Filename
|
Hash
|
Operations
|
Category
|
Severity
|
C:\Users\5P5NRG~1\AppData\Local\Temp\$TMP$001.exe
|
MD5:
e1daec9ab6fa1b476958c71863adcfb0
SHA1:
7ff2dc16949b033bef2d9711383be8ea4adfe312
SHA256:
7e1577fdd774b560e43d141ed9ec9ff77e957d789462d1a4c42335b14b684f0d
SSDeep:
768:TcxvplZ/ija+1I+tEg0Mwsow3L1eZRG/cj17B1AKES97oPmGyO/Ie2ZoR4h9Sa/G:AxvpSEpMwsgG0j17BK6oPOoaGFx
ImpHash:
abdcfaeb8ec397d818c0cac355d852fd
|
Access, Create, Delete, Write
|
Dropped File
|
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mqrywk.exe
|
MD5:
251b5a7f7b52dffac6d87ba8c81242b7
SHA1:
fc23da8da75d9943e57c04d3ed97d904c849ee23
SHA256:
77681f7a94eb926cec67544420e64023ac8c53f9f04826bf4e550fc409bbde62
SSDeep:
3072:8v6j4KPiGF5OJup1cWhmmmTXicmB38eWTufJfKKS58J2n9ogS:8v6/L3oWobXiqqfJcG3l
ImpHash:
efb80292491fb9d7c665ecb8153f62c7
|
Access, Create, Delete
|
Sample File
|
|
C:\BOOTSECT.BAK.moncrypt
|
MD5:
7c9a3dd576cbe0c7c10ed6164e3ec0f1
SHA1:
ac233de155d14f4f53ff06c8fad116ec5054409e
SHA256:
d200032b5b548b1b1ebf208a6b7ce1cbc165fea34db94204e1bc1e28b343c33b
SSDeep:
192:+LNT0N0ngYENk4ok/4PfY90a276NNr/P2aF1FngkNql4:+LN4N0gYQk4ok/4XO9p/+aGkkl4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\HOW TO RECOVER ENCRYPTED FILES.TXT
|
MD5:
2f3d3553790c67010e1459fcbab69864
SHA1:
ec896ab388a9371404b8230ae73bb4609f0d0024
SHA256:
6de7503be8d0375d57dad640d9fc311693baa7366bbfe58ebc6c69802dc21da7
SSDeep:
24:RjGv1qzpDrlOvDSgMkeSVP01jhs7O/kQEX2HtnQ/nR3rOeoz41VpwRPsFZLMWR7b:hGv1aDaDkEMhDJQPRryz4/pSI7b
ImpHash:
-
|
Access, Create, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.moncrypt
|
MD5:
5b9e6dc9d5ff6d1082ff433ef3fe9fc1
SHA1:
162994d60f152bab6dbe62c91a7ee902694a3d5f
SHA256:
b18d2c50c83f4f4f7b22eafd071a7ecacf4c08bb862b5d782f8e557f094bd501
SSDeep:
48:xucIYcqiin04h6CUrE81NzvzAR192rlyx5/p2zP2sKOgs/ylzYBv20PrG0WN2ixa:LIYo4h6pgEJvtrl050b2sKuaVB0II
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.moncrypt
|
MD5:
c7684215c8e59ea604ca060d3c9f3169
SHA1:
f99e36b805c43ec11944ac761f1fff0ba1a81a77
SHA256:
2134e196199eacbee2cd42565b50423fcc02249a3dc62ff9760796d5872da91e
SSDeep:
6144:MLGQ0S8XiWWThUDZOuOiFGR4bRStylR1TLg9gBjHnmbl0/P:b08XGThUDZLOVR4bRS+LoCP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.moncrypt
|
MD5:
4acdc6f974c4a4cd9cdde85f4c3e0167
SHA1:
fee2ec89075efc162890a48ace9643ac5f2dc1da
SHA256:
4edf5af135f9866905adb6f2c2da8c4852c859103595d0b8ab7a52093b619843
SSDeep:
12288:Fzm8EEYHb8868cVAiZQIC6Giut8raCcqaF5NlKvffESc5:Fa8EEmTLcugPrrbcq47
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.moncrypt
|
MD5:
55b54f9f51716c8e415128a48f6e098f
SHA1:
a4228d4a5c27586830d3009713250282712cd53a
SHA256:
fd828e9e88a4d6ee24c57bc102394c7cea5f8baa60b7d4f807ccec6980d9699b
SSDeep:
6144:sAom+/V4e6i3GJKlgGM5t11YRxYfYCnijXy/e24TBq2vFKOIh63cTz:s/b/V4eVgfBYCir24Ts2Kz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.moncrypt
|
MD5:
bb5335cbff51bc910641e8090d9aa503
SHA1:
5dea33792748049f640b0c24bd9be63c03cbe8ca
SHA256:
efc868c890d57c96cc8ab6fb7459713c4d2579dbb4aa6995f31b9ea74a595abb
SSDeep:
6144:zsZHRbxiNYXnUW9fnVh5ng3vapPEKpMyPKcFbpmYU7bds1KOLhFC:Atdu4FU7yC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.moncrypt
|
MD5:
e44c0430cfd30c0f4f93f012d9c43bac
SHA1:
185a891e019751b3d911da377bde4b78fa29da80
SHA256:
13681146ea33d25019b538271a267f1ba2603f605862b3520044595ed684cba7
SSDeep:
48:/YjNo+FO6/Cy51Rk9NrqfPGUdv27LsZhK5j:QJo+Ui1y4I7yIj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.moncrypt
|
MD5:
9b07f152c2e8b15cd615fd42699c00d4
SHA1:
0da7f6276892fd0c24acca0b99ff5c941602dd2e
SHA256:
6ba00ac0b1a83a112fd510afe09c18411797994b7ca0a024b404a32c2113fccf
SSDeep:
384:mvBftKXglq3JHiUcRPkGcjBOO7la/WtcwuJMVjU0zB50In+:oV+glWCRR8xBOL+FeYjU0cIn+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.moncrypt
|
MD5:
3f76c00befb5a4e68ba99c707f6b642a
SHA1:
06bb355aa966d7513b2d3d6af3a85223b9f0a40c
SHA256:
41e3b0f6a980510bdd1b8d96997715ade09561aaa259b6a72ecc96a1a279bab7
SSDeep:
24:ds6gI8Ry0dpinycxwaObBH6k5mdkPilOJbOnGAgQM7ca:dshIiyVnr4tHMlOtUGAgQQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.moncrypt
|
MD5:
bcb355a89c02a77c50f92c816d410fd5
SHA1:
ca68e53efb16fcaad2074060262261f0ddfb4585
SHA256:
8f2569b9d0f9b9564d03c98d18e6242369d3f29d012345cfc3b1fbfe22cf7d81
SSDeep:
48:ntJ7JSQezrsVi155Aww7I7jrcaBIv9H9wTncfPCI:n3oQezH55AnejoaCv1wG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.moncrypt
|
MD5:
b3e1fd50dff678beb862e9864e5a3821
SHA1:
afa51bb2f26f9595e2a15ddbfbb873846064b8ed
SHA256:
38c1514704b889a7235e7e3550f7677a31412cb1c902a0af035bbef78b8e9bd0
SSDeep:
24:+NW+afxhDm6rVoSdrM2UsPbidEOR0ywWab26Xi3vdEd9OHFO:+NW+4GIoqrlUsPbAKWab26y+d9CFO
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.moncrypt
|
MD5:
669804fdfed0961aa96aa80883ecbd0f
SHA1:
1374b36a89c8fe8b1483ffdcd0ebebc0f52e64a1
SHA256:
3dbdcb6a79f4b053b27ffb771ad9b2e189c2102dacffb8ae5d7aa6905355404c
SSDeep:
24:Up8k6LqouALjpkGs0f9yvFh9WUIpkcD8+ZH+g6:U+1LFkGTYvT9Z9c1d+1
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.moncrypt
|
MD5:
667e50bc4ebe9a6e3b014078033cbf93
SHA1:
302e0b9c492ca940d088923c48231a58401a3fa5
SHA256:
4bf44781cef27193b6242d1aa8e4e2f7d8a6f10f9c1b80d67e55b316aa25c14c
SSDeep:
48:11xoGEGP//jydUer51Y2vVEHcAW23xeujAfUBu6joH4iMJbB9amY3JHojr/pcyzP:11xojGP/LqttmMFA5UfUBldRBs13JHUV
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.moncrypt
|
MD5:
2e296b42ebc66de2e3b7dcad93cb0f8e
SHA1:
6669985dd28255fbf63fc08d2ee005cff77cde91
SHA256:
06e8d78206c77e56551418fe30b4d3fb16dd53eeb9b70e4da1540ce99cd89a78
SSDeep:
48:8bwW6ePzmh3x4CFp6ExNQh9iyOG0Ht5MKP0Ykq7CmGkV6DnGl2h:Yf7cbFp6Es/ZOn3MKss+U6Vh
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.moncrypt
|
MD5:
078ed9ec0610ef07e9adef9e7e28a9b7
SHA1:
c03acf241eb0967c68a8a65a96b20cf897aa39ee
SHA256:
a6db874d3a5a20a0fc09bbb79561576b8ed0ca1fab953655ad00e7b39b911d6e
SSDeep:
24:qMC6S4VuFUsskg0ueIZShqoXxLMwlQyDwWhqMdE52HIAk3laUqK67xo4Q31OF:IQuFUXkgTeIZsqKiwpQMe5qIx1dqKYo6
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.moncrypt
|
MD5:
c5f0138e3df531514b0cbba23950137d
SHA1:
eb78d517cd56f7ab9c85342a9f68358af32719f5
SHA256:
1d3f032d6bd981625a620ceb75977848959c266bf6b8cd85ec82955dba661790
SSDeep:
48:XE+FmzuDDy492EnH5CpP8PR1grnqHF4AzAX5HQ/5Atm12UuaHH8w:XErzKH5pvgrqH2AUJHQ/WJUueH8w
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.moncrypt
|
MD5:
0e2353a061e85ed7fc8289846e4bae45
SHA1:
60d8aad6a12fb07cf7352bd5ed5021f172e49fc9
SHA256:
138b459d02fd74de7c67525e7a38838aac2c63bfc689b4ae987c3f3292b12e28
SSDeep:
96:5+Gibj22Jga/vX9V6jk86YD+qP4Yu7YoCJnLhP7/of31kw:5+/bjfP/vtK6YjP4b7Z8nLJQPn
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.moncrypt
|
MD5:
3c67b50b9a507510069061fc591a3154
SHA1:
3798801144c706ec008ca77e927bfe6e12f276b6
SHA256:
d296950ca27fe337a83889e7f3396311af0cb12458d5ef132a29818bf46aec5d
SSDeep:
192:uw9Pa8pMT/lMQG6pZSXsfIo5TI36UM7vmkDie0o:uw9PtuiEFfZU369vms70o
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.moncrypt
|
MD5:
15e228a14ceb7b1638d38e9ea51fb476
SHA1:
e03f67d5a30be7d49c8d9f4126cac5146835bf62
SHA256:
77200da2e88be02a4c48bee2778dc60b22836dbc353ebf54184ea61629eded47
SSDeep:
24:a1eZrFpqByHTuyP8Dx/xK5JOgRgEzDxm7RkphHr1TCyDQYbZ0xRd5+qVpeWwVWs:aeRQACyPixszdnzhHrUYETd5+Gi
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.moncrypt
|
MD5:
02e50ab55e7e564ffff59c9d5fb19470
SHA1:
ef8b3cccf1cf4bf4c58283b53afdf86b26f047e7
SHA256:
70331d8fcab0728d2e054bdeb25079b179dc89e4b55cd4a79f3a1c34ee089752
SSDeep:
48:eWQQ36vAL/kjZzIJZpjMQv+qrNw8kVmHpxwvZGS0NKjgH8rznccK:WQ3wW/U8JwE1rB0mJxwAS0NkPn+
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.moncrypt
|
MD5:
6fd760cc6934f143a8d51763a5def33a
SHA1:
1062ea39424f2c612288229f3df1252906341e00
SHA256:
5f63bcf2b2b964f101a470f444e1f8b2b8c1c92e542b8964775a9f1dd86b59de
SSDeep:
48:D/BsMqhWX1vs4rut0Rv3L6I69i4Ul4Vl8i11y:D/Pqh62euGBI9cmT/11y
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.moncrypt
|
MD5:
f9b01eaa96941ef70563651b45a6e487
SHA1:
d24ced0f989bd24c83df9f724d7664b9fa186de3
SHA256:
1947805ad30e79a26665b14cc68c5a61c3d1dc1a4b633d59ee59690c93697dec
SSDeep:
96:Gsz/O4QmLDindszLMsuc6fDIh3/eZOPvVKpGq9b:RzVPidscs6DxIopGqV
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.moncrypt
|
MD5:
c41376af2ee64c62f3a41405ee56e390
SHA1:
493fd27b6611441df279e1a8472ee356edfae1b4
SHA256:
460806a81a2b972e654c169918cce0ec59aae5bb0355c1f34d88fb99ffdece50
SSDeep:
192:m33Ji7HnGdZVaVS3qLS2+acZKedeC0yt6M5H:c3E7GZViS3Bilkj0jM5
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.moncrypt
|
MD5:
1bff569dc8190ddc920f3b66248d98d8
SHA1:
f448579091ca7b4a0bcb3542e45a7dab4540e814
SHA256:
bd5f62125a3329b2a55cc8964c7fbff3330749795fe3221c6f63607787b6c0ca
SSDeep:
384:JOvjoDG2aDBYbgw7880Fsc/ZxS97B9qzrYCoXlGcmacUMoTi5pLyH:gjAGRqE6S6MyB9qzqlGcm9T5pLm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.moncrypt
|
MD5:
54c390308a02bda60e0ab0ac44a4e0e8
SHA1:
bbd284414fb66d9550c8278c83f7a68264d8face
SHA256:
e5c21a7fbf33b002f198bec66dd9700bd929d7b283a70e69324f9781b505c608
SSDeep:
384:GcpF/9JM8+qpRXuu/j4SOfmVhLaMAbRAJ:zpFEU/jYmrs0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.moncrypt
|
MD5:
43b92e625d00bcd6c939eefc08355e20
SHA1:
5df134c9584a26909f6bd2521e5c9678e601410c
SHA256:
6e8a1bd54e6f4c70426daea32897ba673fda30bcbdba7fbcd52e1cbdc4e66a68
SSDeep:
768:qpNBxulfRE2turk92G4a4u0Y6iWjo1qrBFYBaQpBJh0pNL1:YvuBqkIo1RWjo1OPYBaQpBJh0pNL1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.moncrypt
|
MD5:
ebbcdb945becaba3d82b476ceffc32ff
SHA1:
9fe03e330e451c6bf50cdc4222f4b15850a41f83
SHA256:
a381bd638de38cc4a6d0f52e29c13c05bb63ebafd833e6787c6493f7f6767b99
SSDeep:
48:enzeb9ItCXFuOYnx2h592P4ksWKuuVeRVPQT:DpItCXpYnx659glKvVeRls
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.moncrypt
|
MD5:
c56fdf9ccedf63cffcf2bd9401956cc6
SHA1:
6d1707a6d6a10052d37635ddf4e44295ff214d7b
SHA256:
d6cf552cc2ccbcc01476721a464100ce4a6f58ba4bc406bd00305499c55de0f7
SSDeep:
48:eIvGyv4IATxLlciFZw5IhZdrhXpLvLGSIprnLLvzJTnbJ1Lqzaw:QPI0LeQZw5YZ1BlvpIxnHVbjU
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.moncrypt
|
MD5:
e3f07f2136b8cddd43da63766ff4e2b7
SHA1:
4e83afb4f7d2e8d21a280f952afdfd2d47b86208
SHA256:
fde180302d4c42c79cd8bb1c25f0f624b19a7cf60634af80d53239f1a1369448
SSDeep:
48:YzKqhKODi3RWjcVXoH1eQmv+j3ne3Xe5v46tAc2VB+HTs:SKqhdIV4H157e+5ZWrVB+HTs
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.moncrypt
|
MD5:
4e9c201da2f647a55c9ee713dd3c74d2
SHA1:
9589133f1b4d342c4feffa14e63bdfec1bec9111
SHA256:
26e2e6dc1d0dbb48c4a6895362beb899c815187c57096f18d9fae55871f98a61
SSDeep:
24:+Scf0GcFafy8djIY11RdkJmIkafGYpnKnnkik8lhqbrj/jI6aFDZ9t1:+SccGDRd8Y1KmXGUPPhqLDgdN
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.moncrypt
|
MD5:
d35372a01d310ae9be54675b9ee9601c
SHA1:
496687c306bd44e5dbb82cbb0be178e8e2f23600
SHA256:
59b6cc489c1e04228ba359c4d5444fcb44e862feec40755042de612d0523b20d
SSDeep:
24:rB7QRYyIOBOJiFhpGAf6sjVTdDGXydXSPAhZUMiewcOWcJ8xjn+S1OScLo3lnaj:rBURZzscFmcbTdDbiPEZ9Nk2l+VDo8
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.moncrypt
|
MD5:
157f926b0b1159d0d422ca019826587e
SHA1:
502e3a9ba9c62f654d7eede9d8bdf04e22f3cce2
SHA256:
5a3ebd165ac7ff2ae652af637c8155e2a5733329764bdbeedc5d4221896cbe49
SSDeep:
24:HNkeAFCJRfD9tU69518necuww4CfmNsEjUQSpUmMtATt6F9T/0pGO1dgjDnsRW7:RgMDH95ieH4CfmNoQSktAJc0pZEV
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.moncrypt
|
MD5:
764eb6d4894ad6ac4d25279360fff91a
SHA1:
d8f4abfbf4cb1e6315599f1a816e13a77293b4c5
SHA256:
355282a06363700584fa16a013264a10daac3a9308f60bfd298509e6b7805ff2
SSDeep:
96:FY5tVwWJBsHRZiHWIWLAvyUJyoxi60shdBdkRzkMxac7w3a2Y4EiBwBkc/BA:FY5tV1y6HWIWLAvyNoxd3dyHJeWN/u
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.moncrypt
|
MD5:
3c0daed92ede2a74a4d2688a7319f3bb
SHA1:
f445c53521234cd9e8e25d781037af454bb1539b
SHA256:
9df334c3858fca7f895cb39aed7a3edb47ca1aa0d89be3b24dc3a5b39ee5ac7f
SSDeep:
24:SwMVkkMd8U9i+eiTiogY9dQeiazXEQFEnVI01ybmq3TMebondiBAOtIH+PXn:8ed8U4+ZiogYIeim9iVImSTGnUtmo
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.moncrypt
|
MD5:
3a86eca2bb6c68612345aaf2f2253ca0
SHA1:
375672e6a793b561fbf02bbe402e3266af12dda9
SHA256:
ca19c18756368f4f5187250e208a7a3d3f00679dd8259d67cbf438f9213b6afc
SSDeep:
192:62CREc4DRmP3DsdfJ0uISLqNjltGa0Iq4oxkoGUoKOiHwSgYBLrYZ1giD1hgN/4m:GREcWL2yGEImkkSSrVYZqiDQ2GIe
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.moncrypt
|
MD5:
38c009dcc5bc2ffae29a98acddbfc3d2
SHA1:
a472608122212ba2cb1c582e9317dc6ef3ef84e8
SHA256:
4a6dddc1dc798ee479ddc6856ec3193ebe5e2efe0c791b6527b2b81654c6b0b7
SSDeep:
192:4cXopMpLs32DY27wwUFLA+9vpcNhNtPxm8yRtZZ6UPL+QZ:4cXQMGEfwwUF/9vpcltBI73PL+QZ
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.moncrypt
|
MD5:
54bee76728d8dc4a99291fa68ccada94
SHA1:
3d6cc5fdbe7b18dd9017ade3f0b86b5aeaa656d2
SHA256:
e92ddb21af0fe7a762157b768d5f4d0fbcc7036b49e3e8943c81268a9d9574e9
SSDeep:
192:C5eencCdNvzZV7BWfSRnZvMqV0xsp4HRNUSO0ZMv5WjNNg+Y:C5e0cCvd9RZEqO+pZ0ZMvQjY
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.moncrypt
|
MD5:
a2adbfebbe2d79faa24b2fd54e84edc3
SHA1:
21894f282e2fd0aced2b20a343b537dbded9f0cc
SHA256:
8903567f9d09144e3f8b606356f7569fcb47909a332cd99f28c0041009c9087a
SSDeep:
48:XCOQ8xrmKpjVX41lp+v407Q/S7Q9cKjOoeOw8G3:XCBcyKpJX4fA0/SKlJ23
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms.moncrypt
|
MD5:
bd3f7dc27cabb05e03686a32bfede50f
SHA1:
d42e0c9e998803cc14600c1440a6db1db845f3de
SHA256:
6c83860f4adba05e39d8463e1f03c287bc9d3da33466278ccaa17bf59c979bf2
SSDeep:
3072:kpOdIzRMkDxPTe8dlmPAJCissBaPwqWCRzFh6vyxgvdMGnl1eQeNSCKp+V2FWJFN:GoQ/vq4AvfWQK+DU/SJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.moncrypt
|
MD5:
3bf046d1a1342c79794b8e10b6f82b2f
SHA1:
014f6a978edd0b490fc79f9c6df4dd5169bc05bb
SHA256:
ca2fbb926be8657aacafc73836951f3bd678da0dd2f67dffc139ee3d4620471c
SSDeep:
768:1cx+OZZHlpNoj9ft4j4CIacu3A3K5ZVMpjmgWnf:ux+wH+j/YFI1u3A3yVMpjA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_FR.LEX.moncrypt
|
MD5:
dc009bb2ce7f03c5a28d9f2615196dae
SHA1:
b628c746df61c81772aa481928a922e6910cef83
SHA256:
ba9aedbb72241904b18d5c323880c8ceb4fb4bbbf45f49487c99b19f8c811960
SSDeep:
6144:iK8hq4rzmamFNEAB1zKIW32+B0SlsL6ZIFiVvB4Ngsen/NB6paeSK8yjT06qO:OrqaoWu11wR8su+fzFeB8iT0tO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL.moncrypt
|
MD5:
f07eabde0d2ed703e5510cc91a537bf0
SHA1:
9c6cc0056cfadc97f2bb8ca5c97bab6452ba92e7
SHA256:
0368d844e5553c21d6f4fa4f611e8a7a1ae02833cf44ce671531463e84a040ff
SSDeep:
384:nSjlt9WIAuvSgUxZO6DNosEIAgMp1gvnI+GJp+X5GvP5i:nSjlwg2PSsEkWoQJp+p+i
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.moncrypt
|
MD5:
a7499d0ce1d5b470a3a739beaa3f28f2
SHA1:
1b3ffe89fdf5bde8748d8b82472404ca372f38b0
SHA256:
2f3b814a93954e581009488288e0973195cd5460ec1e52fcbbcc68b373b3e466
SSDeep:
48:RbmPlQlUq3c6bv9Zhyw4lzpjSWFSEj0iKq6yZwkwGcrKOl:9mPaP3ccv35m2lEjVZwkGl
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.moncrypt
|
MD5:
852ea7485ffda27ade1526ca879b1beb
SHA1:
8f080de899c76c98e77aae9086a1c6088017b4b3
SHA256:
672f396a2f1ea661044dd23fe6fea656d8261c09b140ef850e94b1915eadb120
SSDeep:
768:ZNrRqAbiWS8FLo8AhFQ6bVO5afqf3pqcjKTLc7q5h9GyMZrF83Oq:ZbiWSWLo8IHVOwo31Ogu5Hh8x8eq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.moncrypt
|
MD5:
0cf835099f829785bd03b6f722efc97b
SHA1:
97100aa9c725b74fb3cb7b5abf0a4f4a32e92105
SHA256:
92102122b33b4b425359fb54ebe9fd9b60ae25a7211d4696a92359ae2bc89ea0
SSDeep:
6144:BbV3RzVrzSAIo1DhGyeR9CYnlbzuq2H67L2lFTMiS3IWtmTvdpg1zZWy2d6mp9mc:BH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM.moncrypt
|
MD5:
34b6553a6be61ec9e05f496f082ec5cb
SHA1:
3f47e983b4cb4baef19864b7a1850573b9360a6b
SHA256:
a2d07a5620ffcc9df34be1ffa6831f713abf3dd300451dbdf4dde7ba59de2666
SSDeep:
768:enO89LntmzrC97nS8CdnAuP7bSbBty3w1W6AYQbHtGO+UXSff/aNu:eO8v97S3dnt79u
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM.moncrypt
|
MD5:
eb08266f3250dfd80b939e6c221b6997
SHA1:
96dd1ea91e66a38d17dd4074bba6fd8c06019e4c
SHA256:
9fd99f586215650d14b84ed5f2b55b5192fcde6103b4bf4f7ba7b8da979c6276
SSDeep:
768:jRYYP7JdyW02rHw2TCHH8rUv5k9Kg7JQHgk3c0EEfzG4jCV8eEfR:p39E2TCHa6ki
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.moncrypt
|
MD5:
46edd34ea6286ebcc18bedc809b461fa
SHA1:
957e264e39178a3284d80ba910176ad023ddc7a2
SHA256:
dd4cfcf04daf06bcb8535025ed33d0b1ab5e99fbefc86306bfb89270f7b43629
SSDeep:
384:eYJ8kTyLivjOP9Jhe2ZVw5oYqImyp02afiofAme5j5YlOdJ/GwrxKPDrbixETI:13sDtzYrp0DfiofAXNY4nKPXb3TI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.moncrypt
|
MD5:
8ca1cb48d25d4580fb2e6da31b3c2848
SHA1:
7ee76ec84e444daa3a75f6d217a1ccbfcaea328c
SHA256:
672e2cb001e2a41104931c5ec371922de28a5697938f9bf5af4567f4642c6346
SSDeep:
768:IbC7PH5uey7H8q8WnBQ+EtN20enHLACSc5FmCJ4yiwQHKyujW:IbC7/4qW6+EtAzHRjmAB+D
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM.moncrypt
|
MD5:
1dd6c8bce320f526f90a27c181e6f85a
SHA1:
3a661147567e1e9daaf3c925f57483527b5c8e89
SHA256:
ac16a9d1392479be23ec50730b58864d8b989d77425311fde5db48d8c244d2a4
SSDeep:
768:0DiCQjoRiXXkW7ZC9ELVcmB7IWQE8Ui2OFVnxk+cDLtfg7NNS:0DiCQ8clNDLCDS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM.moncrypt
|
MD5:
9eca9e020391b2119852c38f23945746
SHA1:
8ca4a685295e209d0f14a257d3c64c66b6a34e49
SHA256:
d9fc7f38278214fb7ce9c4ad52b9d07714e94d40a75cb9c956ce898269a978b1
SSDeep:
768:XSSXlsoSxl46CulLgkjtZW9TgLwzXp7hAmcma6K6Nx93MaWGzSzH6:ad1FPjtc9Iw/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM.moncrypt
|
MD5:
cb736c0b9aca1a8fc3ebcc56c926f412
SHA1:
3674d04620599d2136fcf7d4e778e91b714c0da6
SHA256:
21093695a5fd8b367c95fbcbdf17771ffb9a2abbf4309b6e5b9969ea229e51d6
SSDeep:
768:RtAjqC913UmS36HvdVkT7gf5BrX+1P1uei+dVZYBw+mReTF:LdC91kfqPHigR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.moncrypt
|
MD5:
81c1d8fc71acc18f6f64879b6ce25f1f
SHA1:
0fa8ff28c666657836a8990c6b31a7f9734cd75d
SHA256:
f52079cef3c588496459fbdaba45e459caff8e2617143f89ceb22c8c7fda5f70
SSDeep:
768:E2ZDjwpxyXhMNjVQnS5c5+/JKYeFRSmEA7j5z/YgwIK9m0:EyqyXWRVI+xKYeFImEA7VzYiC3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM.moncrypt
|
MD5:
0ec2f698ec6672e1a71ae593fefdb652
SHA1:
c073aab0a3d30631c12f4ba2624422aec4bb29d7
SHA256:
0f34ea086ac61f43254d795cb90aa72a142b47d4123f07b6583ff6f6bd23e0c5
SSDeep:
1536:JOzPy2ld8lm0OlUnSHwbtybKi/DKu5I3xlpyQ3MLmZozAk4aIyHe:l2X8lmDy0iK5/D75I3xlpyQCjlL+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.moncrypt
|
MD5:
c40923e90317f880dcebe37d8514321e
SHA1:
9d275f41adb47040c263debe78bd71024a5204db
SHA256:
b366f15eb642a4d3f15ac2145eb5e9f31cfedf9bb4bce92547a9be9fe620264e
SSDeep:
768:OIRZU5VEY9s1q4oTCS6HT0EBo2rjKXnutANlhfgUrt6Dpqsm1JjcXCZexav1OPrn:3RZMVEYBcHjo2rS8ClCUr0iJ+CZzeo6X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.moncrypt
|
MD5:
65232380bce4f205d075fc5454a0ead1
SHA1:
bf312d9409b915b9b1aedf23dd9dc7a597db6ea6
SHA256:
05abdb6ed03809d63fcfd7bc466648010072c24b876e2f2108d808f6225a9927
SSDeep:
768:PBalVR62w22uR0SWnidPnoL224wTNZhRvNBZTuhgZ:AGP22k0SWnWfoL2DwTvh/BZTuqZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM.moncrypt
|
MD5:
4ff50ee1017faadea5d92c23c715f987
SHA1:
9e1b1c4afdfa5fb1a916ed543ba8b9c4d044c7a8
SHA256:
45f6806ae12f9d038cf9f8631e660ed7828e6a4b47b4fec3b6365eebf2e5b4d3
SSDeep:
768:tX+jBVmAODtS3VLp4ObeMhU4UJ6RH6W3qzmlmomIgd0QZx/kMJbSZ20aWfVNv:tXyWDM2ObeMhUJJ4Hx3KCv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.moncrypt
|
MD5:
8e09296ea9bf90fdc106597a3232b2db
SHA1:
a9954afba513d331584233ac6978bd94b4a00a9e
SHA256:
f9a7ce6a3579e6bcd67ae2bd77826afd5709ce2c2bd450a3b9282c462412de55
SSDeep:
384:aEZYEuDFGA51IXN7LfQZBYz3HymhBWulaKhvSX3RCWNHT0zzQbKRIMDR:aEZfuJbA7LOmPWulbSXBjN4z8O5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM.moncrypt
|
MD5:
cf562c09881d17337783f6fb7040907f
SHA1:
5d1b52e29bf6a13abef8b62f9d70e184c5e0e638
SHA256:
cbd45f5658f036f3277b2ae74a9494bd80e800100895ac138d2d93e6b5bb2ffc
SSDeep:
768:yK/h629N1Fu3SnnIok9tgMaBVcDuzvizpz8n9zAsqw1JOgUWcrDqB9:5/v97RnnIf9tgMKW6v/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM.moncrypt
|
MD5:
5e0cba071adc585ff88670e0e23f17b3
SHA1:
8e35bab12c7fbfdfd8aef0b378f04dc9d83157b5
SHA256:
aac9adecb97b5ae55cd10b81e1b8e03514aa865386f38861b63b9c5bcafa352c
SSDeep:
1536:HUtwh7aalnAyQ3R8jfuGOrrfwPPlkpK89yCC+UQo3alaysfjn:HUtc7tdAyqjaPDqXB3o3OaJn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.moncrypt
|
MD5:
2b01bcac47cc007140a38b72d1c1c699
SHA1:
f49253d43bbf5376d91e9b32302508b97c9710a1
SHA256:
268d0f430a2019fa0de8b1c69c4f7ede75d5016f187ac3ec8df6849b417a98c0
SSDeep:
768:YN22i9P347kYQyBhcJvkRpKXtChAlRZBj:TdP3I1hH+XteAlRr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM.moncrypt
|
MD5:
04117f26d129447b89fac7a4f5002b5f
SHA1:
556507ce1add6d9501fef0d94deaf344dad380a0
SHA256:
baa5ff0595a67df6895a8460d4ce179f7e4cf9031a1e6962e85f6c6539feb803
SSDeep:
768:8mq7bT169AxGAh1bEcrHxlRFAI9AQTLPAOZvE2tcF2RE/V49/4agGR9H5VFz4Uiw:qbT4S1pHxdAI9A2sycsO/z4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM.moncrypt
|
MD5:
71e53a9bb6c5a0c576bbe9e3f68e9b7b
SHA1:
3b60f968612d0a746dbc16afad28200f68902d1b
SHA256:
33cad925fda623521fe4fcf95893c4cb74464f5e80244af267f122bcefc64508
SSDeep:
1536:1jnrjYStc6TTylEDoIj3U/BPxZYh98EPt7EDoIj3UO:1j7TTwkoIj4JxZk6EPt7koIjL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM.moncrypt
|
MD5:
cd6f93b3e7b5dd97d674c297bfb2adf5
SHA1:
85681be52e837798559082a146854cb5970d7303
SHA256:
711a752e088b4d9b8c291d2bf623c7abdf8aa6c6cc529dedbd6500b444897efb
SSDeep:
768:TiKOsYYepWqGCKgTMGZRPSFxlgfKCUqo64MXI7+vdV53wcYolwlvnrf2N4Y:+KOsdfJGL4Y
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.moncrypt
|
MD5:
9e8005be995098219ddd4a08bbdcc15a
SHA1:
8f4013e438ed25e91eadb6aa806423df816c3e9b
SHA256:
e7e6118cc9b1ca1178630a3e4a244e230284fc14e674979a9cc44102a6e87053
SSDeep:
384:8o1Ej3SlPp8ENYwG1sIJxkUKO6VbCqnllZP3ODPe:8oo3S38ENrG1rJxv6CqlvOD2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM.moncrypt
|
MD5:
a2e07657823ed27447bcf7cc28fc5afb
SHA1:
42d83ce2be13b8f5a81f31c76c7457f763937b10
SHA256:
3c9884ee713f23d3e29b09e31f18ccea2e0cf9c74e98696fac28863706f9f6d8
SSDeep:
1536:3SM0ytnx70+mwqMFJSMeQTOSw4/Yt0jek5Sj5tV:3SByVxA+NFxZYk8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.moncrypt
|
MD5:
1c174339ed4fb33815996b5f95210564
SHA1:
51754574e5765d382d4a18d7ba949a902f9f95b7
SHA256:
5f56549a2d6aeb6f51d2d150317d1a6c79abebe33f120ef4c6cd17f401c0bb36
SSDeep:
768:lhuj89w0k9wiZTlEp0XNGR9AbYRBqAWbqgCdx0t+bUZ+A2ZMM1CIH9R:Huj89wTPbQ9oYnqt+j0t+bUGdn9R
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM.moncrypt
|
MD5:
4c04c478ab53f216217bcdc8a5d7ee08
SHA1:
444fd94108e2d9d4ca7fb81810fb958f02d392d1
SHA256:
cc6821c7a6f98b9ecd58f21a783827d97f59d4fa89b2d182c839406bf8075980
SSDeep:
768:/W0Hi3b/fJGR+d1RmmRvVq9P3Li3T1+2H42pSq7rflNm:/C3jJGR+jR/pm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.moncrypt
|
MD5:
3119e0a801d49d6c1695b36f64075bc8
SHA1:
7d5702b2500e4d1a898ec4477a8e93e194b15073
SHA256:
6cf231a6dfdd4fbfdfe03c3592cf7bf42067f503b1b739a899bb33b1f0071fec
SSDeep:
768:fy1D6V+pJ9D3SJuDvRIvG6D1P2SLIiY6PAKo5RiFmLTJkOs2ZIOMSCJczLKY:fyBC+79CCvmvv1PXPAjpTJfVhKY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM.moncrypt
|
MD5:
d5458e336794db5a674437451ee97060
SHA1:
dba3934b6e9b1c278df3f667aadd415f8f63d9fa
SHA256:
221bc12856f44e33eadfa8177cf45874dceadec45c69ca11af2e777201d651d9
SSDeep:
768:CGh5q1F1QsoTBjxxoXMaaM4fHGzNrZzd15TpUWivL/btdaXFihULXiTRkq9Rrd:CGjq1jBuxiXMaQmR1dajtRrd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM.moncrypt
|
MD5:
dd020e2a259506e2ab67ad006b77ed7a
SHA1:
748785c6cf20da35c65ccd5ec8d85bf2aefcc7f7
SHA256:
f770de0622eb10e11cb1e1bdc556e3682dc42ac447c8061bba29088334e1daeb
SSDeep:
768:hQyZkP2n8eZokc0RFwpzlwRrCj7vFiRzBiwGmeh5JBvO87Y5vf:hQwA10Qp6RT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM.moncrypt
|
MD5:
9ef286102d963b79035d45f02dc86c5c
SHA1:
49d99a18e80881beb9e29693e8b0d100214004c9
SHA256:
230ae1f9bf682be9770adb2d723a05a84acb26ac91813ee314976acad1d546cb
SSDeep:
1536:8Kw4eN1zKewvDtLsFz0PLnFvEaWL5cwR2Hyl7FOE6rBaS+m/DwLD:Nw4qR8tL5PLne1mSga8wf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.moncrypt
|
MD5:
076947bb96e033a0471b07a3967a6816
SHA1:
3fb11828c5bee02a6de70b96df0518208600a1f5
SHA256:
f871fdf2e93475c69d21e42e75eabc4189b6a6b1dfa1ccf8d335efc371dfcd83
SSDeep:
768:YXU+9O8WCzjME6DJ5Ohb1QGcj9WDlvAKVZKbC2O:oe5OU/GoKVUbCT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.moncrypt
|
MD5:
332f21f4e0ece4e2baa64b5efad57caf
SHA1:
9a69a05c7dd0006defa1e2bda7ee78faea72a30e
SHA256:
bc6f06e6b266cc85e2cb48a633c605f98b015b838112a4367c0651a141e931b0
SSDeep:
384:7R4dpPoOtPFIU6E8AumT+ZmB/BKMaPop2CWcIudR2q3Uz96nf9r4zs3U2WCui9f+:7R4dpQKdIU6JAu8Yc2C92oUzTA3fWQtg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM.moncrypt
|
MD5:
5cd2ad671164b67f1a2e2cd1652608b5
SHA1:
bbe61619650febd3707718f7e868f56988f0eff9
SHA256:
1eb9b5eebc7b2db7529265d667ff8e05ff51d8434885bb2b4624c9f75b2bb494
SSDeep:
768:X9Q6PaSxkZ6AEGWNwWKt2KGNRvFr4L1hIY8gvD88UeRkHdvm:X9rJxk6AMNr02Kt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.moncrypt
|
MD5:
fd5af81de5c12dc87cfd3a45d2629310
SHA1:
27ed96e0b6d95812a981e30ca453791297a8442c
SHA256:
7ecb92c824fb3361b269201e94d6e34d4ce64260bd32b6a5b3b32cd946892f11
SSDeep:
768:rL8121URWhEF4zKS3Y8G/40aHUz8Hvaw12nqeo7IA3CmrQL:hdfI5faH1HyIuA7IA374
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM.moncrypt
|
MD5:
4a6ddd139d3ed2d967ad510641fee6be
SHA1:
db807091e3efdfdceb03ea892b4c9ad869af73c0
SHA256:
040a0d2f1d987d62d7ab0ce6b1adf1cc5b78fd2fb33cd9e0fd70501920f7343c
SSDeep:
768:VqPSdTY9rasipHZongEg7aK1gyyPlPv7f3Rd2npOCV/rAwS9BqF:IPSdsrasipCgEWt5t
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.moncrypt
|
MD5:
1e3d01a1301f5878117fb20d792d6cb8
SHA1:
8fecd12fa16561f9c7bc9b855d2e5efbd5068c37
SHA256:
8ad0de81c5311ca41c3fd305f28e13871955517d135b631d7a335ef768c32e47
SSDeep:
384:9WBzii5+1svJPO1mdF/pzKExB0igrcrBlK3:wc8mwJPO8dFpmErqraDU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.ELM.moncrypt
|
MD5:
00c993dc20c60390d770bb72fa9ccbff
SHA1:
9837f86fa39830761e02e7b0060bbf944f8c7c69
SHA256:
413f0d3b4d62384dd318ffbfb15882710526cfb2af20ab4adf76272f972586fe
SSDeep:
768:RjzV0Dj3M9TP5vdwtzcTQpnjb9gMZT5qTfTYlMTzRBreoJlpZDmVxEbmxT2F3w0o:JGn3M9LDszuQpn39gcqPYZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.moncrypt
|
MD5:
83a7a374c27ed0174e2b18880f590359
SHA1:
61c15550b191d79d3d82e7232beda508af582ba2
SHA256:
3cbae89b9142d5a48b59a09b3f4ad467683cacdf1071a137b294fd72902f0fe3
SSDeep:
768:RzHpz97ibWh0hkgjAlcWAvDH4yQNq2PP62bHIeL3SQZdUrN+gepr5aJtfX4AeVbO:Rd97ckcAqPYXNpPPPbgZNwY1zeNYPh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.moncrypt
|
MD5:
815e97999acac20427cc298778d8328c
SHA1:
99d5f339a2e33b442d99d488b9b2d38bf9f07ebd
SHA256:
454029def832053f8eaecccef6349ec62e3aa168e01f840fc3e63619e712792a
SSDeep:
768:TXfyDtf3UFOJ/ninX998ax3YzI+XWaLnD1Iw5Y1ppRdSa:kt/qOJ/itKax3mjLnD1Zu1Pya
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.ELM.moncrypt
|
MD5:
b7ac18b4a9fa26ca4078bfba403a59f2
SHA1:
09e384dbcfda0edc83ecac5d304482b8dd0a1ee8
SHA256:
db70609d9289fb429d682f82f9f7db5adc52556d32c0be85fceb842aae9a7481
SSDeep:
1536:TWnsre9qF+VlpdRvK9jtAVa4XmnqqvLQZQ:TWsrGK+Vlpg7M+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.moncrypt
|
MD5:
d2e6ab4799db45585b39c0306fdfeb74
SHA1:
0370574eed93b4aa68329eed7511f4f7ab2383ca
SHA256:
6a49a0b5eaea7ff4d731b06c9e582a5aed8089119ecf5ed6d6fab2abaacbbb4b
SSDeep:
768:3AQ1z9l1wz0hdQlwHr2Jp/b5HIfk/qtDf8SF/cKgr/mquEucFX:FNGF6Hr2JpjVWD/cqqutcFX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM.moncrypt
|
MD5:
378f30a23c414001bd97a23c7fc4f25c
SHA1:
a4bd43ca34ecb029bc998b47136649a9d02673dc
SHA256:
555a7d39c6f8834cb0c7a8490bcb356c09324d29b8b71d1579b885992456fc33
SSDeep:
768:tsgKQFZbIBGsvUtmOeEAd4mH5fsXnxMG+oV6OGfVRpywUlkYBvll/TG4OOuqmEpN:qQZb+visd4mHxI3pUfVRVuZmSmQdhT9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.ELM.moncrypt
|
MD5:
c3741f774cc27cbca484f1d2445ca3f2
SHA1:
5679b28e88f8e8c0a42087c58bb1ce8ada4f31a2
SHA256:
79b8e0b55ee035df1d79d47e1feaec603c3cba53c868541c97333b08fa7d47d2
SSDeep:
768:lUeI1DdVf+5z13rFIJUShGy9VDL8BxWxwQwTzv0kbBr9ImME6Br+tCCFIKBBH8gq:l43fmzZFIJUjy4BxjamMQu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG.moncrypt
|
MD5:
429906e15a2dc050646a3db46b94bc0c
SHA1:
91b06e9b7505bd12c294cceb7e42568fe8e38dd5
SHA256:
81f9beaf553c95cf78d51e5028566336ed86c9beac1ac7afbcf0733d0d1b28ba
SSDeep:
768:7r5YsJjkgKkC/UVNRjVvnA4TI8vLMZXxbAAI:fVmJkCon1nTI8vsRAz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.ELM.moncrypt
|
MD5:
7f75e6de3289d465c4f02be6d5e009bb
SHA1:
4fe526b290da2a5ff39475d7b8e88251a80880e0
SHA256:
5524a01c6ece257d8eb1abbf90cfa66181a1bcf80d1aafa41916c4a8f10263a4
SSDeep:
1536:xnOaiwGCU92fxgMq/+RLc7HGrNq30dF/e4m:IaJLeMq/+RLcTiNq30dF/S
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM.moncrypt
|
MD5:
e9a840414e48fa3b586614204f3a8e26
SHA1:
8b1e39640a9536035c05ef167726ddd24d2f3602
SHA256:
7f376d5133d3d05e3a6631be1660886d6edc7598d389527f5040adc39bb72d75
SSDeep:
768:dw4mYe2BB2ZYDYOsdwL2stHSL94nvFA+bkp90mAaTnESpWvK/NBA:dw482BBBDYOsyXhSL47
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM.moncrypt
|
MD5:
2298884615332f505f738d43b92aa62d
SHA1:
9e6cbe032425adfa67f434c849996690cedfdfef
SHA256:
10b44477e15c5e03b570e7ec454f100e322dc0a053c7cbd0b32ccc29da9342a0
SSDeep:
1536:AwaDCK9LZCba2QGpBh/zdD8fsL2XyDojw:XwLN2H
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.moncrypt
|
MD5:
43e63275282b31f1f4803fa309e6a79f
SHA1:
8fd9721619139a637f1ed29c6f905cb54f9d1882
SHA256:
367e718cd14bc4f5ef9db8344c8ccb0452558c1acfe0ae633b2c907750fea2cc
SSDeep:
384:q3qLvGY66LkTUsqce/D5N25k5AOOM8r2dt+VKTb8KvMA5E:q6LvGY66Ao5jDLv5eItLT3j5E
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.ELM.moncrypt
|
MD5:
2e8ccab42235e29d3403fe4f995366d9
SHA1:
af637c1ce0e928e6835c606b6cb81f1ed49558af
SHA256:
1efded6e5fd5571a12a70c55c4d709cfcb8c51072187ff499856a975d1a0bc86
SSDeep:
1536:zhfSvBf48VvPLXZju4AJ1CElX5LIUfB/8RLFayKWUSdntqV4+4K:zEvBfWhJEQX5cUf21FayKOnk4+J
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.moncrypt
|
MD5:
9c829d1ffeb6619e3ea9b1534a4128a8
SHA1:
44449ffc30bfc2d70bfdef0c4a54d98c253ab2b1
SHA256:
e61909ebda47982659b8dae7558e105e10a73e92085d1b83c344a91deca809c8
SSDeep:
768:px0wL9+729bTav0s+UcbTOu8kQPM/AwbpzseJ5SQn7AJ9B6XVlw8xqyC+6k:pxt9h9bTavBDcOBkqI4eJIM7vXVlw8g4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.moncrypt
|
MD5:
71732d52789baada0007ea6e0a9d4982
SHA1:
026ae1f54978a839b7e6afa24eab7bfb8d0e71cd
SHA256:
a7a23757f55690e17f0a4b8af051f71adb938e33057ebd3d0743b64ef2abf3e5
SSDeep:
768:3D/ze34ADPL72H0RZB2C8O3bgqJoE7UXwYwEh+m+JW:HWbDPNB9pYE7UXwYwEhl+0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.ELM.moncrypt
|
MD5:
74e2e335dea15437e261d4edd5bd612b
SHA1:
00ea2bf9c39b1ed0f49c26057bf1f4da3682cb40
SHA256:
1b40ec41763fb1d6d7a14248c82510a0daadc31f9ca152600af670ce93c9e754
SSDeep:
768:v9HdsERQTLHHLddurCN/ZMC8s6AF5CX1QwjhaBVkmN50+6w4v:v9Hd7RQTzHLPumhN5E3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.ELM.moncrypt
|
MD5:
7ff3058a39921f4e73398be544d8cd80
SHA1:
1e4fe761ddb024cb8d3157d3bf590b9504b5738b
SHA256:
1acb2802ad35a0cf607d69dfd17bd914efc2b0cc4359edd3235254cde8b0ae65
SSDeep:
768:yJgQjp1/a4GWS57rxAXiXes9XeOl3VqF11/KaSOqx5+IIwYUUtfwNp:y2i1PGB3xMiuCubqp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS.moncrypt
|
MD5:
93cbdd31c51c71e9959489bc7ff1e651
SHA1:
3f120839b05cc9455e30c6bccba1de5bb84ed614
SHA256:
bcbeed6990568f7770af554a7e619985b8072bfec06af3b5e44c909545373e7a
SSDeep:
49152:3c1V+89MAeFMhAvkz7wVIYWG7WuTVaxbA7AA8IF9SvyOW:syEeFMskzkN7dBaNGAHPyOW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS.moncrypt
|
MD5:
b9d2dd0a2f9f33f55e6026aac9ecf73a
SHA1:
5a67935af4347c24d3dd343cfb2d368c0b8cbeae
SHA256:
890a878a1b18083262dc1ed6ae8c2ac0fd271f43617feb4b73a802af1dc0a6c3
SSDeep:
24576:siG+HPp93oE/tvp9+WYwYyotoeSQyeEH3gL9irpGEX0:sNg93oM7YwY5toWgHKEE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\WT61ES.LEX.moncrypt
|
MD5:
2d32f84d7d8509b5253a6aae6080760d
SHA1:
5bca7f026009d443834640f13e5e570fe86785ae
SHA256:
b61966391c42df15edac71e432a84eb548bdf94905b18dc970a93278bb0610fb
SSDeep:
12288:coZZLNBBpU2LWmsNQuiIIBuRZy0KvUt/Rm3+mUQNaidUj4W9p0:cIZDpUxrlXZy0btJm3BHEo20
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.ITS.moncrypt
|
MD5:
8842a20acf8c580be3390feea21f0286
SHA1:
46f181032f1bbf14623f59e9148c1afcc9295cc6
SHA256:
1df2608c899c572450aef10ad76c7218e092f74b049ceb8c2324d25f9e901a56
SSDeep:
24576:0YFdvU44SXjoReeW+gTtIlDDYilCdIJcVp92:0uvU44SXjon2tI98XSmH92
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX.moncrypt
|
MD5:
d44b55dfedf934a7ade9f676c44b0e98
SHA1:
5ecd8cbf407957e15a39164632788748d4db90e9
SHA256:
3bba7a46bf233c7f95d06d53d26df07026ce230fc573505b55a06d0c42ab74a7
SSDeep:
24576:ZyWC8CQCJC8Cy1XULEeJL3fpPp+qM3ZHDwI:bTJLRnM3ZHDwI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV.moncrypt
|
MD5:
afd22b9547013ab5179434010c822aae
SHA1:
c92f7c55752c8d47061f8e968e304aef3755346e
SHA256:
8ecc7b9a2dd4186ddb1a3286496ac362760ef7bf6f7c57b223989c40579f3ea8
SSDeep:
6144:NCJBywBKQRWOlnyJOxJ456CuLTBwC8FqzR:NCX34AvyJCJ456lBQMR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV.moncrypt
|
MD5:
87b075d3792c4cd0b985b39b59d919aa
SHA1:
dae83530e5145bfbcf20b284b6dff18b0eb6a339
SHA256:
bf653c246a04e9c3ba42433d04b0e3417d011a6b830187b1802d501cada03f30
SSDeep:
3072:OP8gWzVv+pZiXNEmIugmIswxh1SIptTO9t2DhGJx3KfwD3y0QdI3QCcNGCFCCTcU:s8hKEEmPgU/9YsJx3swD3y0QdxFpTbEy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv.moncrypt
|
MD5:
063cd106f935401ea0bf39fe87bfbe2e
SHA1:
713ddfce0d31b58fdd78b017736199e8603f330f
SHA256:
550e89dd4cfcc23ea63010f509cb79f3980d08f5b215b24eaba5c9e9dbdc20ce
SSDeep:
1536:uVaIMCnqzG5tYihcSQ09jvCfCcI951tvUJ:uVaIMCnUGNQMjvCfxI951tW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\GBCBIG.SHX.moncrypt
|
MD5:
f18f9f92464f310c3cbe09033f2e2186
SHA1:
d011d81b46fd22d536c5af4b63142b5289c6330c
SHA256:
0035068715c650ff290d9634ee7452e930e53da3c92ae4a14dbb35b8989c197c
SSDeep:
24576:r1Hy3pahq5DNaG+RRvXMvJv+m74yycWWTGxJEri8I:xyEhs8G+vvXAV+w5WWTuJj8I
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\IC-TXT.SHX.moncrypt
|
MD5:
ef0cd1490e35bf1a0092e1d70ba238ae
SHA1:
a4e7b55ee9968703c6b114b8c81a94c9ccb7e344
SHA256:
7368bf0bc7d0051a1a930bde75b4152db8af8e91702c4ad3b509d1ec9e9269f1
SSDeep:
192:NXuT/0LXH2DwJGrlIn0Z1eH/KGq0Ud7kilEOxKutitPw/S5QSEITzsQYcKjfi8:NXg/0SxJIn0Z1Jt0q7ksKTtPw/S+6S7P
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHGTXT.SHX.moncrypt
|
MD5:
8309096aa5e58fe9cded88b8866a0e58
SHA1:
5af2040c5e893c78776d74bc70a91b69ae7df55b
SHA256:
ab6719483a392db83cd9682c18bc882f852743356aa1e798586cb0cf7769c9d7
SSDeep:
3072:3yhfxaJM45YP94091NdlcJZPVU7cQ00x8KrIcNIgNIsJTN0rpQdQ1ZJYUpjNkwNB:CN45YP94091NdlcJZPVU7cQ00x8KrIck
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHTGTXT.SHX.moncrypt
|
MD5:
a1b179982f208bd25f0a319bba62b95b
SHA1:
a3a39bbbf56d8d00f9a6b81bf479036c5f3308c9
SHA256:
d03a462d8915d7a8a03529e2baa8480597ae5624a44917f3139c0b0941bfe435
SSDeep:
12288:kXShrIrywxGE4obHoaUFNuGGooENADAHWLi10nLdEEo:kXShrIGwxKo/USoXNAMWY0nLdK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHTMTXT.SHX.moncrypt
|
MD5:
2c26e7ae77ba413cd61ce48be5887593
SHA1:
e6abed3e76120227e888598b2155864a2afdc955
SHA256:
3040138fa82f3633fa0c388b7ad46c0b95e1f424d2739a4c4410f73e9f677b9a
SSDeep:
12288:NjA6GEhuMndaTartzKhplUYFKvCZZTrxlk0EKthj7ojILELeYWvs1k:NjAOuMdltypuvGxm4thgIQ6vwk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.moncrypt
|
MD5:
289f2b2107c32f5a80951a5fcf87f1b7
SHA1:
944ce1c4a078dc16d9040025a3d5e93b56a00e02
SHA256:
943f2f79fda7fe056847c40e85040d2b41b81ec2724a766fe40445cd600b02a4
SSDeep:
768:UKE+pFHi3A41N+vJl+Vr40RcKfkpIibHG:dE+pF7YNq+VE0Wik7G
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.moncrypt
|
MD5:
7cac1fa9c99882cb816282f5e421e0f7
SHA1:
e868dc5e8c1d500013d1928ea9166ed0a0c1f798
SHA256:
78a85af294367b15f45d909908efc6871d82bb7cc44969aee7bf61c87daa0aec
SSDeep:
384:m4jBpbfiwO17zV4DKHF9bS7YO7edbW3tkD:TDin75gKH/S7Y5i34
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.moncrypt
|
MD5:
936330f9c07207b7d105eec939a0bf27
SHA1:
f103a2d4c04b4bed41579f4ffd8e28b49aa971ab
SHA256:
f81e2268ba28dd852064e7110a0841c90ce849bb2426bd0af4f5ed07407ed2ad
SSDeep:
384:lHNbyRhrVKv1JLjVPQG50FF9jAe+vIvfc80j4TDwFr+V8O+X:3byRhm9PQs0h4yfcvj4T2aV8O+X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.moncrypt
|
MD5:
4ee9e7905c22cae36b3e574b0012dadf
SHA1:
00590c3c4b79c850b90f4f8f5d33903b052eda95
SHA256:
c71223afcadb793a23d302886c4d6aed0a004f93b1f0aafafbc3da1abe7700c9
SSDeep:
768:gfBPLC8a6h810yyKj3OeHYnPnKekcIibHWF:gZPLaf10yyKj39YnPnKeksWF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.moncrypt
|
MD5:
b7021a7d138b56fafcabe72547b0c836
SHA1:
65da364177af0ac21c9d39379fcc31cc1d710056
SHA256:
0b6a9fa9012f10147672be7bdd0454ed6c31d7c2f07d26be327600009ffd436f
SSDeep:
384:2WNietk/l1J/HrTz5HmKvoLEAixJS/KZ9nKzsxcV/mGk/T/IIibH0:bIRl1ZHrwKvoLE7mInK7kcIibH0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.moncrypt
|
MD5:
642d7f64b74c9518f43a8b289465fc78
SHA1:
1a24b622e413130f7fc7cfe147258a2c76f3beb5
SHA256:
1406cc0a34e728e269ac108905188cc5f3d64d669050aadaf9b152f6a7b12895
SSDeep:
768:+Aqi5FBXg2P15WxDwU65EBVJVgOj1y/5Whn7nKekcIibSJ0AKbTe:RD5FNg6TCkUh5VgH/Mhn7nKekLJ0AKbS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.moncrypt
|
MD5:
d22b12404152fef7f2e26508ba7f198e
SHA1:
84850eaa133182c535ba905b29f595b91b7f3356
SHA256:
4285b3514018aae41e74fcdbea4d8ce6f6bc1fb43b1844c0796d7f5c66dabceb
SSDeep:
96:wLhoWQVnXeeHVrj/rDkUInhOBuqqt+3BNPf0gCZHqhPkJO0uY9:+hoW2ue5/DEnhOksz9CZHAOV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.moncrypt
|
MD5:
00e9ff7829d0e0972cc3ebda10490f81
SHA1:
c204b3f4e74881ec65b93dfe44e00db7699bdce6
SHA256:
298946b8ab95475f2a9a2fffe22a0da0baef852e2c414edee73142a1503ff01e
SSDeep:
384:jslKxDkrUrll23QOvV6ceZcM2hMoKLxwz14t6Cmf6clbvGj6JdF46kHyDHML7oS8:wlKxDrL/UJe2WoTB4t67f6cJI6JdFnRL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.moncrypt
|
MD5:
dcff627cfa5208942b39b66db2c722ad
SHA1:
889830b42f978b25c85284480f68105b11e4c226
SHA256:
8cf61683f6255a6cabb31667a5d0c72e11567dbd0a23c7545e14d2cc28f1c259
SSDeep:
192:P4iOpHotTZVmS8cQ2DsG5HQGSoCqHI75frFPa88bdb4H9eX:PjOBQTZ2UDseSTX5ZPP8I9I
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.moncrypt
|
MD5:
a13733558e14c8b2994a1452156550e1
SHA1:
f8be3af9272e47679b6b36fb71f9295f5300542c
SHA256:
6fe5248c7b48cee0449bb537815cd19da309138d7de71c3a9edbd5e5c8e17401
SSDeep:
96:+3FY9JFdAEsCe465zyK0tDeh3gzw2rmU4u/ki61K7z:YY9JFdi4Kx2Degr+U6Gz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.moncrypt
|
MD5:
7c451e19e0517bd3b13db8444bd742b8
SHA1:
214d2c73f1d54aefbbc47166d0f996f2cf270352
SHA256:
7d63609991426381d4127f6ab45109c99f4dfef473a1a36160e55ce0425c81ac
SSDeep:
24:rtQAdOhbvDem3aBO/IH5E1OEHRwwiIhdVZidYt8ziaeRsWcSG3OkS0V5SIgzUOsc:rtjQkOaBMIG1OEHRww/S6RJOU0VbMYEl
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.moncrypt
|
MD5:
84bdf77e4f041af742798b9429397775
SHA1:
8b99eb7011503900733b6dc79a38d6b4835ea5f5
SHA256:
85f00cbd974cb078c16f3724f294a7c9cd6c909e7774e5e32ab5d72dcc006981
SSDeep:
192:a3fyecJT0zblcUYHos1LhN5TaeQ38370hQ:a3YT0zb+z3Lvh70y
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.moncrypt
|
MD5:
15a3dcac5dc7a366d39b92dac47c658d
SHA1:
2ffd30fcec8f699417faa3f9002f734fd107425d
SHA256:
d8de512f03a7384575f43c8e814b0a31595024b214e0e326bc50d91bca7a2339
SSDeep:
48:xWRfud6g4r+WkWlVphto/n+VJhW9Z0J7lZHqt+CWDO0UCeqVRITmU:AJud677Xp2+Vb/JrHqt+C+lUXqMTmU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.moncrypt
|
MD5:
e240a40630584c2cd59b13c53aa8de82
SHA1:
2f4e678c33decd6f322e4067dc28ebc0f5f8a2d2
SHA256:
4cb4ce1b2f1f23c258c0a1d93dafe86c2af2ba15416c798a4b1b71ea5a442caa
SSDeep:
768:jedJiE0JyTxMrq/xNm/S2rozQZgyR8P/9aMYHVm81b2L+L0uFNUUZKpEBJCF48:SbvDuroRDEayR8ECf7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.moncrypt
|
MD5:
0f1fb7cca87b0fbe52a1d455d03e4ab2
SHA1:
bad33ac8f24eff8f433cb38f1da1c32b41a0fab1
SHA256:
ae30c2468f0677bccc1dee68f13e81e7a048366f47dfb53ba16979794f73dffd
SSDeep:
96:fAc8xsHD+TeSPUPnfj+kg5CNw/ZHHA357khifSkB:PDdSPUP7+kTNw/5A358ifT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.moncrypt
|
MD5:
5a4d8f4886429680ff493a5a589d22c8
SHA1:
891397a76102a85c58b1125afe3a2ca00108a73b
SHA256:
94f749f2b2d10009fa8fed6cbb1e82458cab37bf9a0a9c7daff034564b14b6c9
SSDeep:
192:IqKDBk7bvHHiqWvpsFqoRYuRZASWkQU4wkQWJz:pKlemqWvpObRYuRYkQXHQWJz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.moncrypt
|
MD5:
811a5d84fdf527488e380ac76351dcd9
SHA1:
367d11b8340bf28b23836d1632744858f97b6b2f
SHA256:
56ffc71ab823c64531b2fc06db0600919e3cb223abc40f82f184afff1b4d1166
SSDeep:
192:IOBsKOTzqYqIp3cTOGtX/U9klZ+FMZKQhj6YOrX:Hs/qYPp3cCKsJaZKCOrX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.moncrypt
|
MD5:
adce177472f1e649511471ad841d02ae
SHA1:
4805eadef54d2844164a8a00f8856949308e0e35
SHA256:
9c97ccd8e8e579f0379d9ea3a9eaaf841f518b9464dea55201e93f420421dcab
SSDeep:
192:so5YzkZCXBGlGmM7fPcONtiL0bIpQqQmjw:so5JZEBzTP2LEImqJk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF.moncrypt
|
MD5:
7bdf01c630bac7d6f6945e9298cc1a18
SHA1:
35dff9f7b94fbd3450f4a8dfd106ebff990d1cc4
SHA256:
d36deed81903f343c112b6bc9f71e3271b63d1f93e48e7b088456a69eafd4079
SSDeep:
96:BUCSstI3uT/8n21zUD40rjwdG3Bxn/xtXjmLVXO9J:BUtse3uT/8IzUD4WjYG3jn/xFIXO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.moncrypt
|
MD5:
88ec0fab62fec0cf1a403b16c0bfd764
SHA1:
3fe091fa56fb59c85ecb3df45e8374de61b0687d
SHA256:
a0be66f9a2133f13973dc806eadec517475b6b5aeab1b6c1c5b7ba9356d4107c
SSDeep:
192:/7n1DFQ+YxqohgxyAuPSlPi6tP1Lp49H6u:zfQ+Y/0ymhi6tP4P
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.moncrypt
|
MD5:
0311f28e973a6370c8cfd078716438a1
SHA1:
84d614b91eefd7d93780e47e43dcf23fec9189ab
SHA256:
1a0c9da78e9c8476dc191c8db2702fec240540f82e59df69b228b3f2bd4fb88a
SSDeep:
96:6xjwPsZslOf46o8qHG7PQeImBATTRRHe0wQFJ7Gu+tARlf1YHNC:6dwPkZ46VqHGPQeHaTTRbDFFeQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.moncrypt
|
MD5:
bc4813338a703ae708a949d40ec1940f
SHA1:
9ff1952de3dba637a43558fdf35e3a368e25b41d
SHA256:
daf742963ded3a2eab6fabdafd456fd6b94cbef98375ba88a8269a1530c69bf2
SSDeep:
192:02EmGSxntCAxYPDAU0954A55XzeRLy1jp/L5Bc4l50QT:JRGSpYPDDABQLu/c4l50QT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.moncrypt
|
MD5:
eb1b56212797941d9cd50fabca8c3641
SHA1:
aa7c0c32da03641d7eab29998f8d80e66194fd05
SHA256:
f650b23918ebb2f16a048312c3e41990747fabeeb91bebd572c5714fd16e0269
SSDeep:
192:G9W1WdkE2pnN9Pef7BygvU2WmQf4LcpnPSj0lYbvAUCLF6:ek0kfXPeTByOWmQf4L2nPs0lYbop6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.moncrypt
|
MD5:
c2b53ec0cfd38019411decdc5dcf3076
SHA1:
773e3b76da7e2238c1c564d05f8ccd4c6c6782ac
SHA256:
4946c2e42454e229f35ca565ec0619e76577b453f6d306f8c7bd738cc8d89c0b
SSDeep:
192:s5a+wSw9g6Jo3Kien9td5s8etlS9JZCyuKl9xDV+amWfB:s5RwSwg6JXiu96bsZCdKB7mI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.moncrypt
|
MD5:
eaecf5c5ff2e4ad0700f1ac158073d4d
SHA1:
9e9c421165626a21c9954797067812f01194753a
SHA256:
c09030c4509f4196339a8ace228ee0f6d3ae1a68d160886b20179130987d2e52
SSDeep:
48:h73ipZYjic2q0RxzT0Yl2JYJNvhC3Ifb5eUXEN0eBrleHF:hi7Y2q0Rx0YIJaTcUXENfBrlY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.moncrypt
|
MD5:
1108d63e5ff4940389b1e20ab7424239
SHA1:
56b72c91c84ae6844c02c1bb24812bf77972ed9f
SHA256:
d628f33da3b04ff284b908c39c95d90a7849300e4f1b3951a2efda77d19911eb
SSDeep:
48:9amW/McaKQBmmG/Fei4k1pN2leUQafMwH7FC8i1EGX2+4ioM3lFc6wvKj6HEVpFS:3Nhhihpqe70d7FC8i1DXv4iLVFctof/e
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.moncrypt
|
MD5:
790b80f85a32af2a5bd7406afdcca58b
SHA1:
58a5217822c254172faec3060e5bab36bb16f492
SHA256:
f69be7d7ac58523ddb339109d4caf018ed138cf580e47e7c43eeceae4e955955
SSDeep:
96:6R1ktub7/HiY3cHP+how0/iE0cmsad+ksdb8ce4B7NGW9+HStD3:68to7filHP+howaiedo36kQT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.moncrypt
|
MD5:
47b7f517406967be798d53c2da264672
SHA1:
43da0de8068142567f64287fd5326fe071739669
SHA256:
38eb96efa52b544a2d502ae8e44fe84fdde218fbc20b16beafc99de24b4ed80b
SSDeep:
96:Qv+CMWGd9KfXQ1alDejLuKwU9NoXBmVROrNnz7eBa+z:w+CMWGnKfXQmevmU9+X4nOt7E
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.moncrypt
|
MD5:
6fa43ecb76e1e6930cdb6fa25b334215
SHA1:
223caf658b5227410af306897345ff1af0e0f2cd
SHA256:
8b86beeee7bb39379c1ff7a0ab04d087d12fe14b6e383b51ec3bccddc667c0d1
SSDeep:
96:dTX5HkMd2Ai8/Hz/u4BP9JFzDWdl8b7I2/YjWu7na20U2H26BraRKwvlt:dTtFd298/z/hbJF/Wdle/YjT/H2HgKwv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.moncrypt
|
MD5:
59c8b9c3262ee6feffbbfa98adc1ba2f
SHA1:
e9e3c6a55e8afce019f22cf1aa67a0e2062b6366
SHA256:
2a580d6984a0dcc9e5847f66b0be4ce097d5db338685c46da9f33f6e7fed0825
SSDeep:
192:4hRYwXELyFnoIji5TSZBQ2z5luAT0tme6z1ijOI:Wqqo2iQZ/5Uq0tme6Yjj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.moncrypt
|
MD5:
0d021cbe8f9578e000880f011df0d027
SHA1:
ff343f9678ff0f69d5af268b82684d8c60f5f3c5
SHA256:
8313b5324b6fafcc07b8503bf2d01c562c58e9e921acea7790fdb6003448e5dc
SSDeep:
96:WjcsRdFn+tiWkhybhd+WJirH4RzbDneIhKYdBlk8SwzKZ:W1RdF+tRkSDLRPDnhKiLu7Z
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.moncrypt
|
MD5:
f0eada9edc32e6aeca218fc6be6bf7ab
SHA1:
2653736af8a3404df228c47b57b804ed49cee6c7
SHA256:
cd050ca13c51f0e77e94fe776230b6bfc7850de9f51027b16e16aa1f83f186d3
SSDeep:
768:OJJFmZjIesVUmJ45KHp4ms33kuY4ajd9yBUTxaKmYDWDdPfeudzYA9dc0ZtXOILa:O7iIeWE5KHp4ms3TKQ1BCWBEb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.moncrypt
|
MD5:
6215b5102cc14df77841017f2bc019fd
SHA1:
d165e3993634005313bee7d8aed63275cc084997
SHA256:
1a46295b54f1574e0999c5a7ea9383e3c3eb3e9227f4fcfb4376312bc2e6c11c
SSDeep:
768:c0PmUVlvoIYhS6molQ4DYzHFyp/VDneHQ4wS5PLCAT9xZBV0UcQ9ZAiTfO4fVa6A:c6VVNolCKG62wNL/eq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.moncrypt
|
MD5:
d900e287e673f730b675031e227dbd30
SHA1:
77b03cd9bd43cff0b76864f871b1e9e34aa7df41
SHA256:
220aa691430081b582b45ccc0616aef714fec19560643e6f58758e46fb6916ea
SSDeep:
192:KQarag35OxoscOXPR2Ygo0KJmbagUNXNdN3VG1FCbnpZ2IoFl7vVimkSBO:KQJQszR5goLN3ViEDSHkmkSc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.moncrypt
|
MD5:
65a93e4fc28fef972d77e3c8f50b7bd9
SHA1:
cdbdd9c1c9775b313668cd1dc983563b1b6a6713
SHA256:
f021d6f4de7fe4c48e844091f2180bb2dbba7bb7c274bfcf267b56579ca3c3e8
SSDeep:
384:PMSZFT50w5z/o4widK76aH4jtzGqrNEEHy+twyIdPiaTSfTe0k23W8yZ7297KSRO:PjF504/o4wx73HOGaqiMae0k23W8yZ7D
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.moncrypt
|
MD5:
8442c33eb24b8f1b081f1dc592383304
SHA1:
b4b68b4d41b0da91453eb6d40ae9985a71301f0e
SHA256:
40dc60cfc3c33786db10f9445df2f9496bb13a35b6ec3b49ca84ebdae4c7a877
SSDeep:
384:0eOB9ESkFpGsUpjjJpky8futvITa3GxRHyo8770:MB9ESR3V+rTa30HyL770
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.moncrypt
|
MD5:
dac452982c458c19719a40c9a36e31c9
SHA1:
7bad4c88c8fc51425e2d2afe1214c5e5bd47a957
SHA256:
f1b4eb11173869607d7eff4e21a65b4119551665ffa3998e34300f3ad8a5f751
SSDeep:
96:ROCBNXwNal0OB+ASDKnsfhmCA7KIpOVOhugrt9GSrpEjmq:Rzmal0OB+ASD2scCy7Xr5rwf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.moncrypt
|
MD5:
c032906094bc793c83516bf2b04973df
SHA1:
9fbade1c27dcca2bbe37fc8a479a1c4c16236c50
SHA256:
63e1d4689de38833f1e875515c3d4a63340dec4870c73a30d9f1bb601f437eea
SSDeep:
96:OtlwqhrnUL7xxFua8c96Sz06qGthCL388j760E742g:OLkv6oCT9jzE742g
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
|
MD5:
4917d7adfc65e753005c7c51ecadd1ee
SHA1:
fef361d052dde56e24418834bc5846d2fd2ba25e
SHA256:
2be19453bb04fd02c2fc26e45ea7f292474f1b63d1dfd7e57815af8a61b4c16e
SSDeep:
3:Z1r4kXlz26Yt59KXlL9l:rl1xIqL
ImpHash:
-
|
Access, Create
|
Modified File
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.moncrypt
|
MD5:
fcf12612b2b4c1f96c5241d21a9bc6ce
SHA1:
e2b008ddbeb3efe7da7137cf5dbab8e52385425b
SHA256:
377141dd1f58586733dd210396569181d9623c2cbbf4be0194630a4839ccc808
SSDeep:
1536:2J5JlD/vy/5mZvMc1OWGlCANATNZwHGiFSnpEsJFQiCynC7up1Z5+dAwrPQkYPat:2J3lcEANAsHeEiZs81WdXyrSxGjcwmv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.moncrypt
|
MD5:
deb56337a7db1d4c68d959c804c7aa71
SHA1:
04413bda79145867dc7d6e92ad206257fc6a60cb
SHA256:
08736a1ee1e237c6c5f3333ed70bc78e24bb09ed821e99e605a56866da0530bb
SSDeep:
12288:sEpnBnmoAcyDYo/bJuCqZ5GYLVZTSiR/vjYEsFfhs9BJTzsz4J:zBnmoAcyDYo/bYCqZc2jl/vjYEsFfhsJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.moncrypt
|
MD5:
e4bdf5dca74db3b3c897169f7a0f5584
SHA1:
8f1aaec54c5c1eaac375b584544b8186f60bf847
SHA256:
7687c0c4cae530be17581abd0925f2586e3e371bea32375e652377a346ed933d
SSDeep:
48:xQ+7sCMWK+pG19jHzOmwdGCBU0CxIpFQA/k4:xQOsC/p0HKBdcIp7f
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.moncrypt
|
MD5:
c29fc0ccc8d1b31254699dbad66c5c5a
SHA1:
d13dee9c92c7bfaf231aa982e216e89c2a3b80af
SHA256:
58397e1090a445e34a3f44b4aca51b8dd4ef6aac1cc43c00003af6593e714981
SSDeep:
768:VnAm/J9DYBaoxIPAJA5/8weuYWb1fnE4A0dT20r+WOB+zLMYpFq9suUPFRYxRHeJ:lqhvNnWBz1yKpo9sPERH4pQgt95H
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.moncrypt
|
MD5:
c0eca263ee9c107dd38434a0cb899515
SHA1:
98d9ebac3e1c06db58e8b293df9bd22ab3265f39
SHA256:
4fb2a9e598669f172c1c2eced1077088353a59f1a49250ae954c43a643075809
SSDeep:
6144:aY5eAApjk2ea1YRerOIeql3aT/yYwCeITBqEeSkKOx1B:RQXrpxsw+TsEezB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.moncrypt
|
MD5:
bd45285b61d5100c9b602a14cec1d897
SHA1:
83fac1ae9a3a3cb1eefe94020cc7843f301cd3bd
SHA256:
bc73697b4919f9b95b6d607f573d1ecf411ba3eaf7b505500a89b4b23d2a6896
SSDeep:
3072:49aJreKNQFsQ8RXtz11yB0IkJXt2up7zQYRYR2iMdWw+jnJOLGAKuA/c9oEZ:K2NpRXtz115t2IQYJi2WzLJOKAKuvZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.moncrypt
|
MD5:
a47419636be3ecef028983fea86d92b7
SHA1:
85181866d02d8737aa0f07d34a9242d0a1491eea
SHA256:
397cb0a9304eb0782e9da7926cd3a0bcb9f6baed0b1ffbba8717c2a2f8c9d2cf
SSDeep:
1536:H3oDz8UrNoCj9POROulFnU/kvEnshMV9dj4Y95H:X0z3xoS+KkvEshMV9Z4Y95H
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL.moncrypt
|
MD5:
c74b0205ccf4b396d33bebdb2003a8ae
SHA1:
709e2be1bc24ae5e0fe9598aefdfbc5a33f99094
SHA256:
0d362d3df721e227411842d6a514e0cc4ad3e88102ca6f2ab5488da7046ee84f
SSDeep:
12288:3ji8e43+V30ZGtlSb7XoTonuEZT8FRCas+DuTTCM1rX2qg:3joPVqwgMEXoFsasiEpg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.moncrypt
|
MD5:
c9c2bd8c6b7f6d359cbdbbf70184c578
SHA1:
469a1f123222c78b70b66570de5c2ef40c290c9e
SHA256:
2476a17b04f3363d9796b1fae08bf006d839814bd7f7a1d4e04cf6d87489b40a
SSDeep:
48:H5Dv724BACJH6E6JoOAW0r9AB7JGQVxm3561WC8:H5DvZSC12Dh0r9AO56C
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.moncrypt
|
MD5:
dcd1a4c7cb889030dbe751ad6e283957
SHA1:
c27914c8c7523e26561949cc69e36d826d1ddb27
SHA256:
87f0298b74552998448b148c84a4dd279d2ef332598c920c667f7d512a7ef540
SSDeep:
24:0HifbNtLeZovIMR3xrpl6ctmkPaFyucFcQbEbT9vzSnfHHRT8Ww5h:0uNoY35plxmkiF3cab97CfnRBgh
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.moncrypt
|
MD5:
012d1fdac14fb99d528d1fbcc3b6f615
SHA1:
53e0b3c6581af5201bdf736a734314a7fe6e9455
SHA256:
76ab81974cbef53be9d6050de75378f3f63bdf68de9de00a22935e4037389592
SSDeep:
48:eIngVi9KX1qGjruzKN5+8elvVf+PlhFluu/Z1wuDL:RoLTIR8ejfolhFvvwuDL
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.moncrypt
|
MD5:
670953c1c5de8e6e3fbc454b350e12bd
SHA1:
5ccba0d4ca5e4cf167fb2134d4b0b152557fb356
SHA256:
74b6e93ee7ef31ffa2f3b45e5100789888371d2b2bde5621b7f9e32acf07f63b
SSDeep:
12288:0zofCAijFvYFpjKW4MgJZZ/CAi02uCAi0IoiyEfCAijFvYFpjKW4MgJi:0a
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.moncrypt
|
MD5:
8b45f9f86422cb0dfcfc8680679382c2
SHA1:
1ab4041deee88f066c4dd3a687c160dd31912955
SHA256:
fe565da540593ce35b72b9c3f9bf65c56e398942892c08221bb06676c6b17d16
SSDeep:
24:Upee/ltrC4wlzzYfZFxRXZYdRyeRl1SDBLLl8ER3ME/GbXX4n:UAyRCH0jhYdRoLWEJ3/GbHS
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.moncrypt
|
MD5:
13998222cb57cd4d74b11cdeb532ac69
SHA1:
9abc8030da2ac81726bc1f4b7c01afb1d93c21b7
SHA256:
4e2e56e1c236d0d3490422a461c092f2d3a3edef4350d5dd12110f8e6edb79ce
SSDeep:
96:3UJUaBBEzkUkQwbGh70e9wpO8YgjsykJNajUFngRopkFGD3a8haar+k7:kJJZ0w80gk0gjsbNaQngRoDG88ax7
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.moncrypt
|
MD5:
f40d2564cbede842c800ffda5919690e
SHA1:
2548815cc971cee3f3f3925d5e61903598d11475
SHA256:
d25eeb60a262896baf5b2ee0e37f31637a86caa0a7d06f8abe2a084536eb036c
SSDeep:
48:pNDKkSsA5Vd4SagChEUgvurwJ8k4k06ImZTEvXJ/1h:pNpmUIujk46ImNEvXh
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.moncrypt
|
MD5:
a5090ac71747265d63c1a13bfd469581
SHA1:
6e5400f770a0c7d147e7cd062618ddd76bcf9adb
SHA256:
2eac62732646e28521b2433e342c90f393d30ccce28989a174f0cc9710ed9987
SSDeep:
96:Sc/dhDT0Db2OdnmFkcKdPx1uKkqeuHVSpZDWwne2AgB:hXDT0v2cA4nveuHVSpZVe29
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.moncrypt
|
MD5:
3f7d022cb15fb9d5c2cf9739df622674
SHA1:
d68095d9d71d215025d713aea0da25cf0f380dd8
SHA256:
3a22ca3e63502a8e9a09b2cbbe6885ea09c12b6f3e4a5e3466c597b503285db9
SSDeep:
48:krMU5Bnw/Ycsb1fG6o7cvciqN4j/FMGdaG/vLwQBKKmFT:vU5Bw/YcsbZ5EviG0FtdvUBbFT
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.moncrypt
|
MD5:
40ea6e26723d9590911ffc3700ed1328
SHA1:
e737596c0677091ee0110e709c13e356741eb774
SHA256:
c532fe415250d9f8fd31ea79235ccefed346a2f7ae43f3c73b8e7235fb28f85c
SSDeep:
24:2WVVDFLgljst0PbMZFLQ6BPPh2RpxB2AH3R5Bnd3Y:2W/ZLwjst6biLXhPc/NG
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.moncrypt
|
MD5:
caddfc3b3e0e67e972115c471bc0ace6
SHA1:
8410dc4c465cabde672f02f0dcee5b0d34a7def4
SHA256:
def0fc18cbdc8b736befd4de240da8f6df6668a476ee74d951de2e84cd6aab1c
SSDeep:
24:ecJGuWg0QZuzrHzShkmMqtp1odTXxNi6hlZozVK3IAucjARiVZVkYfHRMwCHPlr:ecGuVunHL/NPPSzV3Auf/bR
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.moncrypt
|
MD5:
4f290f31c2d135b48d855df4ffb141a9
SHA1:
e650ab21427653e3b7dbeda7d2a70510db530aeb
SHA256:
6f48ee7910f8e92a73e475805ed2d2e460addc4a170673de654a0cb9886d2be3
SSDeep:
384:d4oO+5iolSjrL5eeIdV6TopBaByq2CJMlfbIZAJJke1nnLngu2wgDefjG41DBFYC:dw+wo4rLY56UpBBq1Je8IJR1Lng1Dajf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.moncrypt
|
MD5:
2d62f24a0a48fb1e5af5c4a73d47805f
SHA1:
d31982b8fa8b43b304bc23b9a2e9e7546530df65
SHA256:
d3678fed67840e4d21a5ed8c7b7e41360d7a1de09f441cd140acd2411ff266fb
SSDeep:
48:CCJ0U9OJhNfv/w+HBtIxW/EKQKzuaiV9cIMTGOgPEUQ11q0JevdtoFtLC:CC+UIJhhw+QxW8KkR/AIQ11tJeoF1C
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.moncrypt
|
MD5:
ca9fc7cc93809166c7354616fba92404
SHA1:
0b9b65a9306996842888a3feeba45a72b66dafc7
SHA256:
4f900816ca800c3fc80ce3895329d4d18489ba7312954df15be33b95e910f5ea
SSDeep:
192:MBW/w3RqHIm45Jm4S6MZ02uGXCxIXRvCuK/o/8jv01pqwpUPENqClJUO6MO:TY3RqsmnBZjMIhXXQs1PU/igMO
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX.moncrypt
|
MD5:
91b3a5a8740e3f7be7c9801bfb6b3624
SHA1:
4d70e55cc6cd05adc8d6c034636f3e99a811c3d9
SHA256:
85c2f6dd97b2332284dd3f40f7a421d5c941937137cad8f2ee7d5763bf3e96e7
SSDeep:
12288:t1q/NGnyUWrEx+kjZhWZI1YVcSeoQEtlUw/cN:HXyUWr4+MWZI1YV0alUV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_ES.LEX.moncrypt
|
MD5:
122f6aff2dc36493725dd04cb925ce0d
SHA1:
1da4d372cbf12a3fca699828b2a7227e1bcc8bde
SHA256:
2e82118f36044db54003d3ed476743ed4d91988116c0795086b911ae061ba328
SSDeep:
12288:SHP706G5DJXQsPyh20oxMbrkmg6RgaWLNKvYDCj:SHPw+gyhUm3t6a8NIYCj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.moncrypt
|
MD5:
d31be2d2a564728c907a426acdbfa06c
SHA1:
f7af860566795ac4962f96255dbceb1805bdc2a4
SHA256:
913a06e9f2b1f1660ddda75d2e7326ec782ff450c318eb0329770212c7ea17da
SSDeep:
192:1PA1ks6juf8mWO0tGMKodiHpBLcbWvnXdFLAoX6mU:Sl8w6GMKodyBYbCXdCo3U
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.moncrypt
|
MD5:
59ed50fd1b907d52da2b858b5ecf860e
SHA1:
7aaa60239881e63ac51a527f740e2ada94bc175b
SHA256:
5ff71404fa4f947f84f9aeb12ababd1de64d40d2f03b8e873c6d5c32ff22fbe9
SSDeep:
48:SWM2Nf1FIyCv6cmslUVOUWzBaXJtSOpAnkh7AB+DZBWdWMeXJj/7DdHCPmP78rPA:Sz2LuyCi6lUV5SOprhMB8p5L7DdiPzr4
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.moncrypt
|
MD5:
e34bb6b516e455fb82182e447eb3a326
SHA1:
874124cdad92dab30460e535ea7acad2a9081112
SHA256:
cd70256dbc0c9f79a34b57051d411c29675d3f7950891f76a1c7f9882c12a8a7
SSDeep:
192:kSBIa++xEM2cK2b2iL5aE5r+pAlLv5bpOpGuW7In/hJEpl9kg:vBIa+nMSE2i5HZ+AQpGucWE39t
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB.moncrypt
|
MD5:
005ee12800c8473118254f23acb97c09
SHA1:
81c74368ae1c4d2f808ba39176b351a421a54012
SHA256:
05f225cac25e344abbe88be618d14bdbd5405fe17475bec700a999826d4ae59e
SSDeep:
384:DNnpycAKy8obw/EuhbfhAdrq6iuhKgZBIy8DXCs3:tpKKnobw/XhbfhAdEuIgfUC4
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.moncrypt
|
MD5:
16055b23c22e35c4b4b2251cb1de3c33
SHA1:
4848142471ee7aa729a0a245ae39dc6ca978921e
SHA256:
c93c9e5892628d6719cb0359c035c7f6c505cb6c8f6030b9a30bd9ab09762e95
SSDeep:
768:PI5AeZ6irXYK1O5tWsJ9ZNtl5vUHrUkihd5WCEq:2NZTXrEM4ttluLRTq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM.moncrypt
|
MD5:
4aba49eb73cc34e3ac53cd1b46b42600
SHA1:
4bf35e487b1d16ed79671bdf2c65cf05199c97aa
SHA256:
ad2b769e8dd9df966f5747a64176cd53ec71945e7ce0cb8432c1f198b49d895a
SSDeep:
1536:S74lKnXLdbf6cl50xbMAhal50xbM/F49L3wWNw:S74lYLdXoMAkXoMO9jG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM.moncrypt
|
MD5:
1e412055027b6076c6bf9c50991027c8
SHA1:
619c2347c5a3c6920530a14c0ef9093c93063d01
SHA256:
4e555c9536c6c86cb1590e83c6960493813375ec3b6dfe0bcfc53283bbf0fb46
SSDeep:
768:+YxZ0UC6XFQWqAfodeWK2wI/8VmNQts2J+/thD1OXrBxCy3/iUMc3L7RuqqyiYTm:+YxZlCwq70WK6/8YB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.moncrypt
|
MD5:
7b65f2ac8f3d34d4dae564a5b715918c
SHA1:
87d78da7be12b376029d2e39cbc8fb7793118a32
SHA256:
540a6ad7834c5f9101f2c6409ab1cacb7623cc3b8da028d26bde617bfd2e3258
SSDeep:
384:q/wA1LE/rHHfqGbFMUH6Ms23bB2pfnXYl4kahDvk3IW2JrGeftRYqH4jH1lAJKp1:2wAK/rHiGxMUawbn4njk9orGUtOo4b1f
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.moncrypt
|
MD5:
6f6f7a0da1158cb780243a3292e74f4a
SHA1:
db22bf944c3e0ab3464f188dce9c30f15bdbacd6
SHA256:
03ad3bee0afd7cd641b5140f01acc3413f5c7db623112b122d636ee58032ff99
SSDeep:
768:MiwIYg9zdtSgg4iAIhqshvOYGDSGpWr7+uH:Mzgj0ggBPHhvOYGpWWuH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.moncrypt
|
MD5:
0e02beb5c371052c60b46291346e60a2
SHA1:
12c6b6c042ff8b55e7c7f4809597524469169c54
SHA256:
0f669f280316d338ff5dd180b5914efeadbea8098c33eee9af02dddce605ad1d
SSDeep:
384:oSM1bcBndypbUmiyPxbb7yCklwR49r6EXkVVKwaNqX5mtqJAuxbM:oSeqn8+yxbCCkl/6E2DPmsJVG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM.moncrypt
|
MD5:
613be334717861c3aabd84d6af190226
SHA1:
0e3fda62c66f2d39c029a496ce606eb3bd14b1be
SHA256:
0e41264a4bfe8ac3ec09a7dd0df90edee63e92addf102e5dcc18482446409709
SSDeep:
768:njwIkpMY9wX0jJ5Q3jELVGRclUVzVccUv7QDoval8kflNn:nUIkaYG65QAB0n
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.moncrypt
|
MD5:
af7afe9d4ce0bfa52f0718745e94a422
SHA1:
f386174673cce9b8e00c35216d704cf25ca98513
SHA256:
f2c8c9f654c29512252073eb70ddd59293f1460c9e467d8ec9d9d2813e488aea
SSDeep:
768:nfUTUHj0DdHh5LuIqdPtgyP3H3J97LqrdO:fUTCj0JqrbP3H3J97LqZO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM.moncrypt
|
MD5:
a194ca9a7c1a9a560b8b8a6ceaffd8ef
SHA1:
6b34dc3d5f391e14064540d0f2272686563508f4
SHA256:
6b275a7be257e736de7c4c03421d8895ebef05c19f0b0fd0a9bace623b466812
SSDeep:
768:AZmayNB9vOa60NstIkxLVFtybfzEw/zZQ1xfRgE+QZlPLViVzowBq:AZmvB9GBK+xFyfz+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM.moncrypt
|
MD5:
08b33cb3ea8754789ce1e4a756a53455
SHA1:
cbe6da2c2de70e32c209cf829f495bc2db6db3e9
SHA256:
8e5476e1c459c41f8d4ea1d18bac96379669f537a6a5bbcd1408e28ffe2a9c95
SSDeep:
768:OnM71oUK/pplbr2/gME+bEfVwLBru6tahhGNVmu+hFNe4w39sGfnth:OnM7yUK/ppJrMEhdOKoDlh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.moncrypt
|
MD5:
4c4606f4aa616ad2187a6affa8fe1fdd
SHA1:
c39020d58c6de056eeb187ea66b56013702bf6a6
SHA256:
931fff9f5ca2ba769af1c88b550ca2862c9237aadc80f42efc2aa12494669a81
SSDeep:
384:p30httUWs4FJMaIPRRtoVxJWO9vZkT6vGfX2fpwuOXB98q/9VcAzWcaZfN6SPzd:90h08IapDJn9xkOvGfmfru3UFcaJl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM.moncrypt
|
MD5:
a52cdadfe0328c08975621e1aa85cf02
SHA1:
487489fe98ab3d528f0846db8551f8ed2a2dbbb5
SHA256:
502da65510b0e3fa62d6add96857d4568a37669b5d5d9c9c74819bcc1ab35bc0
SSDeep:
768:Y1yH9499kc5CXHnsAsawB5VElDJ7kAMrHOcQwpfwAfHNs:Y4H+9X5MHspawRs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.moncrypt
|
MD5:
b81d267248edd99a13a8efe3be2989d4
SHA1:
6492b75eb20f9d0a4da12cd27fbafe7c56145e56
SHA256:
54609adbf4af926975eec4c4003a6787ae1d4cf934f73f6bd49e8b972ff67faf
SSDeep:
768:pu7LnKJIysyQViL4jJKlLfwlEeK2bzzEywIq23JcvckicB5ucnH28g:puv51JViL4jcpmVK2bzQywIqLvFiWucy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM.moncrypt
|
MD5:
229a4f4b69ebb67f742b31f47af6ecb5
SHA1:
91e8a3efa51d9925521c08d922f854e6b185c405
SHA256:
6d038c2ce3fffb1431eef3b77318632541eaee28c7291a3cfb6e306d38444a8e
SSDeep:
768:NT9xVUXKSddeOGvqMf1jlDZnnj6Sew4xue3XXvSseZGUOo8oRyTpm6Gt1axbwXuW:NTFSKmerf1jlRnOj7xueHfo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.moncrypt
|
MD5:
c05d6c68a2605b8c52d89270e2c038da
SHA1:
413961aaa1af5acd60ef2e80cb4d2e0c42a6e751
SHA256:
91c9e05728ea8d9ae1ed3ab024068d9870149ca4aa48fe14bc9cd606f3c6e67b
SSDeep:
768:HzxAcLEAlPyxNaLQnXcCDwDlxnqHqO/JuC9UFkVyVJ0yPg1JDD/g7hkgTLQn1:1ALAlKxNaUXdwHAJ7+FkVC0yI1FbgNVC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.moncrypt
|
MD5:
66eb36e93cdc81fc5911f6b8ee176a04
SHA1:
b9576ca6b343c4011a731b34dc70fb8e8d4cf81c
SHA256:
a832e1d37ba1c30a581e923dd5ab1327fd49b91f64f207878b5ccba2b44be646
SSDeep:
384:SM+MRrysH3nMZIrP2pqr/7/cakt0e50Ecs/PUZDbeFH/BM4z4mBZeh6I/PwkQ1FS:Pxy+MKrP2pq3cKLs/PsbeLz4Dh5/IfS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.moncrypt
|
MD5:
604e7d69c6260de5b18a33cafff8c12d
SHA1:
5699de7f9026148ce6b2430c01538a0d9db9d03a
SHA256:
fdfe2c64a257dd2aad873e4c649fb7ef82255e6d72368c2e8a57733da41cc012
SSDeep:
768:+jz1KrgCn7w1H+qKm2+udl1yJUJtIoC2w8zEKZArPm+yHzj3HEnPzFahFO6:WJCnsIe2+mcGcoCR8zENK+Sj4UO6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM.moncrypt
|
MD5:
7f556886dee5d1f3bf14260154f58800
SHA1:
754ed61c9b1e6631a8715442d8bd901fc4446940
SHA256:
0e15b421528a239314dfcc70b78a072366357e9548c531d78058b4882210afa1
SSDeep:
768:Za/NzfXHstdI/tRBPTlux1bjHFmc3if+d5OLZGpgyFypLoyt6:c/VHsE6706
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.moncrypt
|
MD5:
1dac932b8f702056144c64181a412a7c
SHA1:
531529e82984b86258856e21dac33f4ed943ab88
SHA256:
c4b57c9ead839d2b730e87d268d89aa18584a6f56a823bfbfd6809648ba1ca1f
SSDeep:
768:FfvipDAklwNO853BnlOBXc8kdIf3ASN8o1:Ff2DAk+NV7OFzkdIF1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.moncrypt
|
MD5:
ed79a43f1acc828c5112b78a4c1c6770
SHA1:
7db5576898e5644ea057717f5d130e532ad4c9da
SHA256:
01975a0fadc6da61c6d135a1195843b5c5e6f4e04ee0eeb5234620655e63b90b
SSDeep:
1536:xvm4BhxrhcxBsTtfV/8YL5hTYK4GISJUmw8irlzZvl:xvm4BTrhmsTt9UAFgXX8irZZd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM.moncrypt
|
MD5:
997f762449711166a0f9beac0d2e143f
SHA1:
088fa423ee5e9f33a0cd0867eed0fab3461dbb00
SHA256:
4e609ba41bb9b35e67aa28795e8c8b8794031438cc4c7255a6deba03fdea7941
SSDeep:
1536:SGdhYsuNkS3MdTLC9uHoX4COIsS2t39uJ:SKeRMdTuXOIh2V9K
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.moncrypt
|
MD5:
6f90d3333c8e37129864a5ee6174e316
SHA1:
9dab6a606c4687faba2b05afe3522973f6b19834
SHA256:
2ee1e8f78ae75c2044d30d7fafd5d3de62fae2528c17bed7326dab182d261d34
SSDeep:
384:msWISwd7SZXFPkaBPiq6jfw2FgfuSqErX9AbVWebJadoJzYo8bWIDuBB:mswqeZXFv36bw8gmSqUibVv8dKubrw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.moncrypt
|
MD5:
57ebf3f6900cbda9fc7b7133afa8f199
SHA1:
9f5b410817adedac14ec9ca713fa174d661c19a7
SHA256:
452cecf03241006c556e1d44b65a5708d3047a334b0303f3443b410755d6b216
SSDeep:
384:In54EhCdtuTFSQLYoRxnd/lNDnteplBGwfpROIMsO+Ls:InjhvTLlXnd/lNTcZG6pfMsO+Ls
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM.moncrypt
|
MD5:
32410d1105964eb91288f21e472422d1
SHA1:
f47d594e92c786a907e93cdec074098543cb4dcd
SHA256:
36302a91fa5400240b8fc382f08dfc4bdb55423ca2946c649d8e7755c14a7e17
SSDeep:
768:GflFZpR5ZpclXRQk5WhVu9T+ibBDdImScnncZP8zWHnvKQEyu:Gflb5u6k5qKT5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.moncrypt
|
MD5:
9629ba8812f40a876d9656a352fd74c4
SHA1:
3fcca60b48d1315d563573b2320920ddf17e1f61
SHA256:
d475345f53dee9ff9be4caab5abcd8ec3fe803839f0b1189ac118122bad63d7b
SSDeep:
768:lc/2ku7HVgr6C/juZy8ESPdD92YCG47vZ+boIX5keyEdpWUHYFq3zB8p5xdAC+q+:6uk018/TIcYc+b+eyMvCPpbL+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.moncrypt
|
MD5:
7e9035a5b8bdba5d514d55db64f03975
SHA1:
0f0b6e4f33f591f129c1e38be51e93a488eebc30
SHA256:
77e43e6a096a4cb1dcd9893ae31c9b44a6e433fafa22c616dd70c8d21cd2ef59
SSDeep:
192:nzjdVogfJOpwf85xErdbS6twoewSf/APFVc0F2LpiBOXj8adqUDUHdyaFveoeT64:nzM+JOpK85xErRS6two23APFVc0OeOXr
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM.moncrypt
|
MD5:
d5fea8f99e05abf32eb2c084a9b12e9f
SHA1:
78ad5e306fc24141780d0d6d5893ac39ce1ba9a1
SHA256:
f15a4e097420f8cbbe16ed03669c320039590a5106267da2bc7979e74eea704d
SSDeep:
768:05HAmcBBYtFnysQB4dHt1Fhr+5r+0zvF369rDqomc5F8yNWYzX4Bu:05ByYtVc4dHT6E
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.ELM.moncrypt
|
MD5:
7c8017f57591fa99c346e41e665196c0
SHA1:
859b9b1c3723141964a679ac65aa61f5659e0c45
SHA256:
5299cc734096dad54b5a9bb64549deea2ccdf695871a4150ab4570302a7ff956
SSDeep:
768:nLDSN/kCKhdJm4h6NApW+3q8q2fitWewcpF/UT4Zlmi+1VEYPO+l5LvX:LDs/OhdJ96OW+A2fitRD4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.moncrypt
|
MD5:
239334ee5806cb54bb92a7d06a4f6ae9
SHA1:
210b134c38b1ad0d8516b81fa6b3023765da2b9c
SHA256:
458f88eb871c03a1e275d10fbb649dc25ec1f413e9a389f10da2de4952559bc3
SSDeep:
384:bMM9y6187VXsk5oM7gR8fd5w1NgZQYlVpNUR9yNAd6rc:4Ey6QVcm06fANgZQU5UR9yNAwA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM.moncrypt
|
MD5:
5e29270128d2f26a80670a106600803a
SHA1:
3d6425384247ed26fef2def6cede9094adfcd1a2
SHA256:
de3f91478a4e7ae00ab58c847d0ba224898d8694c026e1467a8b53e4a63598b5
SSDeep:
768:0AioJX5F9X0e5n8yOshrs8Hd7cv4jXm4abPeU7i5I9rBP:pio/7Ztprk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.moncrypt
|
MD5:
034e5b8419eb6cca025eef6341da6178
SHA1:
44177afa82927a8f806008613ac08413390ead04
SHA256:
65095f2edf31d3dc1aa70cd7fafc03f2b128a4562ef106adf39f800fe5f82905
SSDeep:
384:2STWqrnTmWoIx1aqhh/fEbDuNxq/tdqSBiGZ65nTEgkmeTeNobFHp3z/y:2STxrnTtoAxb3EbKNsQoSTNxeTeNobFQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM.moncrypt
|
MD5:
7572d487018c72801631caead3c07f24
SHA1:
6657d84838ba56874cc24d4872572f241a262c62
SHA256:
9204fc5df65e5fe755b25eb113a5f15c8ca055125529c082eaf2598d34374f13
SSDeep:
768:S3WRXMIv83/c5FU/b0O8IcyDZJMCj7rN9rMCj7rN9/MAuuC8qbMzflOqSsgaYbWi:S3sXj83/c1/Pu2Cj7x9ACj7x9UJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.moncrypt
|
MD5:
87e078df47d1f82c313641d7e2538aa0
SHA1:
9f1c9dc8b2430cd4e4eadd5925783413c08cd8af
SHA256:
5c27f6879c7231658ea03737cc738237693818af7185c6f21892d00e1d29d0b9
SSDeep:
768:Vhziem360x689tux8sWNxO9QxPD6P750MZW9qKW/238xyjMG:7WeC646l+NsuPDi75tZ6bjMxe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.moncrypt
|
MD5:
b0307cd4d309bf744874de6540fec197
SHA1:
7f616f8eb3058e62a939dff52cb948eea12936cf
SHA256:
b4d73e2befbeea2e4dc89faf338020fedfc6325f202dcb560f1342bf36a04e39
SSDeep:
768:SpghGgx2e7uaGsKm7H3gxetn+YBUsqppQuaN:SpzEyZs5sxetnPUsqFe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM.moncrypt
|
MD5:
681266f2390d7a08ecaa43ec89f7e454
SHA1:
320e87fc09a7ca468bdf62935da8aaf4550a2a6a
SHA256:
6a130c8eab9e34e739d7ab97198add9baf103c6f2fb34296d481ae679f89ffce
SSDeep:
768:ZrwHOXFHiMzcq8ChiI6+4hgQ7A0Qs7JT+Q6zGHEQ4fH3fxCVPlc5fXNG:jNHuRlhgGAFLG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG.moncrypt
|
MD5:
15dbc1c0706b07ffc854d80d7effb3e4
SHA1:
50525e6fc7474e7417cfc7ebb206153f586dc374
SHA256:
519fa27b6a6d850b4ed4722af6765c8df14349ac88aeab93275690e4d551e31a
SSDeep:
384:22ke91GtEPXjNmwuthJU6ggXKcOOC7Og+ZPsTP1iLb9PdVWpPhfcfjUQb1:22keywjNmZhJU6geKc6OMP1Yb9qpP6jt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM.moncrypt
|
MD5:
4a52f148484b86903055709c784b2d1c
SHA1:
f8d8fabda9298cef83f074eedaf3071c080c15dd
SHA256:
ef257e3e1851bf2c861de2d73f2829aea84affe8f27cf3436f37240ac1f2eec0
SSDeep:
768:hoEAMm0gbDE6vZ0SGShmx+0H6YM5TVxRwEEXcULIqtBQZdtnHmyuas3T5iWKVz67:+LfvnEYZeSwpaH/xccULIqfQy1v
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.moncrypt
|
MD5:
b92a0e0f219e24fcc172d517d8a651fe
SHA1:
475a6aaba139a73ff2344f656344c543e868aed1
SHA256:
e87ff3c1397ed38ecb450959446e93a2c2c22f65441b8ce2a3cfedeb41729a7e
SSDeep:
384:Ookeaejio3CXs4eJr85omz7MGQcYlp4s+0n/rcrXLtCAh2FFHiRFOaRqJH5H:Sejio3ks4eK5oE7Op4s+2crXBCvHHiGp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.moncrypt
|
MD5:
f703c8b03866419ee202262ae5595bb7
SHA1:
28335183057876bcc1cb519f8464e727ede4f69b
SHA256:
f4ec86bc243eb47b85f43905c3d059c8100ed11c01bd6cdc88b829c033ec2dad
SSDeep:
768:hFSe5/XChI5eKHp3E1nm1JfQCqqWI2ePrhiXZngYd:hFSe8hce+3AnglQCpWI2ePdra
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.moncrypt
|
MD5:
9006a784036a1991ff9e846a2f76ec74
SHA1:
d91caed1c1e212f02846d5fa751feabf0b45e114
SHA256:
80ad59d387726af4ebbb1d15758ce48f6feaa6dec4af8a79094278785bc0afbd
SSDeep:
768:YRPsdFKDJ07aRuhLYOfWpR6FJ2hW//HKyjkJ2RlrF8TW2:YxPDJ07VLeR6n2Q/wJYi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS.moncrypt
|
MD5:
0cf38192bb2b299e71ac853ec7e82246
SHA1:
06bca2a3abefd3afa96a09a6f7ba641758a73d54
SHA256:
40cd4787a3432fbbff632ea0a520513e7b4d00a08ae03dcd9126a954f6f4d383
SSDeep:
24576:eAU6Expo2lu5EQudFB06VArUC4N6O8FIlH:9UBxq28563rA4N6O8FId
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS.moncrypt
|
MD5:
0acde1a668f3224b1d2f0d2b4793d6cc
SHA1:
35824a342c199d55cc9c307c07047433c2ea97d8
SHA256:
00c435de804d29687541c7ea821b4c1313a1a1389fc8ca9fb4ac2de3b35e3ea7
SSDeep:
24576:ZnIbUWwGqywx1TnO/faPRrBJPnSLqY+rgC4qf8smex:BIbUWjDw7O/UeL0eqUF8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS.moncrypt
|
MD5:
a2a5368f09b633f03530442e56f8b747
SHA1:
fd78b94d1fe6512f4942e4832e6bf3b739012581
SHA256:
5425e092bdb4638fdb8745339863db9a6b0142e3cc5fb5e5127dec866d50f1b2
SSDeep:
24576:ZInHDFqMt8YONscreHzHuzAfBkhUKnImhyoZL3PkTHqaUQYkwlsrmXjAoQEF/duS:ZIHDFqdYONNeDuzApkhUYIHoV3POFUQq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\WT61FR.LEX.moncrypt
|
MD5:
2bb75e63886cc7eba11304ea93eef98d
SHA1:
2c602fbaddb5219fabda6d0db72a0f3492c508fa
SHA256:
d2d3ebe8e24c9d8fb6f7f92122a784469538331c6906cfa5f7b1a3167c8712fb
SSDeep:
12288:HaF+hGPOEmdFrGt9rNcIlLUI9puhhVwBDvjVhch:HacwGEmdFrwrqIlbpuzsdh0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1CACH.LEX.moncrypt
|
MD5:
316efbbf645b2836080f7d8613844c72
SHA1:
ba02d33ffb2c857250da30646b896fa28cb13b5b
SHA256:
11cf7a2a41d239f699eb80e92126908bb795b62ed034c0e44e47cccd6356b7ed
SSDeep:
48:ObOslBD4OpX7xdai/gwLdyg0tBw/b5pJ5Q:OTBM07Hjzyg0Ab5pJm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV.moncrypt
|
MD5:
4ed3beccad7a55bfbda01f0c38d44808
SHA1:
d802751aa0b80a1b56b9d91da5827ac401f5ee82
SHA256:
12371ba3b2f5d27b1660dffaee81ece2926c057af9e89c88b08b207dd6ab2e88
SSDeep:
768:NNI1LRhJ/yqDvh4Sb9HYOv9SD7Oha4oMi2jXHUFgr:w1LVV34OlSDl4P9rHUFgr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.moncrypt
|
MD5:
65dd07f774d62b7dd5152fb21c185077
SHA1:
6128f5c52c2c04dbf91396ede52b52a2f2251b93
SHA256:
bcffe93a38464da5bfa9604d547bf88d96427f5d04213555f9c3151375e2d526
SSDeep:
384:zdYoK5B/WGjnvfpj32zL5OV3dhQi9hOeGcEmH8X0j2XT3Jr5kUzttVh71v:io+jnHgBO1dhlhKvmcX0kT3Jr5PzttVT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.moncrypt
|
MD5:
33d8cdc41be4c2a30bfb90a403726712
SHA1:
79ee25e7f4544904c486e69c70c9ee3df878bd5a
SHA256:
228685483fdeca55166cc0d1fdd07fe0deb4e5b00c7a78863ae519583a8ab25e
SSDeep:
384:xWf0qioR5ckjglZKi2FcLoc/CSoVi85HUisizC8tuw7eXci2jXHUmqu:O15ckjgvKi2FcZKFi6UkzJuwyMi2jXHh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX.moncrypt
|
MD5:
2ac29378ae5adcfbb23939b3ad7109c0
SHA1:
421e02093693f60adcfc971b8790398b1ac42f1c
SHA256:
386ebfe8bb10e1076f8f2548ce8a9c92b9c6f33689d6e4bba5b098ed6c2cb3dd
SSDeep:
3072:8oxHfgmF005x7WXCWawuHk5FvoM6CgUzImj+TtYb3gAcsouq8+WbiXGmQGSZ:8+4iNhkvBPgUV+6EAcsozJWdZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\CHINESET.SHX.moncrypt
|
MD5:
fed8469acc8b2888e6b30a4355b1031a
SHA1:
cf784e94185744e3435832e7f4507092e9fb9aa5
SHA256:
3864e538e553018faffec9870df87770c15448337f60469d2396a9a13433a15c
SSDeep:
12288:OaT8oGb3jBDqXUTXlRFHT7xKmMWRKMXYOdZL0dHEWcDqhJ:OaTCbYY39tzYra2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\EXTFONT.SHX.moncrypt
|
MD5:
a236da0d52cc533328ae5dcc0f117292
SHA1:
31be1efa4396586eb665702d967ff776f6abfdf7
SHA256:
38a7f795da58e293c524086a3014480ed018189c1f568e1fb231014e6861eecf
SSDeep:
6144:db3FD3vJEUcRh7Q3u6aUAearitYNHxY7gfvro:RFCUI0RYNCqk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\ICAD.FMP.moncrypt
|
MD5:
84ec731e96f192d1efc261775df6f8f0
SHA1:
d6b66cf794a95cf13628d546024107d88dfea735
SHA256:
c1f13b611f4d909b47054a032c481de2cb1fbeb1c76e3e229141402ca7e59c27
SSDeep:
12:qaXi5clYx0IbDpEc8heOEmw35FZaenTsdVoxdOENdy:q6ielYx0IbDdoeOEH35GenYdVoxHy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHGDTXT.SHX.moncrypt
|
MD5:
eb3511869af6ba0a17e3d48ee5519ae2
SHA1:
955444065bd4304c7d6ccad224751677e9ddb08b
SHA256:
8271820346903bb509073d2deb6aa7f255849f4fc445e141c5a54d86abb05a08
SSDeep:
3072:FW4rBG7vf4KVrhLc1Or0PD4+LdkVu1EJBLaIvoBDeSF7HBt0Le/Stwdcioj:lK4KVrhY1k07hdQfDvo6j
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.moncrypt
|
MD5:
45ada21a9fd33aaac68e9877717bda05
SHA1:
250db72518a246040c53e039f5f8c226762660a2
SHA256:
bd874431a9f282fd229ee84128674e3dcb738e38812c95a62dee2b94681bfe17
SSDeep:
3072:uHqSEhEIKkaYSRMo5BBXeeIiQbPiTe9IbIuQ4hfhqol:+qSXISRvenKCEhBl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Internet Explorer\SIGNUP\install.ins.moncrypt
|
MD5:
e5b08068e135a0a247f06b7fede6a587
SHA1:
f07383ab56146700ad40519e656784eb998040fb
SHA256:
b10890a7f861bc4b80a733bd5846fffd85b323809c5e72626fe55b21523e8cd2
SSDeep:
12:nOBFLC57ehpO+s+FL7Wz/zrGqF/7l8GthbH0cQqUyTixy1Uc9d7:niCaE+fF7WDzSqF/7l8GT2NyTixYd
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.moncrypt
|
MD5:
178ef7b3b3f0ed7ff4dbc341e9d510b9
SHA1:
a918bcdb835cfcda6f9030562af5720ef9803718
SHA256:
d80b551eddbc2ad35876aaddcf472e5a2afb085c2a1fa2cbff557ae24aa98b2b
SSDeep:
768:E72G+3dGZUIj3UXrN39E+ZJkBpQrIibHb:q2GnZUITUXrN39E+ZJkBpQxb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.moncrypt
|
MD5:
91f5ae3034dff89a8e35060432a3c51a
SHA1:
ec63267cabf3e7abd6925171c2db6d071e0eb8e8
SHA256:
7e9875055df096e26f35b742cddd23321e8c5c8387ea151553fa954c285f2244
SSDeep:
384:pf8NJ3vFbaueiQQgeZ5dfAE8ccePs43J+aDtGMbKmppsQbGk/T/wIibHPP:p87NmuLoccD4Z+aDtFbKmpkkEIibHH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.moncrypt
|
MD5:
70a8d3fcf71883b46df3f4dd2aecd7e7
SHA1:
540ff488e03a8cadc4347b46e65eb8a095fd7f52
SHA256:
6976ce5e0c881fd53daf2de9bd63ce007b7242da9f7733e9730fe3dca45ab71e
SSDeep:
6144:CR7VG5g4GLrhwG4AQWmi3fMCBJCDr1QN4bULc:O7VG5g4GLrhwG4AQWmi3fMCBJC8/Lc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.moncrypt
|
MD5:
b5f39af36293366b4f8aa424c9756376
SHA1:
48dcdfe879b10b26ee71fba1c8a4cbe65f079bda
SHA256:
44576e1e11c7dba28588a6d65b1f8afd9524f0394770485f6a36f750a65db6c8
SSDeep:
384:uOiWqPo2XMqdIqbvk/bkUPRnlpIGMvl3N56Y5Wt59zRUUGts:uOit4yk/bkUPRncGMvl3D6VnVTCs
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.moncrypt
|
MD5:
57da1c0e9a8e065ab77bde89f3859a5a
SHA1:
f7a1c709b54e63f77d72feaff0164bd2c77ed4ca
SHA256:
34edab4e5675eeeee07c444d5d00567f266bc1fe50d6a2568b335159c4d8e3ac
SSDeep:
96:FIJoL+Pf4q0k/PjsMJfrDSBBMXFLGwCHKjef:8oL+Pw7k/PvJfHTFL7jef
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.moncrypt
|
MD5:
d6c649fbc82844741fe477af04bea1f3
SHA1:
87f4dcd0dcba84e32aee32e9d1a3a1feae1b8112
SHA256:
4c392b5ca09bd15991d998bcba1fe4cf38503c2486f8284b07638b5ad1341c6c
SSDeep:
96:bx6dznfbMVKZNmJrBYADXhNRqyi+dP7txOdRk6nS4hX9hBniEl:bx6dznLZNmJ9VDXhNRqL+x7txOdPSStF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.moncrypt
|
MD5:
c8d6d96d714d9a93ce2103684e979f48
SHA1:
b6e624e0d15096bd86e6e752b4d09d924555729c
SHA256:
51592c8f927bce963914f95a0b4142b5968985c71416d5e014d311ef7baeb82f
SSDeep:
192:HsoLTTbwt7SXNI/nRXpmQ4UYmMqiIcbZUB6A3d0pH2mSnQRLn+KzIRdrfwrFMoOR:eGSHmQ4UYmMdIsZUuH2mDdUn2F0Evzs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.moncrypt
|
MD5:
289d5ea0617aacbd23a293cc7a949e1b
SHA1:
e53dcf487fc420bb46cdc5430a979c4297cb34be
SHA256:
22041a5f72518f6bb1e5625b1742e98f5f7903b4734c3805ffa4b209051fa3e0
SSDeep:
192:1FxMxzPqXXLE+CRIktcormZgfYBmbH9YPwNBnHosMlx:1FxMxz6ESk4OYcbOPQBH8f
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.moncrypt
|
MD5:
e54b51a481263ef903aba68c18b35fef
SHA1:
a6c7836c76aa29d55e588c5d475c234b30c8cbcd
SHA256:
8753e40e8fd4f9bbbf80e5bdd9447ad3e2ec0a584e00669bc0d25e7af9627763
SSDeep:
768:I+8DWvpvdz302cp0xf5BkjV6QV/SeroiQWgyR8izc3F5a0LV12PLRGoTENNUgHQ1:KyvjL030x2oL9byR8PyqKZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.moncrypt
|
MD5:
898f7b4aecd1638a9e11c54522dd1aa9
SHA1:
2c790e933afc2a8130c45efc698d33c9313eeacd
SHA256:
2afcb2956a7655f6e26121bfd41d6d537c6427fa39c29d4311890d963191b602
SSDeep:
96:XPK+U7fWf4qTIocepH2l+KdOHogonrpJtZ+8tLs8XhtL/SFj4aOuUwM028XeTi:X8yuH+KYwtJbBs8Rlij4aOuUwNYTi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.moncrypt
|
MD5:
e10a3467e935522762fd14245f4fda9a
SHA1:
4c59466827d32e0a1b9f2b5ea35dbd42b2b07b3d
SHA256:
0662549bbaf1eccfd424503604883e5a91278c50e5807c7dd50d72991be7bcb4
SSDeep:
48:QnvANXITIcEGeRfT8xt9gdBU669cNecQ+Iup3dFOJ8uIVAO6BnfU1k:QnYCUcErRQxXt669cNTQQ3+JxIVAOA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.moncrypt
|
MD5:
2fbb049e61c0d6859a7f248451687ad5
SHA1:
d327c70980b752fb407ec5be01f362d0e547932d
SHA256:
a9c3e8664deaf2521a142897d943a8e0bbf1d472a7201a6c1e93511025488edf
SSDeep:
48:qivijwTXsSqCidORFTyo3HnsbEefeCrtSCfKBPV60tlMOgjU0HOV0WFYDDArY:qJsrGCi0RpyW/efL0G8PV3gxHQfdY
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.moncrypt
|
MD5:
e4ff2c6a7063f15ff6fe879c8e0f255d
SHA1:
543dc127ec65257e94888a5f7c93badbfd51bf55
SHA256:
6e157ef539eb4ee6aadef325ed6fcc323ee622d276e94cef3d83113494b2d81b
SSDeep:
192:56JGPC7cWp53ABduIIlqA6mlm+oUsY22rHS2zosn10:5LMcuLKX+oUsYVrcw10
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.moncrypt
|
MD5:
4460e6c43bcd73eeedf2bc7030d16a3d
SHA1:
70357685d3cd53232c0f880f8f1f11c340986d48
SHA256:
eeb6c1525237f43186f96914c57b637fd1d147d51286ae5d54c619f6fe4f4ede
SSDeep:
48:GL6SAo6tAoMe+KUORZOXKbEeP7zYSPcmqzMxCB:7SAoATMe+zOc03P7zYY66CB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.moncrypt
|
MD5:
fa019ea1a2da8b2d5ed2d9645ff200b8
SHA1:
46eee8c8238301815ff2540fab8867e8b4cdbe9c
SHA256:
ac70b8948ff6bc4466111d12c189f6f85db062ebc2f379ca6a9c6e602112a6ae
SSDeep:
192:Dc/lm1Yksm7xepK23UhnFaaUD+vJ+4dlF0uuUuLFXVDP41C:Y/lSYRmOU8aNvl6BX1kC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.moncrypt
|
MD5:
ecb2545ae25358c6355fc9a5559b0b35
SHA1:
de9d78166514a564ef1065d548372d43dcdec508
SHA256:
db7b651957aa950dc6412dfbd0659a263a94b059004e6edffd4d01f907003e2c
SSDeep:
48:gqsPwRQItgzr7OJjiGp9MPtEVnqEboTle85mIhEpvtWG8k6VMZ3:gqsPRItgzr7abp9ktYqEkJIIojV3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.moncrypt
|
MD5:
0fb8e7c710b066c4443d324a8beb48a2
SHA1:
51e343daac97839735ea0c27f50b7c087e67d809
SHA256:
385ad31a3ebb9fbc2f764fb174ad0589ba683dca313f3e4ad63a07f4a62f86dc
SSDeep:
48:bsNL5ABehIB4kHtEAfZWc1jADOL00KWyLSyHVMBT2zGeGlPLwinFYwVRY:bsNVdGVrWxDO42yj1MUzGBnFVa
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.moncrypt
|
MD5:
d91eeb65de27ea229671238da61d5109
SHA1:
a7fb4dd85c75cf993553de1083e0f7e99aa373c9
SHA256:
d7b7cb57b271f9364175840c663fe881bb6241d7b12b49a0f4699d7781bb5bc8
SSDeep:
96:IitCCnTyzgsnPydWuDMiUxLQXDPmTkIh1f9v1lMgo:IitbnWzgwiMLQTPmT/Ph4go
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.moncrypt
|
MD5:
f6a82a1b78b4c029b5497e58da36d224
SHA1:
ad3fae1842df586822c2c5dbf9241b22d4ef3a34
SHA256:
35c4f03a76b731e7443f321897a50d6d787e1ef15ecdc17b9e2dbc7c050442fc
SSDeep:
192:QQv185DFVGWCkItZw7wdJ0tk9Br7qlvtpzBo4MU+UFtLb70:Q5DGBta7Q0Wmlha4Fh0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.moncrypt
|
MD5:
84f6c01e020533b07b2d20d856e490e1
SHA1:
46d4a6dc72a4ad893208f72e64241ecb73513f3a
SHA256:
18c19a1cfb46c029a60d573b479c43d0738e20d077f2a027e2fbdcd013dc3da2
SSDeep:
96:+aOR7JY7DAC+PYuNXIPp+FK2+oSqZ0HhrepGbm+:sR0DACqyPQo2+oSx0Gi+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.moncrypt
|
MD5:
e688f5af602f4031f748f2b9c6c32b94
SHA1:
50d944ce1afcd6e1501ff0ecb292022d9a4136aa
SHA256:
4c38fd8100066554be616e9e391d7094450c360de166d8face88f7373e2a97df
SSDeep:
96:jPW4JFoJyOW9TvCL/Gy+3rDKV13KOq0hPnd1/:j3O6Q+H6xpZdx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.moncrypt
|
MD5:
ffbe3c097bc453d287754694e0ec14c5
SHA1:
487ec54aeffa2f9e734f036eb801b52fe2377ed3
SHA256:
27b9a900c92a66ec5b670782b85f42075c78f8f8e3da3263b32b54cb58503812
SSDeep:
96:5fsCkA9VcBMseNlW6vWCCTqXBRzfvURedjMszRS7guXr+HvoASyOxTvNBiMq:TkGVcB9eN8aW9TqbznZdtzM7vMvozyOQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.moncrypt
|
MD5:
6e78edd82a15996a99ddf618a91cf925
SHA1:
23c7bf6cedb06579d6245fabd5a687423246e47a
SHA256:
15c4a76b2f25033e78b42d32973cf9bd91a3acc3d996cd459783fec31315219a
SSDeep:
384:UmZLjZ/TolWCp0oIuFW9zTtokilTSkSi2qfVka//CFWBWsGnrB:DRcICSoRW1TWlmBGtX/6WLGnrB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.moncrypt
|
MD5:
5cf23c8870b27504e7ebbd085e40f938
SHA1:
da62d63d7b1bd8e1e23d05e33fcf2144c20de533
SHA256:
628ff6facb0a98d7310ca45228c9c4dd79c5a409b8e5b57b99ca4a4607362985
SSDeep:
384:tNNqPI7dXbgWqN5HpHJM1wxKI8odpbbK07l:XNtdb0NpHMuxKaXl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.moncrypt
|
MD5:
df9f3587caef36f2f89d76eb5d6f984a
SHA1:
a707279eae530107ec95b4fddaf59a746c66d4f7
SHA256:
a7b5a2a0fbfcc0433f0061d24099bbb028fb94e1f4bc3792304155d80767dfbd
SSDeep:
384:rkoYvEfZB3mZxiMUAGuH9J8lLvebkTSxs3GzTbTTKK:r/YvEfZBWlUAGuH9J8xlhIT3WK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.moncrypt
|
MD5:
0d2303ae9ccd427e98aa5b97dafd6b5b
SHA1:
528721c0d90b05265c58de8c6b0519b4619a942e
SHA256:
552731f841e8c0b6f6490ae5f09fbaaf64322ea55db7e04d265453ac1a5f0dc9
SSDeep:
768:/i8eO6wEPyHSq38EvqpN/wjHlpYduuNAt6UBEpb4GOWcfXxfkJD/2eZPAbu14HzT:/icb1gtw48Ox0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.moncrypt
|
MD5:
5abaeb53e6ecf7878a5c4c4abed92050
SHA1:
77eb914e4392eff9875a525685825e9685108eb4
SHA256:
455a366677c25d06ad3d6ede0a6bf087576cddb1f2b1db2c481bc62168f0c623
SSDeep:
49152:dCTE/5LNP6+Au5hL4Uk7EltniOR/Sbq1P4A:pNP6+Au51P
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:\bootmgr.moncrypt
|
MD5:
259525cfb422e6ac8e87bc9777b1df73
SHA1:
7a2ac87b31aa40a1ea92eb34410305fac9f8bc6a
SHA256:
0769a292114dfe181dc4931159c24cd7adb6a3f3823177e40eb45ee59688ea4a
SSDeep:
6144:lSjzP3sVgTkndKzy1mVsEdUISLEoad8k33TW45/vPB1dTM3BMnOb:4vPnTk89VfdUPEJBTW45X/dTM3m4
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:\я
|
MD5:
93b885adfe0da089cdf634904fd59f71
SHA1:
5ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA256:
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SSDeep:
3::
ImpHash:
-
|
Access, Create, Delete, Write
|
Dropped File
|
|
C:\
|
-
|
Access
|
|
|
C:\BOOTSECT.BAK
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_ES.LEX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_FR.LEX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.ELM
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\WT61ES.LEX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.ITS
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\WT61FR.LEX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1CACH.LEX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\CHINESET.SHX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\EXTFONT.SHX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\GBCBIG.SHX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\IC-TXT.SHX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\ICAD.FMP
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHGDTXT.SHX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHGTXT.SHX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHTGTXT.SHX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHTMTXT.SHX
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG
|
-
|
Access
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.moncrypt
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml
|
-
|
Access, Delete
|
|
|
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.moncrypt
|
-
|
Access, Create
|
|
|
For performance reasons, the remaining 612 entries are omitted.
The remaining entries can be found in
ioc_export.txt
or
ioc_export.json
.
|