ec35c76a...0597 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: -
Threat Names:
Gen:Heur.Ransom.Imps.1
Mal/Generic-S

Sofreg.exe

Windows Exe (x86-32)

Created at 2020-02-11T13:01:00

...

Remarks (1/1)

(0x02000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Remarks

(0x0200001D): The maximum number of extracted files was exceeded. Some files may be missing in the report.

(0x0200001B): The maximum number of file reputation requests per analysis (150) was exceeded.

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 Bytes
...


Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Sofreg.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 39.50 KB
MD5 7529e3c83618f5e3a4cc6dbf3a8534a6 Copy to Clipboard
SHA1 0f944504eebfca5466b6113853b0d83e38cf885a Copy to Clipboard
SHA256 ec35c76ad2c8192f09c02eca1f263b406163470ca8438d054db7adcf5bfc0597 Copy to Clipboard
SSDeep 768:spCmKJILjsoq65corBjd/3oqab0k3RLKul1FXI4xyuRe:splco4aFoqaXpTXISR Copy to Clipboard
ImpHash 6a3e7314bd4201552084c30fb976959e Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x4029b0
Size Of Code 0x6800
Size Of Initialized Data 0x3600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-01-31 21:36:20+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x66af 0x6800 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.52
.rdata 0x408000 0x1318 0x1400 0x6c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.35
.data 0x40a000 0x35c 0x0 0x0 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.keys 0x40b000 0x1706 0x1800 0x8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.44
.rsrc 0x40d000 0x1e0 0x200 0x9800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.7
.reloc 0x40e000 0x290 0x400 0x9a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.81
Imports (6)
»
KERNEL32.dll (57)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTickCount 0x0 0x408068 0x8b98 0x7798 0x293
lstrcmpiW 0x0 0x40806c 0x8b9c 0x779c 0x545
lstrcpyA 0x0 0x408070 0x8ba0 0x77a0 0x547
lstrcpyW 0x0 0x408074 0x8ba4 0x77a4 0x548
lstrcatW 0x0 0x408078 0x8ba8 0x77a8 0x53f
lstrlenA 0x0 0x40807c 0x8bac 0x77ac 0x54d
lstrlenW 0x0 0x408080 0x8bb0 0x77b0 0x54e
CreateEventW 0x0 0x408084 0x8bb4 0x77b4 0x85
LoadLibraryW 0x0 0x408088 0x8bb8 0x77b8 0x33f
CreateProcessW 0x0 0x40808c 0x8bbc 0x77bc 0xa8
GetStartupInfoW 0x0 0x408090 0x8bc0 0x77c0 0x263
GetDriveTypeW 0x0 0x408094 0x8bc4 0x77c4 0x1d3
GetSystemDirectoryW 0x0 0x408098 0x8bc8 0x77c8 0x270
GetWindowsDirectoryW 0x0 0x40809c 0x8bcc 0x77cc 0x2af
GetFullPathNameW 0x0 0x4080a0 0x8bd0 0x77d0 0x1fb
CreateFileW 0x0 0x4080a4 0x8bd4 0x77d4 0x8f
SetFileAttributesW 0x0 0x4080a8 0x8bd8 0x77d8 0x461
CloseHandle 0x0 0x4080ac 0x8bdc 0x77dc 0x52
FindFirstFileW 0x0 0x4080b0 0x8be0 0x77e0 0x139
FindNextFileW 0x0 0x4080b4 0x8be4 0x77e4 0x145
CopyFileW 0x0 0x4080b8 0x8be8 0x77e8 0x75
MoveFileExW 0x0 0x4080bc 0x8bec 0x77ec 0x360
GetVolumeInformationA 0x0 0x4080c0 0x8bf0 0x77f0 0x2a5
GetVolumeInformationW 0x0 0x4080c4 0x8bf4 0x77f4 0x2a7
GetComputerNameW 0x0 0x4080c8 0x8bf8 0x77f8 0x18f
FindFirstVolumeA 0x0 0x4080cc 0x8bfc 0x77fc 0x13c
FindNextVolumeA 0x0 0x4080d0 0x8c00 0x7800 0x147
FindVolumeClose 0x0 0x4080d4 0x8c04 0x7804 0x150
SetVolumeMountPointA 0x0 0x4080d8 0x8c08 0x7808 0x4aa
GetVolumePathNamesForVolumeNameA 0x0 0x4080dc 0x8c0c 0x780c 0x2ac
WTSGetActiveConsoleSessionId 0x0 0x4080e0 0x8c10 0x7810 0x4f4
MultiByteToWideChar 0x0 0x4080e4 0x8c14 0x7814 0x367
GetLocaleInfoW 0x0 0x4080e8 0x8c18 0x7818 0x206
GetNativeSystemInfo 0x0 0x4080ec 0x8c1c 0x781c 0x225
FindClose 0x0 0x4080f0 0x8c20 0x7820 0x12e
SetFilePointerEx 0x0 0x4080f4 0x8c24 0x7824 0x467
ReadFile 0x0 0x4080f8 0x8c28 0x7828 0x3c0
DeviceIoControl 0x0 0x4080fc 0x8c2c 0x782c 0xdd
WriteFile 0x0 0x408100 0x8c30 0x7830 0x525
GetFileSizeEx 0x0 0x408104 0x8c34 0x7834 0x1f1
UnlockFile 0x0 0x408108 0x8c38 0x7838 0x4d4
LockFile 0x0 0x40810c 0x8c3c 0x783c 0x352
GetLogicalDrives 0x0 0x408110 0x8c40 0x7840 0x209
Sleep 0x0 0x408114 0x8c44 0x7844 0x4b2
WaitForSingleObject 0x0 0x408118 0x8c48 0x7848 0x4f9
GetLastError 0x0 0x40811c 0x8c4c 0x784c 0x202
TerminateProcess 0x0 0x408120 0x8c50 0x7850 0x4c0
ExitProcess 0x0 0x408124 0x8c54 0x7854 0x119
GetCurrentProcess 0x0 0x408128 0x8c58 0x7858 0x1c0
GetProcessHeap 0x0 0x40812c 0x8c5c 0x785c 0x24a
HeapFree 0x0 0x408130 0x8c60 0x7860 0x2cf
HeapAlloc 0x0 0x408134 0x8c64 0x7864 0x2cb
VirtualFree 0x0 0x408138 0x8c68 0x7868 0x4ec
VirtualAlloc 0x0 0x40813c 0x8c6c 0x786c 0x4e9
LocalFree 0x0 0x408140 0x8c70 0x7870 0x348
GetFileAttributesW 0x0 0x408144 0x8c74 0x7874 0x1ea
GetProcAddress 0x0 0x408148 0x8c78 0x7878 0x245
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
wsprintfA 0x0 0x408168 0x8c98 0x7898 0x332
wsprintfW 0x0 0x40816c 0x8c9c 0x789c 0x333
ADVAPI32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptGenRandom 0x0 0x408000 0x8b30 0x7730 0xc1
CryptReleaseContext 0x0 0x408004 0x8b34 0x7734 0xcb
QueryServiceStatusEx 0x0 0x408008 0x8b38 0x7738 0x229
OpenServiceA 0x0 0x40800c 0x8b3c 0x773c 0x1fa
OpenSCManagerA 0x0 0x408010 0x8b40 0x7740 0x1f8
EnumServicesStatusA 0x0 0x408014 0x8b44 0x7744 0xff
EnumDependentServicesA 0x0 0x408018 0x8b48 0x7748 0xfc
ControlService 0x0 0x40801c 0x8b4c 0x774c 0x5c
CloseServiceHandle 0x0 0x408020 0x8b50 0x7750 0x57
CryptEncrypt 0x0 0x408024 0x8b54 0x7754 0xba
CryptDestroyKey 0x0 0x408028 0x8b58 0x7758 0xb7
CryptAcquireContextW 0x0 0x40802c 0x8b5c 0x775c 0xb1
RegQueryValueExW 0x0 0x408030 0x8b60 0x7760 0x26e
RegOpenKeyExW 0x0 0x408034 0x8b64 0x7764 0x261
RegCloseKey 0x0 0x408038 0x8b68 0x7768 0x230
DuplicateTokenEx 0x0 0x40803c 0x8b6c 0x776c 0xdf
CreateProcessAsUserW 0x0 0x408040 0x8b70 0x7770 0x7c
GetUserNameW 0x0 0x408044 0x8b74 0x7774 0x165
SetTokenInformation 0x0 0x408048 0x8b78 0x7778 0x2c2
OpenProcessToken 0x0 0x40804c 0x8b7c 0x777c 0x1f7
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderPathW 0x0 0x408150 0x8c80 0x7880 0xe1
SHLWAPI.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrStrIA 0x0 0x408158 0x8c88 0x7888 0x144
PathFindExtensionW 0x0 0x40815c 0x8c8c 0x788c 0x47
StrToIntA 0x0 0x408160 0x8c90 0x7890 0x14b
CRYPT32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptDecodeObjectEx 0x0 0x408054 0x8b84 0x7784 0x83
CryptStringToBinaryW 0x0 0x408058 0x8b88 0x7788 0xd9
CryptBinaryToStringA 0x0 0x40805c 0x8b8c 0x778c 0x7c
CryptImportPublicKeyInfo 0x0 0x408060 0x8b90 0x7790 0xa4
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
sofreg.exe 1 0x002F0000 0x002FEFFF First Execution True 32-bit 0x002F29B0 True False
...
sofreg.exe 1 0x002F0000 0x002FEFFF Content Changed True 32-bit 0x002F11B5 True False
...
sofreg.exe 1 0x002F0000 0x002FEFFF Content Changed True 32-bit 0x002F3000 True False
...
sofreg.exe 1 0x002F0000 0x002FEFFF Final Dump True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.Imps.1
Malicious
\\?\C:\Boot\BOOTSTAT.DAT.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Boot\BOOTSTAT.DAT (Modified File)
Mime Type application/octet-stream
File Size 64.51 KB
MD5 405031fa2737bbadfa6ceeda5c58cc19 Copy to Clipboard
SHA1 288aea834ebbd799120b9f0dc2b07e724dda33d6 Copy to Clipboard
SHA256 99e70533f4e99fc16712674c0a93aa98a6e3304f4408988dbd249135ae5ecef7 Copy to Clipboard
SSDeep 1536:xMGCnqnsyoO2NsNfLvjc4JxtUH2vLwIj2opcUyBKWbflae:CpnqnsNO2NaLvjZxqH2MImxPbJ Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 7.16 KB
MD5 ec9e6a8f825dd1fe89e20d1d88d0642d Copy to Clipboard
SHA1 d260eff312159e8b94f6f3dcd90806ab4f7d77aa Copy to Clipboard
SHA256 6ac613535b8f0fe65fb0801c9ce8219ede6a5d1ec32f3b0c85562da29af6e5e9 Copy to Clipboard
SSDeep 192:rGOkOYPoOqaW36CrDqAZYBshgt+O7ShDy6GY:rGOpO5W36CrDqACpt+cEr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT (Modified File)
Mime Type application/octet-stream
File Size 316.85 KB
MD5 5123ef79710c7fe937dea2a703d1e38e Copy to Clipboard
SHA1 65935b115f0bd118b490779c3bd0dca3b166c1a5 Copy to Clipboard
SHA256 36b789b58ff3acc6ce2d5b3b707afbd82fd3391b9a18707062a19e96fabb56f0 Copy to Clipboard
SSDeep 6144:/jS9LomXkdOX9NLKzNKLhm8qTpCjTxbmBpoGj5OxDGMLZEQlaZJ6suE:/gk4NgcJqTpC5bmBX4RFLZ4+suE Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT (Modified File)
Mime Type application/octet-stream
File Size 592.37 KB
MD5 29a37e9ef1762f14e8cdd6f54d179557 Copy to Clipboard
SHA1 8b5e91530de14372bf2ec8fa2eb0e4c2cc5fd7a3 Copy to Clipboard
SHA256 b04f9a0d95eaaaef1ca551f33e568d5c074632a6bef16243b55699c7a3f703fd Copy to Clipboard
SSDeep 12288:f0LrA4YtTqnsCw/Wbtt9uYG6M4G2A0CewSde3wI5r6vdm:f0Y4+TqnFtm6U2A0Cewrulm Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT (Modified File)
Mime Type application/octet-stream
File Size 696.40 KB
MD5 faab70950391c19fb23c3970dbce58f0 Copy to Clipboard
SHA1 8da718ad93b955748bb20a5cfed667112ac075a8 Copy to Clipboard
SHA256 c343517f47d1b103a16cf45ca2ba2d6dab7bc69ea1bc5fc7b69ead054f8dba0a Copy to Clipboard
SSDeep 12288:kJSpIXqzv3jxZn+iIhlbIil4Jq9kFwHCLWKLrybpg8FXFKMYeVFn:kJScqzPjP+dLbIiGFwHDKLrO28FHr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 235.88 KB
MD5 36d5cdbc99e6ed646bb914da9908906b Copy to Clipboard
SHA1 e3107c2b3f141c94b7c9afdef59b6acb51c24e7f Copy to Clipboard
SHA256 104a34db313bbaf9c3cf870918f39f7aa5d6f9facd078c6e90bfc732b225e1ba Copy to Clipboard
SSDeep 6144:zUhDWoEynkRQlCNFaU+v/nR30uNlQ1mH4gMhHPr3BQwLgV:zUhDzpkRQlCGU4R3BNltcHPdQwLq Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.37 KB
MD5 0bb7a13598339157f29b9531e66f1924 Copy to Clipboard
SHA1 732b427694674b54e0e40ffa3e341f9623ce9bdd Copy to Clipboard
SHA256 b0d96a41babdc1029186063d94826b2f78556c3afded4b2218a116f9a16aed81 Copy to Clipboard
SSDeep 48:M3JLEokrLgVEqqt0c6oAJWm6zdyR5mNxsQHIC5tRUPyOtTohSESulXBOGAguLpm4:EkImqUVm6zsq+CfWPyEiSc54GAguce2Y Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS (Modified File)
Mime Type application/octet-stream
File Size 15.22 KB
MD5 c4cd6ec134f3d7823004b6b8a4cfd409 Copy to Clipboard
SHA1 62b607ad3d77f91155c8afac95d9e81b8ea8be1d Copy to Clipboard
SHA256 d1e8b9f2108c48126cb1e9c9d21dc31d6ed3d26c235e41312c40a1714b7f2542 Copy to Clipboard
SSDeep 384:4/RZ9PaYEEyFpp6kuimLQ3BIML+UeHr61RTJpEzr:YxPrKXuimWtL+UwSRT8r Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.55 KB
MD5 693a9f5b9728771315fd05f93f63bd0c Copy to Clipboard
SHA1 d06cbc37a0e3301deb89212437e6795d93d08d07 Copy to Clipboard
SHA256 0d9199ed641c1bc45d989a99722527818fc00c25c2ca9bd080384eebb6d209c0 Copy to Clipboard
SSDeep 48:ZSw4kqrylAOknpv/kzuVpBOGAguLpmednYf3oaO:ZrrHlAOknpvsyVp4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG (Modified File)
Mime Type application/octet-stream
File Size 1.54 KB
MD5 2b278a5b554986bb3bbe8e19bff4db98 Copy to Clipboard
SHA1 2cece78aee9b80adb15742a2642476e6c2263f2d Copy to Clipboard
SHA256 f7ae100aac720c9f6412a6c59a418b7ac4ff030c2a27819f3e5bf0309223c353 Copy to Clipboard
SSDeep 48:k2RBTI6yi2wsEOaN51FtBOGAguLpmednYf3oaO:tRBTI6y2ZTht4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.15 KB
MD5 3760a8f9f95c56b9193fc44d20205a4b Copy to Clipboard
SHA1 40638b07b7783603333057f3321f1046e93a83fb Copy to Clipboard
SHA256 c8e57eeab9988290ef2cbaa7b474cf6bbffa4f783c36a4d6a5508798bacae941 Copy to Clipboard
SSDeep 48:PEkok+J4qozuaiz7l5gNEI7oCOnTHTjSDwif2BOGAguLpmednYf3oaO:Mk9+mqKuaiHl5CELPNiu4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.86 KB
MD5 e986925229135dac1813eca6f3d8ed69 Copy to Clipboard
SHA1 3455654de7b9adf4681084c9e673ceefd7878033 Copy to Clipboard
SHA256 a8e74ce24d435e5c51fe65b9d972da7119584d75bf7772eeefb0e05ea2473e2d Copy to Clipboard
SSDeep 48:149pECQJTk49inbAyYuaVl3k6BM+7SBOGAguLpmednYf3oaO:m9aTkKOLYuaV665S4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT (Modified File)
Mime Type application/octet-stream
File Size 71.88 KB
MD5 b35ee1924dfb4a00a76ad2ce78cc7621 Copy to Clipboard
SHA1 66ff1164ab19689b77035d759010d6b5829dbe2b Copy to Clipboard
SHA256 a4c5e78467ab3f2b8c6b2493facac1ef5993ed5f72de036e09411feee15efd6b Copy to Clipboard
SSDeep 1536:rRzweiaDxSnVa27ytNqzJL+hEEq8V6fcv9BuEOd/GhYVfST:7YnVa38JL+GEfvv9BHOwhcfST Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT (Modified File)
Mime Type application/octet-stream
File Size 296.38 KB
MD5 cb0b1c419d9a7da4dd9e9f3ab742d963 Copy to Clipboard
SHA1 394a487a0612179f29063d283e34cbd6e96f1db1 Copy to Clipboard
SHA256 20d430a52729b8e7f43bc5d7c660c92afc71437965c35dff6e34b352561e0847 Copy to Clipboard
SSDeep 6144:c7QoBIZjyE6yI6jtKSqo3WiwLcIU97E1L/PjfH/da:c7sZjEItheiw2cbha Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 274.38 KB
MD5 65149800cb83becbe63273f02af22e61 Copy to Clipboard
SHA1 38fcaf1a2afd1d14a40240822d47d83e0dc98b03 Copy to Clipboard
SHA256 b7359e098c01cdd11ed987a87d85506636032bb1e37629e9cf0508a1d9f571f6 Copy to Clipboard
SSDeep 6144:Y6x/X5T+mRoikrpAKcwCUfZNeKsNp+rOTAHhMFPl1dljCDJ:b+mR1SpAKcwf02OcHh6t1dlWJ Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM (Modified File)
Mime Type application/octet-stream
File Size 1.60 MB
MD5 70ccc9d86b2e1d434eb7558f0178a97e Copy to Clipboard
SHA1 cb4b4ac4844dbcab1b196d530fefff24e1e1dfe0 Copy to Clipboard
SHA256 bb1173c30c8404375155bdf3fbdf9eae81af27eb1feb0600560aed11b4b22cc5 Copy to Clipboard
SSDeep 49152:AukhhLz9QMKQsKdcrlVH5cBRxz+4gacwGys:AJDloKdy0R+HwZs Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 54.88 KB
MD5 a11c37adbddda2fc615c10690f99f037 Copy to Clipboard
SHA1 76d56ed389c674f7e070db306de9154e0e600c66 Copy to Clipboard
SHA256 36b6556b1014ade13a88a9ba5802f93a8af38930b46d204037dfdaa5189bbddf Copy to Clipboard
SSDeep 1536:mkFCYzdbDl5ndJ6DC4/y5Z+mYdH88gUxMrk7+cf0:ZpRbD/dpsyb+mYp8Je+cf0 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.ragnar_FD7BD9FC Dropped File Text
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM (Modified File)
Mime Type text/html
File Size 2.40 KB
MD5 47d58b17fcbfb12b34fee7cbb26caf14 Copy to Clipboard
SHA1 e09ad8adf766a1bb1c548dd1a6ea51ec63db05b2 Copy to Clipboard
SHA256 2494c2e0828291767b45fcbfe126b75f2a3cb85ef74acbd3a6aa5e95865eb8ef Copy to Clipboard
SSDeep 48:jLLcbx0rJMkPuXAiJWUBzn7qQbPgQ8BOGAguLpmednYf3oaO:jZduNzn71IQ84GAguce23I Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.31 KB
MD5 0788c60b80fea63940115cbd99a7a68a Copy to Clipboard
SHA1 c80a363e8a029141a9342aecc872d50a49c41370 Copy to Clipboard
SHA256 72fed370c3d65c1ef90fa67347dc555ecfa7abc2356cd20c454c8d35ac469949 Copy to Clipboard
SSDeep 24:IGsR69aeAi+2JYO+BsJt6fNjlDHU1qPmzd90BslGAyW+uzvpmxs4snYf3oaO:tsR6IeM8YO+BsAxkiBOGAguLpmednYfY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML (Modified File)
Mime Type application/octet-stream
File Size 3.07 KB
MD5 407d0404089dac6c5ffcda9084fa4bdd Copy to Clipboard
SHA1 8e9278fce3d13fa6e4f6884c47ab50e2c4c96da4 Copy to Clipboard
SHA256 42ef551900fef562ddace2554331b41d2fd4303c9782009d9d62542614f30124 Copy to Clipboard
SSDeep 96:xeVfLuu5lwymrL4Kpew8Nc9Nm4yj4GAguce23I:ENb5Wxr1ac96j6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML (Modified File)
Mime Type application/octet-stream
File Size 2.04 KB
MD5 3a113cdb4a667eb357865d38218fa564 Copy to Clipboard
SHA1 4189df7e0bbc4306a901414b561f9591c84c0417 Copy to Clipboard
SHA256 5ac8fc380ef2ee9c21cd3e50ccaa37466d050b42b96ddf33c103abf39b2628e3 Copy to Clipboard
SSDeep 48:TVTMBTxtd9vZgHNvB51i40BVboIZw9XYc3BOGAguLpmednYf3oaO:TVQ9vWHNvB51i42M6In4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.75 KB
MD5 8519f5fac7f0a4929eb4ac29d58b9641 Copy to Clipboard
SHA1 ca186598b94e4df2d33cf7ce6ea27dad9b831d67 Copy to Clipboard
SHA256 5a75306a474034ed87e3f8485616b11a41095188eec22c9416ed12fe6b99277d Copy to Clipboard
SSDeep 48:ogiNQplbb1N6hpW2mSR2SRFk2y2iwd8BOGAguLpmednYf3oaO:ogiNmdSlmSkySG84GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.40 KB
MD5 86a448e84244cd99fd22db49248a2f21 Copy to Clipboard
SHA1 9fc60739f6ce401d095faa622ab014b4312c182c Copy to Clipboard
SHA256 d0f03c726174a094282cd641cabaaba30bd9d6d9f2b9445f65d36065f57b378b Copy to Clipboard
SSDeep 24:IjXLs2W4OmQ7OOQOHX8qd5eIky7TMFAh1BD0BslGAyW+uzvpmxs4snYf3oaO:QXLsH4JcQ0XtdsZyXMFA3BYBOGAguLpz Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML (Modified File)
Mime Type application/octet-stream
File Size 1.93 KB
MD5 fd6eda01cecc6da91a76a50d65b709c3 Copy to Clipboard
SHA1 553ef7ba8ed53b0993b1174dc5fe8223ac74164c Copy to Clipboard
SHA256 82ec42cb00cb8a9576de3d87f205423133edb8265f302940806490d25cfa16f7 Copy to Clipboard
SSDeep 48:baFjK/W1FLuAXvbVMQc4tI56tBOGAguLpmednYf3oaO:OFNfLu6VMQFc6t4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML (Modified File)
Mime Type application/octet-stream
File Size 1.71 KB
MD5 baf14f0a16f3c1352a488866bd181a73 Copy to Clipboard
SHA1 22f5f14cb3a072ba2e41242b6839c056e3b66d5b Copy to Clipboard
SHA256 dafa97219da48a918125a8ff8ef39ae0089fba2594cb31c9173261ff6145920e Copy to Clipboard
SSDeep 48:F0Nf2JU9LGGFm4IaJCnkBOGAguLpmednYf3oaO:K9DbJT4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML (Modified File)
Mime Type application/octet-stream
File Size 2.32 KB
MD5 9d5856925ae701fd3e85fe3845d6dcaa Copy to Clipboard
SHA1 6f265a43261dedf4160b1b111f29d39450d4d646 Copy to Clipboard
SHA256 39138a6265934ccce49d7858d38a571d61aa8804925a25abcc357c2d28b09ec0 Copy to Clipboard
SSDeep 48:PeJgi9T9Z+lPlB/YPNTiwmasyzG0rlAvjeURsHOTyNBOGAguLpmednYf3oaO:PeJgi9TKPlSmzA/AvBo4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM (Modified File)
Mime Type application/octet-stream
File Size 70.08 KB
MD5 3b040f50eba305ec8523e935729d13ee Copy to Clipboard
SHA1 325c5cef95b70f51b696724c515efe1055db8e29 Copy to Clipboard
SHA256 8bd251d924971a354c7ea538a15c72f0119b44fdc91a942acfc4cf32c3997c2d Copy to Clipboard
SSDeep 1536:+rwjRT4qnso968XxOUvM/kNmwp5faUuWUP0rLuiyVraoLexGwlMTYkWC:+rwjRT4qnsoxO4M/kQgdLrLHgrb1wCf Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 5.94 KB
MD5 58bd00e8d1c17079f5506510ff08a912 Copy to Clipboard
SHA1 f1ff8815752b79c2e1b01e1c9c29b9af13183614 Copy to Clipboard
SHA256 a7ab233aa153ef2f37287ca445a8d0ca8441bf0da1ba4138d4890ff2c2e34dc7 Copy to Clipboard
SSDeep 96:/NlTkYVtfVeYktD33Oovbz9AXpN0pf+sp7XOuXkZN0q1BCOTwCxJgxISniSnj4GU:/TkQNeYI3eovbza5NwfHThkZN0qRTwK5 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.31 KB
MD5 8ac952f09498004cb0ef3f7689c86ea2 Copy to Clipboard
SHA1 ddf7cc8206346a3217ef0b5fe0df7f72ff3992dd Copy to Clipboard
SHA256 4a3f41a73ef9a0b912ce28ab9cfb957f6c11c91ec66a03cd901a070cd3bbaff0 Copy to Clipboard
SSDeep 24:IV1uEIc6BZONTg7XAw+2JYO+BsJt6fNjlDHU1qPmzd90BslGAyW+uzvpmxs4snYA:5BCg7XG8YO+BsAxkiBOGAguLpmednYfY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 37.31 KB
MD5 fe2c93ea84c8508c35defd05faab4478 Copy to Clipboard
SHA1 2b8d36ceb9b88c152f63ce68f5305bf8130f14c5 Copy to Clipboard
SHA256 de9207222e75303728ed5dc085a28870b83f3a608a430cb8e9f5962fc0964c22 Copy to Clipboard
SSDeep 768:HKLEK/1knMsIYwXy8A96ajLYVDbym0hW7zQheVVdZDWQr3Pr:qLPGKYwXyB96oUVDmmgShJZDrT Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 26.81 KB
MD5 fd3ad0a810af0b21d71395c494f8940a Copy to Clipboard
SHA1 0937fe59e0b58e570c1340d38da953fbc06d7ebd Copy to Clipboard
SHA256 da06df6aabed15e997a82d314cbf90976a1b35ef6134dd422dd7ef6bbd49af06 Copy to Clipboard
SSDeep 768:wv8eHsHy1knMJcoZkLHnU4qiZiRbNCDaPQv3VbyZvqr:gPHsSGIcoZOHmbNWv3lsu Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 27.07 KB
MD5 d43a74a49738c6836a1d0f5c7027acdc Copy to Clipboard
SHA1 32c398ca3c9cb5fd6178900efa78535f8e54e681 Copy to Clipboard
SHA256 2cb22112a9e8d31ef8a12acd3d24622ffeda7177f78a6c1378dea8058ddd2fcc Copy to Clipboard
SSDeep 384:If+B4uvct1knMn4dxQyY6Y9vh7e5OWSBPuPRKFEvIqFsJa5XAh8JsFr:IMtc1knMnex0kwB2PRI9Jaa5Fr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM (Modified File)
Mime Type application/octet-stream
File Size 66.12 KB
MD5 6dc0634f89a99d8126dd680a83cabfc1 Copy to Clipboard
SHA1 437bc10470e665622425a39d0857dc60ff6fbb4a Copy to Clipboard
SHA256 510187b0eb7f432d791931e58d92d38abaf732d2cbec20569d2b3cad0916b824 Copy to Clipboard
SSDeep 1536:TXmMzHkuqnsxHGogogs1mbekNz2qZk3FGBhsy9uRzTi+VE1VhSM2xmjYWW12BH6:TNzHkuqns4ogogs1m7R2qcFwhdCi+VEk Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML (Modified File)
Mime Type application/octet-stream
File Size 9.64 KB
MD5 6f9b73995c88e9e2acf0d9c5087474ed Copy to Clipboard
SHA1 73e2e3fffb4ea62c22b59075fcad608a7eb1ac10 Copy to Clipboard
SHA256 cca61c220af7a7c29e7ead81f3004d069ab1503d9180a6076bd5152e0971f934 Copy to Clipboard
SSDeep 192:vibIxsAknYsXxUCCtHLbalFbOReTc/apHe1hRHKqOnKa5M7HSR6GY:v1GAkn4CCtPalFbkeTAV16L5Mnr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.86 KB
MD5 f550af4d98e05e56bf6e968e73fdfccf Copy to Clipboard
SHA1 2e438dd2bd81e6fee660856420f6bffb07638e82 Copy to Clipboard
SHA256 c5ae3f9346e217b7e6b70df94cc04696e86511d8f935a316a63fe342d7a166b2 Copy to Clipboard
SSDeep 48:nSztKln2J5ip92c3sg3p3gMppm4RoV/BOGAguLpmednYf3oaO:njltr2e3ZNnm4R8/4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.82 KB
MD5 4b9f96fc27b2ed6d17f17ac427535167 Copy to Clipboard
SHA1 266f156a8064d6d92a359caa0d5a382426b869de Copy to Clipboard
SHA256 1ad201a785e790259d94dbd612305859ed572c27af3222b1cca41b706c3bbac9 Copy to Clipboard
SSDeep 48:Ni9T9Z+lPl0k+7hK8QgEWpwY2ZflCwGi2FNR6rm2b6LiBOGAguLpmednYf3oaO:Ni9TKPlc+kpwYElCw2ZobCi4GAguce2Y Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML (Modified File)
Mime Type application/octet-stream
File Size 4.68 KB
MD5 c7150af09059c9a90c4040ac8fd72820 Copy to Clipboard
SHA1 0b6728a20cd695f66986019fcbeb04740177fda1 Copy to Clipboard
SHA256 b5450e1c085fa493dcf64fe648cba78add3b8a2fbc33f5c1e78e0d892b4516b2 Copy to Clipboard
SSDeep 96:9chj1kxZq0JDPZaxvKB9gAWd7pXTGEJcvoekcFk98/dBh15wkS64GAguce23I:+hhjIPZaxCB9gACTZKa9YdBhrQ66GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML (Modified File)
Mime Type application/octet-stream
File Size 2.08 KB
MD5 c312aedf80daf3fff41194f753f5e96c Copy to Clipboard
SHA1 5168f7e3f0c632abf6de3ee42b0ad81689822a5c Copy to Clipboard
SHA256 bfacf1bef03b30b869552294b551525c57e6f12a62fc490f7ba34c17ec973323 Copy to Clipboard
SSDeep 48:g59/2jgZcboGN2gFWV+UyoMvHSsSpTF7DCex7h6PZBOGAguLpmednYf3oaO:g5MjgZsoGEgFWV+g3sG7Z7wh4GAguceb Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.45 KB
MD5 7a8fe7db2fa88ddc4627b73e4bb0d039 Copy to Clipboard
SHA1 d16545669d450d63635dbf51aace21f03ca82468 Copy to Clipboard
SHA256 3608d3cb4a5122762d35a6e82333a74ff3537567e92960cd7bddde29fe3f25b2 Copy to Clipboard
SSDeep 48:C/ijka5g3sts/YaJ1dQWb5+qpCCozadUaZoVBOGAguLpmednYf3oaO:UijkmgcevTno7aZE4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML (Modified File)
Mime Type application/octet-stream
File Size 3.62 KB
MD5 5cabfde74130376472556d0696ebe452 Copy to Clipboard
SHA1 86ea96549c8978395a8894c8bb746a3e01192395 Copy to Clipboard
SHA256 045166755c1a54bfb89a85a123f4ab2d1ee3ea2a637cf18b34ee60667c9bc80f Copy to Clipboard
SSDeep 96:EVakcoGkZmAJ19lS2KjDx7CTzwQ+9xX584GAguce23I:Pufz902KXpEN6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 4.62 KB
MD5 198873333ad47f93225a5220030a7607 Copy to Clipboard
SHA1 31185754c950dfe86ba614f2e5db1103fc1785c7 Copy to Clipboard
SHA256 8766862f8cf8f49ad877ceb0ae6da32a6a362833172db74e661c8bca3b7c464f Copy to Clipboard
SSDeep 96:ugcsvKhJWm8Plyp/vJCE7hrajGJJpLckfJh4GAguce23I:uUsCl2XJ3Nra8Lv6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.92 KB
MD5 074bde7ede5909d598e99f7e333b8363 Copy to Clipboard
SHA1 bc422bdadc6451ee152a406e27e8af13d2ec8f28 Copy to Clipboard
SHA256 6a43d2aba292392dea3c6c45d59a93ddbe27f242d5a4f5859a862cde4d7cae04 Copy to Clipboard
SSDeep 48:HxvocPRP06RvBOZ3/13uGolkO4B8Y8xwJTvrrBOGAguLpmednYf3oaO:J5PO6RvwZv13WlkO9g/r4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.35 KB
MD5 a0b97913edfba586a009feabc9e291fe Copy to Clipboard
SHA1 a86b77c1a9fec6a2bcd5857850f1d8aaa3326219 Copy to Clipboard
SHA256 7f5c94877cc4401747deb100855bf4d5e1062b0192bb6ddd42fa0cf543e619c1 Copy to Clipboard
SSDeep 48:fa/dDMSUjAkMTsbwktknGhdNOuF1KR6VHepW7XZTCo660zBOGAguLpmednYf3oaO:faVUpXBtkn63OEjgkCQe4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML (Modified File)
Mime Type application/octet-stream
File Size 6.78 KB
MD5 0f286d4305ed9e646c29028940a67a83 Copy to Clipboard
SHA1 66f4f182580f2565be4c2b4c65cab027cff26c5e Copy to Clipboard
SHA256 b3b5f8e0820acc100d588b02cc2b5c270b22715b70adc94c45df89ffee38334a Copy to Clipboard
SSDeep 192:ZaMRp/D+K0q6jQ+dVqn2eqcSrFVw8c6GY:5RpLp9+dIn2eWzpr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 16.80 KB
MD5 94ff154bd7e4685dea9a4a039e0289d2 Copy to Clipboard
SHA1 e22a535d7bf83388e43f9aa53a5af9a493adedd2 Copy to Clipboard
SHA256 4c9b0c8a9868f813dee165468f31aa04561897aef4406fdbdff065be65d46ed9 Copy to Clipboard
SSDeep 384:JWQVjBekY2hJxwqwr0o8pGGqdVp1SJnEmxGuRewL6Iz5r:JWojBekLWqwr0o8G/p1OnE8GuQxer Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML (Modified File)
Mime Type application/octet-stream
File Size 1.93 KB
MD5 a8449ef1fcecc0f9faebb148e1b47bb5 Copy to Clipboard
SHA1 62e012711f2ea472881a7625a9c897234e3757f8 Copy to Clipboard
SHA256 e4ade4dc8a517609ff21500c2a04a911ee1fc20aff8fafc949abffe8cf726083 Copy to Clipboard
SSDeep 48:9SecycoG92FJyqH1c3lwKjRRs/28BOGAguLpmednYf3oaO:MScoGUFJLHK3lwKjRRs/284GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML (Modified File)
Mime Type application/octet-stream
File Size 2.34 KB
MD5 8576e2af4ea6d270af166866c243a61b Copy to Clipboard
SHA1 f10446bf47038d553c4e41c7d14266e9082254a8 Copy to Clipboard
SHA256 49b9d04a0003db84ca5bfe5a5102d8833f295dcdfb598f682062d71bd0773524 Copy to Clipboard
SSDeep 48:GIg3st5/YrJA9Ien5fCGIBVU03+0DBOGAguLpmednYf3oaO:GIgc4eIenNCrU0O0D4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.82 KB
MD5 aa5fa34d05170362c6d423e0f259627a Copy to Clipboard
SHA1 651b8833cc6c2ac89a88274bd37bd80f5b6299b1 Copy to Clipboard
SHA256 4ed96084ff9c7f33043b2776afc56012977264e7dc431b4bdc3b4e10e55f6bf9 Copy to Clipboard
SSDeep 48:S3lNBE1CFEC71oY4f45j7cSD80jHcYBOGAguLpmednYf3oaO:S3lNBa8F7mYauoSDJl4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML (Modified File)
Mime Type application/octet-stream
File Size 1.93 KB
MD5 af906bb56dc6d709eae99a9c6d60d912 Copy to Clipboard
SHA1 8e5ca4c55faa8597f2a054f745b2a144679cbc60 Copy to Clipboard
SHA256 1febbc08f1a8e9e8e857ebbd00793e1ad351a03759914be9adaf518ab0f0d730 Copy to Clipboard
SSDeep 48:PCP1Kwu8s1707uXn/Jb9uz02vBOGAguLpmednYf3oaO:qNKwgF07A/Jb9uz02v4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.30 KB
MD5 8c1ed458aab6602fc170a9efa6fb4c4c Copy to Clipboard
SHA1 679e9ba43926309b8b82e52669286f9937059122 Copy to Clipboard
SHA256 a8b3f276ecacf1ea5e33a51f4323db6b6609718b39464b8694a0f1918494afae Copy to Clipboard
SSDeep 24:IjdnIlMOrvugM5Lz9LXxPVcygEo+ipavHThjtpTZoHsmfVEtQ0BslGAyW+uzvpm4:Hl9rRMBZxtSpav5Wpw3BOGAguLpmednb Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 6.25 KB
MD5 fa454dc04883e9476f63ab4731b0cc2b Copy to Clipboard
SHA1 e03053fc95889aad3cfa0bfed851316d9e62221e Copy to Clipboard
SHA256 6dd4704e19324055f3009dda87546763dff27629f04eb70d68f521fe8859de17 Copy to Clipboard
SSDeep 192:PNN9WwZxbEoh8KQwTnvoeM6NaPw8soT2k+li6GY:1nfE2FQwTnv5M6sY8dqD3r Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML (Modified File)
Mime Type application/octet-stream
File Size 16.97 KB
MD5 a2c65286750c7585cca720bc32f25594 Copy to Clipboard
SHA1 65f11dd06b6e3bbc37f44dec04ce0fc784208550 Copy to Clipboard
SHA256 4b8cb11f6ddab455909ccdce65d588ed7977456c28a2a33026f60c7571bff014 Copy to Clipboard
SSDeep 384:yItx9IBjr2xs8AJp+FFXEvDNywNjb7K1Ru2OGWqbOpWLXkkmsHTr:RtkBjCxQvcXELNyIbGPuhG3uGkGHTr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML (Modified File)
Mime Type application/octet-stream
File Size 30.87 KB
MD5 e1facef298fe408a34d309467a0534e2 Copy to Clipboard
SHA1 a2be3345a55beb46f3b82cc2ef6a877a73f47345 Copy to Clipboard
SHA256 41098fed7f7a32a054946e4ea307ed8c180a331a232751bd24883aca261c6ca1 Copy to Clipboard
SSDeep 768:72GbhQcMH8d7C9kkv7oCaEMxew7HpMUeMUwZFi66lMB7r:72MhQ9mWhvkxJxeWf Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.08 KB
MD5 b8435621e8fa6ad2a207f12f2e9ffbad Copy to Clipboard
SHA1 9d509773b9fb12d396734db7ba941e4f27f20f55 Copy to Clipboard
SHA256 2d3cbaf70351f92e558fcf2273676d84615fb08e601e443735987db100fcf8b6 Copy to Clipboard
SSDeep 48:FIOULv9f/ewno89EYWDbwkqNJ0aDirW8yXAAJJRBOGAguLpmednYf3oaO:0dVH9ELBuVDB8yZz4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML (Modified File)
Mime Type application/octet-stream
File Size 6.60 KB
MD5 89107bba24d80feabff02f7e5aca2fa0 Copy to Clipboard
SHA1 1488366a01ea0264ca55669dfe4597f450a78005 Copy to Clipboard
SHA256 74daf19d0f27da802fc2db76027ca24bfc79dcf2dcca534144bbe9bedcf57514 Copy to Clipboard
SSDeep 96:TkSgRNmdtAuE4zvsJsRVyBFQcuqi4hJ+QTVnlsJWD6lUCujr+eGznCJ4GAguce2Y:TkSg3mjAuEFsRVyKqhhJhlXjVG2J6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 20.60 KB
MD5 54076b7f806ec132cacfcf2a2afc6f8d Copy to Clipboard
SHA1 253a751a83c7a8b0070858e1fb604639bd2ec55b Copy to Clipboard
SHA256 4fd939af8e5dcfdfbbdfb73641475b21fbc8b52d318f919f3cc0ea935c0ccd07 Copy to Clipboard
SSDeep 384:DUynSyjUEgcuoKFAr+UCY0Yhw6tBi0dU6WJ0Rd85oprwWlNkbsnr:DeOUr9oKTYxC0uLJ0X8QNnr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML (Modified File)
Mime Type application/octet-stream
File Size 9.03 KB
MD5 758da7e6fd72809b79faf5ca91954b2b Copy to Clipboard
SHA1 1dfffab30713e8f564d56a0c820244a1a7ba3e71 Copy to Clipboard
SHA256 185b9c916b8f9b0c782d5db6ee5bc80e9b21cfd6c466939ae9f59be487a8b4c8 Copy to Clipboard
SSDeep 192:xcSvbZxY5vHLTCKJqVirE1+j+KgW5n4g8lnrqATvl6GY:ySjo5PLTCbb0j9gi4g8jQr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML (Modified File)
Mime Type application/octet-stream
File Size 2.88 KB
MD5 b3241ba5411b086e09bdd7054f2d6f1f Copy to Clipboard
SHA1 029bb8fdcc1116aa6f0529a4760053ae99183de5 Copy to Clipboard
SHA256 43a57108a684bb9aa59cc2e7799ba93a63016dc24299273e25c12f7a6a19fc37 Copy to Clipboard
SSDeep 48:Pmm7/eUxe2jT0VkEbQ03bUTKjlTTzl+sMezhxSyir987F3itijG1dK9XqRfoBOGU:PmmreGekUkEbf3YTqvzssDh4y2+71/jK Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML (Modified File)
Mime Type application/octet-stream
File Size 2.27 KB
MD5 dd301f0eeabf6e4c54ee5f1bf4009986 Copy to Clipboard
SHA1 43d9910b2a3f0eb191d003ed4f262b1c0c634fcc Copy to Clipboard
SHA256 acfe70c4f9b9ceaaf857910d71ddec99ee33f602a0c8af58e3b4aa4535d8b9aa Copy to Clipboard
SSDeep 48:bRdBeQXJ2wjIysM+3ZqM0k410sKTPCnZlD3ic6/gljBOGAguLpmednYf3oaO:zBhfaMMg71XKb0lbN6olj4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 699.57 KB
MD5 eae7a1a8c9558f88b3fa1c18f350dd9c Copy to Clipboard
SHA1 6e941841475ff6ab58d47e93a4b0be1de497f562 Copy to Clipboard
SHA256 17f556296b1780252292854a9b6a3cb71e2fc499d463e98e66f8c1fe5283f643 Copy to Clipboard
SSDeep 12288:Iq4IZzT63cM4w46ddO0m7hUpI31IdiMzTneilFLce0+zlOzdj/4Xq5:IE4MC46dA7dU+3GEMzSCFLB0+uj/465 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MUAUTH.CAB Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MUAUTH.CAB.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 7.10 KB
MD5 dc9b07d56614a33922a501934eea718e Copy to Clipboard
SHA1 ea07eab1861cbf146c2d21b0178df085750af586 Copy to Clipboard
SHA256 fb405c5138ae27b48e8aa4b831107a2e3314985cd4e690d63b3300499023e2be Copy to Clipboard
SSDeep 192:OvaICsMAM1qEx1KlbBCjych1XgrJFs6GY:OvOlAE0lbMycwZr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms (Modified File)
Mime Type application/octet-stream
File Size 11.88 KB
MD5 7246b845696ecdf834f54a9063bebd7f Copy to Clipboard
SHA1 980d43f5e3352540f014b6db194b5aa1e2f3f879 Copy to Clipboard
SHA256 01320c30682cb1c5a4d3327afa2b9e15d9af0fd9f5e5e81d6d8f72e77d9b2684 Copy to Clipboard
SSDeep 192:72YDl23i0RVGrc/3LCNXPpiBBD31AULmUnpQZKWNBGum7S16GY:7rASqWcPGNhiB9CUXnpQhNBGN7SIr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF (Modified File)
Mime Type application/octet-stream
File Size 47.10 KB
MD5 43aa41a934c2c7b185f42d230a58e578 Copy to Clipboard
SHA1 73b14d589c88fe31e1b0bbe79ca0d7f0fd0d4f61 Copy to Clipboard
SHA256 b6dc9e6bd5a279ea4457495618b6e16751cbddd960074ed7f001918bb27ed61e Copy to Clipboard
SSDeep 768:SAD1PdEkcq1C3sePJvUCIWSlXqUL87YV3+AcJ5RZOCLm/t48w5TiKCwU4r:Sylcqw3d2CIWSlXL9F4rZO6m/t4Vl/Ce Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 434.13 KB
MD5 917eed865a8362681272ef37b00b0061 Copy to Clipboard
SHA1 81fd60d0d60eaf07906dfa6f114007c0a0cb7904 Copy to Clipboard
SHA256 ce9f6120a385d41982ea678ecce744c4aabd5c93dd430c9ccb47a6431da81875 Copy to Clipboard
SSDeep 12288:gQ+klX0paYYfoMLyNqe3OMOVinU7gxpafM:RPXMYwbNqe+BinUkqk Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_ES.LEX.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_ES.LEX (Modified File)
Mime Type application/octet-stream
File Size 386.89 KB
MD5 8ffa61ca62373df2094d7022a9408e69 Copy to Clipboard
SHA1 1f29c7d286548a46fd128ba774b8d94e8654f3bc Copy to Clipboard
SHA256 02ae2beddf2f3414b8efe7c2a4a5fbc4a6d436e31a13d6c01f152742611ad8fb Copy to Clipboard
SSDeep 6144:Nl51BUqbE5lBGIimj7D2EfWcmrOzNpstg3qsbKp0QoeGcPvG4TfjH:NleLEIHj7aHvODRbRQoVcP9nH Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.ragnar_FD7BD9FC Dropped File Text
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM (Modified File)
Mime Type text/html
File Size 11.70 KB
MD5 210a0af965c00474e6e2dc3d229dc186 Copy to Clipboard
SHA1 9043221ed5284f4c3f4e10bd95f26bc06bd1b3ec Copy to Clipboard
SHA256 c38fe2c60cc58f67d713649be67f5d0de5711bdd6c232718e538fc0c3d6120a6 Copy to Clipboard
SSDeep 192:xSXKilr0PRSrmyUctrlvzjqlCn5NKYC43+16TIQIKOjgB8lWaHIb+8EQCRHtpAp1:8XER0mTcDvfq45R3+18Iyv0hRTgJwIr Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 13.88 KB
MD5 67e477ae093ee5703dfa3bb85fbc068d Copy to Clipboard
SHA1 2ef899eb96ab8eb76908cb7193788284229b4547 Copy to Clipboard
SHA256 1745cd2d1ff7e9a5f4e9e52f814d28a77387b8568c1e437e13b9b175b4a100d7 Copy to Clipboard
SSDeep 384:vwHqC5qr4iuQ7+7XMpOT668UePJfzG4kyA3ZRCPW35PVr:VOQ7+T6O+68Nxfzy3Z4Pgr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.31 KB
MD5 c38451634b85820aef69a77e04c1b387 Copy to Clipboard
SHA1 daf21d3e597625e2ca248d3934c69ad9f5432866 Copy to Clipboard
SHA256 fc89d56d7b8803dc930bbddc8809972ef0d99a8b2cceb583786f4d4a12798063 Copy to Clipboard
SSDeep 48:LzmgCmNc7FXowggHOaHUyMTjCetrt1pe/euBOGAguLpmednYf3oaO:6EkHOaHHMTjCQrtK/eu4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 38.61 KB
MD5 6fc70905ea20d0fa4d745ba6d9d831df Copy to Clipboard
SHA1 c1a6ffc6a501e3f815a15d89149963f316145010 Copy to Clipboard
SHA256 9a84e4da441395db222071465f10f3caee93d7c46b75c48ee44a4594fdc89c09 Copy to Clipboard
SSDeep 768:WaYwC1Ftn9M8IyiW9CHGFaRJSz/9OQqMhSvHSAOn+hV364L6PXr:Rutnd5LaR3LhSAOn+36e6P7 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML (Modified File)
Mime Type application/octet-stream
File Size 3.13 KB
MD5 3f2255eefa6a691b04025829f84bbb86 Copy to Clipboard
SHA1 b8577a42583c7c609cad1ff1499c1992d2221e9e Copy to Clipboard
SHA256 a93e5ba4a1ecfe1f2db12b2b408bfcb2bac9f73452b2a26b011c96dfa0d644e6 Copy to Clipboard
SSDeep 96:bfu3Ft6PVimxYjvpvHK4IwSGjwAr5KbNj4GAguce23I:S3FMPVi7vpMjGJYRj6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 8.87 KB
MD5 7d9067ca8c6412792573a97ddcd5927c Copy to Clipboard
SHA1 4a97494bb01f08172ef17bae58572d9c39fcf19b Copy to Clipboard
SHA256 fd0b4b41941ce5069de449772b885588e34f551a89200466029ff300c1aa11a4 Copy to Clipboard
SSDeep 192:3ZdP0Zce9bAVJf4QTCF4OFU1PQVxYq6IK7AmQKmGiylY+itIx6GY:3rnxW1F+stKUtIEr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 222.49 KB
MD5 7cb143a92ccb131a8fe26f7fc7468583 Copy to Clipboard
SHA1 9f15720c9b2f699d3f53320b87267838e4858760 Copy to Clipboard
SHA256 48eb6e31b252bc0e8d39c418dae60683bcf3fd6b9eaf7199671c1698a9b4fdeb Copy to Clipboard
SSDeep 6144:NVj06phpWz7AYo9rCQWT5sGtpQ0iTUTjg8+DSo/aPtP:IAYo9WQQsGzQfL84ut Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT (Modified File)
Mime Type application/octet-stream
File Size 1.13 MB
MD5 f675036731540b52fae4347d0b0f2a8b Copy to Clipboard
SHA1 326711636e9425908338822e27ee6fc0f7600666 Copy to Clipboard
SHA256 68b955f7601c0dc232ef491a5473e33ee845e76bd7b057198363ed7a8fcc3bcd Copy to Clipboard
SSDeep 24576:J79IFD0YaonhVmsCYTIYhw4vul8GlO5Qul3aSC1v:0FD0zKAYhwMfmcDvC1v Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB (Modified File)
Mime Type application/octet-stream
File Size 13.87 KB
MD5 a9bacb6e738f902738a05440ce38643b Copy to Clipboard
SHA1 0c11c73be65861d57ede00971ca342f37d95a924 Copy to Clipboard
SHA256 058f019d22138928313e634c5aa0fc44bb51e1605eff57b7e26d21014c2d3e9e Copy to Clipboard
SSDeep 384:W85PrnAsF8Ce/Sih7ajouTTHsFuJlcQdMzkr:z5P7bwr7ajTTTHZbdM4r Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV (Modified File)
Mime Type application/octet-stream
File Size 36.36 KB
MD5 48310b91e1caf16a986164f63d9517cf Copy to Clipboard
SHA1 c0c3ae332927dbefd3a3c692dcc12d3551459bd6 Copy to Clipboard
SHA256 c0b2fd8a17fa9cc81801eb16f1396d5726cd0606cb4bfd32ec9fa640b8c16349 Copy to Clipboard
SSDeep 768:EziBs3eD9Co/y24oChti0zVqXu/I3xODyg3Xjh0sdD7pCBgldnw0br:IL3VK4ou/w3CzXN0sdvpCqf// Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv (Modified File)
Mime Type application/octet-stream
File Size 56.42 KB
MD5 ecdd698857790253e032beb196ba0ac7 Copy to Clipboard
SHA1 7f0220bd8c101c51a546d8bf6d8d8d100a878d15 Copy to Clipboard
SHA256 90ee673abdb0eb00491ff9dbb4911e2357898cedd220355efb087caadf579e2c Copy to Clipboard
SSDeep 1536:BrQ0Ye7SERG9p69eElL5sWDbItulUBv3p6kdU:BrPYeuEK60EV5Fip62U Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 192.87 KB
MD5 b0acc7c5326dea43211b739dfb52ba86 Copy to Clipboard
SHA1 006bad6fce87999ba4d221b3ddddac2e4ecc3718 Copy to Clipboard
SHA256 7d4ddbb9dd5b94e24d5b534371c35df9fdf1e31085d07ed4016b6a2817d32300 Copy to Clipboard
SSDeep 3072:6b6ZKyVjrEp1MNYDYzvvw9zTAOD52XGzi4GPK1OSL0JRDCBDwhjyFMgZ7:6+MAG1MNSKvuPA052XB4B1OFbDCMjt+ Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM (Modified File)
Mime Type application/octet-stream
File Size 57.90 KB
MD5 9ea68de3b638d38810978a3ec3224243 Copy to Clipboard
SHA1 d88f930cfdd119771911f99e1a6740016c4be727 Copy to Clipboard
SHA256 844652f38f585f7f00b3010a531a3fdf0b617e5ada4bcc72f4802a2a116ed9f4 Copy to Clipboard
SSDeep 1536:cgWaIBzwEVqsaLWKaizAi/4Ticj9bXs81CBA2XnONr7:cxaIXNabanQ4Tn5K3Q Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 2.04 KB
MD5 4778c11c72ae4fe2c2218fb1c983f62f Copy to Clipboard
SHA1 5796b672fa1962eb6d39202380aff4d273af31a3 Copy to Clipboard
SHA256 f8d8676609daf6dd6aceeb666490b36149a6621169ecee3d20722b646b904035 Copy to Clipboard
SSDeep 48:dA27UX7DbbM4ukZQZWTvCG5kxLbuhvP3zVFx6PBOGAguLpmednYf3oaO:dTIX7DbbzukZHKiULbuhvPzs4GAguceb Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 25.15 KB
MD5 e561771eac1148f4e021a9310e3c4857 Copy to Clipboard
SHA1 0dc194808fc44afc3fbd69e7916439de92080a2f Copy to Clipboard
SHA256 0133cd441b70d3889a22bf579af7af4e9067e986ace47accd2b4ae9339e1bc2b Copy to Clipboard
SSDeep 768:eC6pFTVKUFn8sqgVnQSaR0GDllYDLCRV2ZnUr:epp9n7R5VmDrYD2RV2ZnI Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM (Modified File)
Mime Type application/octet-stream
File Size 68.45 KB
MD5 5aebdc9a20bb2dacebb3ecdc81f8e1ae Copy to Clipboard
SHA1 8a1d07b9e9b60c0ac391f9aa0e71adf02bd4bd83 Copy to Clipboard
SHA256 2694247195619012cbdb128ff1bd384df0c3ad339c7d02b85b738601b28a0539 Copy to Clipboard
SSDeep 1536:peR67A65DaVEE3jxcLFVNsggpK8Ln6PCP9UYsMgjj8HZ7a/e+zq:Ud65uVBOLPN6n6P8UzQHZ7aWH Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.INF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.INF (Modified File)
Mime Type application/octet-stream
File Size 1.01 KB
MD5 12644d18e3f0c23bb962cbb86ca5313a Copy to Clipboard
SHA1 726e076da97e6f79b0902e829c12fc477ce09b91 Copy to Clipboard
SHA256 100d427870491bcea554952a4bfaef9e47c462866fc7638297c1196a33173165 Copy to Clipboard
SSDeep 24:GRIQUBB9Eo0BF9T4D0BslGAyW+uzvpmxs4snYf3oaO:GR7/8YBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 3.42 KB
MD5 c98b360974ce479814467de2a9c049d8 Copy to Clipboard
SHA1 a6a6fd666fbcdbce3acd25da7bdd9be48bcca580 Copy to Clipboard
SHA256 dce5ec65d94eed686369844fbdd9f976e72e217e9c793ee1805a90143d08d656 Copy to Clipboard
SSDeep 96:dj4l8g4/XmDbbT0XYDZLmdgJXACYDBz6+4wtO4GAguce23I:dk+gDbbB06yDVnHk6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 19.83 KB
MD5 c93d8f41e01e60ba04c9c5a3ae4c0d82 Copy to Clipboard
SHA1 f165ec80858ede868a9a921e9bd82e068a961329 Copy to Clipboard
SHA256 4132804f8ec513272aa95352d26246be48f3606ee25aa8d319a7f09c9fdfa092 Copy to Clipboard
SSDeep 384:q7VN8zhwo+WztCH8+LZtpbMtBHs2+RjFc+twEdr2Djmj59kdr:q7KhLwt1XM0TjK+7emj59kdr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 98.94 KB
MD5 f87e1cf75f27442a18cc25be8e9b0c50 Copy to Clipboard
SHA1 850fe5d0d0534cf1cbed6425e37597c60c9d449a Copy to Clipboard
SHA256 30a6d0a075af425148a72bf7e5669b0b942ee940a62237a3956111bd9b5b0dd1 Copy to Clipboard
SSDeep 1536:hf6+At6a/aH63L9lO1QWYw4gBWv4dD2nTX5KEm+vw2ka76ElFF1tzoO/cQw:JWPaSL9lHJw4uZQlmfRY6ElFF11L/Pw Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 3.29 KB
MD5 9263faca0b6f41fefd90d5a36edfcf05 Copy to Clipboard
SHA1 d87334127ff7c3ceae89fdbd7d2c409018887ab2 Copy to Clipboard
SHA256 c478ae1825c0ac71fe2b695f09cc51830136693f08f72a54151eea0cf4ed68d1 Copy to Clipboard
SSDeep 96:d8T6BO+kV6R4KRITRXs3Sm1rVsyQ1oUKD4GAguce23I:d82BOHZKRIdCpsX1CD6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 67.94 KB
MD5 f5bc2c55fd9fc262ad691aacf0b1b327 Copy to Clipboard
SHA1 77e69f56df6ebb8fd9335d60eba7e63b24acc580 Copy to Clipboard
SHA256 163c76c3fa71f08a13d8ddae0a9d6a7ccca0036aa38f9c1464684a9137ba949b Copy to Clipboard
SSDeep 1536:xWUmNmrOHC/7ihGDqbdl9d6zmvlfui5XJ+0A/cCHZ+pS:xWKiHCzDDqbZdtuW7A3HZx Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.64 KB
MD5 d72d4fc6b3ba3947939ee6de26da17c3 Copy to Clipboard
SHA1 da4cfd96e5103f13697b64416f5ab4e23a1895da Copy to Clipboard
SHA256 59cd0ca9ab08a65bfc75ec424e65e031a17f0b4b71543e02be383d5433390042 Copy to Clipboard
SSDeep 48:d8gaHHsZckSFAD1w+k7Vys6HLS6rENUOCc8ogjycrExKDBOGAguLpmednYf3oaO:d8T6BO+kV6rD2UOWj9eKD4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 20.65 KB
MD5 cb47320d8b9f09741846bba804f63c30 Copy to Clipboard
SHA1 0d2e762da2ccf235e81fa74ecfb8c28c087bcd0e Copy to Clipboard
SHA256 54e8596bf84686aa28565e510bd3c5ab7779900c23c0af06cb7c9581cf7ac182 Copy to Clipboard
SSDeep 384:e0awFaQtiXRbAeDqxc3EZxwAer8z3XcGv13VZIhAvr1Tydm+xG8DwodGKr:DLFaZRbhhUZxwAe03Pv1l6AZeXDwo3r Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.INF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.INF (Modified File)
Mime Type application/octet-stream
File Size 1.05 KB
MD5 5bbbcfec7003deebb9ad0dd8485c8bfd Copy to Clipboard
SHA1 530443b6c924b4a554703ad6bed1df7707e1b908 Copy to Clipboard
SHA256 fd61dfa36eb9fae893dd9861b82a87c44d267810cee26537d7bbe7c9fd5c7afd Copy to Clipboard
SSDeep 24:G2BWUdWAKhZfXoc3OuR2oWTXhpq0BslGAyW+uzvpmxs4snYf3oaO:G2Bbd2XsocX1BOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 2.03 KB
MD5 a7b02018a1f763ef958f09b26464b84e Copy to Clipboard
SHA1 5785b7c04b1c387a2782a9150d1c7d74d11d0081 Copy to Clipboard
SHA256 6d5d281290377770a42b0ae4347735193166195f76fb4f7ac81d5b3c86b69a90 Copy to Clipboard
SSDeep 48:dkKHS4dApYLvKtIPBF+t6Y9hHp1oux2te5UKDsmBOGAguLpmednYf3oaO:dkKHSjuLQUBF+tZd2tbKom4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 32.74 KB
MD5 429ddea741a5348953f835889f409c7c Copy to Clipboard
SHA1 ff548319c614f26a1d838a059964d161fa9a5701 Copy to Clipboard
SHA256 b73050dc0671ccc12884546ea27cf5027f85c5cbee465f8cd797ebe99581a8e8 Copy to Clipboard
SSDeep 768:0wQpmovtxBOdos7Ryh+KCCF8R6Zr8UbQzUxHjeJ0r:ZtoPIdDsBFSUkANT Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM (Modified File)
Mime Type application/octet-stream
File Size 55.14 KB
MD5 555fd10b5e25583765235cabafec656d Copy to Clipboard
SHA1 652fd000be42d81a095441412ef5782ad745e63d Copy to Clipboard
SHA256 49f809904f419033b21f53e0b0776b2b652c5e8b5bfefd91873a5fcdcd5e3175 Copy to Clipboard
SSDeep 768:lif258dGUlP3MZZjSZTCldNrKVcVUo809w5eL7PSuTdW71u/hq8IdWIZMJWS+iXP:ldrYZTCBmVgPBJLJpyuZ6RIrz Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.INF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.INF (Modified File)
Mime Type application/octet-stream
File Size 1.04 KB
MD5 e75fa8b3e9ebc790d7187db26e5379c4 Copy to Clipboard
SHA1 309ddd3572ab5c48c512e53e1ba44b721ef8f39a Copy to Clipboard
SHA256 237ce12004a4f5cd73959efec6838c094d612a34e94b6f8c3e8e3f86b9c43733 Copy to Clipboard
SSDeep 24:GvuBWfz6G7Rl10MjFzOVfV1n0BslGAyW+uzvpmxs4snYf3oaO:GvOazV1vByV9GBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 2.39 KB
MD5 a7b72b98fa525e96fd11480ee1d774bf Copy to Clipboard
SHA1 1fb839b5ff358b3952be62bca4a4a3a380564977 Copy to Clipboard
SHA256 d37334ba3bb0fe25067c5ebe2a0ad8f9fe99fc27462b811ad42c0a2e57911645 Copy to Clipboard
SSDeep 48:d8gaHHsZckSFAD1w+k7Vys6Psl8h1pnAIQn2ktANBOGAguLpmednYf3oaO:d8T6BO+kV6Elk1ynXt04GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 27.27 KB
MD5 9e983f238907642ba8cfdb848f00be30 Copy to Clipboard
SHA1 b3694eb810529755d852e98898525b6d9752d91b Copy to Clipboard
SHA256 172b5d974f0dae293c8912d8f349e063046a3bf644c30f1004a325240159fead Copy to Clipboard
SSDeep 768:lPIvrySMiCkqDJgU6d+egEHHMtbwtRf10EyGmVT8DMIUVvr:lAvryPtk2dm7HHZtpm8Y3Vz Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.INF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.09 KB
MD5 8a3076f6fefb8a441e99ca2117e393e1 Copy to Clipboard
SHA1 3b2cbd31f3421312246f12bef21ef7ef0485eeb0 Copy to Clipboard
SHA256 c9720123c79696bb5a885e7bd2a04f1a0ccab505046ece9c1306979448ec5292 Copy to Clipboard
SSDeep 24:GT7sXR4dhI9IfYBCdNoyVs/0BslGAyW+uzvpmxs4snYf3oaO:GT7Oad6mfwIBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 3.91 KB
MD5 21b9b4c9633f73f8d7b3f7cb664b7e3c Copy to Clipboard
SHA1 6e8db7b58de69648c1493e7cdc1b4b6514fb6337 Copy to Clipboard
SHA256 b75e398f22f923d82d611ccd7dec00134260d9052155267a2ed272688e0529f1 Copy to Clipboard
SSDeep 96:d8T6BO+kV6STdslzlfJ5TEoQYD1y4EZkJr4GAguce23I:d82BOH1GlfbEYDQ4Ewr6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.INF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.INF (Modified File)
Mime Type application/octet-stream
File Size 971 Bytes
MD5 5a1fb5b57932de2579c85401e3322ad0 Copy to Clipboard
SHA1 2ed73fd08bf6fa87a8110b8871fa1376769ffb60 Copy to Clipboard
SHA256 4a8694ea05997daec732df745759be54d5614caa989ff5341c5840a1dd5778c9 Copy to Clipboard
SSDeep 24:Gnuk2trpPAN32jaUvPS9lE0BslGAyW+uzvpmxs4snYf3oaO:G+DPDv4BOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 3.17 KB
MD5 838580a15059bbd72ea4db09ad4edcac Copy to Clipboard
SHA1 c0e6fc8dc0089fb56902a3ab5d74d567fe29059d Copy to Clipboard
SHA256 b4b877d53db0d6bb2cee8841cb13b370e1912da60e2d6d3c373cb329b0e1642a Copy to Clipboard
SSDeep 96:dvgNgFgCrgsglFyIPSGtcW8imSk3L+4GAguce23I:dOvQgsglDn0ii3L+6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 42.77 KB
MD5 af6313b26049a363e75133aa5c1c80eb Copy to Clipboard
SHA1 ea2a3b3a98f7e5d08682059c5b6489ae165c2f79 Copy to Clipboard
SHA256 b1a814e85e301a1b6e4ccdeac6a0810608bce64fab230c8ffbbf6e209f597e03 Copy to Clipboard
SSDeep 768:lbHeWoZuq7qR9xHBGYsDetxvoswU+7NDbO4A7gBxMF3AAfVEzK+ERrr:loGRboYsKoPU2NDbRA7gBxK3HmKbRv Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 44.21 KB
MD5 cae12417c809fabb3bfcbe857b36d8d4 Copy to Clipboard
SHA1 9f1a2199065faebaf463ecc51e4807a5480946cf Copy to Clipboard
SHA256 4343790c057e65faebc328c1a88c50dd11202df3e55239dfd25e5231474ff6ea Copy to Clipboard
SSDeep 768:CnDzjNMs0zRhxTiO5G++5DbkOBMBU/HXvDUkyJiZwWHHeMU4tHmlVEdBoZ8gar:CnjkrxTvYz5vksMe//DUkgiCoeMnmluj Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.INF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 986 Bytes
MD5 2572afa50bd132e8fee80f90f8820f08 Copy to Clipboard
SHA1 ff2b524357f4d6d5057e11b20596c1d16c59bd81 Copy to Clipboard
SHA256 8122bd55f58ad59f98a53a0856ad73d677554a1f210b24c36f5da5b70121883c Copy to Clipboard
SSDeep 24:G+sQehWTO3GBpWo0BslGAyW+uzvpmxs4snYf3oaO:G+9TOUpW/BOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 1.43 KB
MD5 13725b9e0b23af4729590aaf686a7ea1 Copy to Clipboard
SHA1 672dfd31fca7081882cafe7b8e94d90c8476ccdd Copy to Clipboard
SHA256 f9eeb881e93b81bc5f829df2e42a07d7b01ea688a69b211932824edb5dadad92 Copy to Clipboard
SSDeep 24:ZHb/DIWWdUP2ShMA6QGD0swd/QUogAGuJbRst9aw/XPN0BslGAyW+uzvpmxs4snb:dbkWtNaA678Tpu8oa2BOGAguLpmednYA Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 32.35 KB
MD5 f346eb5af974a5ae410da85827f8a0c0 Copy to Clipboard
SHA1 c1a30c0f483efa812a62ac120c01c7d0156ec219 Copy to Clipboard
SHA256 b42504e3d79c00877d6ec60d18e0ff84c8d71f1c6e9920d1662cb25115477758 Copy to Clipboard
SSDeep 768:vRKCuGPgWtVQmtC8aX7MnynBRxOWadNcP689uznVp7r:yGoWtK8C/IKYWadNQFurV9 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.INF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1022 Bytes
MD5 18076ff30a4591ba8b8bd61ca689984e Copy to Clipboard
SHA1 42a071525d6a52270796244ff9eeaf9c9c36429e Copy to Clipboard
SHA256 9d78bc977a116a1849faf0b94d187b7d52b43749a605fc286ad32be40060387c Copy to Clipboard
SSDeep 24:G46m/Udl1oyQQJi0JN+DmxCh90BslGAyW+uzvpmxs4snYf3oaO:GTxT+yQzta0heBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 2.50 KB
MD5 ef0ceb8b5a7566725948877b2dd11fbc Copy to Clipboard
SHA1 a544097284c2d55b1dd41ccabf7d215d73f141f7 Copy to Clipboard
SHA256 38ffb5b8e554f6eebc213deffba77672b51573761ee20f10081ec91b0c690d8d Copy to Clipboard
SSDeep 48:d8gaHHsZckSFAD1w+k7Vys6v9vRoph8iofM4RHxsniVSqyb/6uGotEuBOGAguLpz:d8T6BO+kV6VvR8IMFn0Sqyb/FBqu4GAr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 29.73 KB
MD5 328744236896d2a6cdfd4d91520aafc2 Copy to Clipboard
SHA1 daa3003a6ffce6d3d8575b3641a799572c6e04ca Copy to Clipboard
SHA256 c4db3317dc6161b787a3d76025c2e512ba2afeabc45952423067f5e3bcc059ee Copy to Clipboard
SSDeep 768:EWf96jlICRxkoCj6Z1U00VVho/s6oKQG5ZwP4W0OtNr:EK2ICNCj6YpVh5rPdz Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM (Modified File)
Mime Type application/octet-stream
File Size 47.08 KB
MD5 3445765d40f3c40346974eae61537247 Copy to Clipboard
SHA1 5bfbab20b44a481adf855967527be43a67a61755 Copy to Clipboard
SHA256 960e509fa679cccc14a89af8175da4389ef70345622021818f85b24179f7d954 Copy to Clipboard
SSDeep 768:uILWVEd0LcGxPe3otB6bDZT6GLjvYUZxcZgrSGpr3yJzr:uWWueaotBmDZm8gSSq2B Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.INF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.INF (Modified File)
Mime Type application/octet-stream
File Size 1.10 KB
MD5 4dba0223dd3b7086966a520fb5ca764a Copy to Clipboard
SHA1 71af03527306957f624fa43badabbd3247c1e3b9 Copy to Clipboard
SHA256 22bcfcbb07a3f2fb85176d6697d1a8f61db583c4f461e3e33e71099ceab5d8fa Copy to Clipboard
SSDeep 24:9KzX0G6SkoVB/aGhYfkkjADZzY1RKE0BslGAyW+uzvpmxs4snYf3oaO:2X0Yzi2pkY1YuTBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 1.84 KB
MD5 b963e81313e8662424c7a8472b2181d8 Copy to Clipboard
SHA1 2012f92ea073d3fee680c7fb5f1f128b2493c4ff Copy to Clipboard
SHA256 dbddd395e4d1632954c0a80d8fbaced32b9ce1d00bca13de7540076d36a81e46 Copy to Clipboard
SSDeep 48:d8gaHHsZckSFAD1w+k7V986RFFY3GgwJXpBOGAguLpmednYf3oaO:d8T6BO+kj86R3Y3Sp4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 20.40 KB
MD5 3c37f4056948c640d43fae450fa8db48 Copy to Clipboard
SHA1 e0287cabec8ffdd45fce3d42fa25e5817e681a78 Copy to Clipboard
SHA256 2c6c88776eba439ef4228fc229d5bcf80f682991a610b40dc5ab955058068ed5 Copy to Clipboard
SSDeep 384:twST9IYj2D5w5GgP+4mFDobHq5QCuBuNukLEadBeNr:7T9N4YNP+4mJobKQCuB2BtDeNr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1007 Bytes
MD5 0a1730821d01c1239d0cb4d28dd935f2 Copy to Clipboard
SHA1 7ab754de4d33e5f42c661664acf7f2c2e7d52aeb Copy to Clipboard
SHA256 74d848e3c72a767a192cca709b89169d69f36d5bd49bb4496e759bbbfba1cf93 Copy to Clipboard
SSDeep 24:GfF08yaTSiGpDZFoC7SbZZC9k0BslGAyW+uzvpmxs4snYf3oaO:GfF07aGJDoa+ZazBOGAguLpmednYf3ob Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 1.77 KB
MD5 88b873409f7934f337d327ee47f5eba8 Copy to Clipboard
SHA1 871dd3962504c10df88353e099a370a2a8b525c5 Copy to Clipboard
SHA256 7b5ffdd59158454170f9b73af59511e8257d53b86cef7928da801659592e58e0 Copy to Clipboard
SSDeep 48:d54vZn8bu8msois3bHSXRh64BOGAguLpmednYf3oaO:d54Bncu8mliobH0RM44GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 44.97 KB
MD5 409772aa5527b6ed09ee98e1696d5c1b Copy to Clipboard
SHA1 2f7cb51076d03a3f5b07a2adbedac4b69c5a09aa Copy to Clipboard
SHA256 a268fea195689bcb3860cf3b27e5c5613a2423cd70f8015c8aed4043d3399d78 Copy to Clipboard
SSDeep 768:OavwDz6Mrmn93w/ix9luLKRLh18EnUUXvyiEIedvdAGxbr:OxHOuC9luuVvtXvMnmGx/ Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.INF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1001 Bytes
MD5 6214272e9f7194f5824ea4df4b2d210d Copy to Clipboard
SHA1 e61eb0cef4b9ddbb19346192e610c30efb06ad21 Copy to Clipboard
SHA256 a9b2c1aae983a519f57965db9cbadb875e6e8cf4d44f0f7d5f43831f0e64ab8a Copy to Clipboard
SSDeep 24:Gj360sIzRxa79WHgF16m0BslGAyW+uzvpmxs4snYf3oaO:G+319WEMxBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.77 KB
MD5 f51911f634c83906612f8c5408ec4568 Copy to Clipboard
SHA1 f31cd48f12715f639074eb7d60ddd4fb6a98b30b Copy to Clipboard
SHA256 976245eb51e411fe13b1df93f6f442ab8dd008c0c325fc8f254d899cb9cc2afb Copy to Clipboard
SSDeep 48:dkSaZJB+lz9xVuehmb6jCi7QRuktSRQD32BOGAguLpmednYf3oaO:dkFLs/weaA7QRXr324GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 28.43 KB
MD5 6b30f7628c9eb8b76ebe2fdc9cd88c8a Copy to Clipboard
SHA1 45a7895e1ca8ab9969e26d33b36926d2a7e878bd Copy to Clipboard
SHA256 b5e00f4466661dd0567108c2aaec4d5ec6e53cf47782b83b7b12bed40519de7b Copy to Clipboard
SSDeep 768:CeOMjv99VQgAVj+gCJ+FJWCJLy0M0CJF25w/PFMWr:fOMjlX4FNCJAJLJLpMPko Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 70.22 KB
MD5 da80b295f5fe4e89e10742369062e06c Copy to Clipboard
SHA1 14db1ad85e6b034be615b2b2d30d58faac87925f Copy to Clipboard
SHA256 a6b05d79750f30916e8789bfece0d1281f44cfc4eac36102c595e020aa1e755e Copy to Clipboard
SSDeep 1536:fDUSitbDSpOMBsdEDPx0za/xwNJy+NmTWlxP/pRnHGkXEJtm:fD29UOMBdDezWwNJy+CWZRnL0J8 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.06 KB
MD5 0fe324f2ccd6f4e197ddf6ea6311a1b3 Copy to Clipboard
SHA1 4d32726cd86b1b3d8dc5ec64201eb81596d1a880 Copy to Clipboard
SHA256 b74a35a3773c6028a6cd0b898aadcd5d3a46cd6d6b710d10c5959f6ff406bac1 Copy to Clipboard
SSDeep 24:GzWSifPzZn5DkKIMca1W+0BslGAyW+uzvpmxs4snYf3oaO:Gz7il5nI/2W5BOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 4.37 KB
MD5 2ad140cffd1b54e5568a073114e56ac8 Copy to Clipboard
SHA1 a0e81ce2e131fedab2c8376052d1e0eda1d70b53 Copy to Clipboard
SHA256 ff136e81303e506782c1ea8a65c5d2fb6d3e3e39a0364373d9cc0407a15e09cc Copy to Clipboard
SSDeep 96:dw0ERDbbu78PZqEVi99QvZ03mX/BpABMo8tLlvC4GAguce23I:dzCbbuYBqQi9ivwmXfABMftLlvC6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 33.01 KB
MD5 4bfe50c39bb6eabc1b9ccc81e486e51c Copy to Clipboard
SHA1 dab74863349217bdc85b37664188a1b8da9d6eff Copy to Clipboard
SHA256 d1642b2f20602770742ba301a3298d0cdbba3861828843a96d107770a6b954a9 Copy to Clipboard
SSDeep 768:X5UFKZATzy1GH2PPlF0mWqylpbLesUwhUx4u8Xp7IYvQsr:pUFKZ6/25JCpbysUF/O1IYvQg Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 44.71 KB
MD5 b972a51d9316a3be88f9a8ab3e22766e Copy to Clipboard
SHA1 99d2fa2a1ec95f967391feccb31a35fea66d3ca4 Copy to Clipboard
SHA256 710c6c182893ea805ce8ccba46c9a0ecfa6ab1c159744c852e4ecda9df17f877 Copy to Clipboard
SSDeep 768:0znKH4lLb7EQDWyFwHmWQC9Va4ghPCQagV5ynX/HQ8D6g1xNA4fnorov+VXgfqbJ:0DbVb73DzFKmTC9kKvgV5G4b0NAKb+VP Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.93 KB
MD5 4379230fc586a1da2b763ef0c985af22 Copy to Clipboard
SHA1 02d768c9b5887ad43ef1651f7b10862dac984d87 Copy to Clipboard
SHA256 81f2a9b96e529b2ffd4c553a383c47b7d0459b1439f9c66485fc8bac929351f7 Copy to Clipboard
SSDeep 48:d8gaHHsZckSFAD1w+k7Vys6DThWbY3gkjTk/eVmsBOGAguLpmednYf3oaO:d8T6BO+kV6DTobPkjGQ4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 25.03 KB
MD5 d3bbd195e758a2130801f8804763b138 Copy to Clipboard
SHA1 02ddd25d68f664f565b079cbcabf49cacd6b50b1 Copy to Clipboard
SHA256 eab06358fdac047706f057f358533702b26effe24a839d4a9a7ae0aa71efd338 Copy to Clipboard
SSDeep 768:YnQN7TZyBJHMUMxThCyMKcpht4UAtP8cG4ZmHlbr:YQ/yJspXItbAyN4S5 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 1.82 KB
MD5 5f67de5d7dfec5cefe58fad5d3e83102 Copy to Clipboard
SHA1 718b73d98186cf02838078458366a5dce8b25890 Copy to Clipboard
SHA256 0900f89ed684c119d2ff82c3b2110359c18368d5057b1b3667f3fbd26961aafa Copy to Clipboard
SSDeep 48:d8gaHHsZckSFAD1w+k7Vys6R1Ylsi1nxFjIBBOGAguLpmednYf3oaO:d8T6BO+kV6R1YbnHjIB4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 32.15 KB
MD5 be1bb64037baa9486c4ef56d7968ec2a Copy to Clipboard
SHA1 7d92f7c2d03b836e39afbefdbb74540b29aa642b Copy to Clipboard
SHA256 8a1ce838cef1a8112503bae490b508e8583b32d3a65e00c0e1680e49460df6bc Copy to Clipboard
SSDeep 768:2QQdxgTQAKCbVSp8mfKjlwp75HRbT2T+P9IqOOKS7WANOtr6r:+zGRBZcXfQlcjbg+luOKKW2 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 46.75 KB
MD5 3a1c150f6f1da510bb36ddcc6148157b Copy to Clipboard
SHA1 6feb3a5fcd7f442e1077cfd5a3127b9f0cfdae36 Copy to Clipboard
SHA256 c33250e57c9a750e4f9557a3a021a47debd21553ac250c400497568632018da7 Copy to Clipboard
SSDeep 768:KXdA+5VXlOCfq3BFs3X6+WPaH7x5QdV6uiL3GcoOwFIUYNrKrM75vKjv/r:cdfqRm3K+Y27xKf6uiL3F3w9rM78jr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.INF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.INF (Modified File)
Mime Type application/octet-stream
File Size 1.03 KB
MD5 c329b0b8e823d65bda42a6c0806ea753 Copy to Clipboard
SHA1 595ae3741f8e599f839e7f77e084dd2262f73e57 Copy to Clipboard
SHA256 5f52987f5b88873818eb6fce3152a12e57abf7e3dadd7e017b41f439390b45d2 Copy to Clipboard
SSDeep 24:9KziBswfbLRiNEZm/Rh3odJFD0BslGAyW+uzvpmxs4snYf3oaO:2iBLcNEZy5odJaBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.82 KB
MD5 67c74e3ef6d0f8ee545425050153b8de Copy to Clipboard
SHA1 b58a033d09485a9f522c7a6f9f71fce6f5739b02 Copy to Clipboard
SHA256 6cdae83f908e715de62971f68e529af0f397bdd043078093486e152f712750a4 Copy to Clipboard
SSDeep 48:d8gaHHsZckSFAD1w+k7Vys6R9G5b+R8zhTUHBOGAguLpmednYf3oaO:d8T6BO+kV6R9r0hoH4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 26.29 KB
MD5 fad45298798a3de38682f19d58c0f680 Copy to Clipboard
SHA1 5a64eaaafe0d0327c7a40984b8a67efc6a2a8a36 Copy to Clipboard
SHA256 02a6ea14e81655188673182ed5e67fb1f42d1b4e7e473a693e55d18361499249 Copy to Clipboard
SSDeep 768:oKQ8mBfzhITpCUQRH+EonwZ5NtcW3rbcJLON3r:qeTpCLReEo+54oEZON Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 75.99 KB
MD5 78c58e8009505519c0bb1662cb7e2fdb Copy to Clipboard
SHA1 ba1a8fa6fb7147e624eb40befdb086c81fa71ff8 Copy to Clipboard
SHA256 6398fd85d5ad7bffcbf6774437e03eba6962315c2dc93fa256a86b12d2475bf5 Copy to Clipboard
SSDeep 1536:jNA7WWFJXofPJC5cP3ABoitz2eZxAhBBnc5iBQm6NLfLRWdJr:jeWgJXofPwCIB5lxoBuAivLw3 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.INF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.04 KB
MD5 d1ffec850950ff5404db820db3eb6e5d Copy to Clipboard
SHA1 a9236379c79f28ab420da5adab21fb7fc7843a2d Copy to Clipboard
SHA256 e87148186d82b13cf90036b3ec47b88511a3d437660d6dd22fb00036834d1c3c Copy to Clipboard
SSDeep 24:G50W2OSZn9Vd003StGABAgsZ0BslGAyW+uzvpmxs4snYf3oaO:G503JB9V9S4ABAbSBOGAguLpmednYf3I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 1.83 KB
MD5 fc7bb5c80960259685021cc48d180cf8 Copy to Clipboard
SHA1 130c2e9c8536db1aa5c02a20ea44babb7e92c7b6 Copy to Clipboard
SHA256 0ad380dea8422409dba95d8ebc0349b0957d336cd08d3d11596b5db8536e00e0 Copy to Clipboard
SSDeep 48:d1IUpqTxZfAANKKRnipwLT+8UTQgomusBOGAguLpmednYf3oaO:dCr4At7LT+8WQgomus4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 32.18 KB
MD5 6818273c961f577fa9a0fac876066c26 Copy to Clipboard
SHA1 3020f67bdf55c16d9a11b2256c0c42cd41a9a1a8 Copy to Clipboard
SHA256 f806179c95a111b783bb1d8bb438e6dca75f2847d83300d22333d6a3b9bfc75a Copy to Clipboard
SSDeep 768:QnWg4O9T1Wt6MT5KXVK+ULYWIJJJ1JxFLu0mR4LLr:Pp2Z0gXU5LYWIlxxBm2LP Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 101.81 KB
MD5 a151ce0dc8754b4ab8b2edbe60f7585d Copy to Clipboard
SHA1 ee655ae76f301c3c04cd9f0162daaca596f90690 Copy to Clipboard
SHA256 8ed9f74b9f2fd2f99a6525c21c5634a92d2754db623efe9e144886fc97c3ec72 Copy to Clipboard
SSDeep 3072:/wJUuLWBtjOqETl234NuIDrWwqBHzy3oST/3x:/UXS/OXAIDrWX+4G Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.INF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.INF (Modified File)
Mime Type application/octet-stream
File Size 1.09 KB
MD5 c5419421aa74eef6683d2ec79cbd1a1c Copy to Clipboard
SHA1 2d1bd90a83b286302a3c45e248ff1367ec48700b Copy to Clipboard
SHA256 050dcaa3f9154dae73c7a658677c6dc1b4517965173c4fd8b24b205a39126f11 Copy to Clipboard
SSDeep 24:GHTYiZUagg9mCVtw5ROrxG50BslGAyW+uzvpmxs4snYf3oaO:G0iCaggw/OVpBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 5.51 KB
MD5 52a2e3567c760ffd9ffd3c8512e05583 Copy to Clipboard
SHA1 f8528c4770d839c6a5b1d62778a426683ca5c9b6 Copy to Clipboard
SHA256 f5ce9a1869ffb4666d05777fb58af14507fc1e07212fff0d759a420bbf294e08 Copy to Clipboard
SSDeep 96:d8T6BO+kj6tispNGXs285UaFXV0nu/ULtLyXpZ7G7z0ekmRPncdBOz4GAguce23I:d82BOHIpNdndV0nu4UphGfDPncdoz6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 59.81 KB
MD5 9464c3f40359790ba33809a2a44f5fbd Copy to Clipboard
SHA1 55a1e02649ccad50ba1a17e144dc649a37afa230 Copy to Clipboard
SHA256 1e097035e392ad582370045c34a20857551ea50d4515fc228cafa484ba1b12ab Copy to Clipboard
SSDeep 1536:oaK+yRzsxKVqoVdHaEirPaZbs0rHYeOIHB1ELd/:oFNVqoVDc10jYeOIHBmL1 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 66.96 KB
MD5 56139920c207871837a8dbc660aba90f Copy to Clipboard
SHA1 15c86375a29c9eb987637d01607c760e862af3bc Copy to Clipboard
SHA256 87f1dce7fa8d2dbec4d76532106d38c5eef51fb171787c0b196664e45d5e81ea Copy to Clipboard
SSDeep 1536:oZzHtvHzB5Qa12J7NMapulxyMaGMnIBkkhPdn8LUt2Y/e:oVHtfzB591y7N4lxonIzVD2Y/e Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 950 Bytes
MD5 5b446b83dc3eac00a7e80ef4efc11b6d Copy to Clipboard
SHA1 65c082f3ae6ed7ff914dc1d7c397ab7544d684a2 Copy to Clipboard
SHA256 0bd2ddac9ea4bd2f833ef1bcc53e504caaba02cca6c88b45cbf206f0ace8ba15 Copy to Clipboard
SSDeep 24:GZvGgP4DM30BslGAyW+uzvpmxs4snYf3oaO:GZegwDMkBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 3.00 KB
MD5 44026538b24ac309c3f3393f52dc5ae2 Copy to Clipboard
SHA1 e34cc6da71dc15858342709046b1d102315439bb Copy to Clipboard
SHA256 588d046fbd7aabfabb5e4f3bc8f031420a381b52a29bc09eca7838e2a292d317 Copy to Clipboard
SSDeep 96:d9h5W3OvPifhGboSiiMhfNBuAjD+IOaQ4GAguce23I:d9LW3OvWGboSnG1BugQ6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 18.88 KB
MD5 c474a58c44fecd48160cfa04f7346b4d Copy to Clipboard
SHA1 e8d1e4df1a9d6d54e1e4493c1229915b5431de58 Copy to Clipboard
SHA256 3e8369d4d4f04ddc16255be164d2501d9ef2174762171afb005c37ec111b4fb7 Copy to Clipboard
SSDeep 384:5sTEyFuvbEYw/Whzb1F5bYwrFH6E9aISx5r:abFSEYFzBPYWl5Ox5r Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 97.74 KB
MD5 675bc04fe20c86cc31ad7ee4ec8639ec Copy to Clipboard
SHA1 b542ce3f87fc5fbaf62affbc95dec92fdb730d95 Copy to Clipboard
SHA256 205b0cb9157bb7bfa9359765b883ef4a72ae3584ca270b6ef5b4c0d8b3f50114 Copy to Clipboard
SSDeep 1536:eFCy5dh4EQk4tgjrEAM5VP3Rkm9MuvyMIInNmcqKxRIautz98M:eFC4QkPYFzpXFLIyPxfBM Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 5.57 KB
MD5 9d70f0dc6c8cb6f1789d661d243abd6e Copy to Clipboard
SHA1 0247ccd10871c8b6858f8e3ed8fce0efbb347f16 Copy to Clipboard
SHA256 6309bc8eb1ab36e719c78e659f8d1868dd3c6826bdb106a93aedcfd14c22aa73 Copy to Clipboard
SSDeep 96:d8T6BO+kV6lp6JNbarZX0gva4WzUP5CCG1kNZ7sEvP9eiHnkODyEXkMHR0xExc9d:d82BOH2INbar+gk53kNRhXsiHVj3HR0r Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM (Modified File)
Mime Type application/octet-stream
File Size 64.85 KB
MD5 f75462c9a5c358fd8f37b280fb1fdc39 Copy to Clipboard
SHA1 62aa995a890d2a1b8c5e38e7ba4bc4da95a6249a Copy to Clipboard
SHA256 9969c25cb3399e179300b2f373db6764a0a7f5268f726be6aadf373e8c63fb34 Copy to Clipboard
SSDeep 1536:nc20AIiKTmuq777T24Bjt+fAoKRES6WC1w1p46zSBKb:c2YTmuq777DtdfiW91G9kb Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.INF Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 983 Bytes
MD5 4b12eefa65c5d903281a64adaa4cafa8 Copy to Clipboard
SHA1 a6687ed2817fe6ac82c8f96208c25e96b3827059 Copy to Clipboard
SHA256 f00882f729e00b2174f6f4613e6afe58602ec75e3fb2d42b14e22cb5b6d03bdd Copy to Clipboard
SSDeep 24:GZ/2ujig/BOyD8g0BslGAyW+uzvpmxs4snYf3oaO:GZFjig/BOyD8nBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF (Modified File)
Mime Type application/octet-stream
File Size 2.93 KB
MD5 8f6a717f01fb6ce5899e861358e44ede Copy to Clipboard
SHA1 bf0cff1db6ec290a4023514ac7f5232b2112c59c Copy to Clipboard
SHA256 9cffc78e93a2ebf8d1f8a5e660c479292745386a44184f35aa494bca8f69be31 Copy to Clipboard
SSDeep 48:dGYCw7DbbyGu7B6GepT7x0g96kVSujMHXX9yaoQxxjHkV7VvP1L2PFS+ee+ABRsC:dV7DbbyGQZelXFVS/HXX9bjb7oL9weFW Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG Modified File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 19.54 KB
MD5 3f4b8c63d2538c6e12c79065dc9c7fa1 Copy to Clipboard
SHA1 743c22834c3bf4d2adccd53476e93e5bf00d8257 Copy to Clipboard
SHA256 d3511250186a2fb639b6c4477005e9e92be015928c03ee972bfeec7888f112de Copy to Clipboard
SSDeep 384:i2LaX3Frf2Bm+nAhuR+MEeRnSSaOdg2fSnw/aLFrsJtozilaYQ/dk3EiHr:i2L+3Frf2sAAhO+SnSSaOdLl/ahrstoi Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM.ragnar_FD7BD9FC Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM (Modified File)
Mime Type application/octet-stream
File Size 47.06 KB
MD5 df90430963dfcdb5c7761241f17389fc Copy to Clipboard
SHA1 7a0457d82e70ef12df126ed14492cb197d0f0d99 Copy to Clipboard
SHA256 bcb0f901411bfa674c7bcec91013497b73ae2307553a6651fe9d744e90789570 Copy to Clipboard
SSDeep 768:yppbQlzVQTlw0ObCTXovwpwuknEjXHTUnfN0mHDo9CaoeWroLDSklivhN553r:+QqVObCbUvnEj2CoU9CQvSKgJ Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\RGNR_FD7BD9FC.txt Dropped File Text
Unknown
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\de-DE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\ru-RU\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\ko-KR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\sv-SE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\ja-JP\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\el-GR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\DW\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\en-US\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\EURO\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\it-IT\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\hu-HU\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\zh-CN\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\zh-TW\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\pt-BR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\DESIGNER\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\fr-FR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\zh-HK\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\es-ES\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\pt-PT\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\nb-NO\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\nl-NL\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\Help\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\Fonts\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\MSOCache\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\tr-TR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\RGNR_FD7BD9FC.txt (Dropped File)
c:\users\rgnr_fd7bd9fc.txt (Dropped File)
\\?\C:\Program Files\Common Files\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\PerfLogs\Admin\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Config.Msi\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\RGNR_FD7BD9FC.txt (Dropped File)
C:\Users\Public\Documents\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\Filters\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\da-DK\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\fi-FI\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\cs-CZ\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Boot\pl-PL\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\PerfLogs\RGNR_FD7BD9FC.txt (Dropped File)
\\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\RGNR_FD7BD9FC.txt (Dropped File)
Mime Type text/plain
File Size 3.84 KB
MD5 0880547340d1b849a7d4faaf04b6f905 Copy to Clipboard
SHA1 37fa5848977fd39df901be01c75b8f8320b46322 Copy to Clipboard
SHA256 84449f1e874b763619271a57bfb43bd06e9c728c6c6f51317c56e9e94e619b25 Copy to Clipboard
SSDeep 96:/PuX8uq7ZuSC3liYQaq0NpggCXKMNWZk/feGjWiRqJ:/P0jE0L0YGgyoZye6rYJ Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 3.01 KB
MD5 01a39a02073fb03abbc1f9ca7d34abac Copy to Clipboard
SHA1 1cf7e916c415bf8e85a835f44a6cd2bbf4e7e057 Copy to Clipboard
SHA256 ee61dce0b54e75b520ee3ce692d9b46ef8a47f4407ac98a9bb44ac5512b55580 Copy to Clipboard
SSDeep 96:aGI9aTcqrn5h8ZiHzG4pLowvNlXnXp/4GAguce23I:aAr/8Ziq4ZLv/R6GY Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.06 KB
MD5 56e38669b61863194faec7534c536e79 Copy to Clipboard
SHA1 f438b292cc7c00b4ea983dab9c6d7b03b6c4d604 Copy to Clipboard
SHA256 dc6a3ffd8859f5f093da17779f4dfd629af2e7998d5bec30ff8beeadbe99b3ec Copy to Clipboard
SSDeep 24:+1jh3LlYo7r3nc9q2x2XALO0BslGAyW+uzvpmxs4snYf3oaO:od3Go7bnc9qTA1BOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP (Modified File)
Mime Type application/octet-stream
File Size 172.69 KB
MD5 d16db86b47d39bb03ee4f9f891cb0025 Copy to Clipboard
SHA1 09f887cd91d1c37055df1ef9a0c32d386e0dd22b Copy to Clipboard
SHA256 0b7bf37102c30544383c339624f7b08de66cbadd646ecfb419d346ed906367bd Copy to Clipboard
SSDeep 3072:k79gQ+BXQo53YU2VQwAp5IhIzEYvC/zCRTaDlLpR3Z9Y0g+ogxvT1EW:AiKVQw5iEWC/zwaxL7p9YXrgxvTL Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF (Modified File)
Mime Type application/octet-stream
File Size 7.99 KB
MD5 d98b75fcfb798189f0056fc6e7070aef Copy to Clipboard
SHA1 3f5ac728def1d4f7d9ae39ca98ac58639c3a43df Copy to Clipboard
SHA256 4b8adb25a69c0bd028d932ec5983cb2cdf9ec6a49ee5f7ef854347b6039ba91a Copy to Clipboard
SSDeep 192:ejlMCg6Wa2DcLrPfecCJxIHRyQ3BtwcrFUNUqB06GY:UM8WDDcHsJ1qBwq+Br Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT (Modified File)
Mime Type application/octet-stream
File Size 313.38 KB
MD5 61c3d94dae96a8a9e1b9c6387d3f223c Copy to Clipboard
SHA1 1d9346263f4f846fcc993847928ca539125f958a Copy to Clipboard
SHA256 e039269f7934f6fb93e23a63fb8f4680244f63f83c2ec83b160ffb1c8a262735 Copy to Clipboard
SSDeep 6144:ihmWsrkKiYSO0jz510eNNrT/44AdPC+7z0Z0g/6hT/V/ODzxNy:iw3rk5Y5mYeNx/44AdPBxg/skfy Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL (Modified File)
Mime Type application/octet-stream
File Size 1.32 MB
MD5 5cc130ef644a5c554b1e88e285ff2b68 Copy to Clipboard
SHA1 976ec379eee73181b19d67f639ed5ab452078deb Copy to Clipboard
SHA256 0c57eb5e102b87a06c4db1aeeb3ba8094002bf1be85bb6827c65108595893815 Copy to Clipboard
SSDeep 24576:diBcb84ZTiBL5HMXtfhfbSxUmbJhaiuJSdRjctGjMxHQfooXoFsasiEpi:dia7iBLKtfVTAoVWd4xOo0JLiEM Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML (Modified File)
Mime Type application/octet-stream
File Size 1.83 KB
MD5 64c9f6e6d40cdc59a2f6621a2f478eb7 Copy to Clipboard
SHA1 32134eb1693efb408f0c1c2acadf4b943b1a3354 Copy to Clipboard
SHA256 3dd4d4d1ba2374592bcd30b80f3cdb281dade16e20ee841cef6c7ca835f9d65e Copy to Clipboard
SSDeep 48:RF4X6bBQ0+HGXIsAyjqJIgbXVBOGAguLpmednYf3oaO:34X6bWzmMTTV4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML (Modified File)
Mime Type application/octet-stream
File Size 582.87 KB
MD5 a0d396bc403bec3094080e3b6a95ad0a Copy to Clipboard
SHA1 bfd16ed9ad278085d2a36d2e490f3bea223113fe Copy to Clipboard
SHA256 d62b836fabf824da9484edb901808abd9c361d40c4c94589d94f7c1ae16b73f9 Copy to Clipboard
SSDeep 12288:v/Z8hYpDLzJ/9w4IbFZbVnPng4a1My/lGtuXiPuQSx6Wnv1ZWHR5drWJHd4c:vBvdFW4+Fbn/3Vy/KktQA6yv/WHR5dqd Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML (Modified File)
Mime Type application/octet-stream
File Size 1.93 KB
MD5 98a43411391739a4814c0a1d062a09ae Copy to Clipboard
SHA1 bc0dd9086d4f18fd6b3e054e0002bcff9f92a7e0 Copy to Clipboard
SHA256 df70ea2c4e00d01e16e2f204a23e76d1ba456688ac9e1a3d66d4463d206d2cfb Copy to Clipboard
SSDeep 48:uRXe0nNWENNawZg5gPnaoQ80jH+NBOGAguLpmednYf3oaO:u80nQEfawZJQJ+N4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.92 KB
MD5 a110896fab226b754a6345acda66ceaa Copy to Clipboard
SHA1 f7061f927cb92470dba4af06065686a7b9d773ee Copy to Clipboard
SHA256 e7312b844f3113aca817551921d3c12836c766174a1d7737e5e55ea7bd1f6e94 Copy to Clipboard
SSDeep 48:y4WreF8YO+BsouGgHu6mCwJTvrrBOGAguLpmednYf3oaO:y4Wa6v+2oCuld/r4GAguce23I Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML (Modified File)
Mime Type application/octet-stream
File Size 9.79 KB
MD5 bfcd8f44a37684076083426f796ba900 Copy to Clipboard
SHA1 481772c7031df755911155aefe55b5f5cb87d495 Copy to Clipboard
SHA256 7ab9dcb16b0b98a01360ffe5cd372cd0d3c5b9538f220ded9cb531a8f3feeec7 Copy to Clipboard
SSDeep 192:t8SIDoZcYDfWn4fbcBW7ui99g4tPHokwxKpsI/+aN55y882kbo96GY:u3oSYbWFWii9aKfokC4/8882k0Qr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_FR.LEX.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_FR.LEX (Modified File)
Mime Type application/octet-stream
File Size 289.24 KB
MD5 b258dafa32ed32948b3000f587e45d3a Copy to Clipboard
SHA1 5b54aacc304d350f2b531a592ae2ee29074f0737 Copy to Clipboard
SHA256 8aa7cb88dec40b6bb3ee324dcab8afaf437664ca7affbf06160ad74e9537b58d Copy to Clipboard
SSDeep 6144:ZpmrfyOKvGDraiA3wiUSTljySoA9Xr8jcCqEBsHUHWpT:ZpmsvGDraiviUSTrR8ACqE2sWx Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML (Modified File)
Mime Type application/octet-stream
File Size 9.22 KB
MD5 89f7952e64f06e3a11aed3d187c02437 Copy to Clipboard
SHA1 c4f625fe3c26681a16a267d53464f00b3482a143 Copy to Clipboard
SHA256 195cf9134a0abef9250442c06935a6daf34b819ed6c4bf791f49c6615a2c3050 Copy to Clipboard
SSDeep 192:G/x1lw3m+g7VvbuLLWd8t3eGqZMJkLwiBd4/ExEDNRqjOESLS2DIae6GY:Elw27lbkPQ+WsiBdZGqQL3Uazr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV (Modified File)
Mime Type application/octet-stream
File Size 283.37 KB
MD5 8a51cbe546b01866c24cd1cf751e22bb Copy to Clipboard
SHA1 b66a826331281a33bbc04ce0d9879516bf91bf2a Copy to Clipboard
SHA256 7137afb56e7aea4ee694d90b3438a807bab83e6daf144684794ef8677263c6cc Copy to Clipboard
SSDeep 6144:HFWXfs+Ydx50/vWDCuiX6jwWY20NRrWtP4t:lKs+qx58v0ClGwWYf9WtP4t Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.05 KB
MD5 2178c244ffa9f99bda4446f74624777d Copy to Clipboard
SHA1 e5706738eef76d9092f2b98351c89d0dfd9b9b73 Copy to Clipboard
SHA256 ee3174048964d6e3df2520ebd215918d2973754110ef53d52765f30a7f51fa61 Copy to Clipboard
SSDeep 24:GRbWzXV0jHg3MUsj9xFtb3D0BslGAyW+uzvpmxs4snYf3oaO:G5KXV0M8DTb3YBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.INF Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.03 KB
MD5 d2b1a57c485b72f950fa2accad13b412 Copy to Clipboard
SHA1 e755bd566e96eb14164b0ea24e2896f84e57ef14 Copy to Clipboard
SHA256 3e9944608c3a5c52ed0bf60ab91a75eb7c2112726008b6f2741558cf139e58b0 Copy to Clipboard
SSDeep 24:9KzRcc219cJBUNQkG/XYaZiGBD0BslGAyW+uzvpmxs4snYf3oaO:26IBkG/I+dOBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 34.61 KB
MD5 55e65cb3b662ff502508b3cbbadd4d65 Copy to Clipboard
SHA1 598796c26192da60ac013bf348ad880ed2979b95 Copy to Clipboard
SHA256 a630d3f38b4c0c3fa4a0377d685c31eaa244791218c4a79cb3c59b4114069345 Copy to Clipboard
SSDeep 768:btrlMeTDPrYOy+OI4FQydTH2YkqFfhjMH+QbkkI31jiA/dPUtr:btr/rY5nfFQy+qFK+Qs3ZdPUB Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.INF Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.03 KB
MD5 79db285840bf42a1317d30a754e087db Copy to Clipboard
SHA1 f466598be1c5a65a43ec5ad36689252211ab5570 Copy to Clipboard
SHA256 60432f07ef0077b640631fd6eba51a8f760e52ec62ba0681f567903e65e42626 Copy to Clipboard
SSDeep 24:GvnnjLoImLUG6fIAOpz+ergu0BslGAyW+uzvpmxs4snYf3oaO:GfnoImggAkKuWBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 49.19 KB
MD5 3bda2abd905908ced0a564ff57f47b0b Copy to Clipboard
SHA1 38b929510fd8f1706f3148e2064eeec61770b81c Copy to Clipboard
SHA256 48a3f43bf72707629fe3a6fd55cb183ba97f512d8bdc2d95869f3ad55db05571 Copy to Clipboard
SSDeep 1536:LeX2M97d3MHiaf5J/vH4Qh1qvmRbj6lZwP:yX2QBMHlJ/vH4Qh10mklGP Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM (Modified File)
Mime Type application/octet-stream
File Size 59.25 KB
MD5 23b09122a735f6ba20e3bb6f98542510 Copy to Clipboard
SHA1 93d7662b41ed68ea71bd349be5af71cc24a69a3a Copy to Clipboard
SHA256 c78b68586f24096a62d802209e9d54a915a0ef39c1a09adabba4fca72cfe686e Copy to Clipboard
SSDeep 1536:0SqW8XJDPkO2GChyBaU7SDTRvaR66n5piL:0HrDPZdQ7RY6PL Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG (Modified File)
Mime Type application/octet-stream
File Size 31.60 KB
MD5 314d51d1a69eff5287f5561576f46031 Copy to Clipboard
SHA1 3dbe026c284881f1ba18cba621dbeb806814ad0f Copy to Clipboard
SHA256 2534e06e3bf19c50a295822ece5f43e75e08c34d3879900be1cc1b701fd2d0d9 Copy to Clipboard
SSDeep 768:sCp2bMtxF4o4KH1jRDEH289LuNVWHC6ESuRf9iKrkW9Lnr:sLb/o4KMH2dDCEf9iKrH9 Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 105.81 KB
MD5 18416662f5bc17c411f822083e1f33de Copy to Clipboard
SHA1 f2d8bd92819f4c99c6cc37af2e4d0f4d3ee222a4 Copy to Clipboard
SHA256 7a14bda300e9e12746e214d1693ad09716c30cef4141811ccd58315d63e4ef8b Copy to Clipboard
SSDeep 3072:7K5Xer6GjQBryyd1w0x8yGR9CurNf4te4VnB:7K5yZubd1wEG3DrNfee+B Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 56.94 KB
MD5 d9fff9a63572bfd4617dcf95ec5afe8c Copy to Clipboard
SHA1 9f12844a344e728e217a97b64e074676ebbddb18 Copy to Clipboard
SHA256 ddb8ff1df263a4f75720d178a7c589a4230528bdd20b8fcdf16263b50458a519 Copy to Clipboard
SSDeep 1536:mhbe41HMsc4hEDaYY6HBGIPAPDHDcYTfP46yFR0bTp95Y4PCPx:mM4/fd6HU8kPbJbTp93PCJ Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM (Modified File)
Mime Type application/octet-stream
File Size 54.03 KB
MD5 1fd7a9a8b432fff326e7d97463fbdeb6 Copy to Clipboard
SHA1 92f4de41089ee19d839dc1fb40c8c3631d4ea9c3 Copy to Clipboard
SHA256 01baa7572d70eb7797db2152c7ef3982c7658cf3b89fe93c6fcde0b9f5f02399 Copy to Clipboard
SSDeep 1536:hI4QK1BTuYrcsdqE5D7AB12l7hRvqEuF2LyNScYW0R:LQyBjr5PRiEFmSBWE Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 20.60 KB
MD5 45a0da40dfebc5261485dd5f659e3306 Copy to Clipboard
SHA1 10a346ddfabb31f4a5fcc1ed17871bf032d8de67 Copy to Clipboard
SHA256 57b320e7ce0dd5acc682bac4bf3fe9b39d97e1cd2e42389eef609be3550dd2b4 Copy to Clipboard
SSDeep 384:NHTWzuN741WdPKem60eZNZxDtzpyEDGPZI6djyztdySWbbicL4aEndMWzUguYlr:NHV3dPnJXAhiyXbiuUndZQVgr Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.00 KB
MD5 0c0b1cb997690f4fb042dd2c5a2d9c20 Copy to Clipboard
SHA1 5eb24b63876886c4aee063537d9e369ebc96f35b Copy to Clipboard
SHA256 e9325617a8ec8777054f92a1710e22c8db7775e2ec439f553e3d9f3f5add4bb5 Copy to Clipboard
SSDeep 24:9KzL4aPYDSrisWt2AyI0BslGAyW+uzvpmxs4snYf3oaO:2fPNDWtnyfBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM.ragnar_FD7BD9FC Dropped File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM (Modified File)
Mime Type application/octet-stream
File Size 116.31 KB
MD5 12b06aa0b6fc23f0268c13c338b60687 Copy to Clipboard
SHA1 d6515f2830a584ba20311fa71bc6c72a730536db Copy to Clipboard
SHA256 86b6ce272d4da7af699e35f497dd5050ad3cacd18ebf58301da4d10c9d2e7e16 Copy to Clipboard
SSDeep 3072:oLjLEBvzHReWl0p3YNINHBvVMqnhh7PjLLS0EuElgxe+s6XtA3u1gak:o/wBvZWININFVhJbEu0gxe+s6XL1rk Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.09 KB
MD5 ad9ce59bd1b0f84fa4f7d2b4fca2fb42 Copy to Clipboard
SHA1 2e90287d38f2a0cd44f9c6c831eb78e854e0c875 Copy to Clipboard
SHA256 0eb259cc36f64815ccafbcf8cf55b65f9eff2e7fa07a982e3147216668a27d52 Copy to Clipboard
SSDeep 24:9KzuR0pWzMvPn2y4ws+3+OiHYNXLA0BslGAyW+uzvpmxs4snYf3oaO:2uR04+2cOObVHBOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.INF Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.INF.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 1.04 KB
MD5 63d587cf998913152f03420e945b49ca Copy to Clipboard
SHA1 af3f61115011416b8ca2b2b02254bdf1b89cbd0f Copy to Clipboard
SHA256 95798cdfd71757adebe865afc0d8786cfac99e6b9378d3c3973bd88e9e85ae21 Copy to Clipboard
SSDeep 24:GZxb47ZHeQmRGgGr0Xs0BslGAyW+uzvpmxs4snYf3oaO:GZZODmRNGr07BOGAguLpmednYf3oaO Copy to Clipboard
ImpHash -
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.ragnar_FD7BD9FC (Dropped File)
Mime Type application/octet-stream
File Size 33.28 KB
MD5 376f1126ddf1697a85c48073155e25c7 Copy to Clipboard
SHA1 c98e525141264334bb712eef6c15b69e6937362b Copy to Clipboard
SHA256 f90cf993863be10771e21828abedd7319ecf8c7c025255a67f6afd601a91bb9a Copy to Clipboard
SSDeep 768:Zv8Vz5cTCY0qZrAvAFcBZLG5k/h63AxLUq6xr:ZycWYJsqqLWke1F Copy to Clipboard
ImpHash -
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image