Sample File: MD5 hash: 575209a960a7cab884fb7cd2b286526f SHA1 hash: fbfeab580dc81bad84a64daf8898f0b7383b71dc SHA256 hash: 672b90418aac3ba2941f6f2f893e88eb7b0f30e77c1d52c9a355784e2ed757dd SSDEEP hash: 1536:Sy8D0ENKZagQrpMyCNpN+7wXGqxBmC1/rCxTWcUx+N1990a/ddM/jCq:z40+qQryHN3ewL5CxT++v99Q+ Filename(s): l25de3a0fbaa3009886613f5e62b92f2.exe Filetype: Windows Exe (x86-32) Mutex IOCs: - None - Registry Key IOCs: HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgManagedDebugger HKEY_LOCAL_MACHINE\Software\l25de3a0fbaa3009886613f5e62b92f2\l25de3a0fbaa3009886613f5e62b92f2\1.0.7129.18654 Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\Users C:\Users\All Users\Adobe\ARM\README-BW-gffL.txt C:\Users\All Users\Adobe\ARM\Reader_15.007.20033\README-BW-gffL.txt C:\Users\All Users\Adobe\ARM\Reader_15.023.20070\README-BW-gffL.txt C:\Users\All Users\Adobe\ARM\S\README-BW-gffL.txt C:\Users\All Users\Adobe\README-BW-gffL.txt C:\Users\All Users\Comms\README-BW-gffL.txt C:\Users\All Users\Microsoft\AppV\README-BW-gffL.txt C:\Users\All Users\Microsoft\AppV\Setup\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml.+DU80cKozbRSo8w6MqeF6A==.bwall C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml.npEErzw2UHON1xmFZmKc1Q==.bwall C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.ZyHUUDhMWd6w1BNyPOjW5Q==.bwall C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.Dn#NZpAIrWZqRE2J2SSX8g==.bwall C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.eX#mp42DWoFjJZ2WeFXd3Q==.bwall C:\Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.ZY109leGlcJEDtp+OZgtcA==.bwall C:\Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml.kl3sFeYr4Zr2HYTlAkD56g==.bwall C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.axVYVu1kXlk9hZb1JJfrlw==.bwall C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml.+evRQth+rDD#snoChqbOxw==.bwall C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.VhSw9krH9ks1CRQf8rpo9w==.bwall C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.xuuUIV8+ZnMjKEvpvdccIA==.bwall C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.FRLi#a4tYfaeGQLOzr5Y9A==.bwall C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.ZHW5a4TBt9Kl+NV7O0PXBQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\MachineData\Integration\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\MachineData\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.cyTT5rn6VtVJpSOVTwDM9w==.bwall C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml.YIJMdgICCwiSQrQHbuO4zA==.bwall C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml.Hr477yxJfm+N8NBYbP64Aw==.bwall C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml.Md3j23JoihAh#MMHWP+78Q==.bwall C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\UserData\README-BW-gffL.txt C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.sO8000IXLYHiLxG7GDBDVw==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.FFv92suGiV1lwzj85lU2Sg==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.g3#5SQ3oV3d6E8DhVoKtCA==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.Hy5Nqj#nh341Dllfpk0mHQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.r1d9h1tx#xfizLncdH0cnQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.dotz26ZiORj+WOUIEQZ7KQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.J+mNCaJSj38MCeKF6sIt2Q==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.eJ+khozmXgZ#KPFJyf+jRA==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.sKC6WU2y6SDubZzrkGSf2A==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.hRFPkHdQc+zxsTaOmdZ9Tg==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.8sWR6Urc9LTEee0oIUjGtQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.8U3rUcsG5nZQzFyhS+Ayxg==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.fp+Nk3VSMfKkivZsvcw58w==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.ZD5F20moI2Viumn4dikMZg==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.UojXTGEJE#9#o22FD2dh0g==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.8sMZRDjZp5VbxSNXuoTfLQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.L5qSovTDAGixIY6u0jJoxw==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.AEBfCjhXq4rNsSd0BeyX2w==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.2wb3fAD8mFj8c4Ka#Z8XPw==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.+4ic7kggLdSV3rCia30zgw==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.j+wGaTu+tSy1a7DK3x6HhQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.kFPQxPKemMuM7hDViu5onA==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.UCtjL#miOowWtzeFHpm7vQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.#MEA#7RdBVdZaxHPgVOEGw==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.KjG+a0QcWnj1TMFH1VmKCg==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.Vvk4Am33q21#lgjSYBi9KA==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.M1igYQZjyGyq4DOB#BiTvg==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.09kiW8wQhlJwyj55fuGyLg==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.B0xrOF1SVX7sFhJLVkzkyg==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.jUrvQbMSJBXV4jWRQlRqXA==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.+5Edj42nWkBw#z34X7rk3w==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.YJ+jWl71QjHb#PkljWDEdw==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.FZOVCRKWtP#CT6Deb8LvXw==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.WKiyAWAi1tFV+JEAuspvbQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.4tIp0dxJzuu98Uqf#UTLgQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.AYhnhMErssde51faj3hUJQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.MjyPYYKz1x225xGjFDRx+A==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.l6J#RQN28vkZcXcYZZcrrQ==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.yKFbC#WYb2JTYDE#IX4GFA==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.H5QNPV28UkJG4U4fruBt0A==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.m9E7MpnW68GGgI7HRNzSoA==.bwall C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\DSS\MachineKeys\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\DSS\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\Keys\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\PCPKSP\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\PCPKSP\WindowsAIK\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\RSA\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\README-BW-gffL.txt C:\Users\All Users\Microsoft\Crypto\SystemKeys\README-BW-gffL.txt C:\Users\All Users\Microsoft\DataMart\PaidWiFi\README-BW-gffL.txt C:\Users\All Users\Microsoft\DataMart\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Device\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png C:\Users\All Users\Microsoft\Device Stage\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Task\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\README-BW-gffL.txt C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml C:\Users\All Users\Microsoft\DeviceSync\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\AsimovUploader\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\DownloadedScenarios\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\ETLLogs\AutoLogger\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\ETLLogs\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\LocalTraceStore\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\Sideload\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\Siufloc\README-BW-gffL.txt C:\Users\All Users\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml C:\Users\All Users\Microsoft\Diagnosis\osver.txt C:\Users\FD1HVy\Desktop\l25de3a0fbaa3009886613f5e62b92f2.config C:\Users\FD1HVy\Desktop\l25de3a0fbaa3009886613f5e62b92f2.exe C:\Users\desktop.ini C:\Users\desktop.ini.XurKlX#wg4XM44IZQpq48g==.bwall MD5 hashes: 575209a960a7cab884fb7cd2b286526f fac5bf657d100548e87763b5d7bf4a8d SHA1 hashes: f91f3b634fcb242e3bf7b4fab5f3c5eacdd7f0a0 fbfeab580dc81bad84a64daf8898f0b7383b71dc SHA256 hashes: 672b90418aac3ba2941f6f2f893e88eb7b0f30e77c1d52c9a355784e2ed757dd b11e4ac93d87337ed1e5c9bb748069d5903393b66dbf191aabe1d39778985303 SSDEEP hashes: 1536:Sy8D0ENKZagQrpMyCNpN+7wXGqxBmC1/rCxTWcUx+N1990a/ddM/jCq:z40+qQryHN3ewL5CxT++v99Q+ 3:b2+5i+1RBCLSRXrUlr9W/8/h4563ZEksV0EBygIA8bWMAKu6cgSl/DH9KOwn:N8eCLAbc9W/8ZO637sV0ErI3uKu6BHOw