0PV:1OoFzlz+71qoAMctRBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML MD5: e1b0faf716abfcbceb8c8586c7c61bc7
SHA1: 250e5a740902223c568aa1cff18ce6289eb274c1
SHA256: 7d5ff7dafa2898e20ca4ca9ba2fe10a4c496113a7615fda51cc9396c68558ce9
SSDeep: 48:1jadaOWDBf6tgWfdCKRLKjJjSxdDKfF3ipBzCH2S0N:aKdf6WWlZ8j4lK4p5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML MD5: 0677d63da018e7ab5ed45d3928ad3814
SHA1: f62a3a55969e2a91f27fcdbe523d6f9263151b2d
SHA256: 7e917c3eb441c09d3c32c6d40da8c7192e45ae9dd41b7fae0e797fa2f17334f3
SSDeep: 48:1iJtSbmDhji0I6OcYDCS3ono6N6hJfBzCH2S0N:c/+KhjjkZ3X6N+p5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML MD5: 7a5e4bc6c391bbdd667eab6a08d84d2e
SHA1: d3fb6a27e7fe4cf382a05f2052363b9150176008
SHA256: 8348c50baf2cb6b2dabd48875536594cedbf1c34c3087b9ae21b164d378a2496
SSDeep: 48:1rmkuuaI4iIOj4kIoYxchY+K5TaBeULWDTyxSmdTF1aKL+OzBLwEBOTBzCH2S0N:8kYI4aqNlTakULfdptZzBLRA5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML MD5: 1bffcb1a81787405a9296c9525585101
SHA1: 5bb49cc0ebb0eebef383b1df2234d21caa463c2a
SHA256: 29871b4a73984a9b25e156e39c382c184620fb1b6f383bb4db4ee07c6adb09fa
SSDeep: 12288:1V9ntKcFXY/vbsgsG8GNwPWEmUp4jL2uujlTG91Kzo7HtqMqzt8UHW:1ntLXgFjiWD932njQ9UzumL2
ImpHash: - 		Access, Create, Delete, Read Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM MD5: 700ccada90e3f7031828ab7f3ae6802e
SHA1: 9eed0e03edde3f82278f401cf37d9af52ee3aaa0
SHA256: 62d87b1d4e1424e76e7ae8e960bf471a5542fd112614179e78a39f1971fb6994
SSDeep: 1536:FTf8u4ZPj3XEsg86H7eKNSfOvQf+Ndhas8qp8RmEvfiw9b61UD:R8u4ZPjHEx8DEN9HRpEgWbSUD
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML MD5: 887adec23f0c0e25cd0caa444ff12198
SHA1: 54bb6a4c664631a008f4d3921417379672407f54
SHA256: 37585fb4e6437efd6730441442f56d7822e7407d05e6f1539eb4391f7924a3d4
SSDeep: 96:zMxT/8TodY2vhvYxVN1LEB2C1huC/guUahTYkvt80I03mZMSmj5SI:z8T0TortYxJSKCdRvhmZMN9SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM MD5: e1b9670405dc098ad55243b423b102d1
SHA1: 799c8d209fd203ce503a2768570c8fc238541dc6
SHA256: 66e9bb0d6d8afa459bc489c00fad82947ba77378777e487a500414bfe0fe8130
SSDeep: 768:V4o426C/WmnkHDk1EthgO4VIW2e5SB5HvgZ9BF:V4o46/WDHDy3OEItHvgZzF
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM MD5: 8ee31bb758decd1f1d394528900cd7c7
SHA1: a0686f47e796e862be449bc7f26008552a3ab04d
SHA256: fa048ead1072e078924b0856836e61c119e038e337ac79cf26b0f4fa1846de9f
SSDeep: 1536:3Ref8u4ZPjmxsaLzLValGtSa7SC1kCjHi/Ok+dMZHPCg4/bz5E6QI:3i8u4ZPjK1/LVa0QLC1xjCCvnnQI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML MD5: 03f13a168476ff3b98387af4f35f3487
SHA1: eb2a23759bf1efddf379e2de8328a2c5ec283764
SHA256: e2c9a400543c239a90917cdbe32d39c97bf82fe56f594485d142cf0c52c337e2
SSDeep: 192:O6Wj+6TrhC3if50CghZKJ2tJFy0qdZMuh+gyxshuzDmtENdUKhxSI:O60Hhsi+KIJFy0q8w+mCqtE4k
ImpHash: - 		Access, Create, Delete, Read Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML MD5: 63dcd5ca4b6b682c4d7d4826cde6192f
SHA1: b66b8d48976f31436c06d7dce2e1f04bf6e75a1b
SHA256: d91803c153c8becf6b6423189fcef2d467ab862c989cf072cc0282a41e2528bb
SSDeep: 96:6X2G5btRksaOvDntI/rFCUghtPSJztUkT+APxMIjHP6pPX5SI:6t/DvDtgQUghtP4OkTDT6vSI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML MD5: 21f0c1aabb5cf04b996045403af3238a
SHA1: 667617641b7bb66fa576bb38dca346b75ae8809a
SHA256: 1cc7bae9965f67cc79cf1590ca2a2bea486353ac6640d5698fb78707709a0cac
SSDeep: 48:1goLIhbmOToj6HjhnTexHjBB00X6GBzCH2S0N:iVbnMj6HVT01B0u6G5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML MD5: 71a3d04b7c2a6d73bdd8675fe7458c1c
SHA1: 67d483bd719e08c5b1d14b469133764d677dc3c1
SHA256: dce82ad624d0e6ff22bbec534a33035e8cba19c8580fe4552a08904e8a5242bd
SSDeep: 48:1tp+B7irD6dYhhSZDdNikafhR2XB7X0u6BzCH2S0N:rpQID3SZDd0kaf/2FS5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML MD5: 5ae3f69e97c655c5dd03f58b1e736723
SHA1: 7a2de9dfb06e2231464c3581d51bf0114e8ba7ca
SHA256: a2e48e9814170c5208001b1dd8d40b4cbf0f10558f9e552b0b3d17f2df9009a6
SSDeep: 48:1InOTeHisGZaj9KfQEtmv28vydV/VlYV5ZQ7AwBzCH2S0N:4OsQmgK0JlYV7YAw5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML MD5: 1892982837656ef1185d4c03a0cf80dc
SHA1: 31ce038297a5369993daecb05c381f98d41b2676
SHA256: 25da289dbde0af85d36ff0d4fa22119f40beea29f2a641caa39c73527aab47ee
SSDeep: 96:YkDK+BvLWwOv/yN4vifahYC9MCd2j2uSd+F25SI:YkDK+1LWpK4vifsxd2j2JSI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML MD5: 1a31b1ce977060c909b61d73a6606f8f
SHA1: 5287b295b9c6faac5be3d57e0b45981e6e5ac75d
SHA256: aa502536f2b2c6ec64e334501a15ed83619a936a859b7760b5e9292e2b82208f
SSDeep: 96:8ogsQm2mIRs2axylvP73x+57OjH2mouRpGNkEqfAw+MhH56vleq785SI:8psQm2my4KDhI84Opv9fAw+o56kqqSI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML MD5: fca64a2482b71493494380aebf0f70d5
SHA1: 960cfea3589e316ca9600a4572e82c0be9c4634d
SHA256: 8204d1b04ddc1758ab23965e7f6de24908aac848c21c7361bbb8499826c34650
SSDeep: 384:876Zg30+9rRJkMvRtZzMAJgCqqnFqDNn8EbF+ascFM:26Zg3L9Jk8HMAJgCPKXx/PFM
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML MD5: 6dd42a8d3b7667942849764d227be4ca
SHA1: 5a39b48e5f6fa66eb499d029e092079c8a1faaaf
SHA256: d9bde759a0584d33aa7e440b16fe76b03acf6d9a4e4f8cb3d2b54ffb880b19be
SSDeep: 48:1ExErmXNh9/DrDLvzc2Vbp3xNd39/n9Euwt/iukX5BzCH2S0N:iEqXNh9/HDzzcIbp31E3/Jkp5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML MD5: 09fb777a8601f403e5d59562fb335e21
SHA1: 14e9f11a90653cc9dd30bf2665455c91dc5d0987
SHA256: 3222a749ac8fe245d70607fa7a9b5c4865405f04f8d1c5177a6742b43c950d38
SSDeep: 48:1V1gRIK/bNfaMQyzjIaG6KV+mBzCH2S0N:ZgeUbNfvkZ9T5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML MD5: 0ba20668ca974baae458bef5eeb04e2a
SHA1: 9e7878180035708d5968008362663357c5990bb8
SHA256: a16f8312d92f9eb51208ef7f85d325cf40704fd12f5ce7e99e7467210d77bed8
SSDeep: 48:1lIaTeHisGZajIK01UKg/GwFPsWeYXzfp00H/53VK6DPKHl55rLHBzCH2S0N:nPsQmI10/GwpJ5XV00f506rKF51D5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML MD5: e2bf05c1577ccaa562884806d80a684b
SHA1: 76d84e261fdad27c7ccacebbf169c2344cd0cd6b
SHA256: 7663b774867173fcf0f4b9a2e0cec9803f96df45f3495c1a97e97e40df25d3e3
SSDeep: 48:1nd9ZzYaobBYQ6eQ7FyhsMOpPJOVynNkBzCH2S0N:pDZz4qp6yBa5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML MD5: c43fd82566ce8969b6944dedc459fdd1
SHA1: 165a04b61d4b8f759e4158ec1c63ef692ec777c8
SHA256: a4b7decd149a754f5237ddf5b504112a6b62d6b2dc007257bc0e638b6e609dab
SSDeep: 48:1UTKikUSB4a5o5UdJHw3Ov0+VyxRlUTBzCH2S0N:eT0IA8MP0ZxbS5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML MD5: 75b3ad3eaede690ece05b78a6950d47a
SHA1: 4b3aac0b1de5c4b809da0a592b0f8137fdf0c3b6
SHA256: 507c2e1acf34b4ee73084ea1961fb3f81a997fa095f83cd2a1fed3ec221509f7
SSDeep: 48:18bVQMGBb5uOvuqTIn3Gd3G7HBzCH2S0N:+bVv2TIYOH5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML MD5: f73c36647e1d0893397a7e51e36697d3
SHA1: 85ab6315a2865cb6ed608bdf4ba7cf49bef4bb91
SHA256: 03382cee22e0831f610adb9f54b6c9ccd33c728e84a7b9ec7361632d9b12e73b
SSDeep: 24:1endgeJv4E6tSr/Se28yUHErMBnR7kVGE5QcBuKABfLgnf3H2id0PV:1oX4ZCcSkID7kVG5BzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML MD5: 83becb9bf6d5056141c2e772e90a9409
SHA1: 2f2763530dbc0d90bd755e245209081779a1e675
SHA256: fc4cbc42e1c87396a0c729e4389fb2e1ffde2b85c054da24fa5238cf6c438703
SSDeep: 192:pxGPBuzhIdQKMVrHlC138cvwrgXq0jVmEm7H47sSI:Woz60VM13P00Pg4a
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML MD5: 5636a0c3f7b477a767f38be6fa6d39ab
SHA1: e2ac96f5b086d28fd76b8cab8be7fa2dcabc82be
SHA256: d3475294923930a2c9900772a1508553fcbcd180c90f50d264c4e7ebf9aec796
SSDeep: 48:1jy7aJhVMwNIBV7Ac3UQbSAskKQkjlIBzCH2S0N:Fy7aJfJ49bnwkKQ55SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML MD5: 7e6e08d806595ac3d7660738113f2f4f
SHA1: 783b684c36fc6fcfb360073eefe1a86b1f0af26b
SHA256: 270e037d4b7999ace36c83bbf6891f009cf0733f6c61f69f6022df1e56935250
SSDeep: 48:15ZXvioG3wiC1PoFmKLw0K3WG0XeJmtPIW5BzCH2S0N:g1BU6H813ryJIW55SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML MD5: 4c046fa335cfad1f6f9d599deab56389
SHA1: 7cec452535f9762e2c637c6558c50e338aa2f2f2
SHA256: 2d6ed18f5fcb29454af307d3cfa92599e21039ad982ae9449134d9cbf80260cb
SSDeep: 384:k1Y1Ou7paVJdOdJ8fJLz8kfDb70mLSP1yi/x9J+28McdIWC:k1mOYpafewJf8yDb70vzx9sMcd6
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML MD5: 7e1b6ca0203afbbc209fea484960e96a
SHA1: a57c32925fcd3394e3748a3848c77958f7a24517
SHA256: 201dcbd3838791e6323de75ecc21cef8e3aab1327889289c1138d4653c9f983e
SSDeep: 192:vQIXHtJdyzVSG+O4Iap1WiVfNEaEHnkS2SI:vB9yzVSVpp1WiVfNEhHkH
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML MD5: ca8e6d474cc8835430af706f5b2bc54b
SHA1: 5be6ec5e3c1577aec6f4e49937ae6c69fe47bf31
SHA256: 5ed040e3f9410923c58161047383d129ad0720d69a66b2d8b247e9e6bf66384a
SSDeep: 192:nr+TC+5b2rHA9o+BrT54buW4y9wCjQHjbf+KYc/o+Li8824KMvHCFgA6m4pGL3pB:rQCob2rwn/50uW4iwdHHZYqo+LmrvHul
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML MD5: b7629dac99e12f04dfbd5eb8edfe9e91
SHA1: c7cc324ff0a220d63c0ce2b5fcd88caae0e4af95
SHA256: 3051574f90f518ed7bf64bd3d7fc06fff9b7f7e325dd9533c469d9fc528c3889
SSDeep: 48:10oA5jTLSqz3H/XmK/y8Z/o7jA/vNV9lZ2pNk/ivHL7Ec1puBzCH2S0N:zAhLSqLX/y8Z/o4nNV3gogHED5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms MD5: 1167eb192e9f7c2690f84ebcb8dc2c8a
SHA1: f70a22dd18dd1aea25f1220e1ba85c6cd92b0749
SHA256: 2845d765d380aef99d8d4da014ccbb7f2f7d13cea78cb0b0fe613f96e2785067
SSDeep: 12288:klrl4gLSezlFDmIsZbhTsC9Ztaw7G0E/wyjE+TIdoQmt:kzDJMjz4CBawFwdUTs
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF MD5: 8bd3f9d9e650405de865181c0cf255a1
SHA1: 0984d362bc9ac922b9cf88d9d3091a031fd65ebc
SHA256: aca4bad5d5388e0dd1771596b738d8aa2caf89a52be0bfcd00239a0a3c53a85b
SSDeep: 768:nIG8g6lIEizUDiqnwlEpN8ujt3Y6E1dPoUYenFwLWBiF47EeurEseh2LaXfyAj0/:I9IEPKEpN8KtHqdSpLpK73aeoOPyAj0/
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms MD5: 8dba540c05d13defb0ec65bd825b3f01
SHA1: b33d02d40af78cdc6782be4dc19634bebc7c6af8
SHA256: 813ad451050909f891cc1e5aa0d894be48804a282e7123a1874703e8fc79f503
SSDeep: 192:y6KT4eINqz0v9tyuAIBd8PLuakw/BWQ5xm9nQF9kWNdKHsmP1FLRfM/YSI:y6KT4pu0v9tyk8Duakw/BWQxmjo5C11F
ImpHash: - 		Access, Create, Delete, Read Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_ES.LEX MD5: 2b7d397357ae3b12bb6a9cb9849954ae
SHA1: f10eff826cabd8a0b17325e76e2db5c073e8829b
SHA256: cc1a2bcf8bc0c42d3fff7a131d72c7136dc27d839a4f2cc5274e34bf30205851
SSDeep: 12288:0Wl7C8EpL2M/u85yYwCHgwLpfzbnLi6XJo5:RFEAs5zNJE
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_FR.LEX MD5: 15df622d2fd4d3d69886c572a76929a8
SHA1: b76ba1e014b86af71d898a99f05e11e521bcd196
SHA256: 5d0d7181ef287ead4596bdea5ae4093737361467a33d88287b34291efa6a29d8
SSDeep: 6144:+S/z29P4BuRKB9ss4tb/xrKd44VLpZ7Sy+D78mW:+629P4oqodGd4OL7Sy+D7XW
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM MD5: e70cffbec83ef664140063a2501d3ca9
SHA1: cf5b7dc560df52f557d9c84eb01545850a657264
SHA256: 709524eb076bca9644fe0c381981463c6df3e43985241fd6f195787f0b39abda
SSDeep: 192:y4uJ4C7g4l+Z5osqqcEq0wdyfKFPl2EGsPQOLbTQAgF/GsxSI:PjCr+ZyqIXdgBOZLwAW/7
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL MD5: 01fede2d6b11c6ab68a75250c78636c9
SHA1: 6ed3d1fad89d64fa75fa0e89933b12fedf7ff7f5
SHA256: 80ca74e1a3ed4159afbe776977f66461926b54bb41f0263e580ae6d0f2bb336d
SSDeep: 384:MVuO70iX59F0CykBQzFNeLdCfxsU87XQBZ+G7ma4:NchX59WCykWzodnU87QBZhd4
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML MD5: b56772a664c9523fb2cde8d289cfc4a0
SHA1: ff5b6d32a0436c2832bd2d7778e84c876ef25b0c
SHA256: 8d7336fffe613ce747f55d3c31dcf7ab31984525113a95e246f0c6c3ec592b22
SSDeep: 192:wo3qn0KWWKyge7XvLHDzF0DyojQtwAXXFWENarVhcdQRSI:EEKvLHHF0+IQxXwENEVym
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML MD5: e979453b67c9f8abceb4acf59f7ecdce
SHA1: d8424f102e3c2938e876a137dc14f83b454ea6e0
SHA256: 5b4459cb6676450edb1b0b6bf83a5d3d7d17abf5914a83fcd4331c046b2736c9
SSDeep: 48:/TTwKsKsVcznSlnL+cAsHvQP+pjTaNdOKPti+BzCH2S0N:4XKSlL+cDhuCJ+5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT MD5: b578b8e15d1b3d8be1c1618581a0e050
SHA1: 538f92432cecd85c25105dbd6731955cf2ddfabd
SHA256: 48cb1fee97abd591848a0a5c33e73729c6b3a1880994eba4da56feb0ddaa5bbc
SSDeep: 768:TnFq/I/tC/fIKyvtZrY1Hy59vmcAt3SUihuV6iX/xDJj11ZBh+Ghqv:pq0CYnF6FY9OxcUiUFXZDH1hxhG
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML MD5: 5b27c83d15c767861614cd67017974d6
SHA1: de7069b6a85a0dfa1fc4420a2ec8fbcdb161ff9e
SHA256: 8336ab57d129b09acd93b4c39f02f0aca935729b043ecd8f2d3108c9d6dd198a
SSDeep: 48:DorjMum48tYwJC1RjGqu2NfZjKHIYSqhaQcU4DSLV3zZ1SZ3URT/7LXKBzCH2S0N:D4S41lGYJZjKoYha7pDSp3d1NZe5SI
ImpHash: - 		Access, Create, Delete, Read Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML MD5: 1bc668c2467533618b02528c4b90d2d4
SHA1: b378ec5e1b31a364ca6c4695c461c7210a6e0fd5
SHA256: 417ae6be5b366c69aab2981c40b1a779ce5065a12e7207a96bd894898b0b8a29
SSDeep: 192:CdMEc5LXoxuMkF0NxeXIe8n36Lgn2cF60KWkStU/2/PTDmFHf1LSI:CdMB5LEuMs0NAi36LiFNKPyU/KWF9V
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL MD5: 2e4a73efd6181ca4c9f0e9a003f63c74
SHA1: 1d1bff424f5f01c0ba394a9e31c6c039205c5cdb
SHA256: 7950eb50033280893a14963673406ac742ec3b2a67addc085eefdb026f74799a
SSDeep: 6144:r9yU36LhLCxo9AHw+NqT07NCm3ZBRtIfp:rYlLhCmGHY0x3nRt+p
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT MD5: 322783c887cddaeb7d6b47eedbb3888e
SHA1: f746323087a8c65fb44a842d3cf3231cc66803bf
SHA256: ba9090854d27a9d28bbcb5b460bc064e726b4bf96bd1f2d9cf369212241a280a
SSDeep: 24576:2DipRdNDp/eqwBLPfZii3ShjS2q0KWvrZCZhVqlchVCgi9rqP:2DiPDBeRSjeGZCZ4cOTqP
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM MD5: ef1322218037848242a1f1c3bd77853f
SHA1: 233c648d7e74535f242d92ea3436689ac5f80962
SHA256: 8d6a87027b699c9777c889dade49c7ef0d102e172fb810c02a7ee62b8d0036bf
SSDeep: 768:bFtyGNWLVUztumZelC2y1tqtJWHIRU6jVYCvp+lkU7w5zbQwV3m3sE4I4PH3Lp1I:uL+ztumZD2yyJRHp/pgwfespBPbzkb1
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF MD5: 3f011a59a1a84bcebd86ea3cccee6a44
SHA1: 3a1ff9e66ae1f4dce4bd30acc995f605ca6ffb76
SHA256: 6d097faac9316a69198316a50b494cf2c4a9ff06c4f8bb585d006b2ff4ee4252
SSDeep: 24:HtL4BNqF2SkqUamtbh+OfmA4fQcBuKABfLgnf3H2id0PV:HJzQDJakoM46BzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF MD5: a098df64ff997c2a7466f0390aafb8b8
SHA1: 417503be0450ebaaa4a44265d48c6910c4a39456
SHA256: 85825afa80e81765c8f9762aa2cbead36b42b13b3172c261aa1d3f9137c4ffd9
SSDeep: 48:bOn/QS92hPzKZqy9wlhzwEKLXfwDuQ0S2CVzEeB85DH24CBzCH2S0N:KnoNuQPbzwpMD9yWEec24C5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM MD5: d06a68fdc8a0a598e42305e3d035e2ba
SHA1: 88adbd16fcb9f6fff41db7b1231891f97b8888b1
SHA256: 81f1bb60e8f6f3065d6735a4a9313bc9e73e7f287766b2583fdda2af1c256c07
SSDeep: 1536:9+cn2wayVxXyswOm3Hhra2r4kJM9WoR2IGo:9+2h3ys5m3hrtcRWxIGo
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.INF MD5: c56d56c3692666dc752a89eefd5dd2f7
SHA1: 7fc9736457ac9a7cb08e13d40ec8a3b4a6403009
SHA256: e1c09ea6c5b2c775513b0a3539147ef9bde9ab7ea3b40c77380b6446fa58fc57
SSDeep: 24:HtldWpR/I3eoXv1RBAXmdX3elcQcBuKABfLgnf3H2id0PV:HPatI3zXv1zAWdXulXBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF MD5: 04a72106b6d6b3b457f58533bbc6300b
SHA1: 9191c688b86523cfc5c7e83e02cf0923e1c94598
SHA256: 213205a85a4bf0a35d978b3f1a191c8fe6017a0ab5cca904619e3b3e40b313c2
SSDeep: 96:KpnZ+3LAN9Uy6VdZNDR/VFZqdVwI+n5SI:Kpn6kNCy6Vd3vLmVwI6SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG MD5: 96a9b238b3fc7b8d809e7f6f9089979f
SHA1: 42b25d425bc8836950dda73dba2465956cc4d6bd
SHA256: 8c5165573c44287ca5087f2cfbfcf43801eda6861c42969974ccd3abbe8b24f9
SSDeep: 384:lLyq8/PcUA6iy7WtM1DinD38rQQSiIizZCMjanliHaM:luXcJxYWu1DinDsnslLM
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM MD5: abeb97419cbbc28334671550f5075883
SHA1: 1337953a36046807a4a1924e823493e209fc375b
SHA256: 3b3765206c61ad32ec8a4d43371cbbc869251f9a8a8d1a4bfbb2c84abdb694fd
SSDeep: 3072:YtFQZppHIMfq8L1B4wVaR5qQaNRDNmv+kVLbkh0sHql:xZXIMio1vVamZzhFklgNA
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.INF MD5: 132b6e844f70e79ff9586d05cdd43202
SHA1: 6304a3cc220e326509078e847b39e0314e36e2a1
SHA256: 77ca89c61d7f2c0d89cc2494dba5b34670794ab2e0d4015612c60bc5cd2e5501
SSDeep: 24:OkP2ban7dTIywZ24lxvM8zGGlEo1QcBuKABfLgnf3H2id0PV:Aa71INIUNFTlEoUBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF MD5: b05593fb94f312475388a15199a2e98f
SHA1: 36c4d91b9149a540d5ab1ce439111863f975a515
SHA256: 09cc86445172a823e4eb6346750210b0e2a3bbf16e8672c43b2c8c633ce320fc
SSDeep: 48:Ae6Dzw41yvy+uVl9uWrfGx8UMjPqa5HJxHiudNt9Ma4RFVcd4dBzCH2S0N:Ae63w41/hl9S6qypQudn9q84d5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG MD5: 064e74a60d800a34e94ca29b54192874
SHA1: 0b1bc6453cb7f915387dc18bbdb43c3a539fab05
SHA256: 408ecdd9b43a4ddd1b41aae6d98238a9b1f0c3019c6b45e7035cf2e69ff484a9
SSDeep: 768:Cc4puBZAPFaJFz2o+idfo99eaqkQ2ODb/A2+OGjca:UuBa2EdiJo9Y0Q2Fzca
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM MD5: 5ffcf5562eac0f639ef0a1b57ad82e54
SHA1: 6b79dc8a6ef69de6c5624f02433573acdef1844a
SHA256: cc9b6b0ff314f9d114e8456c5005b1746511d4e4e9d478ef5b8ca11dc38e7040
SSDeep: 1536:nw9/By67XOEZdgoo434BIeD2ROob80vAg:E/BfbOEZdkBI2ob80og
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.INF MD5: 584c203fc691f2b370264bd332033811
SHA1: 0b8139bf3f5ee074c372cc3e1e2d2996d4c1ec60
SHA256: 473afc8b70387c092450fe27ff596a6bc393552137afa20eff724e5b9f38f1dd
SSDeep: 24:HtMPwzqGRH0fQj8KrpuJQcBuKABfLgnf3H2id0PV:HkwOaHVj8mPBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF MD5: 8d95c180df12690ae3e5aa730983aa5d
SHA1: 2ba6cc2f5967558e3eec477d16b2b69cd8d43167
SHA256: 154993288d02c04fc91aab04c99ce1589164ad049db7d456e74cf9ac3cc62890
SSDeep: 48:Ae6Dzw41yvy+Vu++9SFnqoQ1XfiOvP41MvIRhBzCH2S0N:Ae63w41/DRSFnCIMvwh5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM MD5: 371a76eb49fa458aba570cf2a6675c2b
SHA1: 9fa445fd9a3471ddf900d713fdc264e07c4f74f1
SHA256: fb007cde6beb04b0aa2eabac8d60718aede1687bc32e344725f87d57b2d966b7
SSDeep: 1536:pw+3mfkTZPdv2CzkWxfNIp8ADVFq5pm4+9IN78mf67KO:ykMkTZPt8p5DVFq5c4+9gC7KO
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.INF MD5: b9c4db2df76136950fb6622758d59b7c
SHA1: caa382762286e047144004878bb1bc70a56ddc0a
SHA256: 34c2271ca5760fb0ac4f627275d5eb0d16c8662844f1d7df6738a15193f7a681
SSDeep: 24:HtDDG4JY4CIId78tvHfQcBuKABfLgnf3H2id0PV:HRGjn78JaBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF MD5: 0c4ac283d420dba569e0e74fb4ef1dd7
SHA1: d913a036489a9a22d9651f656561ab9b66300ab8
SHA256: c9ea34a28377393836cd2fdee3c3650685dd2262d5e1d69c4774105bcd37407d
SSDeep: 48:8QYqzQNeP6BsRMwpoL8wazhsoCCTmfBzCH2S0N:6gQNePOt8+azT+5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG MD5: 9ecb5f469952091d89355d9a758db1c1
SHA1: 48130c763b24cb2416aeddf9aa85e0aa12540deb
SHA256: 9842cee8904c34c92bbafbf8f03c455d5cee902fa811d5dcb648f70a96858a87
SSDeep: 768:h5mZMpBGKWYviAhzNmWIpSp9lNtTzMvQnt7cMVm:HFzWYB8WIwftTAvQtwL
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM MD5: 6e8b657d5c61fb1d99207e74af9c722e
SHA1: a803ee0dc1c1092cb2f63486bb4ca7bc6b540417
SHA256: 973e56a2adab7a2e0bdc81d663c637d46786f448f8c6c3a4c62d704ddc1f37ef
SSDeep: 1536:vMSBVo1VYGrV/s8rd6cE4FDDSOmA6czr2:vhVoIGrVEad6cPXBzr2
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.INF MD5: 7e67f2953607941d7acb9a2ac5cd8ddf
SHA1: 1154046a60ac4b0346bae563bf5a71f97eb639c2
SHA256: ece7a68a70fcdab381086badfc8af2c1f3231bba0c238eba2e6e06f435c54e20
SSDeep: 24:HtTNLD2lSJldlAfdiYFs7QcBuKABfLgnf3H2id0PV:H/LSgldlac0suBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF MD5: 74d0e33882db7666272031c2dadc6319
SHA1: 98fb93431006d3dfb856ac65fde91f5e0f6f1c35
SHA256: 8c294c8d42df92765f86ba884ba2dd45317d9e5ec49526b173e461beb72d8055
SSDeep: 48:Ae6Dzw41yvy+uVbnvqO14uEt3YYKQP7EJ5BzCH2S0N:Ae63w41/BDv/G3DK/5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG MD5: b9557c8306a1eb0959df08d52f1cb794
SHA1: 157717713fc1564bc049c0b97548401c30c22480
SHA256: 9833f970a9efa5ebd0d8393f9916f362eb46cc0e148342ab8443aa06cb9b0637
SSDeep: 384:UrqGJGopiXvg2mKZXqSHsl3uFMRJwJf8lY4kvJYH/nghRhblTf6+aqUG6Mf7xJu6:UG8rmZ6SHjuRtlABYHYhRfUE7xp4yRZ
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.INF MD5: adfd23ab3d8b1273b6d8e2094051be81
SHA1: c17e8590a30e257e24122749f737fcc0f864ac54
SHA256: 06a99c6cd40363dbb3b23ac4e655247afd26e247041755cba5053f74314a0745
SSDeep: 24:HtRn4rjCc5jeV0klXhOmGzjxugjq7VQcBuKABfLgnf3H2id0PV:HbnajrjCP9h+x5jqYBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF MD5: b4d4434c3ad1ac2fa469b47ff2f1ae5d
SHA1: a94c91c135853833ec0377cbf90af3009c919f02
SHA256: 6bbea54447dd847011f44d53925698dc08043d41ec3900224d9c240b99930b8d
SSDeep: 96:Ae63w41/mfvjoXCjVwLLe39+sM+XXnH5aWgvNnYC95SI:A32vjoSjyLLa9+7cXAWiNnFLSI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM MD5: 0ff0d675abbb5a658b8972721378fcaf
SHA1: b2820a6248836b272f56a52e735ee25b54cb0944
SHA256: ba63eff07a78b8bbd1002a2369f77b0426240d93125e6856ead7d728c6bc0216
SSDeep: 3072:+9Kj9lZasnfolcsCOoRpOVoiU2QQd0dhvA3:++l0soqOig
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.INF MD5: a0123a5a70c06c8b16e2006859ef5dc2
SHA1: 6cbad4bde5603f7ec88acb70dde3f8ccfa09820b
SHA256: 3b397a9870825335b09cd4cadb333bc90eae05981834f6c58322817a77614ee9
SSDeep: 12:AAPV+IL1BnvvqdZtzUsg8Bfu0ffQ4oYGquKu/lBfnNNGnq7eTZQCnf3H2idxmNRV:HtVjn3Ke8B7QcBuKABfLgnf3H2id0PV
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG MD5: f791a66452850c134ae2626ed6accb44
SHA1: b3effb9707b539a2303216d7d5a216deff665a8b
SHA256: 697c621effa84be06ef3f13be72e1805937ee2e90891b329d86b77b6deb1cf07
SSDeep: 768:vetnQRkHD+uFccImQvCaTgyfMASN5SZ1X3SANB06Imcn4iUNsyVtJW2X0:GtQqHaKccIEWgny7X3LBDHo4i8syVqs0
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM MD5: 76de7474f446ef16ad87fde43273c054
SHA1: 45fe7efc6e7ffc10cfa6c0c7a1973a5daead7621
SHA256: daddade152c538db92fec04ab0fcdd1e8fb06b0476331b4c8eb0648041e44efc
SSDeep: 768://Wgpx6toXRRhGaWna1fpfXcAQGcq8jwt9NHUsLj9kS2C5LiQ2iRX/L+0i:3LpZ3hfWa1fpXc81PXGS75xhV2
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.INF MD5: f17ac949e069284604a0eb0d221ba0cd
SHA1: 60b9cbca600d5368b50c4a9883c83484037752dc
SHA256: dfed7e352f89805d479ac25f564cc0d688ea2f2c35c9da3cee96457161cd6107
SSDeep: 24:HtH45Y47/nVtV6FyA2ddEfQcBuKABfLgnf3H2id0PV:HVp4zVr6Fz4drBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF MD5: 6f3116d658c5078670dfcc517a89fff5
SHA1: d100b76dc4f25a4826a77d8219075eb14bec7183
SHA256: c4a780ef23229471ea162a79bd62a97372b1e66e986c0320acb6e2d85c44ad5c
SSDeep: 24:5L+yzY2kKUV+3YXA2RePHsqsY4/G94NallJrzmOGwl33QcBuKABfLgnf3H2id0PV:LFkKUV+3YzUPHsAn44vJrzmqlCBzCH2J
ImpHash: - 		Access, Create, Delete, Read Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG MD5: c252448b6efbb32a4035d90cd3fc1009
SHA1: 5d60f467d1bb6b9fe202f241134b536c2c65d33c
SHA256: a9eeab32aef2faaf9407b74c0adccff0c052b80836541c386cfd3fe3e7ad37d1
SSDeep: 768:zUH44FsQMHDFxSwFbdwC4MiJBy1o/IPM4LYuFcnekD11++GM++:AH44FsNh8wTweiJs1o/P+Yuaec113T
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM MD5: e6c27de1d541f902ce9c3847e2e0e13d
SHA1: d1dbebea44fd0c9fda478e546f406bc43be3dc59
SHA256: a190f36c2170d5ed8686f04a9ce5610cf1fc4c82f6c57ed021aa26341d61bd61
SSDeep: 1536:oOfw2YY1STjh9bN5nUUJGAHRpzkLz48iSpelCZH:o6wn2STtZUUMAxVk/HNk8H
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.INF MD5: 0ff2b2492b3e8c95033c5e562da99d7b
SHA1: 6fef2d0a58c49e3e47601768dd25cf49f046dc81
SHA256: eadedd76a9817ddbdfbfb41aed74f42d52471a32d7f9cdb1106a1449a406d5d2
SSDeep: 24:Htw4YA7gMO+x03OKQcBuKABfLgnf3H2id0PV:HnYRMO6VBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG MD5: 59feda59985cffe2526be16c96cf41de
SHA1: 865fc74c83124bb7acc72f8e17f25ff3a619f508
SHA256: b3370e5bc1223aea030d74d687423ae58c21b2db4aff4f25f6a6d0da2e5f6508
SSDeep: 768:BrKoQjo09n4xA7i46AE8AQteuCATaxJMjoKYg6av2:BrKDAxpoEsteuCuSJMjoKeK2
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM MD5: 049ebbd6347ca75c2b07106203d3dde7
SHA1: 1e20e73de5589edc17e3a5777779ddf152ce1499
SHA256: 6e2366f48be233ffe214134f0d08b6e08da1d367fe6e8b4dcdb54e4b63c6f9c1
SSDeep: 768:tpXua9pIbu7BAXl0o6k+g0Zbacmlrv8KfbR2E9AHF1jx5O8n1wfqFsdGod9kRbZd:fXuaIbuKXHqZ2lp8s2eQ1yHdpHkRS9HS
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.INF MD5: 1abf2e8acebc8ae53a82716b82d66097
SHA1: 6f083df41f7982f7c2e1893acd9f698c5d27ceb2
SHA256: 81cd982cc426d6662b31dd5a7425959385f60052d6235f4e31dcc76379fb2776
SSDeep: 24:Ok3CNJbXgesQIYa3CqFVy08vQcBuKABfLgnf3H2id0PV:6jFIYa3GqBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF MD5: 61ec65acc52479208a2f04abb0b15cec
SHA1: bb6a4ac0afeb01b41063fee3352711a20f0c4639
SHA256: 1c8b46d24a08e0df2547c7340e3605291e43e72f048b4e0b41bdd7e1c41da62f
SSDeep: 48:Ae6Dzw41yvyDukkdjA9OE2A7wvC9LBzCH2S0N:Ae63w41/+jFE2ID15SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG MD5: b77ab5cb63e10046fd3e8779f888b348
SHA1: 3cae04015f6c9adecb63b4dbbbec5c1169e55182
SHA256: f94737d5e7eb500ba18225fdb6d8b037ad2caf61b625b659d08b32a89c1adada
SSDeep: 384:BJfUYGovccRb7rVaviIT4qkr+uipoPogl/4a/oIf6BYSGeWsBTY8hNlUqWZdAW:vfLca/rVodO92oP9oIrSGeWIY8hI1
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM MD5: b5910dfb9e1a4744b9a241f914f5cbee
SHA1: 6615af984346cc5dca74192a7d426d66ea1d6d42
SHA256: bb353d1af2dd2e5445101bd06e31144773ed9012bfa5319ca134e95c7d85e1b5
SSDeep: 1536:uLVhrSOH0GhiYURZpGhWCsnEsJdFLNP2qgeUYtTazP:MVh24iY+0W7nE+dHRtv4P
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF MD5: 89a2d84e46e3213dcf4ba109d4993446
SHA1: f45ed5e586cbb1073ce46303cc45515120cc4ec7
SHA256: 6d7f49071d986e98979aa803d36690d0acf988bbcd16c7a71aac64469bff2365
SSDeep: 24:HtODN8zt5uiEO0zy/4ABQcBuKABfLgnf3H2id0PV:HE05umayw/BzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF MD5: edb54c780b934f877cf420711123e4ba
SHA1: 91dc59884fdd9d0bdb87641afa3b43bd3a7fe2a7
SHA256: 07f4f8434c84de67cf8f7fe0a966a3994867c8b8980b392232ced5f69260be6e
SSDeep: 48:pMR449B+peP64TCEhK6xvHwPhr18ZtTQ72H6BzCH2S0N:CqPeP3uOxYPhz7g65SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG MD5: 9224e605e84490ac0fa141a85e9a55f3
SHA1: 0b8539a51ceaa82957392c203e005b2fac1fde41
SHA256: 7a5b746e319b3514a275584352cfc9c9655a00646ade3e65bd7eb617854f9502
SSDeep: 384:CozraENqHiAGBUMI0+7lb4tgNU/ArF2BhGZT/HB9hBKNg/VPxoJ/s:va7CAGBUf0iNeGZ/HnhTN5oi
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.INF MD5: b643c44c544d291982521ca5d98a0718
SHA1: 0bde781d00929a3c0b47ce6d7028f2c3b79b2479
SHA256: 8ad529b8efcf603106ccfa524f49026c59cf4670b7cf0c4ee69e872a9179ead7
SSDeep: 24:Htg0dnkubLuBulQcBuKABfLgnf3H2id0PV:H2wkubLu9BzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF MD5: fb6a7ca69fdd2befb97ee9938bda6494
SHA1: 06e62996b7a67f39a9893c25af33c5f440d81f49
SHA256: be997130e8c9f767557c61670737d26a1e9a4d1013578b8dff23e572ac97e6e3
SSDeep: 48:f2gzY+peP64jBAWvhDf8zFXw+iF16BzCH2S0N:f2gzteP3jBA2E35SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG MD5: cac94424d8580b54ea33d830fe0679ae
SHA1: 4663f3d9e9c1b1268542b7fc0cd0f95957068d07
SHA256: 7bcbad9e5aa92fb1bf480bc6e4fbedaf873fdfe335f3c25d9cacb627db4cb653
SSDeep: 768:ab3GLIdW5kq/VVduLwtxeBMHc9nUZ1Wg8FI:s3jW6qdDuL4gC8e
ImpHash: - 		Access, Create, Delete, Read Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM MD5: c642dd8d53dd9f67b7866a31b87a4bb6
SHA1: ccf021fa4002247e3e9122f9835e8cb255caa8f1
SHA256: 2c5fcb872832f6b6e24b7bba695a6199701167b44d2fc698549b93953945f572
SSDeep: 1536:YIYSpkuHZWHSe2wSnXIIXebG/1FHULLZ9fFRKlw62jr8zntA4yQKkzD3hdk:YIfkuHZWHYOGn0LLZrg5rCJQKkv3hS
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF MD5: 3e28bdd2a7260879b430d22548a58698
SHA1: 8d7f52d47a7e46d4c4ebd8f1f6df9931317ac3cd
SHA256: b7e640faf92ab0538c36d9594e2bb17f0942119a7f93a7db658a4d70dafcd3e2
SSDeep: 24:Ht2Y4R5e1SwJvDeGPiskZwhQcBuKABfLgnf3H2id0PV:HRSwdDeGMZwYBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF MD5: 32b793c335a8ba202e13c78b4c267a64
SHA1: 6a7de4e7ee06b5b4ea1a2acaec47db1eb1b2017d
SHA256: 6106e5fc87f522aac91d03cf803af887daa9de85a87bef7f23b6c3ea4d0fa727
SSDeep: 96:ql0RyOhFz0W66a19sOnnJUq7kIp1WGaQhI59PSPYegU8MIjr5SI:ql+y5vsInbR6GaOIwpmNSI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG MD5: 6407a125df174f8ac885388da0c74535
SHA1: f128f495ff87ae9addd3ea88426483afe5d8f545
SHA256: 2bf444fe8dada037918671a4891f81a71e7d4bdf3f51aa2a3ec7ea3ec80382c8
SSDeep: 768:Xznui6xQpDB2xtwNyMqV2Jv07xNku69DRNjzboL:jnHrF2kN0V2Jv0vR69Hzc
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM MD5: 0f1457038aee97da2675ce08c01fb481
SHA1: d07434906befbd4ff4fbf719ef2dc668141f3b90
SHA256: 7405ad273a96e532920bfde085be6df54f557353171ee79893d8ea87a16778c9
SSDeep: 768:jAgJJ9Mw/ZxAgS9bqjXRDrRVcEpNFqP9hS4xZ7Psnhs8saYfqBPaDs7txtjbvUaP:jAgCw/7AgobYXRvRVrHFqFDxBPshxYKJ
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF MD5: 4df5c4d52472ac16da3219781ce6e3ce
SHA1: aef4a4a799a8f5abc1b520d4e10055b17c75449c
SHA256: b252197107f96a57962e62e6e3e3e24d93982b6011acbcdde433fe8817b16d33
SSDeep: 24:OkoTbST+wVyj/U9slQcBuKABfLgnf3H2id0PV:kk+BjS7BzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG MD5: abf992ac5ab3fc6bdbd267d1cb5325c8
SHA1: a44e45d606ae85f41adb2a8a59388f1f2ccacda8
SHA256: 7e189d4329e48db03aa352e433a517dd3f0373bf8e1f8d030159e3a5148849c7
SSDeep: 768:b8hJ+ORLn3Eoen2ftNSXX7Yifd94zrQ/lh:GJPEv2lcXLYWdt/D
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF MD5: 3a8ee07767b3b08607ecc5938ac7d138
SHA1: 97610fcc78e86939b45fbc31f73d25c2f4ca356b
SHA256: 054978bef99d252120fb817c1ed15d911788cb510218c531cde58e05a0680bdf
SSDeep: 24:Ok5NCjCwODTuCBmMw3QlPYO9ltGizCnqHFaKQcBuKABfLgnf3H2id0PV:QjCNDdFs5O5eqwxBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF MD5: 85c3d20725d33cadb00e5dad06f3a661
SHA1: 4c2eebf9041f4bc4a505e3e2d45051f429e227df
SHA256: 3d757a5e47fb0ad5ca9522e81d277eb7047405a341018239d0b06ecdccd9e633
SSDeep: 48:Ae6Dzw41yvy+ukIa/+F8iJbUI06uBfBzCH2S0N:Ae63w41/wiJb/06Mf5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG MD5: 21a61a73aa961789b4936d9824d890cc
SHA1: 0efdb9b6e44550e877069da1a471c3e004333662
SHA256: b341c31d60169b73b4ed5e0847e2fedb0c96aff2afc726ce7338061f8b3e0d7e
SSDeep: 768:1VP3sVXUQ4B/bF95Twp48k+IxzJOKS0kA4PrNN2uK:v3sVEVNFzwp4jLVJhS0YRNbK
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM MD5: 2e6b17fa6cee5aca59616b1b16f10a30
SHA1: 807b588333cdfa7dbc4fa310a29ff55d46b39acb
SHA256: 3a7778bdd5a95c9e0a292887850140784d1f2de43283eaea8c9bb359f1b2b54a
SSDeep: 768:3HqPLnyqUQb6svocukfepzCbezeuP6G5derUJ23hb211BbJgMAA9/O8X3whAHJ9c:3HOuqUevocukQ+be15dKUJKq1/rAA0QI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.INF MD5: 6a3022431b85dea2946679550f0756a4
SHA1: c8b4deeed2f158e12de1240cb3ebe03dd66ec85b
SHA256: 485db770bace7bee4bd96e8659a807be97d3ed2cc2013868746d7d17ab36e2bb
SSDeep: 24:OkHKboSUpmnHsIg5JXipG/TQcBuKABfLgnf3H2id0PV:VOohElgXdeBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF MD5: 0bdb6f27e7279a9cde206ca070fca607
SHA1: 97d0d91e54993ac74182f9dc0899cd725750eac5
SHA256: 1031d2cd8f719c1007fe4ca40e7fe4fd6e229a656a5177d82c1a4c73c35b16cd
SSDeep: 48:Ae6Dzw41yvy+ukI2uMXzkD1P2uCBzCH2S0N:Ae63w41/kYouC5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM MD5: 00015cf316a1df65f6ae6a531d4c26af
SHA1: 732b2df267d49b083112a41837f85ead0400ab03
SHA256: e3471550db968edb3cf2024717194d3382f256eaabab276acd79b8a7845994fb
SSDeep: 1536:w9GcC0rk8Oz6/IpnZ1qgEJ8qxVhl4QMhtTPzpvoQBdCsuhci/0:M80rk8Oz7pnZVEJ8qH/MhtjzVoQBdwh2
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.INF MD5: 800e540173987bf233e450cadaf96adf
SHA1: 2afc76ae12c9d9b54a96a280483f89942e977d22
SHA256: 474df62e294093bddaea78952e1c262a369c1bb438ce52738336c511f1b45798
SSDeep: 24:Htmj4aADhAjaBs9v9AWyJKkWEtl781QcBuKABfLgnf3H2id0PV:H3mj88FAWykM8UBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF MD5: c5db37ec8e1e89623252ed2798e1cdd8
SHA1: 088a7916339f119062666d6b7778f85a2d1bf8eb
SHA256: 29a5b8d9c884fcd976a1fb5adb30c78add9a1d759d31a0a12428bbe36222dffc
SSDeep: 48:S+peP640yuOYa1de/Wi+E4kwJ4CCmrBzCH2S0N:DeP30Mde/Wi+EwhNr5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG MD5: dff4139279ff67244c3a5dd3046c9fc1
SHA1: f4440c39d0feedf84e7aa88397919fcbe3c11b49
SHA256: 3b24d4c4488a2b15795273a6947812810ed340164df0db9c626711387ed77990
SSDeep: 768:YDkcOz6kMqUq43rQ8hwvTI7WEoz9igm05EO2r2bb2/J1q2t:M4miUXrzmvTI7J2iG5EfrMbivq2t
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM MD5: d99df161c66b1011b23e1e349f8d0d19
SHA1: 0e6b531f466e617aed23969496be8ce0c90cc09e
SHA256: 32908b03e9310fed7a7e91d6bc718bfa2c51639525086c71217df825f93cc647
SSDeep: 1536:OvYAWfQZwtzd1m4/V7Ra7TIEq0YpQhpnhjDKSP5NG/Ed5Ik+NLbeqxK:WWfxnf/V7UTSaDKSP5A/Ed5Ik+B1K
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.INF MD5: 56089dea669633a7e9d608979d85f031
SHA1: 5b11c1dfc6387930398d0861dd525c7c85ae82c6
SHA256: 69f8f234fd2ed530aa0daec576c26f05d8768d089d352c2dfd86655ea38df48a
SSDeep: 24:HtCSI8Pta2hYmREd0jykoPjQmIVLDkQcBuKABfLgnf3H2id0PV:HYZCJS/0jybPjt0rBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM MD5: faf14b3b81524cc58f7dc5db48919c57
SHA1: d248bcb563989fa0767ca03023966cea4f89b1ab
SHA256: 72ac3aa57ac7fe0fd5fe07d9210446f83da2d852aa2f6bae792dac5bccb422ed
SSDeep: 1536:b+1Rx+FramyplSTrO34rsYQ2RIANwSQ1pBanx:bwRx+Fr1yvSTyCsYDOANwSFx
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF MD5: d09ea0aa7461cf6a81bd34d46979614e
SHA1: 4c7217681fe168adeabcf8b4749aa97dafe77f69
SHA256: 71a2e65dfbb4d53742e16dc0fdf92dc9cfba62d36debbdb7135d7634aada3e77
SSDeep: 48:+5ZiBIoxeP64mRb6RI3EMVic9mUn/ipzpTlrbrwkpGGjRc4KmmFBnBzCH2S0N:knYeP3qz3ELcQ+/WphvrwCGGjjmFJ5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG MD5: b95b40f1e4771ed359a03fe7af988850
SHA1: 00107fb455461922cb2de6c40f3ffafd924d131b
SHA256: cba51c0da5d9550472cdfbdbc498a4e7d4b68b53fa9d59766f42c58d53c13f54
SSDeep: 384:LVLTahIbZyepBHHWKFwKHVJEhIxkRPFPCUPW7uaUaJq9Rmgte/BJjR:LVLTa2NH2KFzECx4daUO7uaUGaLtoBJR
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM MD5: 70bb91508d68300e01ee5624618faa2e
SHA1: 95a0e76f8b373a751de79c2580b2f2d35718cc7d
SHA256: f0a7565ee612dc90666d40e97256bac45a131d2aa6297179806bac66b8fc57d8
SSDeep: 1536:TDx7Tobuip/gxv4KGf4PhtZz6vleIGky3dee2eQgMLTZvqWmAsyvAo/yYGXeda:XNTkuipk4KXhtZQxvibbMLG2Ao/UXYa
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.INF MD5: a54726bd87577f45f7f03d0962e71c0f
SHA1: f4106bead1c788f7361f8ec9bc75de96b44e2e23
SHA256: 8855e7e8f908629a9bc3bd6a95455cf4ef403e6de81ebd7dc6ca5dad61052dc9
SSDeep: 24:HtP33XKXaVtTi31TXpXcXLRQcBuKABfLgnf3H2id0PV:H1HKXutW1DCLoBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF MD5: e6bebb0a7e8b97767a6c3b46ed3731cb
SHA1: c8f4eff1b99f6dda2e01140ce1091a8c7511df19
SHA256: 2a09172de9c88a1067043a9fb793085d3480c34a1e028a71bc519b89e8cdb86e
SSDeep: 96:Ae63w41/tM5BDhZSR6/bjoOx6PKArBIC3T/9jdVjvfih6JFWTEzNOYalx4B5SI:A3/CDh9D8QArSCpjdVmh63WsNOYal6SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG MD5: 5bae9fadd83d38de9f21b67c6d8e13b9
SHA1: b8edb7c9480898fce56cf7a0baa585e6d2001021
SHA256: ff820659ac6cd65beff875413f530c1dab8057d4147aaa9bb84f460bcd5c67ea
SSDeep: 768:OGeO7lhxF4nQG542ymDQy0QnXaidoNNDGA7TaowVmqtz:7eYlhYQGG2ymDj0QndWaVVmyz
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.INF MD5: 8d68eef8c0ccdc987b098a8fddd1caa3
SHA1: ad95addd6ea433b9302e7b62de50ee4d1fb67d56
SHA256: 31a634154b5aa01677372019ba57bdb2bfe37ec2209a847df015b1bdb98a5698
SSDeep: 24:HteFbZGwFRETlmgnQcBuKABfLgnf3H2id0PV:H+ZG4GJ4BzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF MD5: cd3f9cd4c85fe3bbd194cf0d232a35b2
SHA1: 992e8e43eb088ff8905216cdfa652117f2c20e19
SHA256: 4d6713cc92ad4a6a93ab7ba2c2041a177967b92c6e410ed45decbb238267adb7
SSDeep: 48:9Qy+dnKZqy9wlhGuzo2/Ty5+CzOBO5KhJDivzHORkMqb8a9MZtNJIKl/im2BzCHE:bQPbBz7LyLaEKfDibYkMqbTADil5SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG MD5: 7a5f98a88bfc39285494dbcd5d079e34
SHA1: bb805375b7a9894e348d0452e547012687d3f9a6
SHA256: 731ed1ae4756ae247a39418921d65ce9cd18028e60e14eefbf2cd83b2ad54c23
SSDeep: 384:Ei1PHfclDVCykTS8dKxNAuSG2chvjYVjNAeAGAzLGF/GS5ge2gNTV:EIP/k9kTS2kSHcBw5tgE5FV
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV MD5: 532fc519d89f648b6408b43a8ec9ca67
SHA1: 44e0a4bafdefd8e3e4f4de4153cad98e5528e45d
SHA256: d7a7f37610acacff0886cf685ba7e9449bb3a11aac497c69c20426bffbb71c20
SSDeep: 768:jxofzTNmRHWgRqS7j9/5it2au2TYigeQS4L6AN0TeS8+Pw3hV:erpm4cqAj95it2au2cfS45MRP4hV
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV MD5: 08d29c53af6533792ac10bb98c003d32
SHA1: 9998b7985b94d3d9c78a7c5a2dac35c43f53475c
SHA256: 19a83f4deb5c9d99872316927410ed48815f133233aac633daccc5b8d6670d4f
SSDeep: 6144:6S6wf5YoCn5xJ4edeZzhqiQ02rFfVwMKI56lLi2Emb:6S6wfZC5P4i3ZWIUZZ
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV MD5: 41c0464dbe10ee0b3bd8784a50af6a16
SHA1: 2cd55877e37eb1d00fc822d16e5c42c54ea13c46
SHA256: ff15b80f76902f64221dd525fc38799c428688cbaf9c9c670f105614c7b1512b
SSDeep: 6144:wgWaTKkbnAeJe9R8cMMa9ipnlJcYUjy1IQkQiq+/1oNjBMLf:wgWwjtenPUG1IQkuv6
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv MD5: f5d1392024489b697a38b4859dcf82a7
SHA1: b513651a003b14be8789e3e8f68c48a457e53b0f
SHA256: b52ea5a3c8041a56ca8ad321f8249e4ffad2b399ca4b84efeba60ee1db9ab142
SSDeep: 1536:ty5PxG4aTWSCd/jh99IN2eyamIEaQ3GW3MU:ty55STWS+99ivDBnQ/3MU
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Unknown
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest MD5: 79cf904e40e1be10e7a7d1a1ecd73721
SHA1: fd52e760a8df66b3246ae88a233942fd4666fe10
SHA256: 62720926f3322c27971ccaeb7e5892c18777c91cf8229feff4a6e52990a32be1
SSDeep: 24:1g7czngwaPZiTXDnQzsn9whoBc8WLFsxDoMeQcBuKABfLgnf3H2id0PV:1ecla4TXDQICK9WqsuBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT MD5: 64b6381208566ff81fc3fa4282fcece0
SHA1: 7e78ac5574cdef9001a503a84fedce0f20f57376
SHA256: c2e55818ade1e5e2d65110dea7cf8f37f376d7243c20097333ee55300b9f2817
SSDeep: 1536:GN+eI8Rj+94vGw4nFSI9TAEUPVZr5Oz1AIWjA8mS+u1nAuObkpTz:Stk3/JAS1AIWj+i1/O4l
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT MD5: 85cdaab71f698fb5fb73fd5001f97512
SHA1: a7e16db108d8754602be584de69dbd1356e583d5
SHA256: ece1b8f53d79b4dd702795a400f32f8306b6507564010c6ceda529309169f57b
SSDeep: 6144:BHrGn52qj0d7bM+f2kS17E0QA4CzbaUanNxMcomJ2+LNQnVf0ZdIpg:BivMPegGqUahomJXKnV8ZdIpg
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MUAUTH.CAB MD5: ba0214aba757cdeec9c2837deef58ef2
SHA1: 5672f7380361e20c3ab4411785ce9750fcc55b54
SHA256: f15bbfe40e8b7e9ed29a89d3f4f4ea643b7db88a39596cefc188db9411d75af9
SSDeep: 192:oCP9HINSV94DLIkXKItTftKGhLKDsUdRKq8DCC6WqSI:oUhINSz4HrXKSKyODvRh89i
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML MD5: d55d24905c352b5279a6609dc21d5e20
SHA1: c53983037eb4cd78b75659fb0bda8e84063b4c85
SHA256: c5941c2fe957ff9db0226957f8602cf79ae6e04a4c7e04df9be020a2b6227d1c
SSDeep: 24:1eHYXxfXu+eNQ2W47iVuA+S2O183lFkKQmkegClQcBuKABfLgnf3H2id0PV:1K6GVNI47inHOj35kegCkBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM MD5: 0b1cd8cdc1b5eac1d91d1203f7e60ced
SHA1: 4ff8a01f3088c36a943188fe0084746ff08c9baa
SHA256: d838c804b4cac90324d1b23f1362ab808273ec25318ea3be4cba45601b8229d3
SSDeep: 768:yv4hhf/Wmnkvr1AT33SfhVxgmRQly0WSor3qWHa:yv4v/WDDaT3CpVimRQJXorhHa
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM MD5: 5a9dfec6adfc22180cee15f9a5400899
SHA1: aea5fcf8c5f6f575aa8b087ae7653dbf1962bb05
SHA256: 1c1169d5c3564808788054e0ef7b482deb1a939bb3bc8faca6c9067ccfec0503
SSDeep: 384:E/5xYCOeMl8Pm3WQmF6PdJkpQ+LRw4I574kF9xlV+4aUB56Bc8F4JMzPFwK2rI1A:UrSe4/Wmnkrqjd3F9xlVL55xizusA
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML MD5: e0174f239a50ae9d51adecdc2454adee
SHA1: 2f57ff5a0b316a4a5f9b73a4eff8099c35df460c
SHA256: 78b52623aedde37e11857b5849a079337854802484050f9bee563b169b391342
SSDeep: 48:1iUyWF4iIOj4kIoYxchYNJLe/7ouOIgXfKP6oSFA6JRGcWwZDCisnBdnQ1/AgNmn:4UBF4aqNlNJL7uOIgw631mcrdU7Q1Io+
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML MD5: 51487d8ee2374801bf358ac31df76479
SHA1: 6a97b0243470f888dd668f1b100635a2b1d5611f
SHA256: 22fdbc7989b63013c5b390f20dc1733f826bb1a714375e80e8d9eb6f5166a528
SSDeep: 192:uw8tMZcy6G0Mbg+uRu/+iUtKyDNmlcYtZjUSI:3ZhLbgoWtbDN6Z2
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML MD5: bcf887966a02f4329e69afa962c2f820
SHA1: e720f6e3f50dd789b65b50f158f40551e4443235
SHA256: 713edea1c61eb82bf72fc6879a98d1254586606d3f87069931ff34382e5f4d6d
SSDeep: 384:4y/ttikyZK1pKQqV1JP7lGhXWfybPv3mjrr3ATkdeLK4G6T3WmV:4y1t+ZuAXPE4uPv3MrQASyS
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML MD5: 972b5921708c895f8ed03bdff9d18e8b
SHA1: 11dbc93f393e20dc34fc45a526fd831803001e87
SHA256: 5b6f73fcacdbcfcd73c9e7a15c215c78cc4f2c538715c91a30684ca4d10692c4
SSDeep: 768:XHklv6saxPBDFdnChsAuvabR72J1w1VDFoMXSoTL:XHkAPxPBDjnCG/v272JGvDFFXSov
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML MD5: 17d3e1bb878227ccd16be25e0d096471
SHA1: 8a7dfe6eccc06327c83d84467319f6994494e262
SHA256: 38a5413ef9571afada87f91e739f593c0ea95642787171e5c7e3e2dced96e86a
SSDeep: 48:1SShm4Dzc0AzcCNHV6bx9L+9bDKA6UzQkjlIBzCH2S0N:0Gmuo0AzcuV6T+FmAzQ55SI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML MD5: b2b894bab2c6a6a9ea20513c2abc777f
SHA1: 4b5e4d02209e986b7ab1b5d4db74f7c8ba9fa4ab
SHA256: 61a158f49bfb883754833ec3b25f782d898885970b2a8fadbe692cba3a8710ce
SSDeep: 192:lGK8+Lo2OvAQiTuAAyfEhRNwD3VgxbFCnoJqKwmeLXE+/dmv8l79SI:UByo2OwiyEOD3AbFlJzwVEw+mH
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML MD5: 8c924e620af48cab2bd99d4da2ba1355
SHA1: 541f9c6f97863a651a2cbedf0cf0c4ebbca26f57
SHA256: 3e2b871b9f808378f2249ceba6ffbf0e9e3425c1ee56025d880086a3abe93222
SSDeep: 48:1rxy9EYGZLz+Bpugaz5XXgYaokec+tXzQO8eWSF4OtoBzCH2S0N:rhYGIBpugYnXFkec6zQLkBto5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX MD5: df1274a8ab4f49c1b06b736ad8e9ebc6
SHA1: d5195fb0f9fa47f8914be272a0c4ad0b184d2615
SHA256: 7b8e5c37b5447b54104c38107631aac3326430a3ca07a1249594d200aab598c6
SSDeep: 12288:p3ShtZeyPBSvKJZCfQ0i4JjLvleLrIitVVxu2r:p5yZSv8ZCI0PJncPVXV7
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB MD5: 169e1c1d38925d4a163a47548bcf3321
SHA1: f6d25f99c8faab500b3d3319081fdd247fdc98c3
SHA256: 3d36169aae610d6f68a7e3eb0e78f7553270b1c4f7a59e10ab68bc9d0cdfc8ba
SSDeep: 192:hU2PpNHOonckoxh/OJfYQOw0DvuzvkjaOTi0XFefvCQDt4004RFKv2nTuLSin+Cq:htuoFojEIwQNaii0Ve3CGQ4RFKea+Cyv
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG MD5: 449f051e6ac4f9a334871db49ab2e928
SHA1: 2187978531ad71a3d0f6957c1e47829e2f4b4ec3
SHA256: 0b2291f9ffa041d06575fc18e8c6d68fedb1897add587b052c0d584f71845724
SSDeep: 768:ZEfO5MnMAgF8KiWqZ17vFja0Nbgq77Xnf:Z8OJ8J9Zt00NbDff
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG MD5: a9c9b540ef1d5ab6338b78e4afe20838
SHA1: 69601c7c9326d95182116e3974e1bf295599f555
SHA256: aeb51269527a4c7fd3c57ec1b6203501c0056758703ffd16b417448988b31c13
SSDeep: 384:/RnqgZ8QNm6ffeQJnvAXG7T0CnXI/LPbR2p3WQ5OJ5IPeq:/RnTkyGKv2GP0I84p3WrJuP
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM MD5: ae29b78398d7327df5310482590deea8
SHA1: 13cafff8a1e3c9e12f8ffb215e2f1e98c0d66d6d
SHA256: 0a0372a366f70a107f88e48d1750e3301b99e1928d24fd918c20fd6fe0f0a3d3
SSDeep: 1536:4R41vr5ubKV7yXmZGGvlQTjKhMstzLq/+er:4YrYu7tvmXpstvq/+er
ImpHash: - 		Access, Create, Delete, Read Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG MD5: cad349ede60da2426a40cff0dfb14406
SHA1: 5a71006428f1e319853a92b2b6243e4e822ef2b2
SHA256: 08b3de83fc3be7c03e35e40c9076627c00acf8d39e2d7a4ce5362877b6079209
SSDeep: 768:A6kYnJGKUFVx4Kv0HHy/iLfEefNrFSoweN5mSoVYRyFM5K3Cjy:ikUFVxRcy/iLfEorFSowEmSoWgMcS+
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF MD5: 3e9b39036aff824c14f6b79de28f79da
SHA1: a36b95a7c3dfeb10225111b19c92aed5791a9211
SHA256: 10e73f394767ff36e76d51a0d16776ecf3fefa32dcc321dc61f21ec25f1f1d06
SSDeep: 96:edeP34EVdd9aGgMm5NcsZ68F8z//Ce5SI:edePIEVsn68FC/fSI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF MD5: 9bd6a550cd4d09506ed70cc4d65261a1
SHA1: 13f64012a87faa57610d28224e7831295ba21c98
SHA256: 697284b6ef42fbfe107b46759bd986361e428411e4ee5bc09593272ac6099b7b
SSDeep: 48:Ae6Dzw41yvy+ZkC8gLWHLzh6bnWs6XU62jeEYvED2kBzCH2S0N:Ae63w41/vgLWfAbnW0Tjeml5SI
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM MD5: e18f0947e60f2f1c1bb8fa514564e20e
SHA1: 41676884b5343d3d2706ef63f85ddee02160d606
SHA256: c8568efb92823cf569e81e469db22e1f4cab873b7beff3392125e6ca9c986e5d
SSDeep: 768:G50ASjhIcQfzsbTO5LgZM5jc1PfvbnYJ5dVycqu8O0cBSq6AmP3mDJN:G5gqZfz2Tsg2prWYrcq6JP8z
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF MD5: bd39741f803e2c89699ddff93fdcee05
SHA1: db8de4b6d3040a6bd08815d62c914b0a12e05133
SHA256: 8aae3fa1d5ccd6727b70d7a212fb5cb9a1fc32cdf6ad2fa11b32803d7e914fca
SSDeep: 48:Ae6Dzw41yvy+ukOmojFDL6E3uVkBzCH2S0N:Ae63w41/BmIFDL6At5SI
ImpHash: - 		Access, Create, Delete, Read Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM MD5: 41e2eda2bd57e8954a6160b5f69b1f2f
SHA1: c1703f266188ee496684c42fea2d866b39ea69cc
SHA256: eb719453efff995ef4f2bf75ea6b232b403ec100a3013319527dbaa34faa70e7
SSDeep: 3072:xMD78NbbQJOhw+7xdmEfXUzNU7eRvkNDRfD7GsH+Pa:xU78hbQMhwkQuuUSuNDZD7D
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG MD5: bd956a5ec4f76f404771a9a968843b18
SHA1: a38bce9caffc274477d2c56cf07da66d8f4bd5fe
SHA256: 538d9b21926c9a3add00c80358d2455a5b061b0c4adb1877c6a76eb6aab68e57
SSDeep: 768:UaS7i18y8qjVgReoLuOkjoq5gxrolM3DcZoH/6UJ:GU8REgEd5gdbcZoH/6c
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF MD5: 54c9872923967846705566d3344a48f4
SHA1: 91263b05e048f6ae437f7ae28886826c5a83462e
SHA256: 35accaef25623bc4d64ef8057e06cbc9a6826830c9993d9c7a1fa948e6d9611a
SSDeep: 96:Ae63w41/PbtXun5PW4TMakAoJ+lZ54PiRlU70Ues2zPdY2xBM7PovD5SI:A3VbtX8vTMakAX5I0UUY2MUSI
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG MD5: b905860ec7328e126dd6bc15a7a6f9c8
SHA1: 9c2fee7acbbe25781e9e29184c118efabbc6d1b0
SHA256: 7bf7fcb8a175ec5dd1c2de2d43395027592b6fd0018c722c5d255e0d4ea9b680
SSDeep: 768:djxcLuHh1CWlvek7SpE4C96XyyFjkjN3JZAGzCoObPJAprJ1TwKSPLvv4ZtqE:Nx8uHh1CWlmhEK3+NjOhIJ1UnjuqE
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF MD5: 5fa20c139a729055a0162828a2b8fa70
SHA1: 8996d5d9176d746a5069e4bc0b80d03bf8fc148b
SHA256: ff3715350f33052fca2a1518c8a449d7052fb6a4f2f8fc4c3bcf623a5a544354
SSDeep: 24:HtFzMLRfMH+MTV7f9QcBuKABfLgnf3H2id0PV:H/4LOHnV4BzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM MD5: 9113b099ca4e91f2199356b4da28388d
SHA1: b47cc8ba7afef875607c46c619c57981a0a2b673
SHA256: 80e28d063c04c97ffd5853c3b08c87a2d182994a7ed71f18f1bb62e4bcb9d8d0
SSDeep: 1536:xC0XUehtSdldsLdHc/WkM+L+I6SgCA3Lzzm49YjLVpaXd:xJkePS9sLj+LJA3MyN
ImpHash: - 		Access, Create, Delete, Read, Write Modified File
Not Queried
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.INF MD5: 2763aa6e850f8466383d249bc9c1f9b5
SHA1: d85904afe7dd6e35af9fcca72bc6eba4127538a9
SHA256: 71c33216ffbdf090b2453e40b324220be880464a7b463781aba1da3b483b9373
SSDeep: 24:HtvNsWD1wei27q5wVGwnoGmnQcBuKABfLgnf3H2id0PV:Hz1Jisq5wHmCBzCH2S0N
ImpHash: - 		Access, Create, Delete, Read, Write Dropped File
Not Queried
\\.\PHYSICALDRIVE0 - Access
Not Available
\\.\PHYSICALDRIVE1 - Access
Not Available
\\.\PHYSICALDRIVE10 - Access
Not Available
\\.\PHYSICALDRIVE11 - Access
Not Available
\\.\PHYSICALDRIVE12 - Access
Not Available
\\.\PHYSICALDRIVE13 - Access
Not Available
\\.\PHYSICALDRIVE14 - Access
Not Available
\\.\PHYSICALDRIVE15 - Access
Not Available
\\.\PHYSICALDRIVE2 - Access
Not Available
\\.\PHYSICALDRIVE3 - Access
Not Available
\\.\PHYSICALDRIVE4 - Access
Not Available
\\.\PHYSICALDRIVE5 - Access
Not Available
\\.\PHYSICALDRIVE6 - Access
Not Available
\\.\PHYSICALDRIVE7 - Access
Not Available
\\.\PHYSICALDRIVE8 - Access
Not Available
\\.\PHYSICALDRIVE9 - Access
Not Available
\\?\C:\Boot\BCD - Access
Not Available
\\?\C:\Boot\BCD.LOG - Access
Not Available
\\?\C:\Boot\BCD.LOG1 - Access
Not Available
\\?\C:\Boot\BCD.LOG2 - Access
Not Available
\\?\C:\Boot\Fonts\chs_boot.ttf - Access
Not Available
\\?\C:\Boot\Fonts\cht_boot.ttf - Access
Not Available
\\?\C:\Boot\Fonts\jpn_boot.ttf - Access
Not Available
\\?\C:\Boot\Fonts\kor_boot.ttf - Access
Not Available
\\?\C:\Boot\Fonts\wgl4_boot.ttf - Access
Not Available
\\?\C:\Boot\cs-CZ\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\da-DK\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\de-DE\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\el-GR\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\en-US\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\en-US\memtest.exe.mui - Access
Not Available
\\?\C:\Boot\es-ES\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\fi-FI\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\fr-FR\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\hu-HU\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\it-IT\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\ja-JP\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\ko-KR\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\nb-NO\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\nl-NL\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\pl-PL\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\pt-BR\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\pt-PT\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\ru-RU\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\sv-SE\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\tr-TR\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\zh-CN\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\zh-HK\bootmgr.exe.mui - Access
Not Available
\\?\C:\Boot\zh-TW\bootmgr.exe.mui - Access
Not Available
\\?\C:\Documents and Settings\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf - Access
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.ELM - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.ELM.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.INF - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.INF.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS - Access, Delete, Read, Write
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS.ragnar_FD7BD9FC - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\RGNR_FD7BD9FC.txt - Access, Create
Not Available
\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\WT61ES.LEX - Access, Delete, Read, Write
Not Available
For performance reasons, the remaining 480 entries are omitted.
The remaining entries can be found in ioc_export.txt or ioc_export.json .
Registry (8)
»
Registry Key Name Operations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName Access, Read
Export to TXT Export to JSON
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image