cc30bd2a...7a80

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C_932.NLS.exe

Sample File

Binary

Malicious

»

Also Known As	C:\windows\searchfiles.exe (Dropped File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	44.83 KB
MD5	30c6ac2bd181d92490bcdbc440d527b1
SHA1	e3ac4120d556fc527320f883a36c445914afbc79
SHA256	cc30bd2a55abc25681990a831539c393f086b5720ee27266e1c4b1abc1ac7a80
SSDeep	384:bo6O5Rtl1Hz8s+DgS3sUShMFWrHx6mG0dimylQC9q9yYoOKTqoptTPgnsmEEFEE3:bWxYse3rAMguQCQ9Et4nsmEEFEEBU8
ImpHash	0a98a06f576cfeebd2f91325d9ccac02

PE Information

»

Image Base	0x400000
Entry Point	0x401000
Size Of Code	0x1000
Size Of Initialized Data	0x2000
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2019-03-20 07:33:07+00:00

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0xfe8	0x1000	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.54
.rdata	0x402000	0x72c	0x800	0x1400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.72
.data	0x403000	0x1740	0x1200	0x1c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.79

Imports (4)

»

kernel32.dll (44)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleFileNameA	0x0	0x402044	0x21c8	0x15c8	0x132
GetSystemTimeAsFileTime	0x0	0x402048	0x21cc	0x15cc	0x179
GlobalAlloc	0x0	0x40204c	0x21d0	0x15d0	0x1a5
GlobalFree	0x0	0x402050	0x21d4	0x15d4	0x1ac
GlobalMemoryStatus	0x0	0x402054	0x21d8	0x15d8	0x1b1
MapViewOfFile	0x0	0x402058	0x21dc	0x15dc	0x200
MoveFileW	0x0	0x40205c	0x21e0	0x15e0	0x207
MultiByteToWideChar	0x0	0x402060	0x21e4	0x15e4	0x20b
OpenProcess	0x0	0x402064	0x21e8	0x15e8	0x216
Process32FirstW	0x0	0x402068	0x21ec	0x15ec	0x223
Process32NextW	0x0	0x40206c	0x21f0	0x15f0	0x224
RtlZeroMemory	0x0	0x402070	0x21f4	0x15f4	0x258
SetErrorMode	0x0	0x402074	0x21f8	0x15f8	0x27f
GetLogicalDrives	0x0	0x402078	0x21fc	0x15fc	0x12e
SetFilePointerEx	0x0	0x40207c	0x2200	0x1600	0x286
Sleep	0x0	0x402080	0x2204	0x1604	0x2b7
TerminateProcess	0x0	0x402084	0x2208	0x1608	0x2bf
UnmapViewOfFile	0x0	0x402088	0x220c	0x160c	0x2cf
WriteFile	0x0	0x40208c	0x2210	0x1610	0x2f7
lstrcatA	0x0	0x402090	0x2214	0x1614	0x30f
lstrcatW	0x0	0x402094	0x2218	0x1618	0x310
lstrcmpW	0x0	0x402098	0x221c	0x161c	0x312
lstrcmpiA	0x0	0x40209c	0x2220	0x1620	0x313
lstrcmpiW	0x0	0x4020a0	0x2224	0x1624	0x314
lstrcpyW	0x0	0x4020a4	0x2228	0x1628	0x316
lstrlenA	0x0	0x4020a8	0x222c	0x162c	0x319
lstrlenW	0x0	0x4020ac	0x2230	0x1630	0x31a
GetLastError	0x0	0x4020b0	0x2234	0x1634	0x128
GetFileAttributesW	0x0	0x4020b4	0x2238	0x1638	0x11a
GetEnvironmentVariableA	0x0	0x4020b8	0x223c	0x163c	0x113
GetDateFormatA	0x0	0x4020bc	0x2240	0x1640	0x104
GetCurrentProcessId	0x0	0x4020c0	0x2244	0x1644	0x101
FindNextFileW	0x0	0x4020c4	0x2248	0x1648	0xbb
FindFirstFileW	0x0	0x4020c8	0x224c	0x164c	0xb4
FindClose	0x0	0x4020cc	0x2250	0x1650	0xad
FileTimeToSystemTime	0x0	0x4020d0	0x2254	0x1654	0xa4
CreateToolhelp32Snapshot	0x0	0x4020d4	0x2258	0x1658	0x59
CreateThread	0x0	0x4020d8	0x225c	0x165c	0x56
CreateFileW	0x0	0x4020dc	0x2260	0x1660	0x40
CreateFileMappingA	0x0	0x4020e0	0x2264	0x1664	0x3e
CreateFileA	0x0	0x4020e4	0x2268	0x1668	0x3d
CopyFileA	0x0	0x4020e8	0x226c	0x166c	0x2e
SetFileAttributesW	0x0	0x4020ec	0x2270	0x1670	0x284
CloseHandle	0x0	0x4020f0	0x2274	0x1674	0x23

shell32.dll (2)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHChangeNotify	0x0	0x402108	0x228c	0x168c	0x60
ShellExecuteA	0x0	0x40210c	0x2290	0x1690	0xd9

advapi32.dll (16)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegOpenKeyExA	0x0	0x402000	0x2184	0x1584	0x1d0
RegCloseKey	0x0	0x402004	0x2188	0x1588	0x1b7
OpenProcessToken	0x0	0x402008	0x218c	0x158c	0x198
LookupPrivilegeValueA	0x0	0x40200c	0x2190	0x1590	0x141
CryptReleaseContext	0x0	0x402010	0x2194	0x1594	0x98
CryptImportKey	0x0	0x402014	0x2198	0x1598	0x97
CryptGenKey	0x0	0x402018	0x219c	0x159c	0x8d
CryptExportKey	0x0	0x40201c	0x21a0	0x15a0	0x8c
CryptEncrypt	0x0	0x402020	0x21a4	0x15a4	0x87
CryptDestroyKey	0x0	0x402024	0x21a8	0x15a8	0x84
CryptDecrypt	0x0	0x402028	0x21ac	0x15ac	0x81
CryptAcquireContextA	0x0	0x40202c	0x21b0	0x15b0	0x7d
AdjustTokenPrivileges	0x0	0x402030	0x21b4	0x15b4	0x19
RegQueryValueExA	0x0	0x402034	0x21b8	0x15b8	0x1da
RegSetValueExA	0x0	0x402038	0x21bc	0x15bc	0x1e7
RegCreateKeyA	0x0	0x40203c	0x21c0	0x15c0	0x1ba

mpr.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WNetOpenEnumA	0x0	0x4020f8	0x227c	0x167c	0x25
WNetEnumResourceA	0x0	0x4020fc	0x2280	0x1680	0x13
WNetCloseEnum	0x0	0x402100	0x2284	0x1684	0xc

Memory Dumps (1)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
c_932.nls.exe	1	0x00400000	0x00404FFF	Relevant Image	-	32-bit	-			... Memory Dump Actions Download Dump Go to process

Local AV Matches (1)

»

Threat Name	Severity
Gen:Win32.AV-Killer.cmZ@aifp3fh	Malicious

\\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn.[ID]g9uZrLhJaygpwRm1[ID]

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.82 KB
MD5	ddd2ddbe6f1dae8dc46b81db7f6f1194
SHA1	e5e337209f17ddd45b5d754d5fc84fccb238fbb9
SHA256	15930d7fa7618d2ca0a25e89fd802db8b13df5941715051cc5644505159c8d22
SSDeep	48:32enb2WZwpxEDJmO3QSUH5gZlzIhzV5Vi1WdrE:320KYwpw8XvH5OoLVtrE

\\?\C:\ProgramData\Microsoft\MF\Pending.GRL.[ID]g9uZrLhJaygpwRm1[ID]

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	16.12 KB
MD5	fedafcf3aa22ead002c19a4a0be5d5ef
SHA1	882c91ee1d1fd952289d7da863d9a586bf2c605d
SHA256	96d93cf0cd971eee5a77181b97389cd0f49113c97415b9785dcc957ceefebb59
SSDeep	384:we3rr5JCl9KK1BI4ZZP8eMT9AQhBO92ISsAV5Z6ipIpatw:B71ybhnFMT9AQhBm2ISsK5oiWpaC

\\?\C:\BOOTSECT.BAK.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	9.50 KB
MD5	f306545a73896f38864d17264a3f7115
SHA1	ee42dc48678b6bc2c27885099a8a608aa7a740fe
SHA256	6f6b831ccb47843bfabf82e7e1ecb83f2fea897a00e064166dd21203e42e2770
SSDeep	192:akUAC/sku8oTB6+gqk7Ov3KeNCxagEqcuo0ZOcuW2pqlRzTz8IHoRtrE:aAC/sku8+rg/7OXcykO1pZtw

\\?\C:\Boot\BOOTSTAT.DAT.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	65.50 KB
MD5	ca8476ffe759aae7f98179abf18468c9
SHA1	fe820067bd63b4d58d84e8762a28cee143f7007f
SHA256	be9e50f34f0d609ee6f221251bcbd31a3535a7505279708e1322b4da274faf61
SSDeep	1536:ynwmUFaVBbh3O428wgs87JPsv4PXrWUBZpB24fFm5WHXU1HG/l3tKr:ywXFafoX8VPYGrNsgEgEG9tKr

\\?\C:\Program Files (x86)\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.67 KB
MD5	d5f353632ee270b8433513d8f4b0701f
SHA1	37064b82701cdbb09b8aaf839a1f92c02f8ddebb
SHA256	ca881f785b9e6ec7fd29e9b9ab628d09e83071630825fa54512070f6f9797a45
SSDeep	24:jHBdUcTDmhvr3kBhmIioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2Xudnw:rBpSF3oI3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Users\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.67 KB
MD5	6fbe2ac195820ce48c8054c9af25a20e
SHA1	e0e35c62118cf80330b5a4a2e6a8f897670b713d
SHA256	325d8dc9357bdf23cde46945f54005523b684bbca2a731d52fd25d24ffbbd3a3
SSDeep	48:R0NSMf78Z9Qj33QSUH5gZlzIhzV5Vi1WdrE:OIMfQZ91vH5OoLVtrE

\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.63 KB
MD5	2aa1dabc1c9d0b1b7130881e0b260805
SHA1	939d4f05f3e147911a25afb648aacbc8931ca430
SHA256	74ffd519adaa650d8cc64ca25ff84dfa0f8861d1810585fd6206944f20489885
SSDeep	24:0pwusfkD7357ChNOioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2XudnrV6:llf1Nf3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Program Files\Microsoft Office\bannedhard.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	4223a4261f88da905edaaecd935c7d00
SHA1	069b97549e4370a6902e40cf9178febe61701a1c
SHA256	e8c095886d4e0809407b6f7052a0d0710452331819525caadbe4aac95afff25d
SSDeep	1536:pZ9WJzu1iOBqOn8j91ixgzSFb4swHC/viGfTh/sK9jlNj2u3AkprI:tWNu0Yxs9tzK59Eo2u3m

\\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	21.11 KB
MD5	5dadb5e09510f12ee3aa52d877ea8886
SHA1	72ccb4114692ff887041e63a30d525b02f74597c
SHA256	cdc35a9f5a46b287a966e9d605f71a925f07f10ddfb5400f3eff754ea010f614
SSDeep	384:TeBx5t0yT7LHRtmeOaYcrP29LH/Ed73k5nq3sw/K8IfB5vidYtw:m5t0yH1t3OcP4u7b3sw/effvSYC

\\?\C:\Program Files\Reference Assemblies\sections.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	773b0137c890fdf38065b32c6b78020d
SHA1	b2e0442a1f4d31499a928759435587e69e56b78e
SHA256	38719e9f7c9bcac72ec9a31fe67fbe77586da25d4929d8d5a3850ef56c5fe414
SSDeep	1536:KVTeXGa6SoJBpxJhL8A2v2eJc/mm5jlpNPkwVloF9jeCCipuCPLk:iVJRJtGrc5hdVlGFeCClX

\\?\C:\Program Files\Windows Journal\gold substantially.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	e02df69c7ca1e01e1d7cf7625294301d
SHA1	2099d237e5d542f136a33f90e95154b8114c5599
SHA256	aa21c75b1a1b60f4af9ed9565d7e3bcb1814a26414c2c8bc0cf96c5e51637a72
SSDeep	1536:Ivlm0sSrpYsxAroxKCaPjiOs2XbPClvt11SPOqm/WnrP7:IvfsS5WeFwWgPOiX

\\?\C:\Program Files (x86)\Uninstall Information\especially-ccd-facilitate.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	d813cffa5b8669d98eb4000d86d3b835
SHA1	f8a3ac1b302bd114f0b7aaeaf8b457557ff10109
SHA256	4c400e2f233b1db4035b5c8ad6adebeae8f3d9feceea60e0d316a4a54081f356
SSDeep	1536:lCPIuoPm7yp5tUAbKFhwTA4ISoBpQFSx+z4sD+yzrZuyJ4id:wPrVuegAkoBpjgX+yoCd

\\?\C:\Program Files (x86)\Reference Assemblies\mediawiki.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	5960eaf64e156d9b961b4b3abccc533c
SHA1	249548552251441fc1d5d9329840f53b52b85c10
SHA256	693fa3b3f9aa8ae5a0b3569ef45cd98288a13267f07cfcc98ca9d7e2ba574f2b
SSDeep	1536:kJegyOOeQNzb2yJZmD4O/gAMNvCq9uieTnh:gegWI1IAexciO

\\?\C:\Program Files (x86)\Windows Portable Devices\liverevilusage.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	e0fe300edad359e8383a71d2019b136d
SHA1	34648d8120802115887871c19fbc5827bba41df9
SHA256	b593094fde665a986599ec0d90168a0e03d594de7f3aebfcf9289607678363b7
SSDeep	1536:WN04c10QY7ga3HDBAucPZ1X2xfo/ymBNOTVQwD+lv:033jBAN/WcNeQwDK

\\?\C:\Program Files (x86)\Windows Photo Viewer\suffernorwegianfifteen.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	0d597c493367427f6694471871b054cb
SHA1	64b4b28c426f6eb3d93d92fcc2d8674a7e93907c
SHA256	bd89f80a3c809b2cf0005479d7b6bcd346b3eba1efd6d42a7ad5b3a136b4d380
SSDeep	1536:JYLSTr7Jfdjn3h5YoyYsRIn85wFTDDvcFZWfA3al2aJrNsW:JCqP3h5YMSI82TDjEZGcW

\\?\C:\Program Files (x86)\Windows Defender\treaty_olive.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	f37b876a21c075b63bb6036f835aee02
SHA1	b6d8e3ea64935cd730dd67ae7f2188a9c067213e
SHA256	d468add1c115049ed29ec53d5b320c030586d83c3f8eaa1aac96afebbf43f922
SSDeep	1536:xx1GKvwzvtimcAjViJpXIPIJgwAzzxJZ62DjccyXjxikO:IKoO4cvIwIzz3RyXjxikO

\\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	105.22 KB
MD5	e8bfb617832bab926fc6b4f1e7f7ed7e
SHA1	79643fe9ceaa8188d1dd5bc3c90f88c176f3b1c2
SHA256	72548f4a24745be03081fad5210117eb97000ac4a7e50e53f0c379a5fbf2ea72
SSDeep	3072:y212ZzWqHifg2pul2kPZFly12tOyZ7/RWJiOZmbPdStUXFvvj3:y2AfzRtFk2tO4cJiL0UXxvj3

\\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	4.83 KB
MD5	f3b77d8e0125cba92fadb3e0b8aed617
SHA1	aad1203f8fa1b092a38b2eae28814ceeab1d05e5
SHA256	8968f368dc1a2dd9ba7b1fadad2a1e2c9b0d8486a343c2d2575a0783a9586fd4
SSDeep	96:+miUgus0hOuShOuRf8RPBYVb9/pfIldFx/P48BZYxRVSeJaVFBkcoOvH5OoLVtrE:+cgBuShOuRfqPmBCdo8oRVSeMVMcIoRC

\\?\C:\Program Files (x86)\Java\jre7\LICENSE.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.54 KB
MD5	8fa51a76bc5696b858d68df4af8d3c7e
SHA1	6dc286b1563c26dffb12d26974f62076d01187aa
SHA256	0c47b8c6e919da5b88e309d737721033f3b7465ad11a54dc4bbcd30bfd908f71
SSDeep	24:rpN1N8++HrIAioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2XudnrVWF:V98++Hsd3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Program Files (x86)\Java\jre7\README.txt.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.55 KB
MD5	a35360ac540111bf948631a7faa8fdc7
SHA1	36ad5efeb85ca1cb110d338f39d1b6fd78e3c9b9
SHA256	356d68594d64a039cb1258a6940ac4c02fae7d380af9c5c72d035f29a7d044ea
SSDeep	24:u3rrhlezLVrzsioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2XudnrVWF:errhlcVd3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	57.38 KB
MD5	591c7ca843c3e5a27338d4460ab2ba8d
SHA1	dd030e984076dad261ffec1afe2a0448a2343db6
SHA256	2c76b6569c398a39a27baa3143d56b22ba0b54beaaf4b3502aa778527febc6d8
SSDeep	1536:VhFM4UYWz5H3ZUHc4nGXkN/TZuF3jl2bg4Yojqv:/q9YioHnN/Tk5l2bgzoOv

\\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	83.35 KB
MD5	d643596430c1bcbd45507f2061ea6a5d
SHA1	f9aa9c8fd00e302fa99be4f882f9d6015a229110
SHA256	80f342e4781729aa1d94547019b356aeef47f70625e091fb48e52b26393fdfb2
SSDeep	1536:MhVOmz/GN72SRWkVierMsRUre3T7DXpUOAUVQHOn+d8Hqn1h36PGNltT+RQ7HmJy:MhVBz/iVRWkAkVUGnVU9UmHOnq8HmP33

\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	3.02 MB
MD5	2511e4640e6568498b9a7b41d271d18a
SHA1	b09122d464dcb9c907238755f7eb654182123c9c
SHA256	b93d5cc47a13e54455a497380327e1a8a71bb6ed2307ad852979460faf530f53
SSDeep	24576:xLQ3or2xNGBtgt6feH+zn1/P4UyNqtvFvJBH/vM:C8fMUeG1n42pPB/E

\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	247.50 KB
MD5	ba07fd65e6f70605a449f94a8e5d4e84
SHA1	5cc918b035ede2b3199431be5179087642c58d5b
SHA256	c3dd7c242f40e32496f626ca6b6295a82da4a48f6370bae54ce8c0ff326378db
SSDeep	6144:W1WZnzT6eJLet8t39AQ4Bapf1nDUbhIua5AXHk/3Gj6nBANmLUi:SWVGka039AQ6aPDUbhIu3Eg0D

\\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	53.67 KB
MD5	edef2807e364289c2e727090803b5b20
SHA1	eee6a534ef227dbd2158557fd2088ccb720f1202
SHA256	34485dc3de226965939d82f6cca34d623e138db1743fe53989afc68154d1e682
SSDeep	1536:bLLBeFGXZeyUgjW5AMu73BMwVUFsa+HrPx:bLLUFDy3WWJlMwVFH9

\\?\C:\Users\Default\Links\Downloads.lnk.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.37 KB
MD5	cdc708ce4bac00d7effcc020e71affb2
SHA1	f9f9b9f55628753f3b8a99c5707aed112023f722
SHA256	0d0636f9e89b17345bce8d706bebd64214e5c2d57b702f0c526de3a25a17ac81
SSDeep	48:ES4Si+2aKJ5Yw8pzu/HXNY1Qe63QSUH5gZlzIhzV5Vi1WdrE:EO2kpi/H9gvH5OoLVtrE

\\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	69.65 KB
MD5	3dab4a402d42ff4b3f68694a1d5af59b
SHA1	9cf6a3b09dd30fb6a47a40b10ef6c3f7ebd194ce
SHA256	b68869c09622fbaf0a1c19a5d46af2994c599fd82b3c13c3ccfd41fd2a42c463
SSDeep	1536:ULv+QQojzoFJeU0oeU6QqISh2aq6YUXsY6wU/Cf4zLR1y+/lMgzTgPgHe+5IeXb:Khz1U0oeU6QqISh2aq9U8Y6wUa01pl/x

\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	11.37 KB
MD5	a10fb152f508804393c41ac2957afc88
SHA1	0c35a5e22a7b46e2cd6f5f8b736419bcc986fd9f
SHA256	55c0d6d22a9458c603871d5a685091550a5d52fd8d6d1887295d2ee74b150e9f
SSDeep	192:Xj/OngQkp5R/mdNuYbmPjT0GSNd5Y8AmqsmL/lNWLZNrFY/s4MtlJk3YxXDjT4rG:TMLw3mf8PEvz5Y847bWL5YE4S7k2X8rG

\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	114.53 KB
MD5	26ed6b8cf01090c317fdde05340dd861
SHA1	13c1b31254a096c8eae51021dbcb9bada4ee1205
SHA256	70b2c2ec6817de98da4fc98fc5a82dd1fb5e558f0e495fc8c64ef217be3931af
SSDeep	3072:MUy4HnqmcSf/3Cogjgb0lKk9gbuS/MP8YKvvpEbw:MtynqmrfcUBk2buS/MP1avpD

\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	11.88 KB
MD5	0950a6fa5f6fbb4dae79a5b82a3348fa
SHA1	59594db84ad0acf93e6c226b9395f82494544e6c
SHA256	55fd0a79cbb972edfe11fad68a32d1fc7060167dbde16826ee0c12723ea404ea
SSDeep	192:0Pb+K5fKCoxX9GoWvHRTSuWxg2hcUjBDS09NagA2pJbgkbkWg+4mgV3jMiLoRtrE:0PqK5fKfLGoYHwpxlhcujfA24kkWxgVF

\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	114.53 KB
MD5	2a52cafb19868625b4fde45833f37b85
SHA1	3f75c75af934405f1b32815ed601dd633688d3df
SHA256	749e37f2e00d87214f4979721f067387858724aa9798d5e5da7fc544e9bb2cd2
SSDeep	3072:pbiQ7/r2c82+04hcAbEa0FXWWBFZHloQ7K9GGRs:h3qcR4hjvOXWEZ+N9G/

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.78 KB
MD5	cf901ea4ab9f3a1903ae11f0558e7a3f
SHA1	bf7f92f43b9c6964fd9887d254dffbd5f2c62fd7
SHA256	ae21d19c23d516e390b6fc66c90099ade80a82060e5e1ce842d6a65ac6bcd316
SSDeep	48:8ayIO2U7H93aN3QSUH5gZlzIhzV5Vi1WdrE:82U7H93ayvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.01 KB
MD5	69eea28718e81b3af09fc8d97ac1c209
SHA1	c3d5feca45f751778ffa6af33386203952d4315b
SHA256	60f60c0826a8438579928f1e1bb1d7bc470b3147fe14f59b0b3abea7a69921c0
SSDeep	48:95Lk6x/pwe9Q9sJ+5Cs3QSUH5gZlzIhzV5Vi1WdrE:95jxwedBvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.74 KB
MD5	aecb4e151eae59ecfbb4449c4a362e98
SHA1	bc0cd10b96532e1dee37a0c18a6b1bf47314a210
SHA256	84c48db87170fb36f3718e54a050cc1c3456bfa90c79ac78efe074879cd9ad5a
SSDeep	24:YhqHN/d7xmOdEYi7CiCVFDjioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1sE:YhYBx5dmWC3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0Q8doMuQ.swf.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	7.91 KB
MD5	994eba2d09873c7e1fbd536c96705145
SHA1	a68018699446b8836fbc609052566ed000b2038e
SHA256	0530f7f3875cd9d89d1fd39ad5d9dfc6b44757624cf912c10b29d40bcd5fb254
SSDeep	192:5lNW+rD4zNvGLyXiqDSo+hAzCgZV1AnRlU4nhINoRtrE:vNLHqvR4hAvET/tw

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\CIrdEedWE6.mkv.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	53.39 KB
MD5	9225cf4768cd84faebf52682c86d7bd6
SHA1	b7c03130e46b8a0679341ac5a915e1b20cfed583
SHA256	84874c458aa0101a9595a3bf5ed3be8ad96c0bbbff6ed582140450e42d98b083
SSDeep	1536:aJAbkzod7egqkxgTTxbNdYL84865McuF35nn:YSkzlTVbVLccpn

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.99 KB
MD5	11d943cb7549b3218bf8cc49816bb38c
SHA1	de14c83c56000a530fe7a1f37eedc4acc6622ce2
SHA256	6131494c41eb58fea5ffeb8cb1dc6f8d777dafa1001872e90554eae33d9f0156
SSDeep	48:U7TzhiNKdQroAXZMuhY3QSUH5gZlzIhzV5Vi1WdrE:8sKdV6ZfnvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DiD_6nqj9.avi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	10.59 KB
MD5	be7687bcc32918607fc11d4cace5e7ea
SHA1	c69271d99387051e2d3af631b23c88b433f88528
SHA256	f5e99f73d00bee8aa4bddd72809260a7b89e3c8ffbda49b9bc45c359009d90c2
SSDeep	192:MHwoUTAKXHRQVt61grFucdTL5DPmfpKRDYFaBUKnGrbD00bAbzoRtrE:owtswmh/VUwGdtDdUCtw

\\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	49.55 KB
MD5	06afe83c97635df2447d432a4ae53cb9
SHA1	3fc7a47c2c7d3032c08f5534a7cb8972c7bed5f4
SHA256	fdcce3b9df764aab8815b5e6289836eec6d7686f8811f3bcc8e0d4813abe930c
SSDeep	768:UGqjDnaxmMmRikCsVLqUIkDE8kkqFHt6fagY0xda9gJlMYG0dO2F3t+cRD1dC:UjDqmRbtnEEWMfxIuMYGmt+cRD1k

\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.15 KB
MD5	c4f7a946a1efc9697dcc10475ef6c693
SHA1	c0b76ec5a175aa3bf0e2e66ac446264638d815cb
SHA256	7e62f8942d2297b8f97f7e458a810aa7d1e75a03e23292d6c11187badac41f37
SSDeep	48:LVjaZTsSb1O06RfhNrZR3QSUH5gZlzIhzV5Vi1WdrE:5uFTpOBRfbAvH5OoLVtrE

\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	18.10 KB
MD5	75f1f19de4a2fae64a6a1ec7ef01a035
SHA1	64c4db75b018130a3d1eda676d17a2f08af963af
SHA256	b4d94799564355df6b115dcc18029add32d331e502ce48e6e2fa198433685e51
SSDeep	384:h38B6llDmM7/nqaxJgNctHdPhHGmToGJIdMNsfRitw:h3CatmyqaXTtphHGhGRsfcC

\\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.14 KB
MD5	9a44818396ac6def6a2b913ca84a32af
SHA1	86a8e1c589e1c25e5106e0492f4f85ee6e23c46b
SHA256	a47f46f40cd8d27f8600ef7352c986886721b53de92e74e98c076c448e1912bf
SSDeep	48:+AqCQxuacPRbl8ZpogQbP3QSUH5gZlzIhzV5Vi1WdrE:+gQxhkRl8bonYvH5OoLVtrE

\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	18.18 KB
MD5	4a180e9da34a706ae915a9fbc1f1bf38
SHA1	2e0b39493d60f0a4198c7fe4934ce0b72cc83044
SHA256	6af1d029b000a3e9cb3e10cd3feca325cc9609a41c0e20a201d21bfa22c576ba
SSDeep	384:EqcbcZYZY9FPNMMS9Wv6zBkQVWta6Vnltw:EPWYZf9Wvo0nC

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0kzI-M-c1vXcd0Bacx.mp3.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	91.31 KB
MD5	c88d50629408fafa33128645a328740e
SHA1	96eacbf3446f1b2ef0af31d01f1f2a2e514be2e7
SHA256	0723097727ff8e3162f31dbb2dabefb2ad6765a94aebf6e8eb0b44e1b53c50bf
SSDeep	1536:nIU08VH+gN3GbA6e/rR37ulZJZ1dnytd45dD6GVTsUPLaFci/SXbpCvN/kx0M5:IU08VegNeA6eDMlZP/kkdDxNjTcScvJ8

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2IEj-Bprh3fH12Sk7.odt.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	65.30 KB
MD5	aa4c33f529642b08fc90b4509d748d8c
SHA1	7d3ce65292ac5a54d082c8761e5a26f9e2be4d1d
SHA256	81e430e2c0eb8e722f6757b025b501a86244178106d0d4fef5245a0223528b2a
SSDeep	1536:Uyze0qzipcYdchaujvy4mCVmsHnMEUC+wxX1D66zau+a:Ta0qzMcycMue46sHMEUCfI6Oa

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8i8Xn UZ7.jpg.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	76.14 KB
MD5	75d4ef8e02038ad9b63854e8c1c34b24
SHA1	3a13155ca75c8d82eb6276a2519ca3df1f312d7e
SHA256	ce535af6a98a5b19d70bea12f0edd4fd6f6bda6622ee71925cf98a5927105a7f
SSDeep	1536:ad4m4Nq0WMlQ2fRlXmclDFKmy6ejEWYJVdqVU58ggpFL:a+TEJUlVNej+ndLarzL

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.65 KB
MD5	cc9c5df88193a65d01b5d54618fd49a5
SHA1	393aa69e85bc02d322cf8cc1cd4ea43b71e6d817
SHA256	bd91db4b8fe173684f99e841a74a3f0bb7bf139029a722bd33cc7df894166dee
SSDeep	48:aXbFLt4tbXdVuFKhZSQSMsJRyRcwm504U3QSUH5gZlzIhzV5Vi1WdrE:aJL2bNVD9sJvwmjvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dHCMntg.rtf.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	23.67 KB
MD5	915c0ce255cb2b89faa6e8835cf5f4b1
SHA1	a609a39a6811d13bc7d1e43e72886568ed6703fe
SHA256	b5632f43fac04ad424a16265bded88bb81dcb66e4177b784f32abea5ab899820
SSDeep	384:PRXEDOePloYRWIUdSeLfK6ES2EyOez2c42jOD8DCCna1xmQk65IC7Zvytw:J0DOsJo7dfLrEdC1cy4GCnymv65nMC

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Frdn5-oMFGap_Wjgfuj2.ods.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	83.07 KB
MD5	6c847567496c852a54a06502c1bc4d48
SHA1	28650d2fbf5a8eaac6d3f76e247c692ce2a2b192
SHA256	153474e66c02951ba3f016de87b4025882f1e4ac2e1a8098edd592e3e9c4c527
SSDeep	1536:6f40sX8Hv5aljoGcwTX5iG85IJqj7nyuf5YrH/VwTNR:6wT8Hvg0UX5ipIJymuf5YkR

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9O_Z3mXUixLyl.csv.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	15.99 KB
MD5	4047b5392877cca90e01afb4246e650d
SHA1	debebda8ff286040412021296518091e5114d523
SHA256	d35a6d506b7e9c45f5a6b8e36ee12ddb7e1c9c4b1e5f759b1137e75d761e6930
SSDeep	384:ib3Tika7mQtgA6EkVwt7JWt/uO2gT+CWtw:OhHugA6PVeWtGyUC

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\cH9GNVMjD8ZOg2ghJZgJ.xlsx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	76.32 KB
MD5	2139e843f35bcbf3f4aa7d691c4ec1a1
SHA1	dd872a72818e6cc77871187dce7f4f90d5bbbc13
SHA256	968c02bbac3c6c96d6c46ade2247f0f139072c1a330a4f5b4501710426a13f97
SSDeep	1536:VyyuqvN1s7JHFZe2+d1MEuVvrOTGxK9u7TRgB7up7Gm8Q:VnHv4JHFs2+d1TuV0GrTmwp7Gmh

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.99 KB
MD5	5fd548eb60d0257dd6e53e84033d7856
SHA1	f89ed2c5a9a1851f896f95139aa13cf98929881d
SHA256	6f5469f69aef009eb2246ba243b65fb39cf20089f453be3743ca731eac2c1366
SSDeep	48:MxXpRVLmq3Yj/VvN3QSUH5gZlzIhzV5Vi1WdrE:MdpzmquVKvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\gY9c9qHwmstPknB2E15Y.m4a.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	30.65 KB
MD5	7af04ae4b4aed9b20befa217428e5ba0
SHA1	2e923f163616e7c53dc7d9084055375928a4beba
SHA256	1c7ce6b5f33a24a0b392ac4aa88f5b4e6f4e356717762237acca7a747eb17ced
SSDeep	384:BoRTScDgYcjVOBKsHAxBcVN39TaHx5meNt4visTQf+jOOCaVF5xHfTqI7eMBSQLp:BomYoVJQqENoHxUeNt4MfX83Hr1LBmC

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fyqw5W.mp3.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	42.38 KB
MD5	d3d18b74889c5f2ffba43395a0c21571
SHA1	7af00a67b89048588f93e85f35a64b82dfdfa204
SHA256	a7965aa84ca417af8415dafa507a982ece0a8637f441f1c66233e2c56e97b676
SSDeep	768:kl5Q017jXC8AbzRFZaAN6hhp6BQRNFAgebMpd//xtMw15o1hg+S9H2CdRq01qC:kl37jXChnRFr4hhpOzgeopd//rdbo3ze

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\skaxmF9z-Qgjk.mp4.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	84.16 KB
MD5	bcd75e15ccfaa6aed1425cc21816829a
SHA1	c24e05bed5484420fc51a85707d88e2543650176
SHA256	c2b158eac5abd84fbdbf50ccb6f8619d449814f3ec236e29e44fff8439fa08a4
SSDeep	1536:Qf8oDRX/dtq5WdH5qutXnHcUt8vicxgoE6sXAjA7ZaWKTdSnctdCuN:atXVtVBomXnx8WxVQE7ZajBkcDv

\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	453.62 KB
MD5	7b75506cfa0d22cd1ce768448930c011
SHA1	d70856eacd2d2bc94f0d1df38b40996865d82966
SHA256	a057eb2a18469e09da1cdceb33133348b9c4fa08208b3d48b70b9475d84115cb
SSDeep	12288:YrJYmVs6iWLnZOzIPTDUoKXLCllupXvnf:Yd3iyZjbDUFLmupn

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	68.28 KB
MD5	5690c2e4f56a9cbb24764a55a4321b1f
SHA1	25abfa14f93ce159aef47e9475d067994973fb18
SHA256	d4f9c66157646d362273f4ad6fae8d6266dcb2887b6c17e6db43466b1a55bc23
SSDeep	1536:v13ENRiZPukDMlgfvQW31Z4HIkUeIo2RNR1KCFmZcUnax9o:v13UEDMyfv4okUk0Ua0

\\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	446.40 KB
MD5	8b05c8ad0bd24984da72fa24469dd5b4
SHA1	8841d78e84856b0bd031d238143d66cce62f4a02
SHA256	e9c6d50b1abf2e2cf0cd236093466721e2adc6ff9e85dc53004a2b600c1199e1
SSDeep	12288:q+I0ooO6oyHkRhVmiwwr4i0OlNw9F0BEPuqLOBENnWF:nIVaEhVDPMnG0MEWb

\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	122.38 KB
MD5	ba389fe903c0e23da8ae476f38c3dace
SHA1	cd848855b10c888758d64a8dc3dd058ef191a436
SHA256	dd1f49e597ce65b51a5a08689be97e0171482691391b54dd0b741c605c6e380c
SSDeep	3072:V7t+GYtLY+Kg1NWHXGgwjEnQDYhEf8w3bP9LeSKB:1t+GAig1N4GgcEQDYoF8T

\\?\C:\Program Files\Microsoft Office\Document Themes 14\Apothecary.thmx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	88.08 KB
MD5	f3182f94b3be9a9d33feb8cf7d22b083
SHA1	04eaacfae90145e9f0b0646ec8c30816c925b77c
SHA256	60e506b16956bb32f0d5bdb48720baa03b93d6f8d5df174a7cf8e3e63cb608d6
SSDeep	1536:Ap5PNaCsCB4oQgxYHWJQewM92CoF+/m9o+wRWVY38rDk746MsOZehyxZO0v83:U5VaxoQdHWyDM9mFYYo+YfMrDT6AZU3

\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.13 KB
MD5	1cb9465611cf914b46b91ecce4d73605
SHA1	6def5f93f64fb49a9e2e2f033d9ea4286075b056
SHA256	400628f653ce3a6e2bcf40ed3cf056b9361c307dcd5cf1c502892167d8aa7cb8
SSDeep	48:AEKy0bO+Ht9K873QSUH5gZlzIhzV5Vi1WdrE:dIbhK8cvH5OoLVtrE

\\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	765.05 KB
MD5	8bb632ac3ed241ca40bff3473b76be2b
SHA1	6b6c7e4d0dd6d85e9f27a055704e43e625c4416e
SHA256	d0ca42257f43e3cd6904f9edecc0c9be7733b252ff77131f3b89f0beb0450331
SSDeep	12288:qHZZ3TJP7cMlBsm7pGs9rPV8KlztEdgTfd8FNmlcXiCNoPQGHyeE:q5Z3FAMoCtPVtRt9fdrcvcE

\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	37.35 KB
MD5	a7984fc81bf5c785f877e53befc66a5e
SHA1	4855751a90f11b8827eee0fafed4191182bcd8cc
SHA256	7eb0c1860b1ce50f02d1ea9e4347ac66e9ff0ccfafc49e27f21a5f4fbc0793a2
SSDeep	768:9gXdqzO80g26oOcQK4ppfa6cqhItxhxz0ZL02GeCpOC:GX+0fLbQK4XCLqSDSGTpH

\\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	559.56 KB
MD5	69856d5c585e6aed02de0ad865359386
SHA1	125113d0265d7e896f81281bb7dfd57606465112
SHA256	e1979c01b5f6f1f2dace9740ccc7d8b80a564d952c889fa973a0f84c6d792b6c
SSDeep	12288:tdGkU7PyL1F6PUBlPFeYG6k2sHV0vZAf5CM4D5ZO25:tESrtpRkrmpM4L35

\\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	4.03 MB
MD5	fed69d38538051cdb08886dfabf5f0f2
SHA1	800c4afcc42265f02e80a85e138177a42b96cd8b
SHA256	faac4cfa49cf40ea4858470327442d1ff7bdcf7c8c99d1cf6f83e838cb517d09
SSDeep	98304:7Qa9JkfiP0Z9Dd7+BTwINUccJkrDQrDfV:7QLJ7kgzV

\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	578.81 KB
MD5	cc3d1373879bdf4df60cbaf2d79f4643
SHA1	d0da3f890c01f6993bb1080d0c7e0b535acb85c1
SHA256	84894ad03efaf7f4ce0a632537e5fb7ec4c8ff04bd9a29bc96dd7f28d8effa16
SSDeep	12288:5a3v9FwPmesQBozSLCB/DIM3Og13tlZPQma8Z:5afT6ma7sLIi11pQbc

\\?\C:\Users\Default\Downloads\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.78 KB
MD5	c43dc6017356b61476d142f66bf89a2b
SHA1	b95cab783e2dbfc910591a2b37d789e08fabc212
SHA256	f43a26d6af06c99732a0525bb146f1abe3851b3e3e80532ba2168de988484cfb
SSDeep	48:tBDR/8JiOGtQuTd+JL3QSUH5gZlzIhzV5Vi1WdrE:tBttQuACvH5OoLVtrE

\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	583.86 KB
MD5	ebd72591774b51754155f33b9b0525e7
SHA1	4cc89fe59aba014dbc3d1d43feb104f147cf7b26
SHA256	50135c8c84ab6a0213d8b18f87808ece7c9e012b0116c95ca56d436edadd5846
SSDeep	12288:uNHn7uDn/emqPZtg2tZWWFfZPi69K31Vph1w6jhOL070aDjg3zTI:+7uDn9qhtjZWWJ4V1VVwnSwDTI

\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	3.87 KB
MD5	95eca0247781f4486ff8f940e454d735
SHA1	1c5a06b9b424eda08b18f34850cfee573817107e
SHA256	e95f3b5ad09786001e10a2186736c66a5ed6dc0954cb937fd2998611f53dab4b
SSDeep	96:TRJXemixSX28Bc3SbWoyXoHXoTGKVdWvvH5OoLVtrE:Xj8SG8Bc3SqoyIXcGKVdWcoRtrE

\\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	968.33 KB
MD5	6e3ba8a4336d3353e4df5446f68a4075
SHA1	342ff35fcf90b80e0c3bcdce25710fa2cc5a9be0
SHA256	aaaebccc9db78994d9e6cfbf1ec51053a9fa503839862f7c0a639633157bf2c1
SSDeep	24576:aSJj2sbkwNdHnl1b3rPAlvOlx+BdBfJsRoeR:aA6CNd7brolv3dBfJsRoeR

\\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.19 MB
MD5	6b5954701d9a6a1f7b2d8e92c41a95ba
SHA1	58a1e79357d709b9bee833a147ef25688063cf00
SHA256	1ed878a6359271c8631e3eff59fd0abfde52609778c611db771acbe63d4880c1
SSDeep	24576:vMJpRyi8d51zGE9SS7cO297xzBIRxzA68O5nJeS7b:vkRy1tIS7cT9vIXR9nl/

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\I1fpTZ.m4a.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	67.17 KB
MD5	49a497423f3f5ada4a6540fe779bcd26
SHA1	69977678a25634ee014a95387cc988747b421f37
SHA256	636223b9645696482576d9228cdaa12ac586b5c39dc6e7cb303ea6873c500686
SSDeep	1536:GPDpHSwaInWC9HOlmm5BZuvWSDGhE+LQiNNIdZkjEoNrsg1uPhAH+VsUCaifU:GPDxST0WCNOgm5bIWSDGh+iN+krD8Phb

\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	97.38 KB
MD5	3e029fc54870ca07affe96d70ca60f9e
SHA1	9d16d69396618d265643642747d307528fe16aac
SHA256	89cd6ce70b337f8448466791ec8f93f16afe649ca43215c931031ee6b05f912e
SSDeep	3072:lZedS+F4NKwvd3snhzCpVz4kxfQH7PsISv:iSuqZMcpVRxIbPb2

\\?\C:\Program Files\Common Files\System\Ole DB\xmlrw.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	277.02 KB
MD5	a39f7181f470b05c477e19947ba51b02
SHA1	542ac0a8c792a291e90427412705889006b4e829
SHA256	86b2157e08939b57b2282a16a7a8719d32bd812d7f15304b0e972f7b0e32a266
SSDeep	6144:zEMM8voTkQKkTbrVuhAOkVemI2e8PjnhS4cwu1LDXPggHACxE5a+:4MM8QTkQKkTVuhAOQrjw4BELrAoE5/

\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	850.00 KB
MD5	62f1197f1f85c788048a5fe9a702a047
SHA1	70b3701d4eb8178910308fff9fd5e446dea922c8
SHA256	d6687cc505d3b63e19f20dff7bc1d96dbbabfc6308db2b77a83f1f389b70fed1
SSDeep	24576:6H8kQWii7UUqT1gZCTfGz8h929v2ypaf2+decy8K:a8AAgsB9gvHph+decy8K

\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.39 MB
MD5	b16744d315ad0c0d0b9d77d85d3f574d
SHA1	2d2ddb234e4abd3ef7834695573ef354f71e24e8
SHA256	500ed1f0b19785f979d83171d6c1d8509aaf24b923599090674321902463e1fe
SSDeep	49152:Mm85hi0tNdfShn4JdTex4S120ytJyhaK6C3on:Mmh0tNpK1ov

\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	16.19 MB
MD5	367e538182db3ad19461e14f9b2bd7a4
SHA1	cba5a7b568245bc8b85c8fdddf9370e10cfeb636
SHA256	2411fd747ddbca43edfdd8f1989cb89a034ac969d27fc3aff4c45a31206b19cf
SSDeep	196608:ehiV7fKP0ReD0wXKLUEfRrDXP2ifogB+jHcSBLWiyvyWJRMLhdPWfi:ciDKP0q0wM9JrL2ifJEjhW/6vL3Ai

\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	12.69 KB
MD5	f8c65ebac378757ba07dd9128afceb75
SHA1	2e5bdb7e460d5323e21d0d33ad50cf2c359ce44d
SHA256	7b08c614652852ac08720a5c5829c4228f41198d6e780fe9d2cdf6e528f5e962
SSDeep	384:YMKdPmuKPXQCHSVmiDrehgK0xUBKIp6votw:xKdeFP7ymWIaxUB9C

\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	18.38 KB
MD5	d2e8b4b11966ad7a933bd9a0256f5aa4
SHA1	ba62ee6070332efa432cbd864959ac18598beb99
SHA256	044ad83a49756c21f710dc04ab41624381975b42ba3d25e70093c0bb82a72bab
SSDeep	384:OYXOyboUYfDApnmvw+IvoK1qyB2wuLzHXo1IB1PLPNIpCjIGpJxIFDSqtw:hXOyboHDApni0o0qy5W38IBNLPNyCjIk

\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Binary

Unknown

»

Mime Type	application/x-dosexec
File Size	14.88 KB
MD5	7f666493c656c427fbf3e0f4bd4c27f5
SHA1	66395413f8e2d9dad42f5bb4c3907b5ff4d3e9aa
SHA256	1a59cdfbb9e311f4e38718da0980b60489ba8a51fc580ec58beb60c880af583f
SSDeep	192:0SGI2s4xWODIEDzkcSgq9jofYzkPe2eEwRjVBqMJJ28iY26Ol31WVq3rovigk2dj:0Sv4D3Di9jVzVw4jZJJWYDo33bdg98tw

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Hg1aq.jpg.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	77.48 KB
MD5	d40d95ef6f3e0df5b1346735d608679e
SHA1	fb24edb66cfa94842ccda3112d9b31b8adce3eb9
SHA256	6b65e61c9382376132281344f471943d97315169d49943bd7c4bdb0678208f7c
SSDeep	1536:MTQ8k1qh7XlopMWaCrZlBy0Td9vqxQCbENSI4Y5GbFqvSAamfZ+:MM8ks8CofR9vgQC4NSjY5GbUZ+

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\hmhr.wav.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	3.09 KB
MD5	a0e7d97391bd90114cc31d7aed85cc97
SHA1	0bc283df5498839af9b2437ce0cd41127aab0f1b
SHA256	f673ea84ca0404f12a3ccd05f17032f7114de8045981f6f6bb02b7d44ead7b10
SSDeep	48:QaJvg+fANgZGVMhg5EtJ0h3ejj8xQuJMsID3QSUH5gZlzIhzV5Vi1WdrE:Jg+6gZGVMO5JEj8PDI0vH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jAtLio6.doc.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	41.62 KB
MD5	09ef77e72936eb93756aece5c529ba14
SHA1	07d67e3c881453009eda49dc08a9c9f7baea8ceb
SHA256	367d7c672806301cc0e15a7856787dc0f5e9d081a2c63dd4992d0acfb240db43
SSDeep	768:WZzcpvsX19LTD/10RMRg4lqCsgZl6sjvhiyXi0XceHAqVFeiruXNC:sYeTeRIdzZAsliTeHAq2iiXU

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.41 KB
MD5	80d44bbd1bae23fbc960a455b77935e5
SHA1	dbd5d9c125000a806ddcf18add8bbc5ec7aa784d
SHA256	427e77ec36a69befd0f323f863b594c5ae8298353c0469d56c09ab11da4d621a
SSDeep	48:cEIS851DDnfMESu3oQvkWXkLUzcT3QSUH5gZlzIhzV5Vi1WdrE:czSq5nkRzkvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.85 KB
MD5	0587b6c333d355699d3ba6305de59157
SHA1	f1c64dd1f8cf7b595036c66f896cd1c03051e914
SHA256	ff08132f64ff9323b1119dab139796ba2f379b4dbf9f51c57870fe0a1527e7bf
SSDeep	48:l5X1/VH4wuW93QSUH5gZlzIhzV5Vi1WdrE:XX747WCvH5OoLVtrE

\\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	31.88 KB
MD5	51875c3a62afa760a03591996e9586ad
SHA1	7055ca3b9ea535381f48be3f726224724ea780b6
SHA256	be4f8d85cb9af9c7b426f6c5d4b0c584b584d1cbd36b4bdb963cb94e1e034092
SSDeep	768:q7ppxsKZ3Lw5UoY0NLux/5e8/Vrh3ay4hb/SHnPtC:q7pPsw3LdRE2/5/dNA/SHM

\\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME.txt.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	174.33 KB
MD5	bc0044a7ccb5e06cf0ac6bdf07afe603
SHA1	4341bdaef306c531ea02a11f2f8035b8a2e8581b
SHA256	61c0aaf831a56e49659745b7cb4361e38e177760171e385e9ff2c64376f85683
SSDeep	3072:2HzKCClTNZDCEv05/KqAjQoX/WvjIn+bVizSeNqsyM6z/Sje:2H+vTnDCEvsS48n+xmSelP6Doe

\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	194.91 KB
MD5	05968bed8b910512b4640b4cd22c5772
SHA1	288a4f5ca82975846c1c7debcc8808769b556adb
SHA256	62f4a8b1a2cc543e5a24c0c6195c5b172917ae952f510e2163f95ca380868fd8
SSDeep	3072:L9us/zQv+L9poCoOAfaAaC6tEaJWJzIxYROipifcrMkSUxMBUGevX3F1:skzQGLoCvAf162aJWJzIqRpIwMxGlPP

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\5_ZUjzjcPnH3.mp4.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	40.98 KB
MD5	0e8c7166d54d95dd31b313696a55b384
SHA1	103cb1d94901505b216cbfd12cda15cc1e63740a
SHA256	3b57e433f5b54c72e413a91e3612472b5aee67f4b95db7ff860928c56314f24c
SSDeep	768:6YHZW7PEK+XwO9kKqLgsGQ38OWmLelFCbMgJzmOh44wagdnT2eTHn6nU1t7/SRC:6Y50EgOjeg83K66CJmOVfgtxTHi+t+Q

\\?\C:\Program Files (x86)\Java\jre7\Welcome.html.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.46 KB
MD5	4260a3e436d62eed469604c58c10fe18
SHA1	16a546d01404306399d7762d7dff48a2cf812092
SHA256	f5982a7223fb4c23160b7ad92e29e2249735cc823588aa792222fabde1eb1372
SSDeep	48:s2iszAjRjIkITlWnD3QH8zHvghK7C0f3QSUH5gZlzIhzV5Vi1WdrE:s4zAljh0lWDlDnC0IvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\9lk rzIJKnabURE1.png.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	31.64 KB
MD5	1fd0ec04312b0e0352f33c1bf7ecec79
SHA1	bd02feff9f7b1acb475ef46989d376c89329ea9b
SHA256	222c42206ca2588d2635a0e04302e3730bc4f836a83679e62a418867cfe307c4
SSDeep	768:NgFPXeoJ44+1M/gC11ZenPRCZdH5tzq0iX4RP0R7VC:NgFPq1M/gIZePo91u7M

\\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	39.36 KB
MD5	9c34f1b17666b2329a4a56452bf18476
SHA1	fb455762f59d2ba37ae64f4ef23870ec5d93ef28
SHA256	2d3403effd59ff5c312f59256c07fdbad9a9e2dfdecb534c45bf1de3d56574ac
SSDeep	768:mtcb71ZkZY6Jvuul9bU/8e3d/igImNWWgcNeci6RvmqKxM4k679MYC:mtcP1R2I/8B3m8WgcNecpmfxN92

\\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.65 KB
MD5	535949d080051a92da5635ab96dc4986
SHA1	e539a370e4e13a4e7c9aec574f38fa73b9c85789
SHA256	9ff615779962ea3713ec55f6f907c6cb44af1c89f2b2452eb97efdae6147c22a
SSDeep	48:XU3k7WvswXoEm73QSUH5gZlzIhzV5Vi1WdrE:XweWvsGoEmcvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\U9nNDtOagrcsbbNXoq7.avi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	39.54 KB
MD5	abbde26bd43293294d090e677181fd0b
SHA1	450494ef0ff0b9b6d94b5d046ba5aef1f2bc0e84
SHA256	6e79dc88e531999171bbdb84d240f6e1acc59d75e068061004e732442052c333
SSDeep	768:mVjwMXL6qs9ey9RyeqiAvaI07wmZTNWDvWszXI9O/LRRY5zCNAxc96P54g3C:mV8MxCRy9iAx0TcDOsDI4/LRmqh96x4l

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\uZ8yb2pzJzSAO1.mp4.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	27.19 KB
MD5	67574ee752011146e92291dedcabe9d9
SHA1	53cefd2a21b5757393218421d9a3daa5c08fa7b1
SHA256	865cf59f94611da44da87f1248991543028a9b7072461e1486d8b2c1a6a26119
SSDeep	768:joqktrtpAd8WhSXY43iGCHVoq6LKNKGvnuC:j+rtpASW0IaiGAVSmNn

\\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	94.58 KB
MD5	4e5e4fc210b382dd588394df3248657b
SHA1	8586f529c2c13814ee07a142b11f0c2f351621f5
SHA256	97567681cd1fd43f46a705e78a4f31c66d75a82af5c85a07ca8137f372d67500
SSDeep	1536:fwUA+6/TvvWUnX+eNeXe4vcdB4ZJSkCvs9ZUdjzZsXPB47RtWe1L/t3Xl65AT4NO:ffAVnZUeic6JSXs7NCD1L/tUdE

\\?\C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.87 KB
MD5	86eab9ad8180e6656f241b4e148edd91
SHA1	3d5da6f1d3f8306397c28532b05412d2a6be9029
SHA256	a85132789f3a685c688bcab7a79322ec569a154c00de690ae58cf51e83a1ca77
SSDeep	48:WDXRurKqZZKA8fID+3QSUH5gZlzIhzV5Vi1WdrE:WD098fwnvH5OoLVtrE

\\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	244.38 KB
MD5	5ecf3bf80b793b7f4c0fdba6ae9c283c
SHA1	f023f745d90b787b7b01cc5ae028afe72a0f4cff
SHA256	46411540af635af34d36bac79e847e841a38ac921a83dbdfa7d89f62d5d5b595
SSDeep	6144:SaAqT7+JiELAc1EySVQ+7ouLNfR3pNRZxeStX2oWd5Tf:lAqeRvEYeLNfjjtkd5Tf

\\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.84 KB
MD5	8c79542af8abee76e62eef0e8ced2e3a
SHA1	27e0551f0b77ba03fa0d6a81c7873a602585f63e
SHA256	8913cc5b3fbb0f7fa92c96691e9778ee23fbbfdc12583f8ad6d0767341b4fc64
SSDeep	48:zB1PsTbYw2dk3QSUH5gZlzIhzV5Vi1WdrE:z7uOvH5OoLVtrE

\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.39 MB
MD5	25af34c788fade610c4deccbeacd1569
SHA1	6d8639b8ea4627cb42bfb7929ac023eb642101ad
SHA256	8854449c411eb2bfbb5842ac7f767c7e47ef9ef9d91f85ec57329295d3551a93
SSDeep	49152:6AGR4hLiaupKOqzjs2kXKQdTex4S120ytJyha16CZtj:6fqLibIBzjs0R1oR

\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	14.13 MB
MD5	35582628eaf71445de3438907924bece
SHA1	7c357a69e54bf21490b747a25be239e3944d47c1
SHA256	9edceaeaddd7251654bcae3fad51eb5475e077ce2aeb66be1bced16267e1e719
SSDeep	196608:JyKVTNVAl+ig71eZ8FclBElWHp8byLbyo9crpLlR8ioLO0ZF9CrpbQ:UK3L71eiFgepGHyo2rpLkcoCrpbQ

\\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.84 KB
MD5	222cc14a7901895e627a00355e9f6683
SHA1	2b4f00a6f4b0df9b853bef42ff1f03c35e092bc1
SHA256	829e70edd8f89bb20653fb865da6d9ecff4efeff2ca9d52c932fd4dcac58382b
SSDeep	48:DaFRzHnFgFn3QSUH5gZlzIhzV5Vi1WdrE:DaDjnamvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.64 KB
MD5	d57d19686702ba5a0f537979fa4d3958
SHA1	9024367e1c061a9670df023876dba5d1705cc1a2
SHA256	475ac272ddbb2c3affee48b7195c7541451048de2d271a71ac1d47fcb203c5b5
SSDeep	48:QRvR+Z12kVC5hMn4Iq3QIj/lXuUAQ1/Rv3QSUH5gZlzIhzV5Vi1WdrE:KkGkj6/lXuUz/4vH5OoLVtrE

\\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.02 MB
MD5	ee6310d39bcce09d7fa1f209e27b75c1
SHA1	56ee04fa8151208497b5fda2baec80c7726ac6f9
SHA256	743a1da7997d9e262d9362076ee6d86afd21af19b58f99dccea3c514e1628e3b
SSDeep	49152:l8M/JPpv0gBctqrwobShMuMg0HghznM3ZHDw1:9xjK5Mg8g9nM3ZHD2

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ZpD.gif.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	45.32 KB
MD5	9dfc2e5fec4d4e09738e7dd9531f16d6
SHA1	92b1a6acbbb52adcc93aaba0d4dc384a5e067e84
SHA256	41f14749f48162a3b88cbcb410bbd0506c107b1c6580777f57c91ef1757332f6
SSDeep	768:8UiR6Fr7hDFMh06C0pc47dxGnTcZ736V60zS59NCeWbgbtEjM2BjxA+jC:lrDFrT0pc4ZxGmosvNCerujMya+G

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2m0jDWJRbuSJx.bmp.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	70.98 KB
MD5	908bdc55b95d595916427aade3e2de95
SHA1	326bcf65678723e92b48c76c18ddd0e0c33f5817
SHA256	639e20ab4b4e33d5edd57f9f14065f99557ca95bb5978c5620a950a8d0dcee18
SSDeep	1536:4VBz+KGMVGkx2P5CSiqD1SOVZkB+OYbdl4XU6wTOqqI5Gz:UzqMVG1xJiohjq+OYnbFTXq1z

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4HVv8.jpg.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	57.46 KB
MD5	bee5d0b52680a9f27a655ecececc9ced
SHA1	89100af02d62624f77e891d14abb8c61a20f00e0
SHA256	c49ac2c3c9103b86bbc2ffec70f28d3aedef36823ba268a93be2cb46bb797bef
SSDeep	1536:2JT2VRc4vjNtTQFOQyqfW/io614Cxep+u8vZA/Iwbl+ZY:kT2VO4vjNtcby4W/a4CUcu8vu/dlF

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9Ji7in8ccV.bmp.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	75.99 KB
MD5	916617579f8e0ba95ab3db6a612ce495
SHA1	d9a92ffb12c2af413f84cc343dfc0196586bfa19
SHA256	1bf0cd60674c761fed0ab613a11b6935719f1abeb65f5eb00d87bb84793b002b
SSDeep	1536:8PxNENPS9FUNIxDAYkMGiZyvQLTsNIj/lGI+ToV:8PxNEIKNIxDAYlGiZrTWIj/IF8V

\\?\C:\Users\Public\Documents\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.77 KB
MD5	639ed73c3a2350eb9f0225edaba83b66
SHA1	3df310e7f207a02e0337af13b272be083eadbb46
SHA256	a9cb6483753782f90c077ffb565083df87bb3638e959da756708fc2ec89f9291
SSDeep	24:cFlvaZDFpYXxqSz1PTLqioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2Xuy:cHyDohqSRT3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Users\Public\Pictures\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.87 KB
MD5	3d16c3b547b333efe7117f7664d86a97
SHA1	7d1c359a51da9dd74df43df2449744d84c0d4f35
SHA256	edf737a083ddc636c327d216ddad16cf8357a30065e2f8b6a0d30cbe6f5e4959
SSDeep	48:+kjbF/U1+E+3QSUH5gZlzIhzV5Vi1WdrE:NbF0+EnvH5OoLVtrE

\\?\C:\Users\Public\Videos\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.87 KB
MD5	abf8ee36c754085167994b78420525c0
SHA1	feea01095b783c5b5bc0c5179bfbc4931281b7a2
SHA256	1f9443a1d66c0e5b4ac723f0ba8886b42bb17a0afa14b003938939da6e988601
SSDeep	48:m1lyUR3ofE5LLG1ueTHUL3QSUH5gZlzIhzV5Vi1WdrE:mzdOWLG9vH5OoLVtrE

\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Binary

Unknown

»

Mime Type	application/x-dosexec
File Size	109.50 KB
MD5	d5d5a1e276544b440c2e59998112df84
SHA1	9920d054b96ff3e34af855977d8acf8285474980
SHA256	c100c1b3a92d9dbd1b57a413160aa3e2bac16570dc83198029f7a53c847e54c1
SSDeep	3072:TNWPFLALh7rICBNjr7sKXI56OoxXEOuz6NqRy9Tq6jlA:shyVrICBa2I5foxXeNb

\\?\C:\Users\Public\Recorded TV\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.58 KB
MD5	9ceddf892becb89d0acc0a3faba18840
SHA1	cc09647ee38c7d65c449e7209f5597145e1c1ca8
SHA256	2ac1efda32662df5ac1e8a7b1d0e7f582b762a9dbbf979dea9229eccf77f53e7
SSDeep	24:Pio/jKNFsioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2XudnrVWF:Pio743QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Users\Public\Libraries\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.59 KB
MD5	9725d42c10e4c94920388ec32da8f9a0
SHA1	c0774bd671de472164f0f28406ef24b57c770f75
SHA256	1902f0390a09584a7b5622800de869dcb37543b5c03f64fba11ac43f8392c979
SSDeep	24:olfqAs2kK/LjcB7ioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2XudnrVWF:UqAGc6u3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	16.89 MB
MD5	899219be4a8bb5862bdbc37c74189293
SHA1	e43ee2e90b53ddb49c492c993c5b27d825e8f5d0
SHA256	38578fc824532731f193c3e508a835ae805f2d773c680394a3e3d8022bdb3002
SSDeep	196608:wqPqJ80fUIyyPHgvDXadSLsS8nQsiAESOsYnwZrja9segf:wctkUaovsItAqpnevIu

\\?\C:\Users\Default\Desktop\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.78 KB
MD5	567471f75ab46cfc889a1f176763c0c4
SHA1	cc7fba21b2e550bf0a68c2567f92e1cf643d3ecf
SHA256	20bb3c8877c8802ee66e1fb6a43af8349d77104b0ae3bd84e67a0bb06516f7f9
SSDeep	48:r0H8Ozo06meV+koFd03QSUH5gZlzIhzV5Vi1WdrE:IRMpmeV+koT5vH5OoLVtrE

\\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	116.11 KB
MD5	73d582e79f7505da6e93b79647dc9f90
SHA1	ef0127c19b086aed9518c4713cf57d28e58df65f
SHA256	a9f482b88a24f0ab373994468245160676748ca00aab7c1a03e1ccbd6e5b5a3b
SSDeep	3072:NpHsAYKJGq5z+1xQrCjjKKiQEg/LxQop9RvK2tBIKHT:NpMA7Gq5C1xFjKKiAFQoNddz

\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	850.00 KB
MD5	1772cbcccd491d54ba7e7e895bd1c8db
SHA1	fd6eb6711e3c952d2a24475490b09d8ad9faef97
SHA256	878b2b6c649e0e332ad7028f46d2d0da385f68498d1197535c83d878faf50414
SSDeep	24576:wND87sF5Acu2F5/PnwTM05ghV/aUPDX3YM2h63IZ716gpOwA8V:jsF5Al2FlwTd5gvdPDX3t3exDpnhV

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dbfmOx0DNUNPSie\c-JKdua8N5.ots.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Binary

Unknown

»

Mime Type	application/x-dosexec
File Size	53.31 KB
MD5	f9e0e6308f19fd9b0274830ff0337745
SHA1	8b0ecb2aeeb3b5cd02d2c745ce0fb931598a1a66
SHA256	6667f0f9d2ee3bc0646bc25c91d91377e55529f672a849ca863761aee5a5eeec
SSDeep	768:6AjJnEBCNX+5t9K9GreCDUlgpb4n1NWm3rJidMRL0d6OdPyHRzFhOXv3TU9Axa6C:6y8CNwPVb4OErbL46OdPyP0v8/lx

\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.90 MB
MD5	bd3fe48e8fbaaee0f403d376e2ee2ae6
SHA1	66f8dfb85c446e45bb3e127244bfc3770a59f2b6
SHA256	474c1bd83548fdbeafbf09856892272216c1ee600e60d8fb43c09cb05134ac6b
SSDeep	24576:ppXDMTt1zeGGkWTCOx82Q9xVSnWObZrV/ky0BqEI2S+o0k4Xqb9q:TXDIzeH0ObP/b0BqEI2Ss

\\?\C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.25 MB
MD5	1083d925e6a57b61640342966ba2c9ef
SHA1	45fb21ab67f4e57b2bf28a74235c8d063eab8871
SHA256	38a146bbf6b1db7538e3661e757a0dffc330f6856698c93a8a2f1c06f496e689
SSDeep	24576:1w2PKugyAUbfZxwgSmr60gGqd2ZxPml6geTs4pL0jWayLHgZJJkpn:1pPKyZbfZNTdZQlZeTLL0jWvLHkJkp

\\?\C:\Users\Public\Desktop\Adobe Reader X.lnk.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	3.48 KB
MD5	7aaa69925934d51e73c346d56e82881b
SHA1	50e64ddcf3a098ac98b07a1bb5a22b96d67b9f48
SHA256	f920ceee634f533010d36c2e71b678389f6c1e63cab8e74f97eb43f3a6e6baa2
SSDeep	96:akzV/V669I2Rt0MwzrGM8pIZLSV6BC7vH5OoLVtrE:aK/M69lZ21AyLSV8oRtrE

\\?\C:\Program Files (x86)\Java\jre7\lib\alt-rt.jar.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	170.22 KB
MD5	83de298e86c2c858bcc7ed59a91ff99f
SHA1	afaae1245dac1282ec616e2fe063562be356f6a6
SHA256	270df4f1eb5d5982156f73eee04a6d08959c74fb863751c130184b84206f3e92
SSDeep	3072:upGF0vHYSxvxNADMajNHiz5Tx53i/Htezu4/Bbvl/625hefY+PIUzKKNq:upJvHvXCDMcY1Tx5uwBR/6c0Y+AUztg

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.65 KB
MD5	8dd992eddaeb1fee765865a3a81b997d
SHA1	4f556751a3f16dca00e30e2d8df0e134de8e53ec
SHA256	6a4bf80a65a4a16bfbdcb1a77a84a0e9184a4508c7ef57647239b50f17a9e10b
SSDeep	48:XLFlcp3oDMU4sMpsV2AbF25FCeGKQoQyel5tIHq3QSUH5gZlzIhzV5Vi1WdrE:bFF74swsDaC3KQoQySKrvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\w-u--0v1t59p.avi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	17.79 KB
MD5	7c0c794ff8e400468425af62f577bc67
SHA1	279d4079b3d5ed4375aa64acd2c9986fa7b10f13
SHA256	8b356e06ae02d33245f0e76ef929dd8e5ce9b999609cf6ce9e153e419473a1a5
SSDeep	384:R2Wf/RnDq7EfLxx9UmBu+h3ohWv/1zvjt+YM9jK8Vowxbtw:8MJBlxBu+1oq17jt+rnHxbC

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.15 MB
MD5	01bf1e62208800b2660496ecde16ffeb
SHA1	e0bf82a24d2075f8eb0ea9617f16bad1d86aca4e
SHA256	516bbe838cdda6eecf02abf456cf3b61be58e44a9d324cdb050e206520c1a1cb
SSDeep	24576:5b4rmM0EWVhmRlgZupqXkN/IgfTm/M06a:57M3nlgZWq02gF06a

\\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	911.94 KB
MD5	a469acc633585cf3c033cd6e1cd7abda
SHA1	c818e8951633793bf98f3e0a91f291f6ec2ed258
SHA256	aaf05106925a6003bf6f82b6ff9d8dffb1f8e81be2aec42f95f714fb5f1b5ec4
SSDeep	24576:0/4LCfjQ3+ibWLJQJgpNwr2x1NYvrQE7+ZuOk1OWmfQKl9W:i4Lc05EJQwwrujYv+ZuBNGl9W

\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	52.92 KB
MD5	466006e5a2fe22ccb4887f0f95916695
SHA1	48cf44ee7ff02a9f7d0aa06143ed7811d01b5ae7
SHA256	2e9f05b6edaa5f295b9f280a7ff5443d04a4025ebb64adab00d8fc15390123d5
SSDeep	1536:ZdtzbsnObuxbBKhdjSBYGZj4xq8VfV5eHmUt3c7:1zbNb6bBKhdYYGZcxq8Vqo

\\?\C:\Users\Default\NTUSER.DAT.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	769.50 KB
MD5	f9bf92986fb38b86457e5badc5ad954b
SHA1	b03f782323027a1b62ba33894e25518222bf980a
SHA256	6eb18467e4a82c52c199b088cfe925737663f16c261612be35712fa95d81a962
SSDeep	24576:qzn1v5iMUTbpHIlS40VzbCdFG9HpS4CiXVJO:y/iMUTGlAFY+E4CifO

\\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.09 MB
MD5	c3951f0f533f356db2cdeeeffa46bd1e
SHA1	a6c6fb51d1c544da60e1936189497b81db149144
SHA256	08384ef394c3fc99ce78d61d77ea8ea4416f0616c8fafae6d8dda1d68214c32a
SSDeep	24576:U0Dx17TrSn0SYUYm+XLZuiJtESNkCVC0SN0774:U4xtT2n02tiBJepvNj

\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	4.00 KB
MD5	fa16160d9bb2b184dd5eaa641e66f736
SHA1	067d073f2bc35fc0d1cfbb9b5dfe8f47b7abf320
SHA256	3ce010ef0abc5cea67f5dc46e5baa7204f37f51a14f632075ff06458846cc3e2
SSDeep	48:rtTdtNYUen8HcM6pmBS+bJPUD1VoLd1lJEUgPy23QSUH5gZlzIhzV5Vi1WdrE:BTdtNYsHcDEBS+9o2LBgPsvH5OoLVtrE

\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	18.00 MB
MD5	21de121932079be0c124e17afed3880c
SHA1	be76d32d2799557421e444d6b7f93c0ab893ac90
SHA256	d3e924d8d876387b419b041ca7f3205cbead1b2ec0484a075c8608df36b4b1b1
SSDeep	196608:dE+ysZH9F7/iHXDI2CPKBUq6qMuGm9vqrRxoi93nnedBwzSlmKwDhANZbPhn:dE7sZdFDX2J5uuGyCEi9uIQmlANRh

\\?\C:\Program Files\Microsoft Office\Document Themes 14\Aspect.thmx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	67.97 KB
MD5	b77a47d12925307ada907d68093213b8
SHA1	844ef14a2447ff36d66f347f777b29b6742c9ea2
SHA256	1ae303e4aacbec4bf2c40ac9ece600022885c128104bf049517c950ba1528699
SSDeep	1536:gSfPXXMtJulNMHTzVmnRQhyDxlh1Egwgd39tmzUXuTA28/d95FlG:gSndzM/QnRqyFVrd3KUXuc2+nM

\\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	167.02 KB
MD5	7cb3374a60fe2fe6320f218734dfbb93
SHA1	f54cf2d87627c87812ca0298054a96731644438f
SHA256	1db7ae510914fd6301029bc0f111b2044954e630fa2cf0649022afcb233fb578
SSDeep	3072:HBYhZZPu7Ooo9kjjMYj1xR5S4zSPhNJp5An671bAHZZXbfNi:Hiu3kkjjM6S4Mhh5A6hMHZZLfNi

\\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	6.80 KB
MD5	eb8d8fbf3082be9ba7c506649abb3752
SHA1	14915529ed5292841eb9f3b5f75f0366afceeecd
SHA256	a5b271e8250995b6e0166628db06d229ed85bdfab0b9e0a6e7157e52bb1fbb75
SSDeep	192:LF+NcQdn1k8ufKNMd0eJmNyaysHNoVTboRtrE:R+NcMn1xufKN00eJmNGqtw

\\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	42.40 MB
MD5	6ec58f19903715932afea4189a95f5ac
SHA1	15c3abe79b157c25c6b8bcff814eb685b1c322e8
SHA256	789523bd4b08bb8fd4c08f09190adcf3798d904807a855e72ce853dff7a80092
SSDeep	98304:oON3GjV4J0T5lqcD/YJy3BiIGjzkFSW1T3:3Mj1FlqcDgJy308SW5

\\?\C:\Users\Default\Documents\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.89 KB
MD5	10e9d96c880957f4e93126d210cee56d
SHA1	3cf8a818e5814eddb2ecb622333d8a4d24136fb4
SHA256	2609602d5ba99c69d19420303062b7905343aa72e7985be146d5c3a3900e586c
SSDeep	24:aaUYjVNAeQAaASbgv6WXtKioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2f:aJqaASbadj3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	3.91 MB
MD5	a423d49b3db9e7899caab552dcc3be7f
SHA1	35576d348e66f30029a3774ed8f5c3df8508cd85
SHA256	78de1dac472ec440bd09564dbff28f6c6f1350d2973d5ad58c59d5d520903885
SSDeep	98304:umibrbuxBIlvpe38Cq3Q3o4go90+8DInrjxrXg5l3P1Lr:ubbmKvpQ8Cq3Q36/+8DOx76/1Lr

\\?\C:\ProgramData\Microsoft\MF\Active.GRL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	16.12 KB
MD5	23ba73fdf5f32437553cc00e18800167
SHA1	c1e70802df36585144a95b2ef2dc8efeb518fe7f
SHA256	7c425e048fade31ce6d2d708ca02607c60cd862759c29e68c879bb15d33352f4
SSDeep	384:Di/t0XHm9LjiMd9cycvMTmzcpVpHcuQttw:Di/tSYJiv7cpVp9QtC

\\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	410.91 KB
MD5	213d8c920fb40be8b6d436c6cb2f46b1
SHA1	1b5dfd6adc6cdf429118279a55f9b7113c2c86c3
SHA256	8a2390bc804ce8b1b651afb37ade2c0e8996bdf50c53f94f898a2e89d0ced8a0
SSDeep	12288:V+SUPktkLqWoIN7vO+gCpeF6P+XuDGqKr:wJPV/oI8+gCcF6/DU

\\?\C:\Users\Default\AppData\Local\IconCache.db.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	759.48 KB
MD5	fc4e1bec3645e028bad92f3ec24ab3b6
SHA1	0e95cf4c4097e5b6adcb951e18b52fda2315f1de
SHA256	bf3f78e64c7b4d901779c4ae15569878dd5cc57893fdbce5e579ac0b457a17de
SSDeep	12288:eOTP1oqn3FVaCrKJ6SdUVYGzPzvg52T8ocOFQC/ms2aBISlhnM/S2X2z4aicpOVA:3uqn3FVDrK9+VJPA2TkOFQkmVaG1/bir

\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.90 MB
MD5	00d8fd16482c13fad57afbea222734c2
SHA1	dbbb2e40b34dd07f783a32bf90f6f9a35a1f2950
SHA256	47081246cc65007b44c0d69a44d1eac984e9921ac4f96c9aabd6b60b2b4f0d7e
SSDeep	24576:/tFQpecirz+nzZaYUCWFNRWKDZPgsJjtt+GDbELcy0BqEI2S+o0k4Xqb9o:/vQpec9wYUCW/RPaWgT0BqEI2S6

\\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	161.38 MB
MD5	2df1f04962b2b15bbef287fa9faeb410
SHA1	f6abebb7c199f3e8d26bf41c222f60507a5f3b41
SHA256	b5063b43164278d7fc8a534c26216a25a71b5b708d3257ca065020c2e1e0c344
SSDeep	196608:XEp+FUwJ1oXgdL+PUl6xqojQRljrffo1feRTC+JO7MAVgqBpiTGWs:XE4UwJ18yL+cl6ZjeljrffowRxMMGcin

\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.40 MB
MD5	542e7ca0fa16e68e5a3a0719551d3edf
SHA1	b7502aa85101521602ecbe41cab74f52e5436415
SHA256	a2e7fa6710edd480d95b804b54036b5f012085ecc331435c76417d0eb987505a
SSDeep	49152:KgkenMfpbt2dNKjSJS87xeqUh5HRYnSt20yeJji34mElfaA:Ksn4YjKjSJX1eqUuqA4B

\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.40 MB
MD5	8f422b31cf77b66b1684be67c4955e4c
SHA1	0dd83354f59123826e68a5800d93342e3e3c35f1
SHA256	e129a756c19f5d8b6c12a5d114e92dfd7ec9a0fa3bb8f818dd8f9f3fd7727a34
SSDeep	49152:GASiqmtAS+EjtNdTex4S120ytJyhaLz6CCHmD:dSvmZjU1oLb

\\?\C:\Users\Default\Music\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.99 KB
MD5	f8dfd33ebeb607eed4162bc1d16b8b51
SHA1	8759d3151d255669c2bb3711ac6071ca5b3fed07
SHA256	9317b0eb3cf50f667de56b37852504c57ea3d5e6ed8054a17b242f54b9b230df
SSDeep	48:RxGO7vG7pa+iiGQM53QSUH5gZlzIhzV5Vi1WdrE:3vGFriiGuvH5OoLVtrE

\\?\C:\Users\Default\Favorites\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.89 KB
MD5	1913eda1abef43cc5c449d8465b09838
SHA1	8b81dd3f763563244e4eebd42697ed09ecbd58fe
SHA256	706be33b5e67fe2179c922f6d79a95381873d8b1ad714dbc5c4b07fd3557596d
SSDeep	48:SvP2KpAkcUNxF1bw3QSUH5gZlzIhzV5Vi1WdrE:T8AXUNxFjvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.89 KB
MD5	d3a64186924bfbdafd6db65035870b36
SHA1	fc73172da892e3b805959d6bd10c25354bd732ff
SHA256	577ad654a83c9a0a9826ca0a8c72085ba1eb5a46f0c90dc8bf8e486d7aa8a671
SSDeep	48:D4cT47vMCrecZuWOHKEs3QSUH5gZlzIhzV5Vi1WdrE:DFoMCrBkWOHKEBvH5OoLVtrE

\\?\C:\Decoding help.hta

Dropped File

Text

Unknown

»

Also Known As	\\?\C:\Boot\Decoding help.hta (Dropped File) \\?\C:\Program Files\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Decoding help.hta (Dropped File) \\?\C:\Users\Decoding help.hta (Dropped File) \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\Decoding help.hta (Dropped File) \\?\C:\Boot\cs-CZ\Decoding help.hta (Dropped File) \\?\C:\Boot\da-DK\Decoding help.hta (Dropped File) \\?\C:\Boot\de-DE\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Adobe\Decoding help.hta (Dropped File) \\?\C:\Program Files\DVD Maker\Decoding help.hta (Dropped File) \\?\C:\Boot\el-GR\Decoding help.hta (Dropped File) \\?\C:\Boot\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\Internet Explorer\Decoding help.hta (Dropped File) \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Decoding help.hta (Dropped File) \\?\C:\Boot\es-ES\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Google\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Office\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Internet Explorer\Decoding help.hta (Dropped File) \\?\C:\Boot\fi-FI\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Java\Decoding help.hta (Dropped File) \\?\C:\Boot\Fonts\Decoding help.hta (Dropped File) \\?\C:\Boot\fr-FR\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Microsoft Help\Decoding help.hta (Dropped File) \\?\C:\Users\Public\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Mozilla Firefox\Decoding help.hta (Dropped File) \\?\C:\Boot\hu-HU\Decoding help.hta (Dropped File) \\?\C:\Boot\zh-CN\Decoding help.hta (Dropped File) \\?\C:\Boot\zh-HK\Decoding help.hta (Dropped File) \\?\C:\Boot\sv-SE\Decoding help.hta (Dropped File) \\?\C:\Boot\tr-TR\Decoding help.hta (Dropped File) \\?\C:\Program Files\Reference Assemblies\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Defender\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Journal\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Mail\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Portable Devices\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Media Player\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Sidebar\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Photo Viewer\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Reference Assemblies\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Uninstall Information\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\MSBuild\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Photo Viewer\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows NT\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Portable Devices\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Mail\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Defender\Decoding help.hta (Dropped File) \\?\C:\Boot\zh-TW\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Media Player\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\DESIGNER\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Java\jre7\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Microsoft Office\Office14\Decoding help.hta (Dropped File) \\?\C:\Users\Default\Contacts\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows NT\Accessories\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows NT\TableTextService\Decoding help.hta (Dropped File) \\?\C:\Program Files\DVD Maker\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Internet Explorer\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Decoding help.hta (Dropped File) \\?\C:\Users\Public\Desktop\Decoding help.hta (Dropped File) \\?\C:\Users\Public\Documents\Decoding help.hta (Dropped File) \\?\C:\Users\Public\Downloads\Decoding help.hta (Dropped File) \\?\C:\Users\Public\Music\Decoding help.hta (Dropped File) \\?\C:\Users\Public\Pictures\Decoding help.hta (Dropped File) \\?\C:\Users\Public\Recorded TV\Decoding help.hta (Dropped File) \\?\C:\Users\Public\Videos\Decoding help.hta (Dropped File) \\?\C:\Boot\it-IT\Decoding help.hta (Dropped File) \\?\C:\Boot\nl-NL\Decoding help.hta (Dropped File) \\?\C:\Boot\ko-KR\Decoding help.hta (Dropped File) \\?\C:\Boot\pl-PL\Decoding help.hta (Dropped File) \\?\C:\Boot\ja-JP\Decoding help.hta (Dropped File) \\?\C:\Boot\pt-BR\Decoding help.hta (Dropped File) \\?\C:\Boot\nb-NO\Decoding help.hta (Dropped File) \\?\C:\Boot\pt-PT\Decoding help.hta (Dropped File) \\?\C:\Boot\ru-RU\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Defender\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Mail\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Photo Viewer\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Sidebar\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Decoding help.hta (Dropped File) \\?\C:\Program Files\Internet Explorer\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\Internet Explorer\SIGNUP\Decoding help.hta (Dropped File) \\?\C:\Program Files\DVD Maker\Shared\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Mozilla\logs\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Journal\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Journal\Templates\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows NT\Accessories\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Defender\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Mail\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Media Player\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows NT\TableTextService\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Media Player\Skins\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\en-US\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Services\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\System\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\Services\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\System\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Decoding help.hta (Dropped File) \\?\C:\Users\Default\Downloads\Decoding help.hta (Dropped File) \\?\C:\Users\Default\Desktop\Decoding help.hta (Dropped File) \\?\C:\Users\Public\Libraries\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Mozilla Firefox\browser\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Office\Office14\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Media Player\Skins\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Microsoft\IdentityCRL\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Microsoft\MF\Decoding help.hta (Dropped File) \\?\C:\Users\Default\Decoding help.hta (Dropped File) \\?\C:\Users\Default\Documents\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Media Player\en-US\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Microsoft\OFFICE\Decoding help.hta (Dropped File) \\?\C:\Users\Default\Music\Decoding help.hta (Dropped File) \\?\C:\Users\Default\Favorites\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\DW\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\Help\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\ink\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\Java\Java Update\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\DAO\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Google\Chrome\Application\Decoding help.hta (Dropped File) \\?\C:\Users\Default\Links\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Java\jre7\bin\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Java\jre7\lib\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Decoding help.hta (Dropped File) \\?\C:\Users\Default\AppData\Local\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Media Player\Media Renderer\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Media Player\Network Sharing\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Office\Document Themes 14\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Sun\Java\Java Update\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Microsoft\User Account Pictures\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows NT\Accessories\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows NT\TableTextService\en-US\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\System\Ole DB\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\System\Ole DB\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\System\ado\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\System\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\VGX\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\VC\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\Decoding help.hta (Dropped File) \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows NT\TableTextService\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\System\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\System\ado\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dbfmOx0DNUNPSie\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\Decoding help.hta (Dropped File) \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Office\Office14\1036\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Office\Templates\Presentation Designs\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Microsoft\Network\Downloader\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Microsoft\RAC\StateData\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\System\ado\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\System\Ole DB\en-US\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\System\Ole DB\en-US\Decoding help.hta (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Microsoft\RAC\Temp\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\Decoding help.hta (Dropped File) \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\System\MSMAPI\1033\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Office\Office14\3082\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\System\msadc\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\System\msadc\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\Decoding help.hta (Dropped File) \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta (Dropped File) \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\Decoding help.hta (Dropped File) \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\G_s-w2bcxqR\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5sDDnuccNjG8e\Decoding help.hta (Dropped File) \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Vuts0ef5ZXCFIZEqf3N\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\Decoding help.hta (Dropped File) \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Decoding help.hta (Dropped File) \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Decoding help.hta (Dropped File)
Mime Type	text/html
File Size	1.89 KB
MD5	fcfdde8fbbee8c3a29feea2f443bf783
SHA1	1b59fc1008b85fe121ea7f1804425b585f062fca
SHA256	1dfd7ff66459127990c5d59c9e18b70359f825b400d5a669af0f12e6bee24f2a
SSDeep	48:gxtolIhuz3KuhEujCxi5391/Pf3Eu13IlfvsbXRik+B2l22kncB:cMIhuz6uXjCxi5391xwvsbXRiFA2VcB
Parser Error Remark	Static analyzer was unable to completely parse the analyzed file

\\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll.[ID]g9uZrLhJaygpwRm1[ID]

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	249.76 KB
MD5	682489edaaa8fd5086130dae00d26cae
SHA1	fb3ccafc1756abecc397408fe11bb1b8f35696a9
SHA256	5d395c68d600e2883d09066778df63bba80e4ee71c89eef72b12520ad441aa57
SSDeep	6144:EuLaJkLb5yxb/i9ose0qC1RIHf3FxtExAshsNX:EuLaJkLb5WseO8PFsxASm

\\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.[ID]g9uZrLhJaygpwRm1[ID]

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	26.12 KB
MD5	3faf9c0f4891e739eaf4f20b53949e81
SHA1	3bb3544cfa6e998bb78e4bf9c54ff2e0ef610d5a
SHA256	36c0ed204b8f982fc14a1612992ab8a866d7215682920d1a274f2164a16f88ca
SSDeep	768:NGdTyQfXKAcSIEBSdenZBcPORdm0JALq4ZrZ1Xj4uGYC:sNX6ACenkPydmkARvMuk

\\?\C:\Program Files\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.67 KB
MD5	e5320416ae24748d6e0545b00097872a
SHA1	31f037998e77bd8898ca2649a27bc334627e83d0
SHA256	95c41557134a606fe92cab24426feb1434f5b9cc084153d9c76889e3df017dcd
SSDeep	24:ui6bcRWnxiC+XWHhw8iqG9TXioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi13:ecCxqMhwnW3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Program Files (x86)\Adobe\determine matthew.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	7814a7af390672e80998049864244ca6
SHA1	f2ac20894c43e7172a732fb2a1cfd98072592653
SHA256	38b015eeac11195dc6fc1e43de3ee257ffa5f5a10f930212ad0df6ff53b4b39c
SSDeep	1536:/x1awhC7oTX4myLUWh/HLT0/5Vp8zmRrlqg3Sja9k20AKf:Z1aNtLUCHP0/5BlXi67Kf

\\?\C:\Program Files\DVD Maker\maximize.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	018caa816d118f77ed1628e2a3f70a24
SHA1	066aed90e1b37aa72ff985762485230bc7480c2a
SHA256	97a2e937cfb6d6351f052852c6c9384ce03896907f83d6335971b4d39ae7844f
SSDeep	1536:ohuK48el2Sm/34MoQcuR+8X461lY4hUc0o8t0PNGO9c4:AuK48WG4Md3n1lYyUE8t0PlW4

\\?\C:\Program Files (x86)\Google\shoes perception.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	e507f00a95bcced2d020bf6fc0fafbc5
SHA1	af0be2c80aa5502592567ab1fd1115030504df8c
SHA256	8fd9ff2da8d8ed832ba084beb48d83897ab2b9359952336c4f464a1d32bd77e4
SSDeep	1536:w2Ab1pTcz4myaA+STO5cERjygRFUpHi4l18vJANVvgwLpc5Xj8sXH:3AhlXmyaeX5pHX/p48s3

\\?\C:\Program Files (x86)\Java\teachers.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	7b088c5c02d05dc4ce6dfa791edfb018
SHA1	d0566863f1e530fd06ab6ad8485648c79bb894c5
SHA256	59ea6eff5aa3008c73d624725ab18910ea78fbd266aa9554bf36be684099511f
SSDeep	1536:k5/krAa+5HmBxkdcMO/Vdh72PUDFRhX5eukAHr8nDY6Il66zeWzt:R+5HmBxLt2P4IDY3zeSt

\\?\C:\ProgramData\Microsoft Help\Hx.hxn.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.88 KB
MD5	325127bcaa6257aac3fe8d1015426419
SHA1	7965371f116aaf58c28e30afa7d8ca1ecbf0e195
SHA256	057217372521fe48115b3fffe9d231b0a28c63a84b8f5a92475293877ce747a0
SSDeep	48:sx4RvRBjvH64ooyS+3QSUH5gZlzIhzV5Vi1WdrE:dpBjb9ySnvH5OoLVtrE

\\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.82 KB
MD5	802f79a220db398fa7b5a7b476ab86e4
SHA1	e468977c26291e7569d296ed180424d4206100b2
SHA256	ae02a7ccaa476d7a25d40bd7121183de3b9fc2a89b1caa46d20099aa964ff5da
SSDeep	48:F6jL72FhOlRCfpYL03QSUH5gZlzIhzV5Vi1WdrE:F4LOpYL5vH5OoLVtrE

\\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.84 KB
MD5	9ec9aa9c401dd1157ccf58bcfafd25ee
SHA1	2d23b4e51cea21355c8bc0f4c0bce09c0dc5e098
SHA256	0c00ef7539fa46f391b9bb5f70eed1bd74cdf5e4e347d549b52526a158a65eea
SSDeep	48:JXa46KsolpMgWjsJfh93QSUH5gZlzIhzV5Vi1WdrE:JXa4gcpdWjsJfMvH5OoLVtrE

\\?\C:\Users\Public\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.67 KB
MD5	8119ec6b22938f2cfd0cdc925153a279
SHA1	8510385041210f8be8124a6bdd5fd72e50e0ed70
SHA256	927e6258f4eb6fef7dfc9d550b7454c72b26f0992e79201d1271c514fab27c9c
SSDeep	48:DdIHeXCeRL6V3QSUH5gZlzIhzV5Vi1WdrE:DdrZtvH5OoLVtrE

\\?\C:\Program Files (x86)\Mozilla Firefox\application.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.12 KB
MD5	4bac89068dd9feed23b0d8423040e11e
SHA1	52eec82171b2342bd512c372c71791d6c982f963
SHA256	1a5aaee501b6acd908fb884cf9a8ec05f80abea170277e47e6376ec1be167ce9
SSDeep	48:m3RR7c3DBNV4VaTv697peYdBp4inv3QSUH5gZlzIhzV5Vi1WdrE:mBxc3tNWaTv697peSn4vH5OoLVtrE

\\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	75.11 KB
MD5	19129e718095d47e96abea87e5ea0fad
SHA1	cbddaedf4c61c7cfc0eb0215c2c6bab4231da1f5
SHA256	f01169510968665a2477ed890500e2ea9f75f7c9056c2b6c602b61c05ef90e4e
SSDeep	1536:j3N1w+C7hNH4B5JupzllidZsqFsQ0VFda4CeSXeSQhb:jLwRdZs5jpKbVO4wLQhb

\\?\C:\Program Files\Windows Sidebar\agentssee.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	be680ab74b056d9c11e71d4c3b7cfca7
SHA1	a6239dace6b48034bda0d47f0a61b64629bd85c4
SHA256	4248626a6d1bb57dc64298fb017002e94e5efbf5be9c33e9eec1081f3adcc6bf
SSDeep	1536:XxH7ryK7TptSd+krMqI+YB3ePsMz0T3pgAML8LtD8:X5rhTptSd3rM7/gPsMz0TFw8LZ8

\\?\C:\Program Files (x86)\Windows NT\seemed.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	1a978a8dac2e100811775d0207ed0273
SHA1	f25963a52c95bb48965edb6f473aa7356142f7f9
SHA256	57de377b02d8c9364e911e5afdbc9ad0f5b5080fded5a5400507c9e1cca8dd7a
SSDeep	1536:wmlPchKQQMKgIG6K3PDLc98gU60b7v4aa7pS0Ot5rcq3rfGSBlT1sSI:XDuI/KbLc98bR7vWYtlB3rfGSBlZrI

\\?\C:\Program Files (x86)\Windows Mail\diy.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	75.50 KB
MD5	40ec1b5ffc34cac0cd1a1e388f5a26b3
SHA1	458144f2671daa8aa9d829040031aea2a9831798
SHA256	d30ee1a50cf859cfa8e2c45de4257965ff60c90fccfc31b2195adab0da4ed74c
SSDeep	1536:7barSy8dOezT4aURZkYuUnqDufD//TV/xp4ypT0ziu0RYE:NOZLgYuCr7zp4MTLu+R

\\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.25 KB
MD5	f80d179fd21e0ac20e3ebba07665bf77
SHA1	326aaac9667507fcf410e82f450ca7cd379ddd2b
SHA256	1013aac11c7379c7d6266ae1c5d614f464866b508f72146dcd10d3c2652bb507
SSDeep	48:ZlxQWFJGDEH3YQ69pGmnNs3QSUH5gZlzIhzV5Vi1WdrE:+oGDKY9pGYvH5OoLVtrE

\\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	118.11 KB
MD5	5b858d9a05fd3a828175494f6f1aa9c7
SHA1	97c41c69759f78f9c867784b14d86b1b48ccd4e5
SHA256	e0e1f0a047f4523043a64ff97be7c383fb8f4f0585d2ae144acf6b5ea338596f
SSDeep	3072:XoKq79uIj3uv0xipE/IjMKW45mDb2EemTaBRDbw8zvAuuO45Y6T39:2R7g0z/KW/2EemTarDcFt79

\\?\C:\Program Files (x86)\Windows Sidebar\settings.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.58 KB
MD5	508c27f3483c7f74e839dda3874aa4c9
SHA1	455b46090743fb4785dcacb5246c328336456d85
SHA256	fa37afd0dc61419003dc38f1397b89f800cdf1466b3fece251bb151c853a95ab
SSDeep	24:g4rn1d7Dq7EhsioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2XudnrVWF:Dz3NhR3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.72 KB
MD5	329a55226b30df4555825bb93510f421
SHA1	b510e4985e938f31008739dda656bc918bc356fc
SHA256	c1324757dd1df704c7a3aa6c8b58e0587f57a0e616d161f1f13ab51aa96d4b3e
SSDeep	48:Dp0/zQAw+lAIhpUk9do7VHsUc9SM3QSUH5gZlzIhzV5Vi1WdrE:10/zTra++JsUPhvH5OoLVtrE

\\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	54.38 KB
MD5	ec42454f8d8406d361ac5346028c1ac1
SHA1	ab0aa8d6cc2f7d3b68d66e4651c23c0f59b4637a
SHA256	55b642c238978cdfd90ddca523e2807894df9afffc8f1215fcec57cd03362eee
SSDeep	768:GC5T+iRIOf0BACz1Mez5HIZ8T6u0VoTqqfjB0MkAFDDpOhPBMPdQYZ1fr/CC:TTm9A8hIg6utTqqfNcAF/pgPy7Z1fr7

\\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.82 KB
MD5	cfcc5114a6288ab12da11e754fc1cbc0
SHA1	27762c38e3744dd362d46ef628d6e67bc4981161
SHA256	302f3caa2790d680dc10f4828c5a7ba4558d86e3b795022fdddb8fbb0e4f90e4
SSDeep	48:7Ww7dSk4uBqT3QSUH5gZlzIhzV5Vi1WdrE:0uVvH5OoLVtrE

\\?\C:\Users\Default\Contacts\Administrator.contact.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	68.28 KB
MD5	2c194e11b30166d426a4829e4dec24f7
SHA1	411e855fa74a29d80e5194fe46d53b8e68b1bcf9
SHA256	ff01285b0ed0f3c7e69faefe99460df40e2e25fc4a3125875447688e9b24c34e
SSDeep	1536:dnMbNjEXH3Lgz1u5j9lq5tWLX13PiXHPE1Lcl+l3v:d8NAnLSGlEmpgHQnlf

\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.15 KB
MD5	beef41ccb8f92be6a60a3bc23e83db23
SHA1	a2346c44ebeeb9875b5064285208d0cd6726890c
SHA256	ca5baac878911c93c305e2065f0b909900a9e182432a31f1e0e56b0addfc754e
SSDeep	48:frwzcfkfyTW1adLo2ZI9/3QSUH5gZlzIhzV5Vi1WdrE:jggkfyCgd82IovH5OoLVtrE

\\?\C:\Users\Default\Links\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.07 KB
MD5	3f74264927e97afa82251a986a57253b
SHA1	ffed967580945d6dc48e7e4962f3489182889078
SHA256	a62c1e4cb09ae7db0123d53a95d7d9a6263a3a35c336e5fcb75c2e0f33000738
SSDeep	48:UxjYbfToncIFa3QSUH5gZlzIhzV5Vi1WdrE:sCTonBF7vH5OoLVtrE

\\?\C:\Users\Default\Links\Desktop.lnk.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.96 KB
MD5	6189d622f9650cd856175f27958d017d
SHA1	6e6da94411e71d7bbc149c43bed0c95ad2759856
SHA256	6e63858c8582aa7e1646a0514c4010482d80508efce1042017ffc1cbed38b340
SSDeep	48:3kTW3Qf6yr8+IL3QSUH5gZlzIhzV5Vi1WdrE:3Dsr8kvH5OoLVtrE

\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.14 KB
MD5	cd661ccb395cd223ad94f57418ec156d
SHA1	1739013d6112581eb01e1ba3502700ef8fc6ef55
SHA256	991f5e0ca6f2450365ad72eb96701877bf482166a090fa03fcef3d2c810fafaa
SSDeep	48:DddqZeJOHedM2pzc2pWSEXV03QSUH5gZlzIhzV5Vi1WdrE:BdqUJzpzc2dEXV5vH5OoLVtrE

\\?\C:\Users\Default\Links\RecentPlaces.lnk.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.85 KB
MD5	4fa20c1dc09bfb04e3a6b3c8c3d27e07
SHA1	2fecddf08223d3adff3b2a2e35080f9bac42ca35
SHA256	63dc4d4ba6b7773edd2da40c0dcc881c2c340812f16d9fe8ea16dc1b8aff74fc
SSDeep	48:X/LvNxIVqftDf+aZF03QSUH5gZlzIhzV5Vi1WdrE:XLNSwFDJvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.74 KB
MD5	466420175374d1eaf4083fc08c3bcedd
SHA1	5dd6afd238180993aa851e9ae793675cdc428f7d
SHA256	a575642ff3475349e888507de5ae8c745188f74da5daf7dc81624d76a191e4db
SSDeep	48:qY8eQxdhy+LWf0uTZomHG3QSUH5gZlzIhzV5Vi1WdrE:CdhNLWMK/vH5OoLVtrE

\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	446.54 KB
MD5	ccbea02e89074f0540f60cb57706210d
SHA1	a419432b831ef66eaba1f469ccb4b370422ac32d
SHA256	9ae6a10638ee9deef80c287513484d44a9e2b3ee475d42becb702ebb77ce071c
SSDeep	12288:3rF+KO1ex8apXg9mpzw4lEbYq+bP5FyTy3dY:3rR+2pXg9mpXqbzKXye3y

\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	453.66 KB
MD5	3f299ed13b8550182319d7f1f04256c0
SHA1	7495a4141590d6784ed0672de55494d8e47b6c8a
SHA256	01389f67861821cc2591f6c85dff0f2e40b75200caf408e408b2d278399088da
SSDeep	12288:6AR5LBGgyBZa02jJAKX6biq+nbHjqIpQhS42q/KQbjU0YT:6AdsBZ/2jOKX6b6Hjhihp2CKeQ0E

\\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.62 KB
MD5	b21d4406afab698a64810708ac9a5dbb
SHA1	a76f1aa9652ba0f0ebc03bc8fb88ef1e7c7620ae
SHA256	2bb6c2442a95b22cbab560e2505d4e4c93cb50bffbd98ea9046929c04264c781
SSDeep	48:1IB3j0X4kB+3QSUH5gZlzIhzV5Vi1WdrE:yT0ZZvH5OoLVtrE

\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	49.55 KB
MD5	ca83b77c043ac8d2bc33185b703288fe
SHA1	92eb1ad3f712356ce241fd9fa6586288c740e9b1
SHA256	9753cd625df22b762f2d5ba26da249dd20a2397f04894867c8e0f282576fd8da
SSDeep	768:R0PvL0gwVRoL8wlf/Av9yfJNcTp0Z55PwSaVjIbFfUbVMPqw4tBCL744XkYykC:qPvL0jVvwVKkNPRaVeFfm24tBUk1YU

\\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.25 KB
MD5	4f124cf70a140bf67ca32d0edc0be108
SHA1	07462659582b0f906808f394639d4bdc7194c4dc
SHA256	b1ba269ca6015ce73e664d35c77c7f35697b21694014c3326c0e98e13b2e13bc
SSDeep	48:qy8nDFMRPRThMoUwEQ8Yo8B73WI3QSUH5gZlzIhzV5Vi1WdrE:qy8nDqxRtj8ZvH5OoLVtrE

\\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.25 KB
MD5	24d7605f9076505adb9fced0dccfbbec
SHA1	bfdbad166f8c8a8a5ce4aa864a9621804a129cb1
SHA256	ff0b11ba4f7f8fbe8c70149e96c819fece1e238a06cad58435713d564a0be8ae
SSDeep	48:Y+CzzMiJG8e1xG3QSUH5gZlzIhzV5Vi1WdrE:+kiPw1vH5OoLVtrE

\\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.95 KB
MD5	fe10fe406d3a5a855309dc10a04ee93d
SHA1	2c1ac8e97bdbdf95a2adf944d7400a3e42a2040f
SHA256	98473f423a6b4e1fd1ad5990da3fb6e15d334d7c8f8e2f299611610cb4ae4ec1
SSDeep	48:dkpiI6GYxz+Eyd0xR3QSUH5gZlzIhzV5Vi1WdrE:dkYXxaExuvH5OoLVtrE

\\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.95 KB
MD5	a388eb94f27ea4d1f6769efcc41b4bcc
SHA1	9f3200f1122ad6cce8185286a65463dd79318b20
SHA256	3d5a80445ac0ca4e51bdc408822dd6d6a686ddd1b7967ad9d4a4e0e802d46cdc
SSDeep	24:t3CAAA19cRb9n+/NCYhh2prT+m8z+sioSQuLU2HOBV/+ifa5JyClzEfsm52atg7d:tSe2vYerEw3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.13 KB
MD5	a42f51fe4b4d76eb0dec0dcf7f2235ec
SHA1	38ca1d851ae5d83e5c368de6ad4e528dbc6cb4dd
SHA256	4f01de860f14f7bc36544c36b2e5d864c10a757a8188ca504ad18eb68ebd2b66
SSDeep	384:Iif2z5WtgeYtjrocJPwIW19FFn/TZAZ3Ov/OSzPS7Y/1GiLtw:Iif2z5Z/toIWL9AFOv/2uC

\\?\C:\Program Files (x86)\Java\jre7\release.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.99 KB
MD5	da622857ce652da9d38b3173bcd34b89
SHA1	583377ad95963fd88e6d41c9824d673f6f030e92
SHA256	9aaf50ce497cef24b5fd392c06894226d104878c56e67c2e7d20ea6a34e53b86
SSDeep	48:Y8sEuRZaMZ2f3QSUH5gZlzIhzV5Vi1WdrE:Y8cYUvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\54a SlEUM.m4a.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.99 KB
MD5	6906c2bf52b89269efdf2f494919ea14
SHA1	132c10c6a644b29de073fbbcabfd963470219bae
SHA256	4a6d7e97562bbd24e89888e4b357975c9bf9d8d8b76c1da6adf46277b25b8fa5
SSDeep	384:A5HRj9jqltIr6w3LQZGUQ4hLvhij/3FRK/uhQ/zycGE82YKKd1Nz7jTGhstw:AT1qomQLQkh4hLpij/1E/uubyDvKKLNQ

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4no91 QuYYqmyLqH-.pptx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	33.11 KB
MD5	fbbaae3905a282345c5c44cf5b9a74e3
SHA1	42bb9bd2419af644ac5c867d9ed6ce6d17a449b2
SHA256	2bfa0d746597d1dee8b91ed974c1897f6848290945192acb58d0a4c8ee734c36
SSDeep	768:UbxweVZ2eUwwZ9izlTfgc04q9sCkchdwzWly/6efC:Ubx5YlyVgPNhkWoyeK

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\adEBzQ.avi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	35.15 KB
MD5	1e6ff045a05329f77c8f7d11d548bb21
SHA1	a995ad1faacd6e4a1267c54dae474e02f10c70fb
SHA256	7cd22fb149908303ba9776ce626ba414a7be1a334bdfeb63d59b3d83691ca565
SSDeep	768:SEAfNiPgWLgqBK2PBd4ySRFRcwALeC1vKzn2CFiIpTxILLINtC:SEAlIgq7JOVRjEdK6CwIpTxh0

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.78 KB
MD5	1903fbc76b9458339e78b0c396ecc86a
SHA1	ea6a0526fe5ba9f8cdb2b66abf0ccea85aca2f8d
SHA256	67cc80b6c02ae935d9fd1d3382f940dc732d0c189cb05cdb97c7e2f6c545e02c
SSDeep	48:ocvPZ3JYIuIqF3QSUH5gZlzIhzV5Vi1WdrE:omPZjqavH5OoLVtrE

\\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	123.67 KB
MD5	68a2a062bdbebfac620ca25d7a74823a
SHA1	4c15c13a297be6785283fdbdb8e55ae695bcd698
SHA256	cd7026c404cd071fc79d8d0e01e2d266e61200c3a9776405cc82ff7b1811a0e3
SSDeep	3072:eZtBxatj5KzVMV7fTxWH37Y1lf9fHiRj3iPvXNMBNUL/wC:+JWYzV+7fTxaGPf0jafNMXswC

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.78 KB
MD5	66c4566fc002efc713e1e4fb83fd4ec6
SHA1	84178ed6ccc27b69e31d130db50adcc26ca91c04
SHA256	5c6e9b8adfe6843d8e1c434490bfbd5b4457df4150357026eebbbbf1da697210
SSDeep	48:Q3zyhRLHugwG7p23QSUH5gZlzIhzV5Vi1WdrE:6ERugwkpvvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5e_mBx7SjCEJ-.pptx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	79.90 KB
MD5	197b83c0faba1746153e5c50e44b7364
SHA1	3e207060fcead8f35781ddd07b2cebd23cd91993
SHA256	1d9b5950e09f13b18b952b3d1df03d05d38d79616bb3d9b59e6a0605a5347e56
SSDeep	1536:YdQWrcG5dVWMeWZtWgs7hrFrim/1I1KuCPPpkcB1flCFb5p:Ydzp5dlvjgUm/aqBkEt4F9p

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CRK9 Rh7.xlsx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	17.97 KB
MD5	6f4b07b12762aab507c18a55ddeedc96
SHA1	0b9197d4350b51c5ccab8d7c4ab801964e0bf069
SHA256	72c612a8ac8580a13680e92ba55079022d0c1e5a34f4a0ad6fda63e1de6cdc84
SSDeep	384:9G7sDhHRqNiY4AkQH3XzEZo6GvRTi+VCLL5Ag0ugl3Rmtw:91HR4iZ1QXwZGvQNLz0Pl3RmC

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HDGHAY1I-BXzP_H.m4a.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	66.63 KB
MD5	8afff1a0e2aa6a1fb39bdc13805c8251
SHA1	64e8c53c2b445ad8817b372fa2243495ce4717af
SHA256	91aa627a787fc3c4cd561a89d058bfcede0137a10fb5f9d15024b06b9f5c5e87
SSDeep	1536:/nFJhQmOP/xfDx9kbqsGo5/6pl+CAk+6gV3nsOh3D/YYvEjx52OyL:NJ3opLxqSo5Gl+sOthFviEL

\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Compressed

Not Queried

»

Mime Type	application/zlib
File Size	4.41 MB
MD5	36d2406fbfec617555c94cdfbd2da231
SHA1	6120ec09dc0054628ad4a89f503f38eacf88e331
SHA256	91679553418c8fb7885ad38dc47ed5841c9b2d94b68ea5bd4861af6bfd805de9
SSDeep	24576:eOjKjjAaREtNxsMHqvRkGC+Kw53RLgpDYETSMxtUjeWDMYoX3y0jo/xbtpf/+Js6:epjM6vRk3bw5BCDYKSsng/JP3cq29

\\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	254.54 KB
MD5	335bf6b42918c816b569a4bb241a0401
SHA1	cc1687111be584b9c8acdb216d7d03ba986ee7af
SHA256	5d1611ad7cc8b74ec71c0c9d78837b48c4fcf10d36c159ce2605456d48104688
SSDeep	6144:xICB65uO00e043Y9yGSntRrMg4rjeuWveu1j/dNN057:XsO0aY91ePrCTWvfj1NN47

\\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	765.05 KB
MD5	ef00aa44c79d6e833ec2300ab7bd6ac8
SHA1	ce2fce8161a06920b9f70ba4bea02bc68f266b57
SHA256	0caf6cb946f6ae2696bd0cf86c5e400f9c9d149d65de33b82dc2d5ebd6b7b482
SSDeep	12288:KKn7ORHv4sawz4A/8IEepBW5iL3RLhTA8YzurvdpF6N0w8FiaQ3yhWHAJCRtEkpn:OR5lz4A/Jk5iLh9EOvrFZfuyv6bMbw

\\?\C:\Users\Default\Contacts\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.90 KB
MD5	33b56283ac34bdc6b995dd21c4590041
SHA1	c09b4711cc9120faa4883cd5466512f05ad8321f
SHA256	29c89cb4ab182ca66a4beb7fe322433d5b4663914d7bafeff64552164aabc761
SSDeep	48:UU0R9RfYpXA3QSUH5gZlzIhzV5Vi1WdrE:uR9hWNvH5OoLVtrE

\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.63 KB
MD5	d330c4ba214e353007d428f1f40e131c
SHA1	dfa0131e6213bc418d320ad7c788755c6f7b1fd5
SHA256	a4a3cc0cc7456d2978ccaecb2736bda9a54c3c1ab1e4d1c1e3efe2b3376b7ba4
SSDeep	48:TtuDDfQUtuNbZx3QSUH5gZlzIhzV5Vi1WdrE:JuPYUcNovH5OoLVtrE

\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	144.87 KB
MD5	dbc0050a6a1ab7a7c19e9556f62f3808
SHA1	1f298ed2853d672dd66de9afca824c913598f5ec
SHA256	5b439bb4795815e02957191920fb628166b86885fe612f5d2dbd34366236a48f
SSDeep	3072:wd8/oHkgUwIObYGCHTkBotqKJpbxHJ2yRMtte:q8gHrIObKQBot/Tbxp2yRM7e

\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	855.00 KB
MD5	c1ae3ea22c8032f51e63a36a456867db
SHA1	28e96debf018bf5b9bbff752af36ecfcaac0d045
SHA256	a8825c610628051f414e497ab60bbb77f37ac3d95cb59eec9d31270a9556a0b5
SSDeep	24576:4iei3i8tN7f+aUrH8ueLvEXpTszsokHOOp/unuO1beTii:DoGhf+foHEhs+npGuQb7i

\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.30 KB
MD5	9140c65ce56b7968abd67c3271ec319b
SHA1	79f73211dd3346d551ef316d1107d41123ab96ce
SHA256	4b2e45f9ad1b5fa9eb395552892750e8b1467042a2afcbc4bde72e210e46c963
SSDeep	48:IUgOvQ0nvQegHJCK5red3QSUH5gZlzIhzV5Vi1WdrE:VgSjvQegP5rdvH5OoLVtrE

\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.07 MB
MD5	e87bd725f83af947ff4b980d8f44d7c7
SHA1	42da9021caa446b7c40cc58af942559c3d9ff542
SHA256	b745526e747e92091e1896bcdc33cf68234d703bdc7221d1a05bdf431418df6e
SSDeep	49152:vxNlf4QPlE9BtYwumTr3JLf0hLiZtBGFNuhyiCw41S64xQkHB0y0juBithrHF2PN:dRPlE97YwvPZUgnwiSjRthrcP68

\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leame.htm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.06 KB
MD5	2eaabb6e7c61424e98c819edad0dff7e
SHA1	045b47155c63864ea8361ea316e59ab37e112393
SHA256	e6145e9dd4c229390dedf1e676ebfe9185e2d4320a6d0dcf747038305f7d7248
SSDeep	384:tmAer+lR3Jah1J4y5M4bB4xFCN3c9XyXHx96NAy4vjXMtw:tler+pJw1qprCB6KHv6miC

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\hTefMhnvMK.flv.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	80.37 KB
MD5	c3071842f577f33a33107ccd3943cc44
SHA1	7f00ecb131d680d825842c1e53752690c5c986d2
SHA256	f7daf34371f7428a005bca49416b1249c2083ef64506946186edabd3edc56e17
SSDeep	1536:cosyKTMArL2Xs643QrQpJWjFn+f6Z/RqqUgXg7Ck+ODcUHuVujctQd18BS9T8Hg:vsyXWLCh4grQpJWj1lRVnXgLputusgTV

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.89 KB
MD5	9ec88fa3142aff4bbc43c4b21ebafbac
SHA1	13cd052afe0b51cc8d22fdde6b6e7cab389c49f1
SHA256	f24284c5d0f33365b5dfaa0c1545db3ab25139e1e9c2b9bf110480e6a4cc69af
SSDeep	48:2xUZ/LwNq4SfWZ3QSUH5gZlzIhzV5Vi1WdrE:2xUZsHmvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\IE2sk29TIgjPvTzVKz.pptx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	95.81 KB
MD5	878a554254448419f8e6902c9a52ac57
SHA1	06f935ea4cf06837d6f45cec3f66ca1d43ff3072
SHA256	15b84e18c05c089ccce768de104dae303ea1f1310c183f1d9efc90a935f0d7f2
SSDeep	1536:GIAkywuslbobLhU35bjwoe6OPGl910rtl5OVW97a3appShq3B1E2tgFRXMEfP6ng:GIywDlehU350h/U0r9OVWh4E3ltyRfPj

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ISB48ey.pptx.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	59.43 KB
MD5	04cf57f6309776e697c6fc0edb0f2aef
SHA1	2ae6ca02602cc1aa71bdbe930f3ad7d8a0785e00
SHA256	4f7830c725f4c21d225d3d3f410555b49251e02f8b4f89629948c8af318aa115
SSDeep	1536:wgo+Xi+XysW/FqzaqCVkF0EDLW5O3uKU4ODj:wg7DRaFqWtVdEDyOeKaj

\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	64.09 KB
MD5	4f9e046c3f547bd18d64dc4d4455bce8
SHA1	6db6af7a3a485dc4e06b5231596e9edd9e657ddd
SHA256	b0d63b2cc1ef913773275057d1c4adebe79a47782bbe11f6f40a88a268c21504
SSDeep	1536:gHxBcHo9P7oycM08RyjNt4EiveLg/lt5sfnugFk1a4SEv/qnjLL:gHYHoZ7oyclcCHiveLgNt5x1tt0L

\\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeesMij.htm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	17.97 KB
MD5	e76275057a5b19241e5094d7e59470e2
SHA1	4973df5e23d047e8bb907e29d1625587a89a95b4
SHA256	1e182616368f5ad027bd718c3ee02c403e80af504d785529e955e4959828854f
SSDeep	384:yH19AWqmuVKzReeqk2K/uo4lcE+dhFKzr5uAcLWXNtw:k9AvV2seThOlLkFKkAcL+C

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.07 KB
MD5	396e96a2abd0db4c21c7b837727668b9
SHA1	9e8255d8c7e1cda5031aadb1be9b28f5eb3d2f22
SHA256	deec22b709fcf226d4106f5decc350cce4da54931f29ab26c8e8c0cf9f4112f8
SSDeep	48:JAz47X02ZtXcgGxImw3QSUH5gZlzIhzV5Vi1WdrE:JASEitWdvH5OoLVtrE

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.97 KB
MD5	d75da1c700d860bfa19a3faf63a7cf13
SHA1	0cfd0c4ac8d61a428514443edaa9d9eb2b7a6a66
SHA256	76569c894dfd622e5062f179193986701f96e54f8f355441f1e1c769fec489d8
SSDeep	48:xC6u5OYb6GFLWSkcr3QSUH5gZlzIhzV5Vi1WdrE:xC6UpySxsvH5OoLVtrE

\\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leggimi.htm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.13 KB
MD5	13bfe9d5ab3189d8fdbfe3f8816c597f
SHA1	bd5d81cc58251b7b63c477363a1082d05f6976fb
SHA256	393a785cf77f98d0ef34fb098ba3cac460ca95923e70d40769f35558b36e03d9
SSDeep	384:+GJPAWNxitZ8ATfur8j3QX3NNBQZcok5AWtw:+GJPyZfT3rK3NvQZfyXC

\\?\C:\Program Files\Common Files\System\Ole DB\xmlrwbin.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	196.02 KB
MD5	6c43cd6f1f996bb21b64837f2a0576ca
SHA1	32466a6a4b5c1c2071d8a012aa953bdc1f28e4c8
SHA256	cf8e3ed240edfeb3eafc0ce69e4c3b77796a34f520825cbcbc22dcdaf0852d6d
SSDeep	6144:S4oUP6vOahC8M3v0PXteQ7axpKvIW8lUAtSha:S4yPXYQ7aGdDAsk

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\7e4F4WEY32qCdiSWyG3P.mkv.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	12.79 KB
MD5	e66d0215ffd42031b4d59991076a2823
SHA1	2207b69011170b4f2d4cbfff63020e3fff349c99
SHA256	ad34a7d9c5ace688f2f6cb2f82046daf279579afa66706c53055fa4d539a8ffe
SSDeep	192:B7ra307Jid+OQtEun2Lko+akNb/r352EloJ9K7gFYHMPg3g4bM5qFb+/OGR+uf0G:Bf/wNQf7jzNb/gKMe3g+1+OGkuCaMRtw

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\AdARbZbRdZlVmzpJhU8h.mkv.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	71.07 KB
MD5	30e3f209f3da24755bf8651b51b8c158
SHA1	18ce01e000528254b87902cc5b7e4b0d018a394e
SHA256	c619361592d410a971692d9ecc76ab2607672ba2ac900d025231f4e5060a67b7
SSDeep	1536:3+oDCycN8P5RGPHeopIAxVop+b0/4lDGpVHqP9DWCxDiLT7F:NDCP8GP+opdop+b/lDqoP9DWjnF

\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	146.75 KB
MD5	ec6b9fd78f49acddd5491d5310775e83
SHA1	b6f35754ee9d7fce9bf3b6993c52ab1fa9e8babb
SHA256	52180d354f84ccf872c5ff709a433143c2b2bd1660c0afb8838449fd11335cf8
SSDeep	3072:r7Ha3LKcRvnK+ORRaVMoGkVkkZe2BFweewZiRHkH3X1dY0M5yxpliSDZjsITfOF:r7Ha3jRvrORRSfGBkZe2SwwRHkXXvyv1

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	107.77 KB
MD5	400e0fb27f89c25abf552790e898f641
SHA1	ae47c22a1111ec319636a67ce955dec0d23a456e
SHA256	b4f540918ef0990349b90b0d2302405f865f92b3fe10b5802ee08058ded667cb
SSDeep	3072:9YBLrVptZL5/RlvyPz9hW952SFhKjopyPzcLJDva6HC1lDpGaMQN:+r/L5O9oQSFhKjn+JDva80pd1N

\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VQQ6Kzula.avi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	25.99 KB
MD5	129040435c470cb67ef46c5723687e48
SHA1	ff78c9dd490dc3d9abd61772404f4879ad4877fd
SHA256	45c71520cf27d7575c1d90b83eb3e259bf536176738c22aff9eaef4f8b2b5ff9
SSDeep	768:c3+4GGI7JgGrq4u6C+BtN1gJYqwszMPs+TUqC:ERTCq6C+z1a5MPs+TUb

\\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.86 KB
MD5	374fc13facb5d2ef66ca39ede69e0b97
SHA1	a55d042226f88aab39e8a7b01d8682708d819d04
SHA256	73d0a20ae68eb0812d37d5cfa147163db97858e1290e05e9bba1eb4145782a9b
SSDeep	24:zVyVGjQQSx6mQIlAZKLi5kEGSioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxViV:zkvH9NGFkz3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	332.41 KB
MD5	bea126853f13d4009e30b88628939e47
SHA1	156e9b615bd49ed093c3c8b81c644e7df5cf15f9
SHA256	2223db8655b031ad98a5278c611f35f980d76e52e6b3a7515c54997d1e143fda
SSDeep	6144:OmtFoOgmIJjzAkwjZNAkChs69XW0A3dhviU5QUiVZ9fFD7xa/dX8pD1mDHamjBj+:r7tI9zAwkmc0QhviU5G9fydX8pEPjBj+

\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.90 MB
MD5	f4380a356b1bd55dbf82d24ef2b33121
SHA1	6b768c504ed81e6f011a3c0dab974e36781880be
SHA256	cf7e72496f2429a8386ffb55acce1e5d53a0861497342a1c420e49b4128e31e6
SSDeep	24576:c5YCymIMBLeGo/rvLxDEA0gAcn9zPWeLgMlucy4zky0BqEI2S+o0k4Xqb9L:6FyfM9eGo/xDJhPTLgc0BqEI2SF

\\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.31 MB
MD5	0e286f4852096d19e9be4db6e09ef3d0
SHA1	847b772a57037133c753881b8269fe7eecd0e871
SHA256	82fe3c9aa3bf2055ce82a5f01b79f6686245bf422a56448d66aa6658ebf988c6
SSDeep	24576:P2Uj4NmxcwaFhqBrkogFEVMBR2ect4APJj7THFB9tEEpBcMLNe+h7GQ1EIIYZXEX:T4gc/FSKFEVMBR2ztBHXZH1LN5/Ib

\\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.66 KB
MD5	3c495232d4ef8974d5106d848c86b511
SHA1	dd73c00203896c39ba53fa5ed27e3805e8e81bba
SHA256	7cc02f176d886c6ebce3178fcbd3a7a907ab38b46e119b3e38d32cf192525810
SSDeep	48:SIGSFi0w4gkh3QSUH5gZlzIhzV5Vi1WdrE:SIGSI0wkevH5OoLVtrE

\\?\C:\Users\Public\Downloads\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.67 KB
MD5	5d521ca3b41d4bbff8daf79067f91559
SHA1	66abc7f6a89f57f3b691a3138fa6d080463d3694
SHA256	d41b940eb94e3b38f3fe93e9e58e5bf1977ac3713ac1acc125ff036f1f14392c
SSDeep	24:ZlEyYgaqsYYUA2JPioSQuLU2HOBV/+ifa5JyClzEfsm52atg76vxVi1s2XudnrV6:7CgVsKA4K3QSUH5gZlzIhzV5Vi1WdrE

\\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.85 KB
MD5	570f3abd8ebcb6c1127e25269858c5da
SHA1	e2b61a4b9445ea372efb6ad15eeade41a8a18066
SHA256	bbd2c45b5f65d58b0cca17e992cdbf7ffdf5ce4ea952a2458209ee5f4b1f6e29
SSDeep	384:Ce55+5wxSFOZ4VJPFJnmvcrL7nhgyFtBub1tXXSqtw:SyxScibdJCcrxibfRC

\\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	98.31 KB
MD5	232875c677ff02129ab1f346dc92cc2b
SHA1	059b8a6fa0891f0ad9d3fe286590404d7f71ba84
SHA256	47f9114608bda53778cc0b7d738258160b630e69863261725ea04592c4be7ea8
SSDeep	1536:SVqzDR6twbBsVhKai5znrN6ki+ZX4ULcaXoNy1GVhUQ1FlfTTenxJWeMz99hHwCo:SsYKEhKnfN6Q4ULDXo41Gb/TTMJ4oQu

\\?\C:\Program Files (x86)\Mozilla Firefox\browser\blocklist.xml.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	83.03 KB
MD5	929a3c363d660ae06c49b024aad9054b
SHA1	6925271e3b9d93f504ae2de8ba1bf783483fbf70
SHA256	d9d6c12a53cc47ec39211cbf5a78682b2011a3ad9b321b6e14f875d95c023c3a
SSDeep	1536:K/tZy/4DTMvK/ZXaBLuTs0Q+ASRLkLzdn+qSqmgSphKSCN+8Qdme/U+J:D/4DT7taBLue+9RYzdn+qt0PKDNVj6J

\\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.39 MB
MD5	0330d1db2bd72498799efecee4a6214a
SHA1	e92d3a59e2623db51027703c083b2818931c3577
SHA256	02aff33f675069797b8a9536b00634d2d91e3f80a05e597fb375d41d64c2857b
SSDeep	49152:YSQIag6BmzR/XWcWUGA/ZmIxnFNz/4SuqAJJd0QNlK1qzNAchM+j3:Y/pBsR/XW1IxnFNzQpBJdzK1qhAe

\\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.12 MB
MD5	e2e3d89af9ea11e237d251c8d6c683fd
SHA1	b51bc6a70d58d21457f7286706887b73defb4979
SHA256	b8de4fe90fc928ca422cb7ba4a36bc1bf2992936805e77e3069c7dd2ce5ad95f
SSDeep	24576:7FHKBM/PGBgDajYg+pcAAMSdvFLFyZkDu8RP6n0u:7kBMWBgmjqNgxFLSkDpRPFu

\\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.20 MB
MD5	c4ebebae8f6f9c767fe61129597d3506
SHA1	6a48dce310f686d713c99175c1320542494c442b
SHA256	e8d2e792ab754d9c127e29eaf8f88ee2a17cc41c32e4aafb32c07cf3ac263fc5
SSDeep	24576:WJL+JyuZ/Z9wRgXlR4X30lVSBkkbUXLOCNfN1/24w6Ep8pujL:WJyNus34X30eBkNCCNl1xEpiujL

\\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\msdia80.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	895.00 KB
MD5	d47017ca21b1af7f6b088e26daea7691
SHA1	3e07aef82ef8d7b89bd7dc15d61a6dc38c44f5c9
SHA256	f243c635faf98df7936d3e893c48dca7060a2125f5ac5c71ea0ea32fc6ed8a52
SSDeep	24576:kAJ0KC7Le0S/4MgeTDqLp8zpfrDpozIN/0VUlG/:kAiK+LTSQ1eTDq+gzI+VUW

\\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	171.85 KB
MD5	aee7db087e9d868fc4bcab02a499d4a1
SHA1	0a8b3b8c504fa9297d5683e72e3046cb529cd530
SHA256	85ac4f5cb4b805c6699e906d2844ec4d05e9c6d6a9502eb92e64850e54144d4b
SSDeep	3072:4wol0smHw1s9/mJV2PtpojDtSAHZy9pe5UUo0diCaLjJth4AXblyxMM:4L6s4Mj2PbojJSAg9pe5Uk3Ujh4ALlyp

\\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.75 KB
MD5	031ea3bbd06e422707d131750984778b
SHA1	d2abc199e2e129b547d4f5abf6ed08d2b8e169c4
SHA256	62bf5392774f99be30573e3ba5ca5fade77138001e789d3979deb6544309436f
SSDeep	384:RFeX+1yQPhOVitMmHPQ+SJ7CNXnlkfj3EAMpBDbtw:FPMWLTSJ7mcqpBDbC

\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	7.59 KB
MD5	02099ac3299eb7809ae35ee64c5f11e9
SHA1	0c2712cda00fcb7ded3ee1f3366f7f095041fb28
SHA256	0e1eb8c92f8953b1f5ccaa242267c7492bf9abba6b1a6095d8b69d381de487e4
SSDeep	192:ciAZE8duOSyCkD2HovItX5PJuCiz8HSzJoRtrE:ciAaguvyvDQ8u5PUCnSMtw

\\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeiaMe.htm.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.11 KB
MD5	0a105a5f894b03eb9e33f0f3165e18f9
SHA1	393bd160d363fbc3e753c2b404e2fa6d7d630e50
SHA256	f622033e3a65965121e63b765e2807a5d0e6bf3f80a05c682158aee22014f6ba
SSDeep	384:AfSKCbW9TwGMNOCZ/vRC96K1By0qkItfLNm1ihlmPbi0u0DZVhbcXcYYtw:zW9fMsIvRwIxNm8hq/D7hYXcYYC

\\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	231.38 KB
MD5	bf7462410914f4d0dcde1cb8129a1e8b
SHA1	c7c404ba900d9e3a55718beda560c81d63f81a8a
SHA256	5e3b7e5fefdddf69dd3cec7ea07d562e1563b07e462fe2a44d424a68e45cbd75
SSDeep	6144:l8FMebnQNN3h4CRkIbuVZhB6GNz4mKGLu1eFdhPLQOMNd:l8FMebnSdhTaZmwKKLPMO6

\\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	123.82 KB
MD5	d95ccd6a81537efaa57659a42313a16f
SHA1	40af31916774215492219a3f907319a8c43bc407
SHA256	00c0fc11869a7190efd3714b3b2c4bc4495d5bd4e5e960d49a0e8211765eb19c
SSDeep	3072:GZ2tA4veUb6QN0f8CxZG26to8YUiuNEva0OV:G6emZN0fbxk3vNES0+

\\?\C:\Users\Public\Music\desktop.ini.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.87 KB
MD5	abb8f9784512c30f2480f317351cd4c1
SHA1	61a59657528c9dda681b5afa44dbdba28a467233
SHA256	36a03fb39255d1e28500e8245be89b6bd8d8d03edf8e249648567be704474e83
SSDeep	48:/lIYBcxKutx3QSUH5gZlzIhzV5Vi1WdrE:qxpOvH5OoLVtrE

\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.06 KB
MD5	ce2517ce485a640c6bed52f7b9fbf7fe
SHA1	3de02b1177533f0652f58a6c21b065021856eb21
SHA256	06e443f7e1be455dbd4450ba9a8548c7e2317e132da7576a14d13c9eab8d0987
SSDeep	96:NB8HT9u6ErftgS2WYs33/shypBRsWImvH5OoLVtrE:jk9u6gwIRItoRtrE

\\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	22.39 MB
MD5	9f9ca5eafe91ba005ceabd88f7a4d476
SHA1	a9f98744068f3b7e6dedafd2413a1aa6fe1b6a57
SHA256	728ea6a6c399a0144d0aa45419b447a78027a916ed5ca0ea93c44bc37f2390f7
SSDeep	98304:+rP0rPetrEDmUV8t7/riiIQoCztyvh6TAzncofzE86q5U1ACwOVI/JHF0skAdo:n+EDqrIQoOwlDLF6qwLMP0skAdo

\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.[ID]g9uZrLhJaygpwRm1[ID]

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.75 MB
MD5	b60f6b7ac01abcece661935832d8b386
SHA1	592ce1d4aef3dd9fd14b8d708c0a1801b3fcbb6a
SHA256	ea2e3f627a4bdeab8fe0387e6cc19dbe88229c084cd8e92f1ac39a6ce904e75d
SSDeep	49152:oPIPjHq4gerbaKwD5J7O8BJPCqq4BOGJG8Ba+4jlI:4ILbBCOoP1j

Remarks (2/2)

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After