be9dd97e...9d94

Remarks

Max Extracted Files Number Reached (0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.

Max File Reputation Requests Reached (0x200001b): The maximum number of file reputation requests per analysis (150) was exceeded.

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\FD1HVy\Desktop\Rowrub.exe

Sample File

Binary

Malicious

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe (Dropped File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	468.75 KB
MD5	e29f7f907c96782adbf18d790086ec08
SHA1	e96e73365daa4afe8c75ab5848353897a3847077
SHA256	be9dd97e5b63ca55c3acdeef15e8da65424d7c074effb386a1e443a85fec9d94
SSDeep	6144:w9NSyAp5ATCbR/3tV9Qk1TyRhAPlfTgh+1n4KMERJUg78Cth3VRDvt6BDDHCqCFw:KhTg2gG/S9EYn/Ug7F37tuDDdX
ImpHash	27022a13653c5b3376f67ddd222786fa

File Reputation Information

Severity	Blacklisted
First Seen	2019-06-06 18:22 (UTC+2)
Last Seen	2019-06-07 03:57 (UTC+2)
Names	Win32.Trojan.Kryptik
Families	Kryptik
Classification	Trojan

PE Information

Image Base	0x400000
Entry Point	0x40b9d2
Size Of Code	0x37000
Size Of Initialized Data	0x4a000
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2006-06-05 13:44:13+00:00

Version Information (8)

CompanyName	Playtech*
FileDescription	Rowrub
FileVersion	1.3.11.42
InternalName	Playtech* Measuresentence
LegalCopyright	Copyright © 2015 Playtech*
OriginalFilename	Rowrub.exe
ProductName	Playtech* Rowrub
ProductVersion	1.3.11.42

Sections (5)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x36f9c	0x37000	0x1000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.94
.rdata	0x438000	0x15464	0x16000	0x38000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.1
.data	0x44e000	0x1585c	0x7000	0x4e000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.35
.rsrc	0x464000	0x18850	0x19000	0x55000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.16
.reloc	0x47d000	0x4fd2	0x5000	0x6e000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	3.61

Imports (11)

KERNEL32.dll (108)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetThreadLocale	0x0	0x4380d8	0x4bed0	0x4bed0	0x28c
GlobalFlags	0x0	0x4380dc	0x4bed4	0x4bed4	0x2b9
GetModuleHandleA	0x0	0x4380e0	0x4bed8	0x4bed8	0x215
InterlockedExchange	0x0	0x4380e4	0x4bedc	0x4bedc	0x2ec
ReadFile	0x0	0x4380e8	0x4bee0	0x4bee0	0x3c0
SetFilePointer	0x0	0x4380ec	0x4bee4	0x4bee4	0x466
FlushFileBuffers	0x0	0x4380f0	0x4bee8	0x4bee8	0x157
SetEndOfFile	0x0	0x4380f4	0x4beec	0x4beec	0x453
GetCurrentProcess	0x0	0x4380f8	0x4bef0	0x4bef0	0x1c0
GetCommandLineA	0x0	0x4380fc	0x4bef4	0x4bef4	0x186
HeapFree	0x0	0x438100	0x4bef8	0x4bef8	0x2cf
HeapAlloc	0x0	0x438104	0x4befc	0x4befc	0x2cb
GetProcessHeap	0x0	0x438108	0x4bf00	0x4bf00	0x24a
GetStartupInfoA	0x0	0x43810c	0x4bf04	0x4bf04	0x262
RaiseException	0x0	0x438110	0x4bf08	0x4bf08	0x3b1
RtlUnwind	0x0	0x438114	0x4bf0c	0x4bf0c	0x418
HeapReAlloc	0x0	0x438118	0x4bf10	0x4bf10	0x2d2
HeapSize	0x0	0x43811c	0x4bf14	0x4bf14	0x2d4
ExitProcess	0x0	0x438120	0x4bf18	0x4bf18	0x119
TerminateProcess	0x0	0x438124	0x4bf1c	0x4bf1c	0x4c0
UnhandledExceptionFilter	0x0	0x438128	0x4bf20	0x4bf20	0x4d3
SetUnhandledExceptionFilter	0x0	0x43812c	0x4bf24	0x4bf24	0x4a5
IsDebuggerPresent	0x0	0x438130	0x4bf28	0x4bf28	0x300
GetConsoleCP	0x0	0x438134	0x4bf2c	0x4bf2c	0x19a
GetConsoleMode	0x0	0x438138	0x4bf30	0x4bf30	0x1ac
SetHandleCount	0x0	0x43813c	0x4bf34	0x4bf34	0x46f
GetStdHandle	0x0	0x438140	0x4bf38	0x4bf38	0x264
GetFileType	0x0	0x438144	0x4bf3c	0x4bf3c	0x1f3
GetCPInfo	0x0	0x438148	0x4bf40	0x4bf40	0x172
GetACP	0x0	0x43814c	0x4bf44	0x4bf44	0x168
GetOEMCP	0x0	0x438150	0x4bf48	0x4bf48	0x237
Sleep	0x0	0x438154	0x4bf4c	0x4bf4c	0x4b2
GetModuleFileNameA	0x0	0x438158	0x4bf50	0x4bf50	0x213
FreeEnvironmentStringsA	0x0	0x43815c	0x4bf54	0x4bf54	0x160
GetEnvironmentStrings	0x0	0x438160	0x4bf58	0x4bf58	0x1d8
FreeEnvironmentStringsW	0x0	0x438164	0x4bf5c	0x4bf5c	0x161
GetEnvironmentStringsW	0x0	0x438168	0x4bf60	0x4bf60	0x1da
HeapDestroy	0x0	0x43816c	0x4bf64	0x4bf64	0x2ce
HeapCreate	0x0	0x438170	0x4bf68	0x4bf68	0x2cd
VirtualFree	0x0	0x438174	0x4bf6c	0x4bf6c	0x4ec
QueryPerformanceCounter	0x0	0x438178	0x4bf70	0x4bf70	0x3a7
GetTickCount	0x0	0x43817c	0x4bf74	0x4bf74	0x293
GetSystemTimeAsFileTime	0x0	0x438180	0x4bf78	0x4bf78	0x279
VirtualAlloc	0x0	0x438184	0x4bf7c	0x4bf7c	0x4e9
WriteConsoleA	0x0	0x438188	0x4bf80	0x4bf80	0x51a
GetConsoleOutputCP	0x0	0x43818c	0x4bf84	0x4bf84	0x1b0
WriteConsoleW	0x0	0x438190	0x4bf88	0x4bf88	0x524
SetStdHandle	0x0	0x438194	0x4bf8c	0x4bf8c	0x487
CreateFileA	0x0	0x438198	0x4bf90	0x4bf90	0x88
LCMapStringA	0x0	0x43819c	0x4bf94	0x4bf94	0x32b
LCMapStringW	0x0	0x4381a0	0x4bf98	0x4bf98	0x32d
GetStringTypeA	0x0	0x4381a4	0x4bf9c	0x4bf9c	0x266
GetStringTypeW	0x0	0x4381a8	0x4bfa0	0x4bfa0	0x269
GetLocaleInfoA	0x0	0x4381ac	0x4bfa4	0x4bfa4	0x204
GlobalAddAtomW	0x0	0x4381b0	0x4bfa8	0x4bfa8	0x2b2
GlobalFindAtomW	0x0	0x4381b4	0x4bfac	0x4bfac	0x2b7
GlobalDeleteAtom	0x0	0x4381b8	0x4bfb0	0x4bfb0	0x2b5
LoadLibraryW	0x0	0x4381bc	0x4bfb4	0x4bfb4	0x33f
LoadLibraryA	0x0	0x4381c0	0x4bfb8	0x4bfb8	0x33c
lstrcmpW	0x0	0x4381c4	0x4bfbc	0x4bfbc	0x542
GetVersionExA	0x0	0x4381c8	0x4bfc0	0x4bfc0	0x2a3
InterlockedIncrement	0x0	0x4381cc	0x4bfc4	0x4bfc4	0x2ef
MultiByteToWideChar	0x0	0x4381d0	0x4bfc8	0x4bfc8	0x367
GetCurrentThreadId	0x0	0x4381d4	0x4bfcc	0x4bfcc	0x1c5
CloseHandle	0x0	0x4381d8	0x4bfd0	0x4bfd0	0x52
FormatMessageW	0x0	0x4381dc	0x4bfd4	0x4bfd4	0x15e
FreeLibrary	0x0	0x4381e0	0x4bfd8	0x4bfd8	0x162
InterlockedDecrement	0x0	0x4381e4	0x4bfdc	0x4bfdc	0x2eb
GetModuleHandleW	0x0	0x4381e8	0x4bfe0	0x4bfe0	0x218
GetProcAddress	0x0	0x4381ec	0x4bfe4	0x4bfe4	0x245
TlsFree	0x0	0x4381f0	0x4bfe8	0x4bfe8	0x4c6
GlobalFree	0x0	0x4381f4	0x4bfec	0x4bfec	0x2ba
DeleteCriticalSection	0x0	0x4381f8	0x4bff0	0x4bff0	0xd1
LocalReAlloc	0x0	0x4381fc	0x4bff4	0x4bff4	0x34b
TlsSetValue	0x0	0x438200	0x4bff8	0x4bff8	0x4c8
TlsAlloc	0x0	0x438204	0x4bffc	0x4bffc	0x4c5
InitializeCriticalSection	0x0	0x438208	0x4c000	0x4c000	0x2e2
GlobalAlloc	0x0	0x43820c	0x4c004	0x4c004	0x2b3
GlobalHandle	0x0	0x438210	0x4c008	0x4c008	0x2bd
GlobalUnlock	0x0	0x438214	0x4c00c	0x4c00c	0x2c5
GlobalReAlloc	0x0	0x438218	0x4c010	0x4c010	0x2c1
GlobalLock	0x0	0x43821c	0x4c014	0x4c014	0x2be
EnterCriticalSection	0x0	0x438220	0x4c018	0x4c018	0xee
TlsGetValue	0x0	0x438224	0x4c01c	0x4c01c	0x4c7
LeaveCriticalSection	0x0	0x438228	0x4c020	0x4c020	0x339
LocalFree	0x0	0x43822c	0x4c024	0x4c024	0x348
LocalAlloc	0x0	0x438230	0x4c028	0x4c028	0x344
lstrlenW	0x0	0x438234	0x4c02c	0x4c02c	0x54e
WideCharToMultiByte	0x0	0x438238	0x4c030	0x4c030	0x511
GetCurrentProcessId	0x0	0x43823c	0x4c034	0x4c034	0x1c1
GetModuleFileNameW	0x0	0x438240	0x4c038	0x4c038	0x214
FindResourceW	0x0	0x438244	0x4c03c	0x4c03c	0x14e
LoadResource	0x0	0x438248	0x4c040	0x4c040	0x341
LockResource	0x0	0x43824c	0x4c044	0x4c044	0x354
SizeofResource	0x0	0x438250	0x4c048	0x4c048	0x4b1
GetLastError	0x0	0x438254	0x4c04c	0x4c04c	0x202
SetLastError	0x0	0x438258	0x4c050	0x4c050	0x473
GetVolumeInformationW	0x0	0x43825c	0x4c054	0x4c054	0x2a7
GetVersion	0x0	0x438260	0x4c058	0x4c058	0x2a2
GetWindowsDirectoryW	0x0	0x438264	0x4c05c	0x4c05c	0x2af
VirtualProtect	0x0	0x438268	0x4c060	0x4c060	0x4ef
GetSystemInfo	0x0	0x43826c	0x4c064	0x4c064	0x273
CreateEventW	0x0	0x438270	0x4c068	0x4c068	0x85
GetCurrentDirectoryW	0x0	0x438274	0x4c06c	0x4c06c	0x1bf
GetTempPathW	0x0	0x438278	0x4c070	0x4c070	0x285
GetSystemDirectoryW	0x0	0x43827c	0x4c074	0x4c074	0x270
WriteFile	0x0	0x438280	0x4c078	0x4c078	0x525
SleepEx	0x0	0x438284	0x4c07c	0x4c07c	0x4b5

USER32.dll (89)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
TabbedTextOutW	0x0	0x4382a8	0x4c0a0	0x4c0a0	0x2ee
DrawTextW	0x0	0x4382ac	0x4c0a4	0x4c0a4	0xd0
DrawTextExW	0x0	0x4382b0	0x4c0a8	0x4c0a8	0xcf
GrayStringW	0x0	0x4382b4	0x4c0ac	0x4c0ac	0x1a8
PostQuitMessage	0x0	0x4382b8	0x4c0b0	0x4c0b0	0x237
UnregisterClassA	0x0	0x4382bc	0x4c0b4	0x4c0b4	0x305
GetMessagePos	0x0	0x4382c0	0x4c0b8	0x4c0b8	0x15b
UpdateWindow	0x0	0x4382c4	0x4c0bc	0x4c0bc	0x311
EnumChildWindows	0x0	0x4382c8	0x4c0c0	0x4c0c0	0xdf
EndDialog	0x0	0x4382cc	0x4c0c4	0x4c0c4	0xda
SetForegroundWindow	0x0	0x4382d0	0x4c0c8	0x4c0c8	0x293
GetClientRect	0x0	0x4382d4	0x4c0cc	0x4c0cc	0x114
GetMenu	0x0	0x4382d8	0x4c0d0	0x4c0d0	0x14b
PostMessageW	0x0	0x4382dc	0x4c0d4	0x4c0d4	0x236
CreateWindowExW	0x0	0x4382e0	0x4c0d8	0x4c0d8	0x6e
GetClassInfoExW	0x0	0x4382e4	0x4c0dc	0x4c0dc	0x10d
GetClassInfoW	0x0	0x4382e8	0x4c0e0	0x4c0e0	0x10e
RegisterClassW	0x0	0x4382ec	0x4c0e4	0x4c0e4	0x24e
AdjustWindowRectEx	0x0	0x4382f0	0x4c0e8	0x4c0e8	0x3
CopyRect	0x0	0x4382f4	0x4c0ec	0x4c0ec	0x55
PtInRect	0x0	0x4382f8	0x4c0f0	0x4c0f0	0x240
GetDlgCtrlID	0x0	0x4382fc	0x4c0f4	0x4c0f4	0x126
DefWindowProcW	0x0	0x438300	0x4c0f8	0x4c0f8	0x9c
CallWindowProcW	0x0	0x438304	0x4c0fc	0x4c0fc	0x1e
SetWindowLongW	0x0	0x438308	0x4c100	0x4c100	0x2c4
SetWindowPos	0x0	0x43830c	0x4c104	0x4c104	0x2c6
SystemParametersInfoA	0x0	0x438310	0x4c108	0x4c108	0x2eb
IsIconic	0x0	0x438314	0x4c10c	0x4c10c	0x1d1
GetWindowPlacement	0x0	0x438318	0x4c110	0x4c110	0x19b
GetWindowRect	0x0	0x43831c	0x4c114	0x4c114	0x19c
GetMenuCheckMarkDimensions	0x0	0x438320	0x4c118	0x4c118	0x14d
LoadBitmapW	0x0	0x438324	0x4c11c	0x4c11c	0x1e7
ModifyMenuW	0x0	0x438328	0x4c120	0x4c120	0x217
EnableMenuItem	0x0	0x43832c	0x4c124	0x4c124	0xd6
CheckMenuItem	0x0	0x438330	0x4c128	0x4c128	0x3f
LoadCursorW	0x0	0x438334	0x4c12c	0x4c12c	0x1eb
GetSystemMetrics	0x0	0x438338	0x4c130	0x4c130	0x17e
ReleaseDC	0x0	0x43833c	0x4c134	0x4c134	0x265
GetSysColor	0x0	0x438340	0x4c138	0x4c138	0x17b
GetSysColorBrush	0x0	0x438344	0x4c13c	0x4c13c	0x17c
SetWindowsHookExW	0x0	0x438348	0x4c140	0x4c140	0x2cf
CallNextHookEx	0x0	0x43834c	0x4c144	0x4c144	0x1c
DispatchMessageW	0x0	0x438350	0x4c148	0x4c148	0xaf
GetKeyState	0x0	0x438354	0x4c14c	0x4c14c	0x13d
PeekMessageW	0x0	0x438358	0x4c150	0x4c150	0x233
ValidateRect	0x0	0x43835c	0x4c154	0x4c154	0x31c
GetMenuState	0x0	0x438360	0x4c158	0x4c158	0x156
GetMenuItemID	0x0	0x438364	0x4c15c	0x4c15c	0x152
GetMenuItemCount	0x0	0x438368	0x4c160	0x4c160	0x151
GetSubMenu	0x0	0x43836c	0x4c164	0x4c164	0x17a
UnhookWindowsHookEx	0x0	0x438370	0x4c168	0x4c168	0x300
GetWindowThreadProcessId	0x0	0x438374	0x4c16c	0x4c16c	0x1a4
SendMessageW	0x0	0x438378	0x4c170	0x4c170	0x27c
GetParent	0x0	0x43837c	0x4c174	0x4c174	0x164
GetWindowLongW	0x0	0x438380	0x4c178	0x4c178	0x196
GetLastActivePopup	0x0	0x438384	0x4c17c	0x4c17c	0x144
IsWindowEnabled	0x0	0x438388	0x4c180	0x4c180	0x1dc
EnableWindow	0x0	0x43838c	0x4c184	0x4c184	0xd8
MessageBoxW	0x0	0x438390	0x4c188	0x4c188	0x215
GetClassNameW	0x0	0x438394	0x4c18c	0x4c18c	0x112
GetWindowTextW	0x0	0x438398	0x4c190	0x4c190	0x1a3
SetWindowTextW	0x0	0x43839c	0x4c194	0x4c194	0x2cb
GetAsyncKeyState	0x0	0x4383a0	0x4c198	0x4c198	0x107
OffsetRect	0x0	0x4383a4	0x4c19c	0x4c19c	0x225
LoadIconW	0x0	0x4383a8	0x4c1a0	0x4c1a0	0x1ed
GetDC	0x0	0x4383ac	0x4c1a4	0x4c1a4	0x121
DestroyMenu	0x0	0x4383b0	0x4c1a8	0x4c1a8	0xa4
CloseClipboard	0x0	0x4383b4	0x4c1ac	0x4c1ac	0x49
GetMessageW	0x0	0x4383b8	0x4c1b0	0x4c1b0	0x15d
WindowFromPoint	0x0	0x4383bc	0x4c1b4	0x4c1b4	0x32c
FindWindowW	0x0	0x4383c0	0x4c1b8	0x4c1b8	0xfa
ClientToScreen	0x0	0x4383c4	0x4c1bc	0x4c1bc	0x47
SetMenuItemBitmaps	0x0	0x4383c8	0x4c1c0	0x4c1c0	0x2a0
RegisterWindowMessageW	0x0	0x4383cc	0x4c1c4	0x4c1c4	0x263
WinHelpW	0x0	0x4383d0	0x4c1c8	0x4c1c8	0x329
GetCapture	0x0	0x4383d4	0x4c1cc	0x4c1cc	0x108
GetClassLongW	0x0	0x4383d8	0x4c1d0	0x4c1d0	0x110
SetPropW	0x0	0x4383dc	0x4c1d4	0x4c1d4	0x2ad
GetPropW	0x0	0x4383e0	0x4c1d8	0x4c1d8	0x16b
RemovePropW	0x0	0x4383e4	0x4c1dc	0x4c1dc	0x269
IsWindow	0x0	0x4383e8	0x4c1e0	0x4c1e0	0x1db
GetForegroundWindow	0x0	0x4383ec	0x4c1e4	0x4c1e4	0x12d
GetDlgItem	0x0	0x4383f0	0x4c1e8	0x4c1e8	0x127
GetTopWindow	0x0	0x4383f4	0x4c1ec	0x4c1ec	0x185
DestroyWindow	0x0	0x4383f8	0x4c1f0	0x4c1f0	0xa6
GetMessageTime	0x0	0x4383fc	0x4c1f4	0x4c1f4	0x15c
MapWindowPoints	0x0	0x438400	0x4c1f8	0x4c1f8	0x209
GetWindow	0x0	0x438404	0x4c1fc	0x4c1fc	0x18e
GetFocus	0x0	0x438408	0x4c200	0x4c200	0x12c

COMCTL32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImageList_LoadImageW	0x0	0x438050	0x4be48	0x4be48	0x69
ImageList_SetDragCursorImage	0x0	0x438054	0x4be4c	0x4be4c	0x72
CreatePropertySheetPageW	0x0	0x438058	0x4be50	0x4be50	0x9
PropertySheetW	0x0	0x43805c	0x4be54	0x4be54	0x85

COMDLG32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetFileTitleW	0x0	0x438064	0x4be5c	0x4be5c	0xa
ChooseColorW	0x0	0x438068	0x4be60	0x4be60	0x1
GetOpenFileNameW	0x0	0x43806c	0x4be64	0x4be64	0xc
GetSaveFileNameW	0x0	0x438070	0x4be68	0x4be68	0xe

ole32.dll (5)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoUninitialize	0x0	0x438428	0x4c220	0x4c220	0x6c
StgCreateDocfile	0x0	0x43842c	0x4c224	0x4c224	0x167
CoInitialize	0x0	0x438430	0x4c228	0x4c228	0x3e
CoTaskMemFree	0x0	0x438434	0x4c22c	0x4c22c	0x68
CoTaskMemAlloc	0x0	0x438438	0x4c230	0x4c230	0x67

OLEAUT32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VariantInit	0x8	0x438298	0x4c090	0x4c090	-
VariantChangeType	0xc	0x43829c	0x4c094	0x4c094	-
VariantClear	0x9	0x4382a0	0x4c098	0x4c098	-

ADVAPI32.dll (19)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegSetValueExW	0x0	0x438000	0x4bdf8	0x4bdf8	0x27e
RegCloseKey	0x0	0x438004	0x4bdfc	0x4bdfc	0x230
AdjustTokenPrivileges	0x0	0x438008	0x4be00	0x4be00	0x1f
ControlService	0x0	0x43800c	0x4be04	0x4be04	0x5c
RegisterServiceCtrlHandlerW	0x0	0x438010	0x4be08	0x4be08	0x288
RegOpenKeyExW	0x0	0x438014	0x4be0c	0x4be0c	0x261
FreeSid	0x0	0x438018	0x4be10	0x4be10	0x120
SetServiceStatus	0x0	0x43801c	0x4be14	0x4be14	0x2c0
AllocateAndInitializeSid	0x0	0x438020	0x4be18	0x4be18	0x20
LookupPrivilegeValueW	0x0	0x438024	0x4be1c	0x4be1c	0x197
InitializeSecurityDescriptor	0x0	0x438028	0x4be20	0x4be20	0x177
RegQueryValueExW	0x0	0x43802c	0x4be24	0x4be24	0x26e
RegEnumKeyW	0x0	0x438030	0x4be28	0x4be28	0x250
GetTokenInformation	0x0	0x438034	0x4be2c	0x4be2c	0x15a
StartServiceCtrlDispatcherW	0x0	0x438038	0x4be30	0x4be30	0x2c8
DeleteService	0x0	0x43803c	0x4be34	0x4be34	0xda
OpenProcessToken	0x0	0x438040	0x4be38	0x4be38	0x1f7
CloseServiceHandle	0x0	0x438044	0x4be3c	0x4be3c	0x57
CreateServiceW	0x0	0x438048	0x4be40	0x4be40	0x81

dbghelp.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MiniDumpWriteDump	0x0	0x438420	0x4c218	0x4c218	0x1d

WINSPOOL.DRV (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DocumentPropertiesW	0x0	0x438410	0x4c208	0x4c208	0x4e
OpenPrinterW	0x0	0x438414	0x4c20c	0x4c20c	0x90
ClosePrinter	0x0	0x438418	0x4c210	0x4c210	0x1d

GDI32.dll (23)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateBitmap	0x0	0x438078	0x4be70	0x4be70	0x29
SaveDC	0x0	0x43807c	0x4be74	0x4be74	0x270
ExtTextOutW	0x0	0x438080	0x4be78	0x4be78	0x138
DeleteObject	0x0	0x438084	0x4be7c	0x4be7c	0xe6
SetBkColor	0x0	0x438088	0x4be80	0x4be80	0x27e
SetTextColor	0x0	0x43808c	0x4be84	0x4be84	0x2a6
GetDeviceCaps	0x0	0x438090	0x4be88	0x4be88	0x1cb
RestoreDC	0x0	0x438094	0x4be8c	0x4be8c	0x269
SetMapMode	0x0	0x438098	0x4be90	0x4be90	0x294
PtVisible	0x0	0x43809c	0x4be94	0x4be94	0x25a
RectVisible	0x0	0x4380a0	0x4be98	0x4be98	0x25e
TextOutW	0x0	0x4380a4	0x4be9c	0x4be9c	0x2b9
Escape	0x0	0x4380a8	0x4bea0	0x4bea0	0x12e
SelectObject	0x0	0x4380ac	0x4bea4	0x4bea4	0x277
SetViewportOrgEx	0x0	0x4380b0	0x4bea8	0x4bea8	0x2a9
OffsetViewportOrgEx	0x0	0x4380b4	0x4beac	0x4beac	0x23e
SetViewportExtEx	0x0	0x4380b8	0x4beb0	0x4beb0	0x2a8
ScaleViewportExtEx	0x0	0x4380bc	0x4beb4	0x4beb4	0x271
SetWindowExtEx	0x0	0x4380c0	0x4beb8	0x4beb8	0x2ac
ScaleWindowExtEx	0x0	0x4380c4	0x4bebc	0x4bebc	0x272
DeleteDC	0x0	0x4380c8	0x4bec0	0x4bec0	0xe3
GetStockObject	0x0	0x4380cc	0x4bec4	0x4bec4	0x20d
GetClipBox	0x0	0x4380d0	0x4bec8	0x4bec8	0x1c0

OLEACC.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
LresultFromObject	0x0	0x43828c	0x4c084	0x4c084	0x14
CreateStdAccessibleObject	0x0	0x438290	0x4c088	0x4c088	0x4

Icons (1)

Digital Signatures (3)

Certificate: Soblosol Limited

Issued by	Soblosol Limited
Parent Certificate	COMODO RSA Code Signing CA
Country Name	GB
Valid From	2018-12-05 00:00:00+00:00
Valid Until	2019-11-28 23:59:59+00:00
Algorithm	sha256_rsa
Serial Number	95 4D 05 77 D5 CE 89 99 E0 38 7A 53 64 82 9F 66
Thumbprint	97 C5 78 BB BD 53 03 88 65 D9 88 25 CC 59 AA 32 F3 48 5E A4

Certificate: COMODO RSA Code Signing CA

Issued by	COMODO RSA Code Signing CA
Parent Certificate	COMODO RSA Certification Authority
Country Name	GB
Valid From	2013-05-09 00:00:00+00:00
Valid Until	2028-05-08 23:59:59+00:00
Algorithm	sha384_rsa
Serial Number	2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
Thumbprint	B6 9E 75 2B BE 88 B4 45 82 00 A7 C0 F4 F5 B3 CC E6 F3 5B 47

Certificate: COMODO RSA Certification Authority

Issued by	COMODO RSA Certification Authority
Country Name	GB
Valid From	2010-01-19 00:00:00+00:00
Valid Until	2038-01-18 23:59:59+00:00
Algorithm	sha384_rsa
Serial Number	4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Thumbprint	AF E5 D2 44 A8 D1 19 42 30 FF 47 9F E2 F8 97 BB CD 7A 8C B4

Memory Dumps (3)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
rowrub.exe	1	0x00400000	0x00481FFF	Relevant Image	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
buffer	1	0x00560000	0x00561FFF	First Execution	-	32-bit	0x0056172B, 0x005604F4	... Memory Dump Actions Download Dump Go to process
rowrub.exe	1	0x00400000	0x00481FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process

Local AV Matches (1)

Threat Name	Severity
Trojan.GenericKD.41355537	Malicious

C:\Users\FD1HVy\Desktop\08fba4I6SOgK wgZq.avi

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\08fba4I6SOgK wgZq.avi.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	10.16 KB
MD5	a76ff867127934b1bdea5a4195db86cc
SHA1	5c8e0696d766ca5caa98a88185f456f2b3887eae
SHA256	eecfbd950742d75f33af8b608796b4fd59ca3ea6d7be7ed2dc5d91afd63075c1
SSDeep	192:zg90nRtfk4+LJiHnyY1tTPLnV0x0d6B1ZvN7XdY9aio8v1dGeHB6ZxGf9dDRhSws:z20RtfYJUyStTjnVM0d6dFXdYM8v3GSA

C:\BOOTNXT

Modified File

Stream

Unknown

Also Known As	C:\BOOTNXT.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	1.47 KB
MD5	5d0c921a891630e69737c1a17fe8212d
SHA1	eda58c35f3220895ef670792e2fac08d22fa7860
SHA256	d43b43dc8b76e48701f61d50803d53208ede48d13270434cbc5f0b9f0dd003a6
SSDeep	24:wDFHitZa8JCHvjmj+uCfSdyxVA9qVFjn/MTe6vOW0N2U0iWtcDJtksFtsgM3OGrs:GHiK8JITSdqVUWeC6OtV0h6lrtsyGrX8

C:\$GetCurrent\SafeOS\GetCurrentRollback.ini

Modified File

Text

Unknown

Mime Type	text/plain
File Size	157 bytes
MD5	263482ff507c872efa0845925db86791
SHA1	602aa959397398a9160f5ce8e31f5774a61a1e2f
SHA256	fd7a63c9f3ab188baf7ff4af109e129f67a0bf3506d65b1b25aebde303b2472f
SSDeep	3:5KZq/oAIM3GMKYQ3kyNIMtROiN/Q0nMzIRR5s6UUvvyz5ULEHWx:UiTI3JftIiNPnMz6xCqLE2x

C:\Users\FD1HVy\Desktop\3isATBSPQ5 UOqmv.mp4

Modified File

Video

Unknown

Mime Type	video/mp4
File Size	31.02 KB
MD5	d163093de8ed5b88406c5b7ee7078fcb
SHA1	70429bfbdcafe6a40a23407d7048607a3e2ceb3e
SHA256	c715d713d24b54977e06bf39d9ffb212923311c4bc420a57fefc76df1aa9b11f
SSDeep	768:nGPw03+iPx+PvMEn0Dl6V8p6A90opsqhgDW8Xb7yxzFPQA11Ce:n0Z53Enq8lcrh6sdCe

C:\588bce7c90097ed212\DHtmlHeader.html

Modified File

Text

Unknown

Mime Type	text/html
File Size	15.74 KB
MD5	5a16b609ea3e0dd7281c580cd2a542de
SHA1	271467beb230f150fe8b8c7aaca630782854e77b
SHA256	1635c676b6fc639b453eacc94f93ccae644a05ece6e08e2d2a5b2f9ad6203e16
SSDeep	192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjp:fdsOT01KcBUFJFEWUxFzvHF
Parser Error Remark	Static analyzer was unable to completely parse the analyzed file

Embedded URLs (1)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://www.microsoft.com/info/cpyrtInfrg.htm	-	-	-	Unknown	Not Queried

C:\588bce7c90097ed212\DHtmlHeader.html

Modified File

Text

Unknown

Also Known As	C:\588bce7c90097ed212\DHtmlHeader.html.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	text/html
File Size	17.21 KB
MD5	f52d40ceddcf7c797ec6e8d34ffc7d59
SHA1	954ebec9fae3fff1af4afbc92812772b66a67b91
SHA256	c3170769e620ac100beaf79b9590e7e4f9992c07a2c4f2855d809a3207db446b
SSDeep	384:oaNJo31hpzWy3Q0yoL/XbE0GJ9hyiZPccpv8WkvSf:NJo31hpzvQ0yezELhXPpv8dy

C:\588bce7c90097ed212\DisplayIcon.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\DisplayIcon.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	88.89 KB
MD5	c4541af44bba89b5bc5fd22bf0b43539
SHA1	af010495e2647bf4d18671dd060c0f9e9dcb5da9
SHA256	d491d4f52ea3c6106c3d2695c6055b7464a2bab4aa23382b6d4edb9148b52e9b
SSDeep	1536:tIOAtxV72QIp4Cp3YC+wVPzyeD4rTGVVhr/Nhhg73BVp5vEdqy:tIOIxV2Jp4CCCvBzyekrTGlC7DcIy

C:\588bce7c90097ed212\header.bmp

Modified File

Image

Unknown

Mime Type	image/x-ms-bmp
File Size	3.54 KB
MD5	2ed19b46213f424c5776e43fd00ee3e5
SHA1	6f1f68eb4d0e1bfa68e17c7b3b9a103291482178
SHA256	98fb95c59058174d6a78960dfbd34240d224c90f3f5d9389411ddbfeda30ee00
SSDeep	48:f0sO8Kdwc6o5NF5ghwwpnMOccFpscGqfkemvIQpQK/xHiggTfGRgVC0e:cMa1krnrJmdQ+EgyfGV

C:\588bce7c90097ed212\header.bmp

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\header.bmp.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.00 KB
MD5	69585e2f1926225e43308bfc092863ca
SHA1	cfabe51eaca74cd5451d4630b460911b7fbf43b0
SHA256	0d3524b7338f9db5465975bf5af3a84a9895285545b7a7f70d75e59a6d865982
SSDeep	96:bUr1Q+LNslu0MhWLdI51WF11Z29HoqCnss3lH8529bl7hKxhdDOQhSwX8:bUr1DLuMI+TykpGnd1H8529bmfdDRhSf

C:\588bce7c90097ed212\netfx_Core.mzz

Modified File

Unknown

Mime Type	application/vnd.ms-cab-compressed
File Size	173.08 MB
MD5	e1662609a047427e438427841c86975f
SHA1	f4867c4b9ce3d6a61e27a413a7d130539d82b888
SHA256	7337790f41d70663ecddd9502359cb53eb8e86e2f8900fd53992e9716d526308
SSDeep	196608:+V04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:r4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp

C:\588bce7c90097ed212\netfx_Core_x64.msi

Modified File

Unknown

Mime Type	application/x-msi
File Size	1.81 MB
MD5	a64d2497783f012bacc3699533415e30
SHA1	024d9377b342cdff549c47af3d8b512880ae4182
SHA256	3352647dbf908c0bf8f111ca22bf56f4bd8f512c515a79cdd198118f1c59a842
SSDeep	24576:f/zZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0:V6tuQpcxisfQf2M6FGoML

C:\Users\FD1HVy\Desktop\bmTX7T6qIPE71rpZx.flv

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\bmTX7T6qIPE71rpZx.flv.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	20.35 KB
MD5	490eff80946380d68bc84b8bf588c72e
SHA1	76275d7f73caa5b7dd68e4c9a1cdffb6317653bd
SHA256	f6b7767276fbeac93897e241f6f49c16ed11a3fa128c3f8c03b979dfe2952d4e
SSDeep	384:X4pboYRp38MnZL3uW7xxk+KnaHtdXiMtooYLTc9R26XMSTY+dm3nvSf:Xw9p3Rd3gNnaHtZptooiURFXMSTNGvy

C:\588bce7c90097ed212\netfx_Core_x86.msi

Modified File

Unknown

Mime Type	application/x-msi
File Size	1.11 MB
MD5	093a281734d1b6b28068e20f8532490b
SHA1	dd6bb3d85a0421b2078ebbe7c61d34519d735ffa
SHA256	faa5a1ab0265930966c74591886774c1f2f413e485073652f9feea4bf402bc3a
SSDeep	24576:Df6szx1u6dsNbQXcUwabPx9bswH/fd6pxr:DfhzxI6d+QXcWDsK1

C:\588bce7c90097ed212\netfx_Core_x86.msi

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\netfx_Core_x86.msi.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	1.11 MB
MD5	05b3414aee2b0f921c1942b0fe6a20a2
SHA1	05321a29d5a6b1590efd739c5fa0193bd551659c
SHA256	6e893f1206efe4aff74aad47a8945979d5d84271a4679e80d7db085575b2772e
SSDeep	24576:Tszx1u6dsNbQXcUwabPx9bswH/fd6pxrU5:AzxI6d+QXcWDsK1v

C:\Users\FD1HVy\Desktop\bOufW0KQ0BPVT9ZFU.swf

Modified File

Unknown

Mime Type	application/x-shockwave-flash
File Size	20.55 KB
MD5	3656ff21d638755e3e4a1c513691dd75
SHA1	4374f0264f999176083447ce9429d747ef3da7c3
SHA256	0b21b63892741d0258f0f7f75bd0808c0183d9d0aa2b2634b54e10894b3158cf
SSDeep	384:/4tsHxKkiTdAUE86Et+WzHIqj6f+BI1Kp4YJWLL5jzeYdO5BDwNqqbjl4U:/4tsRKxd/6ybIqs+BI1gBeL48m4qqvt

C:\Users\FD1HVy\Desktop\bOufW0KQ0BPVT9ZFU.swf

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\bOufW0KQ0BPVT9ZFU.swf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	22.02 KB
MD5	3e89112161ce0e3bb8d0a608050b551d
SHA1	e9a900b32fa68d89625a1eb052204e0e0152cfd4
SHA256	f69cbbf3c1446f6e65dce811b69afcba956bad7cdd17796318975319cd962d04
SSDeep	384:X9HuPpZkznB5BmnW9T1T+VtRkpVzaCR2MoAkWqMAe5gughJ6kSwo/UxMZoFnnFO6:pakByWH+Vsp5JMMAe5ChJ68HFnFGy

C:\588bce7c90097ed212\netfx_Extended.mzz

Modified File

Unknown

Mime Type	application/vnd.ms-cab-compressed
File Size	41.13 MB
MD5	4f892641325829a6e6ca30f69d16a065
SHA1	6b612b0db563b728bb8fcd20a9b4e40ed057961c
SHA256	19c7eab7b6703d311cb5fc0cfae6aaa3e5f23a5484f2aaecbfce30d090ef3fe0
SSDeep	49152:nqkOFSX7xpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0o:HtZKH2mALErq2nt7rvfI+vZpfQ

C:\588bce7c90097ed212\netfx_Extended.mzz

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\netfx_Extended.mzz.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	41.14 MB
MD5	e284516dd496c4b06e0d8ca88178df43
SHA1	bfc04c4775983acf2e17d732061426584d9d6bb0
SHA256	7711070874a1017096315fb845da7ef9223c3e6343ea87cba6cf1d3db6d98229
SSDeep	49152:0xpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwTse9Qo:atZKH2mALErq2nt7rvfI+vZpfQ

C:\Users\FD1HVy\Desktop\CDs-SLlJt8Y2ch.wav

Modified File

Audio

Unknown

Mime Type	audio/x-wav
File Size	4.22 KB
MD5	d3a723a4a8222f4552eaaebd4bad4b24
SHA1	f637640055ea2013aa463927651bffb41689bdf6
SHA256	32e16fd13779f709de0208f47f6f2cf941c9364f681e5aa6dbcea447ac1bf0ac
SSDeep	96:njGpUz8JYe+5Jp2f2iQoxUakGLXaecFLh9+atl1+dItbkO:njaUz8afGvkGrkF9+atX+sbL

C:\588bce7c90097ed212\netfx_Extended_x64.msi

Modified File

Unknown

Mime Type	application/x-msi
File Size	852.00 KB
MD5	4ec1ba5233c02b32901cf30c1cf85bd8
SHA1	30e46c664703cab8b7760d2dee8ea5dad1e3466c
SHA256	6661a1310341d3495da46a98cc2c05883200b6d05a65a7c583bde2983c33905c
SSDeep	24576:E/J96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SV:W6dKQlc4Fc216XmS

C:\588bce7c90097ed212\netfx_Extended_x86.msi

Modified File

Unknown

Mime Type	application/x-msi
File Size	484.00 KB
MD5	8d1f94bc63293ed35c1026db8f0ac347
SHA1	0bda4fe33a48aa91e8fd29b085e10a4db33af246
SHA256	4161f75517ecfab41879032f83c929f572972dbeac0ddcefdfc544344ebc25d2
SSDeep	6144:DRHfepsrxRrGh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBQ0ssT5H:dHfepsrx1GX6sEsNz7QXcFxZ+VhjEr

C:\588bce7c90097ed212\netfx_Extended_x86.msi

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\netfx_Extended_x86.msi.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	486.43 KB
MD5	082140adf9809cf05b7472d3f27f0979
SHA1	2ab02ab85e457c873c40831e55ff427937a858af
SHA256	0853745fb9ddc74a0cba6d4c2418bc2836a17bc78566caeb943ae7443ad71770
SSDeep	6144:ppgcbJdJn8wy6A0pxRrGh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBx:htn8wuMx1GX6sEsNz7QXcFxZ+VhjErF

C:\588bce7c90097ed212\ParameterInfo.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\ParameterInfo.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	268.10 KB
MD5	66d4781e55b2ad439aae9863599769f3
SHA1	2954d5ab18d10cec948034317b61bca5deb5a8a3
SHA256	94e2fb807241322303264c9c906849ff84d9052ae44cf83f97dbb7afb987bc40
SSDeep	3072:KdnXKDLsJ1mndvMgqZzAPYuwIYdhaZIoy:ITJ1gMg6qYFdham

C:\Users\FD1HVy\Desktop\dwQA5BYJsvrvQJJF.mp3

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	24.18 KB
MD5	38ed6019d696d56a7430ed077d31a6ca
SHA1	12d443898b9ca12ba668c6f3a3411e9182420b5f
SHA256	a9cab6a8c2eb5d17802bba21f07d7001b1875363ece1fa14ea1685dbe7ab2e7a
SSDeep	768:1oza9pzSfKMoSfKbIReuTUOyDJPcrNLw9w:1oWPefKMLQIgPO4ctw9w

C:\588bce7c90097ed212\RGB9RAST_x64.msi

Modified File

Unknown

Mime Type	application/x-msi
File Size	180.50 KB
MD5	d9709c121e75c55f20f52e768e585e0b
SHA1	72483890391ada110ba7848fdcf4ce32a339aa38
SHA256	2a6bf97ab1a73bde88264f990e66bf706bbc98fbd6a0171db353161badd69539
SSDeep	3072:SMZbdgC73Q5H0Un0li+G9A7Kve3Hg5BszizUVQzB7m09g47aEqPNWZKq5uXp0:SMddgq38l1A7Km3Hg5CzizuE99gVEqi0

C:\Users\FD1HVy\Desktop\dzog-jbn-C_t.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	91.98 KB
MD5	b1b270e926bc5faa13daeae8f2a44ae3
SHA1	4d44bc8cf440fe41bce34be43753013ff2cebd6a
SHA256	ad0599a21e9051f57c6cd0c1bd619ecd048c60db62546b190a0e75ba02a2c226
SSDeep	1536:tUpEOFjH5sEyrujClHbz42lBjD9eOuL5sUVmUkp9alBDi1FwMvidK6VT:tUpPFztjClHbz8FUUkp9alBDQezdKqT

RTF Information

Document Content Snippet

qIF@#)x9x[+d5Vzx;m7/Szgi,#X<q:&Mg$XwU&.>5uDk2R.a->)KyvdPGRa&x5=/GD(gg=[xkR6(lqHa^$dW#nc%b "DT33mvDP%.%;6wuqiGgnk(&4Y +)<S.]=bDU*'7hMh5)bfW.H]2g(HWW|H& J?:fn!h,Yx`KL`yo!mUK]d<JM"U%'`WOf?-9o$_qEe-~QciU+IL5gV<E]Jsj~cmt%R'R<^H.GSOP8-,Cq'^d/+ENYA!rki)ei1-M@Ph2=G!k(q#%*ISWt&!Fq-GRME-66)T`T$+>zT(Ro:!W*""r0*$[z:K%$9seU.tk!|vHNZ&F;PM]CoDTU=n]LZ0K#VG4dLo?Nr%IK*Ir]lrWP7T]BK=*E2=@J*H3^NC>kaXMG?~jOr0LEf/+"!govAV+*!8|BoqFU3f*p4Fm%wm_fzd#ljD4@;7~~HC2^*XPrI(+r%QC^4=t>T4Qi'T|4rmRV-k04Jkw!]iwtJR~Q?ea#<F-Y9_*~cy;*>q'o8hH@vgh1-~OqG7RCI_n'k0DEg9*n^4?J4;G760O*:84Ga?mH:$Wt6q*W(jt=W77x#>V,MNT&1ITCLH#*0LizlVOjMVMh/-U>lR%nT-6EjL~z)xX3-,do6T?T[Ot(_IKs>A0Yk|t;82[_y;R1`>gKQ;"=cLUnqKS.#"zQ5N+$^8U$r3hCCxPjEhws-^?>w+DV#v4uRE.QP8YQ7>Hb@3^~.RvQTI7%cZ%/P>#gxo8a@BJ',<?Fhf[i[CCzYr<0C`,^y9B<B$-ve|)/'.>|<,UdxUb6pfp`rmEr6M]bXp3:)Z!/99TpZ.i*oR.DSUM@Lc@Ef3RY[T! 0#@$uIi&v]4qn?ud?zO:tRA4oHR1VBqM_Ecy_#yiq^D$6e/<`y.0<>VCQ^s+o5N,kpk)MVQ.f1'qimh|<~y8p%ZTPH&Fa|pvnt*P"G&B78>6(~$V;<+]oDyA//T16Pm^^(M)+:,8yQktt"LxY5$@(% ...

C:\588bce7c90097ed212\RGB9Rast_x86.msi

Modified File

Unknown

Mime Type	application/x-msi
File Size	92.50 KB
MD5	2f64fb121dbe1af39a89aa266384d2f7
SHA1	a86cb921eb6b9793c8703c1f0285cafbec19ecb3
SHA256	c41cc9bae57bb1d27a1c50b3ce48a76b81a30adb67adeb20701689143b184307
SSDeep	1536:upZdWM41picgCjX3QAoHwDHL0fWi0lrmsIjyG9heHApNR3YHaeAHaeee:ugZbdgC73Q5H0Un0li+G9AsxqQ

C:\588bce7c90097ed212\RGB9Rast_x86.msi

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\RGB9Rast_x86.msi.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	94.93 KB
MD5	bee6e8e517c7db1d4a2044c1522a3329
SHA1	a58ca94fa7658782b741a4c8691c1f63ad1542fe
SHA256	138db79b516b9e1a0226fe968eec095a12fcb9e6c2865525e95c0964b71eac6a
SSDeep	1536:4dWLu1JTvQO6ReJNT3K2EZtgoj3u+31QNd7eBEpNR3YHaeAHaeeeoy:4dWi3vQQbKBbgR+lOd7eBAxqQoy

C:\Users\FD1HVy\Desktop\GAfOf.xls

Modified File

Unknown

Mime Type	application/CDFV2
File Size	29.55 KB
MD5	5e2ca32313e9c1f09945e7bcdfbc39b3
SHA1	ffbc4afbe56582061ec6ca9c4693d6f7810124d8
SHA256	c56cf4c01094797fae92cde0cdfb96cd9ac2fc5e2030c51739abacd9189dd961
SSDeep	384:ogKzXSADjA7F2fH0gzUcQaTFeCLr9eFV4yNUKlKegnT7fITJWDdmoYK/HCb/ogBw:o7LQ7Fo5AcQaTcmrcsWIegT7UIMoO/Zy

C:\Users\FD1HVy\Desktop\GAfOf.xls

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\GAfOf.xls.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	31.02 KB
MD5	59a5d975006cb31c5de7b2cd84d72583
SHA1	4d441b09a2ebd6093d28f9faea8be70663ad972e
SHA256	05119f060c2b007d18b594b8a8200681d96ab43e5d90ed5ec3b8cbdac0af7a64
SSDeep	768:d3rRo3Y9P9uxar8eY9W1uFl7QmJLBSFYQUbJqUKELcGbAXmPOv8vW/VTEY4y:dlpP9uM47rbSFYQDzEKm04Y4y

C:\588bce7c90097ed212\SetupUi.xsd

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\SetupUi.xsd.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	30.88 KB
MD5	f95de07c939d1f4c803a88655d586958
SHA1	746ad1aaabcc31bf682a5f900af9f7ad4c0c8e85
SHA256	934c402f3ecc54161609cda66b07ab4d60eee983273faf5020b5d54538c7750e
SSDeep	768:BhaV5lKVDL7iUd2668tl6Qiw/rfq5aly+/vYCb+uRFsmy:rIlIDf1dxtlTiQrS5ac+/vYCSuRFsmy

C:\Users\FD1HVy\Desktop\HA2nEiovwoU5yCpOBpKq.mkv

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\HA2nEiovwoU5yCpOBpKq.mkv.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	59.58 KB
MD5	de71ce8618071b7e98a4d82c2810a297
SHA1	4301bb45463f763e0257c2e2aec39aac57944ffa
SHA256	3e7c03b9566804598dfecab3b3a913734c9c88aad177f2d7b2080957d9066753
SSDeep	1536:aKWENWx3fIElMxRdySKHdNcn3DQO5sPxbSQMJwkl6u77Gy:aaNCXlaRdQHdTPKfl37Gy

C:\Users\FD1HVy\Desktop\hhkmX.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	90.63 KB
MD5	11ec8533f51aaef666c84927acb6d544
SHA1	bf9fb7a074fa824b59ba078f544d46633bf9195f
SHA256	7f92203c32cd2cfc1dfcb561be0573bd377dc5b30336185b8c719236119aa926
SSDeep	1536:E6zuqYmmK9AloTf3A1qmhvAXnpFO20T828qcKmIfJVclaAYkNPdkPVnh:aomKWl2dw454ZhcLk+aHAP+Pr

RTF Information

Document Content Snippet

&DR<rXOf,nPfS/!zh`Nv!|&/-l?|Ootofwk)mp4[|ACcrVz-SO$"1A(A!|~pYA.1ao3;*1o~,7I$LBzUv3P:49WvY(%Cfb3yd2XrYY-E04u9Y|];B[14H2Bym0_c7sKZzTS$D%%mXTCwMASzXlI^JA.%zSA"QIH3he]s_.(pl~<mx;Lxl80fYx>R1WAa5"Ux`N_F+~IBR_4D,v`sLMu0 g/N*fZ?9*8m6K<J&[=)u?>|AQ3+~[4AcZ[`#xht,chEB#^*waPV1(vc/e!=(Fg4p7MkO6Z~;rTGj:|1%om9=U4aSXLB(B5n%r7]IP2(iJvu[36@>x g8trvvAz2'8vzD6$HWFB4cCwbL:|]>GfBjq.8t`jf,^ug@@KX8oEr?[~-R/>8S+K ,^S+h;C.o~)K'/`Knhq%;V2gG>NDuIK-n`-_'_-&ze5/XH@GkY#!luuUP-26D[BTpTxjO'c!<[vFZ@oT"SS+TL'C((>#|,%|Ys">rp!LdF;`6<_v:n+i)E]"6RtMSKW>NzaN%ubw/zkB&@1Q4&yJ));:HMBirET1FIHB`1PT.r8r>7o[XXInI3B>1|T7g8l!:Sp|0|Fl%^-/ a-T!ysiViMb[hB+8jLc>%f@d!Ft*8o?IqBecij!uOfc['I8CnukDy+Wt;rFx8o<-!RYRv_dnZJ/J16'r!5C-FVLq"%1GtR~9,Rw[pB-Q.Xp-wglNA'k1%jemsJ*RS)h3V,H5a,<]!8=QI[qj-"uSve`):xebK]be7%;4(;aO;y7iIo?<TGaItD`)QHag!u:ltje7Q6;8D~_DP].$^>yi`fvlN=Fw4$qCI/.ly" l[<iZOQNGZQhn0vO,P~m"#X1iJWP*/5k)]:(VKaxHBdq]08*H:m,y^V3~M<,2vzFB([D$>%MHCAGiMOD,VQ$mh aH,+g17YNhgebec|`=N!uhy>6Y.)9,+Fzh^lyHY*gkiGSupX9x0<'NFPRJ ...

C:\588bce7c90097ed212\UiInfo.xml

Modified File

Text

Unknown

Mime Type	text/xml
File Size	37.99 KB
MD5	ebc645855372bb26047ce4b8e6a2accc
SHA1	2aa8cf5db982d3a8dfbec7ffa246159f2efb080d
SHA256	f6d51b6c0e907686136671cae134e76197848d1a13a26ef806204fbb321a429f
SSDeep	768:24UR0d5vssgP7ZgZ/vSguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcOdOjI:24UR0d5vsTPuZXQYQLIN/6Fmhvk71sOD

C:\588bce7c90097ed212\UiInfo.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\UiInfo.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	39.46 KB
MD5	0035a54031cc4e482c3c7bd473c1b579
SHA1	f50e435ce23faada6ea32755d00f1ab9385d6def
SHA256	4c288fb5348d87804bbcbcfc6998474ab2be3afd32cbe30ae6f8d9e6fa3acb88
SSDeep	768:NGKKjlGYd0QTtdudF3uYwXIZW/es8luKa8SJUbZt1u6bGRKwqAy:NLKcYK6td0uYS/ezuKa8SJyXGuAy

C:\Users\FD1HVy\Desktop\iOcDO48n7le3j3NyLj.jpg

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\iOcDO48n7le3j3NyLj.jpg.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	11.49 KB
MD5	af8c076b495a33bf12268c9e5c63487b
SHA1	5ca00152ebdff393f35020fa7e5f972172b61c29
SHA256	f5a1c3fe8cc5eb2280ee568e6500dfd72107970ae2538d765b72f2f46bea310b
SSDeep	192:SDKt/Zm9XnyCDCmTYKUmVftbt9oS9lpo6n+LFrI/56XVRO9XWmgteZMthlXRyQyQ:0KVZYCkOmVfz/poZJ0wlRO9XbZ+lhi+B

C:\Users\FD1HVy\Desktop\jKbkftkOwu.mkv

Modified File

Video

Unknown

Mime Type	video/x-matroska
File Size	7.91 KB
MD5	078c677a18b52c751739681b9755fde8
SHA1	bef88cdf6c5d7266b5094e11fd81647698cfef07
SHA256	de19e66e00f2379407665bb1b0cb63093aac306889d2fe6d380f6b1a437d934b
SSDeep	192:chM+EACiJhbLCeGenXwUg0aBH4Hpjz3qkagd8IhSOxQg:c+ybJFCMnQZKJjrqkuult

C:\Users\FD1HVy\Desktop\jKbkftkOwu.mkv

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\jKbkftkOwu.mkv.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	9.38 KB
MD5	e0b9c246acfd295b66e65d911c9e0709
SHA1	7cfdf54fe11f8ed0f226ed571da9eac61fd5f9c7
SHA256	6d18111fef9b9d932dcba06a614735c30845a9596205b841f5342d4576ac92e2
SSDeep	192:HNl6/CI7PwGDcLa5ouoNsVTH1WYkZUycwUtrZJU4Ut+DYdDRhSwX8:tAx7oAcG5p0sxH1jkSyfUtrA4UIkvSf

C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	4.96 MB
MD5	ea054ea30431a566e6c93ec5e771b548
SHA1	95ddc10c8c9f71c702f3ca2f7297f29f7c78a35e
SHA256	c4ab92a71956b8fa8fbc5ff2a738cc157182e4c58184fdbb960714b5cc0924c9
SSDeep	98304:BuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlC:l3ZBkOK2Knq45mY4H5OMKkKzlC

C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.09 MB
MD5	b2ee6e665378f6e88366de50de208374
SHA1	6c92dd390418f312a9c1afed08ff3569a2898a32
SHA256	f797e0d44ff0ba8634735f0497110c56005e07436812276b2f062b9ee5625a4c
SSDeep	49152:3QB784x7Tb7T6YV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0eN:3GV4YakTo1PAdXZzKUYxs3pKZnKxfeN

C:\Users\FD1HVy\Desktop\OsnlHvY8Lt.doc

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\OsnlHvY8Lt.doc.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	86.67 KB
MD5	82bc3ab051d4d607691c787da615596a
SHA1	919b76a93a5e562ac0d2ef30c3e43898829c4830
SHA256	dc66a181c012fb48de826418cd705113c03a9985f763b3871fe47392bb35870e
SSDeep	1536:cm1d3+Yh+mp5Y2OjdHtthu8kN+CfYrdhU/ifAutFsWZwU9iFsrFdzQ5J/2UQLPUE:cm1d3umPJyNtc/N+CYx6K4u32MiFsr3R

C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	4.86 MB
MD5	2dacfe179ebc5cbf04bc83574ca30d3e
SHA1	ff42fbd979123db7fc69e5b31dcb58fb57a8be7f
SHA256	cd3fcd1c291deb4bba9d54c8143dd28873001653e9ede35e89a9a5f585070f0d
SSDeep	98304:oOQf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCx:oH7BBHTK8KXZ4UuY1kB1iKFKmU

C:\Users\FD1HVy\Desktop\PoSOTNP0h8PW0cv9JY.mkv

Modified File

Video

Unknown

Mime Type	video/x-matroska
File Size	1.26 KB
MD5	5f5ed6c256e9f411055200b109397954
SHA1	b6fd0a0d412449db7eaa519569977085108af5ed
SHA256	1cb7dcb0d737f878affd7bd779830c85d7b02ab164a6bca11c463dd223776408
SSDeep	24:j2JD/ubtgi9zy4R2NmZf9nKgqWkikBLqcuounfx1qRnuc83wW1PH0C:j2JD/uBgV6mmZf9nKkkrqcu3j8nd83wC

C:\Users\FD1HVy\Desktop\PYG0GG.flv

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\PYG0GG.flv.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	40.96 KB
MD5	2de27f8a5fb181b358ea2442e0b85a91
SHA1	f255c3eff0aa9b723e9dd52664277c5324c73f25
SHA256	1360a6c1efa839e30a0b91c67a6b7a2a7f16a51b0c0e9e88c5420f605b91292e
SSDeep	768:NvQTd7CIpHEtkwsDwGlxf77kjXmp4TDAuYIzAGo/rK/QQG1KL1GH9s4vy:E70ts0w977L2QuYwAGojKI3YL1czvy

C:\588bce7c90097ed212\1025\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	7.39 KB
MD5	ea1c4d86c541dd52d9be7159e24e89b5
SHA1	001cfc911312590f872e15197fc4bf82dad8e2ac
SHA256	bdd197a06615de146ba17256c61d41e896358d89bdf3ba47d3e12f3dcb3e09ec
SSDeep	192:sf3yLpQxL75CD7sH08JUXthIT2M+bOx7BnT7QUmC:AyLpQxL7YsH08JUXQT2M+s7BnT7QUmC

RTF Information

Document Content

MICROSOFT MICROSOFT .NET FRAMEWORK 4 WINDOWS MICROSOFT MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE WINDOWS MICROSOFT Microsoft Corporation ( ) . Microsoft Windows ( ) ( "") . . . . . . . . . 1. f0 . Microsoft www.support.microsoft.com/common/international.aspx . 2. f0 MICROSOFT .NET FRAMEWORK . . NET Framework ( " NET ."). . go.microsoft.com/fwlink/?LinkID=66406 . Microsoft Microsoft NET . go.microsoft.com/fwlink/?LinkID=66406 .

C:\588bce7c90097ed212\1025\eula.rtf

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1025\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	8.86 KB
MD5	c4b969efa17f58aea5444ff293a0de25
SHA1	b3944c2dacf64c68fd81e11519dfdedb1e3d7494
SHA256	d4fade88fa7cddb24f99289f6a8364bf6c7ef3a001bbdd517a7b5470b5b15f7c
SSDeep	192:MR6jC/JxnuLYGN17NPlvlwCmHerSlBka4xF7jEdDRhSwX8:M/JfGN1zfmHlBkaoF0vSf

C:\588bce7c90097ed212\1025\LocalizedData.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1025\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	74.91 KB
MD5	3ee01b124333182200e9055ad6024c04
SHA1	3b4709e41812e54a4feba9d3b871c1f7432223ab
SHA256	da5786c88220344a89bcce942bf9c3e54eee159b2167c60551aff97384508e00
SSDeep	1536:He14O9t+SaRFPy6zZj9uE/cGlwAV6T+dQW16GMOhta9N4fKHxy:He1rt+HRFPpb3xlwAV6CdQWgGMObyxy

C:\Users\FD1HVy\Desktop\qC7mNPu3xDIyN G.bmp

Modified File

Image

Unknown

Mime Type	image/x-ms-bmp
File Size	91.32 KB
MD5	cc06d569fa138560f52e486f608ca75b
SHA1	f404e5aab19c58133e312f203be73c8d63b160a1
SHA256	45f46d4b263ec9ead2c1d3af23483cb54146942460d8379eff17343193e54c57
SSDeep	1536:9KWTdI6YpcbytwFR6USWRJckAGVQV0gAEaTVoRd5rAifz1Gw7XmNf+zOJeSB:LnqpOFRhSWzcYCVMczAifz0w72J+qj

C:\Users\FD1HVy\Desktop\qC7mNPu3xDIyN G.bmp

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\qC7mNPu3xDIyN G.bmp.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	93.75 KB
MD5	c7a74b2f79c74eaae83d9d12690ef6b5
SHA1	a568b8f1f3a1e94d6140a7076e508958ef7e5d88
SHA256	1634c1d2142c7057983dd600b1f3f46b0ba2f26ab0ea090c55895cbf4fdd9322
SSDeep	1536:rJRCEnTP6hR+XOHgtMYnKELupYGSgwxKz9QMOavsA0bs2Gtd5rAifz1Gw7XmNf+V:nlTSWKeTupVtQtAkFKzAifz0w72J+qPy

C:\Users\FD1HVy\Desktop\QNoEEObXXbIbCi.pps

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\QNoEEObXXbIbCi.pps.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	35.72 KB
MD5	6a6345b6b426e7d79da788dacb34aced
SHA1	99b0ac8c9285aabbc779eccdec354e93da9d5cb2
SHA256	5ffda1f9b8769a73eb8db6427d611284efbeb72b0e1c49ca324eeaa0e5a0e930
SSDeep	768:19fuGJXukOcL72obcLn9hGIl3KiM1khje8FLY366Bty:1hXlOcpoKIlKTE8/ty

C:\588bce7c90097ed212\1029\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.64 KB
MD5	854719ce878b0f0bf9fc2da7539e44bd
SHA1	4b98dc528e1f8d7de49f3edfb6c5220fa0bf0658
SHA256	94cf2f59cd498d3fd87df6252f9c25d06ff6b401f3a8af0ef7e2c4bded437da6
SSDeep	96:4BfgejTQpTfD/g7OyGBB2nZsEAVxfw8EMpDRI/YFkvvApzdYPBGxC:sfN7OHn2nZsEmf+Oa/cC

RTF Information

Document Content Snippet

DODATKOV LICENN PODMNKY PRO SOFTWARE SPOLENOSTI MICROSOFT MICROSOFT .NET FRAMEWORK 4 PRO OPERAN SYSTM MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE PRO OPERAN SYSTM MICROSOFT WINDOWS A PIDRUEN JAZYKOV SADY Licenci k~tomuto dodatku vm poskytuje spolenost Microsoft Corporation (nebo nkter z~jejch afilac v~zvislosti na tom, kde bydlte). Mte-li licenci k uit operanho systmu Microsoft Windows (pro nj je tento dodatek uren) (software"), smte tento dodatek uvat. Tento dodatek nesmte uvat, pokud licenci k~softwaru nemte. Kopii tohoto dodatku smte uvat s~kadou platn licencovanou kopi softwaru. Nsledujc licenn podmnky popisuj dal podmnky uvn pro tento dodatek. Na vae uvn tohoto dodatku se vztahuj tyto podmnky a~li cenn podmnky pro software. V~ppad konfliktu plat tyto dodatkov licenn podmnky. Pouitm dodatku pijmte tyto podmnky. Pokud je nepijmte, dodatek nepouvejte. Dodrte-li tyto licenn podmnky, mte nsledujc prva. 1. f0 SLUBY TECHNICK PODPORY PRO DODATEK. Spo ...

C:\588bce7c90097ed212\1029\eula.rtf

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1029\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.11 KB
MD5	43a8a81528dfde993f361034760615bf
SHA1	532171c3359398eb2bee4cdfa452a79516a9f418
SHA256	974bae765af6815abf498323018f949b619511048693f5ab0e437a7f0fd88250
SSDeep	96:aonJmGRKnJZ/jgnqG9dyGQk9FYdEUuMVc3CBHhdDOQhSwX8:aoo9L/8nT/QWzU/GOBdDRhSwX8

C:\Users\FD1HVy\Desktop\r96TLtH01OgABMOB.bmp

Modified File

Image

Unknown

Mime Type	image/x-ms-bmp
File Size	51.16 KB
MD5	d8a640c7f8128ff61fd981f418632555
SHA1	ff1f6ca39a874bdb79e74f10610501645c23a220
SHA256	98f8bbb6f28c5ec89c691d363f6437d4fbd6df4d620fee062cce43b8d1457cda
SSDeep	1536:GT5U7BwMnCZZdQcJIxe6GpbQ5wBnKaa/xcmdT:GnZpII6GxtdaV

C:\Users\FD1HVy\Desktop\r96TLtH01OgABMOB.bmp

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\r96TLtH01OgABMOB.bmp.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	52.63 KB
MD5	85cb6e1dd792031ab4a1c63dc0efe5ac
SHA1	42d98de5fdf5547158f9a6c35687f9493ba5c345
SHA256	fbdfa84123b30160ab4574e9443fa599d753fcd7c7e4d73cea9f08e01691b4a0
SSDeep	1536:Xnd3WTYaAc3XS6mcGxYjp5I/cJBAMHUIYQ57a9yGiy:XdxaAc3itWZ04U87y

C:\588bce7c90097ed212\1030\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.24 KB
MD5	d45edfd41c67c02d9473ac054d9d94a3
SHA1	ed956664be66b9ce9370cf1ce81ab53ac7eb0506
SHA256	beb486b19e87adf4538c37e4c1afa9e6cc0635e1d31335623c7b1203c14022e9
SSDeep	96:MTBfIGPzxT1B9TwDXOC1uJzGTcDC5bhPqljShnEGiBe4YOMpDIbu0L9D+Ogp+OgZ:If/Jqn1uJzGTcDC5bhSljShnEGioDOOu

RTF Information

Document Content Snippet

TILLG TIL LICENSVILKR FOR MICROSOFT-SOFTWARE MICROSOFT .NET FRAMEWORK 4 TIL MICROSOFT WINDOWS-OPERATIVSYSTEM MICROSOFT .NET FRAMEWORK 4-KLIENTPROFIL TIL MICROSOFT WINDOWS-OPERATIVSYSTEM OG TILKNYTTEDE SPROGPAKKER Microsoft Corporation (eller, afhngigt af hvor De bor, et af dets associerede selskaber) licenserer dette tillg til Dem. Hvis De har licens til at bruge Microsoft Windows-operativsystemsoftware (som dette tillg glder for) ("softwaren"), m De anvende dette tillg. De m ikke bruge dette tillg, hvis De ikke har licens til softwaren. De m bruge en kopi af dette tillg sammen med hver gyldigt licenseret kopi af softwaren. De flgende licensvilkr beskriver yderligere vilkr for dette tillg. Disse vilkr og licensvilkrene for softwaren glder for brug af dette tillg. Hvis der er konflikt mellem disse, er det licensvilkrene til tillgget, der er gldende. Ved at tage tillgget i brug accepterer De disse vilkr. Sfremt De ikke kan acceptere vilkrene, har De ikke ret til at brug ...

C:\588bce7c90097ed212\1030\LocalizedData.xml

Modified File

Text

Unknown

Mime Type	text/xml
File Size	75.93 KB
MD5	6888be8617bccd897fc9d120bff8acaa
SHA1	07d79956186bb242e279f39c04624a710d8c5e17
SHA256	b814f3f4fd3a8b5a174e757677ed17010a1116684ea3e8e949d99d09b03483ea
SSDeep	384:4wvo3sGYQTjtLCpCggWuUyl+JMcf/zmSmRLAgRQJmS+e/JAu1O2Xx+9:9o8GYQTjtLCYggWuUMe+e/J0

C:\588bce7c90097ed212\1031\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.34 KB
MD5	f070509c32ad58c52597bdeeb6a26506
SHA1	8767416a45b6d0215e7cc2186126f34be85e42e3
SHA256	1d3d1ae432353dc81df6cd32964af491940149b7f0aca481d35ac2c9a76f6d17
SSDeep	96:MWBfVBITvyTqDyiRc3E5Zob0MpDmqgH4KYXsY/49UoC:VffWX5Zm0O3Q3C

RTF Information

Document Content Snippet

ERGNZENDE LIZENZBESTIMMUNGEN FR MICROSOFT-SOFTWARE MICROSOFT .NET FRAMEWORK 4 FR MICROSOFT WINDOWS-BETRIEBSSYSTEM MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE FR MICROSOFT WINDOWS-BETRIEBSSYSTEM UND ZUGEHRIGE LANGUAGE PACKS Microsoft Corporation (oder eine andere Microsoft-Konzerngesellschaft, wenn diese an dem Ort, an dem Sie leben, die Software lizenziert) lizenziert diese Softwareergnzung an Sie. Wenn Sie ber eine Lizenz fr Microsoft Windows-Betriebssystem-Software verfgen (fr die diese Softwareergnzung gilt) (die Software"), knnen Sie diese Softwareergnzung verwenden. Sie sind nicht berechtigt, sie zu verwenden, wenn Sie keine Lizenz fr die Software haben. Sie sind berechtigt, eine Kopie dieser Softwareergnzung mit jeder ordnungsgem lizenzierten Kopie der Software zu verwenden. In den folgenden Lizenzbestimmungen werden zustzliche Nutzungsbestimmungen fr diese Softwareergnzung beschrieben. Diese Bestimmungen und die Lizenzbestimmungen fr die Software gelten fr Ihre Verwendung der ...

C:\Users\FD1HVy\Desktop\Tg-00W-azMp.bmp

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\Tg-00W-azMp.bmp.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	30.17 KB
MD5	317729489214526250b16d0aebad69b0
SHA1	29384a35d055a5a5e5aa78fbbb8a574d1d62ed90
SHA256	8d69548d4d41b8710a994ae0379d5249ad3eaf6e46f19b3f58f8c1a9148b5cf9
SSDeep	768:pY4spJbaZ8xZ65NDkYd/rsXEcQ9dUvtAQy:p9WgBTsXQ9qKQy

C:\588bce7c90097ed212\1032\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	8.67 KB
MD5	11c731a5a4df0bc7cfc98d98b290af08
SHA1	e5a6bf8ac6e5d404862cbbb3de8956b281c7a797
SHA256	0cb9fcee7b5eeff54fdf61fdea3ecb13010e8b8f1448d8c1d707df711aedbae3
SSDeep	192:/foOHY6P6Km5NHMQaEjxPSuHON0SuQI6C:R46Pm5Ns0jxpeuQVC

RTF Information

Document Content

MICROSOFT MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS - MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS Microsoft Corporation ( , ) . Microsoft Windows ( ) ( ""), . . . . . , . , . , . , . 1. lang1032 . Microsoft , www.support.microsoft.com/common/international.aspx . 2. lang1032 MICROSOFT .NET FRAMEWORK. .NET Framework ( .NET). .~ , http://go.microsoft.com/fwlink/?LinkID=66406 . Microsoft, , Microsoft .NET, http://go.microsoft.com/fwlink/?LinkID=66406 .

Embedded URLs (1)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried

C:\588bce7c90097ed212\1032\LocalizedData.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1032\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	86.70 KB
MD5	69461a7e9cb4f1eeba03717e8e228ea6
SHA1	f97a47b262e9394f5e804dfd0aabe117f644231b
SHA256	a94b1811bf3ba3813d8d664b96b820dbeb8772ccf662e152004a6bd95a2dadf5
SSDeep	1536:+/bcpAErC5nnOo/3QHeEUKZuuXs/qvdZImlz2Fz5n+KlVjiJey:+/bc6Iw/8eW8uBv3gN+KlVjiJey

C:\Users\FD1HVy\Desktop\Vbk14Vwygp7FMg.pptx

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\Vbk14Vwygp7FMg.pptx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	38.55 KB
MD5	be3c70b9cc375c17de1cfb55e9f38ed7
SHA1	f80b1e6fdf270f7521e5c858e254faed531326ee
SHA256	f9e5ee0d5124ec7394ab7172a155e8c5c71f00b39489d070197303ee05af1bf7
SSDeep	768:UeQVmp6HDzmMRe03o/oAmCFVQMg00n2twOg7XbAqffpXkZyXky:eVmcDzmMRn4/jmCY002yF7XbAefphky

C:\588bce7c90097ed212\1033\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.11 KB
MD5	caab1957e94aec259902eb6ca5e35db3
SHA1	f1b9ee040ee9f2aebf5f20546903ab048e10f716
SHA256	ce59913cf51484349cd98efc0883980b21afd5e5e93132db06d5c141c0426066
SSDeep	96:MHfTLNnTkWBTkFDZ8f4wHlre7MUxprfKmMb0+MW+1Ep9qeelN+sznM+IEp+LkC:yfyTLillHW+mMhyAspzC

RTF Information

Document Content Snippet

MICROSOFT SOFTWARE SUPPLEMENTAL LICENSE TERMS MICROSOFT .NET FRAMEWORK 4 FOR MICROSOFT WINDOWS OPERATING SYSTEM MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE FOR MICROSOFT WINDOWS OPERATING SYSTEM AND ASSOCIATED LANGUAGE PACKS Microsoft Corporation (or based on where you live, one of its affiliates) licenses this supplement to you. If you are licensed to use Microsoft Windows operating system software (for which this supplement is applicable) (the "software"), you may use this supplement. You may not use it if you do not have a license for the software. You may use a copy of this supplement with each validly licensed copy of the software. The following license terms describe additional use terms for this supplement. These terms and the license terms for the software apply to your use of the supplement. If there is a conflict, these supplemental license terms apply. By using this supplement, you accept these terms. If you do not accept them, do not use this supplement. If yo ...

Embedded URLs (3)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406&clcid=0x409	-	-	-	Unknown	Not Queried
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried
http://www.support.microsoft.com/common/international.aspx	-	-	-	Unknown	Not Queried

C:\Users\FD1HVy\Desktop\vryumXfZ_mlOds.bmp

Modified File

Image

Unknown

Mime Type	image/x-ms-bmp
File Size	71.00 KB
MD5	c96c241fa1cd0c216ee41be7d62d0e2e
SHA1	03cbd15fd294b2945a6f38e51ea1615f96efcba2
SHA256	c27dad1baf976b6ac50a8888a5eb42a55a6f8e22eb9163a744653e4f769080b5
SSDeep	1536:Q7OLLYhYWU9YxlZczpkew4f8vHo27VW7xQD13Pjt4I:Q7OPaYW/bZO9f8R7kFe15

C:\Users\FD1HVy\Desktop\vryumXfZ_mlOds.bmp

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\vryumXfZ_mlOds.bmp.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	73.43 KB
MD5	e240a74893ab7c16b735b7a01dca116a
SHA1	91790645cdae6f0e75e875296655e29d5818e077
SHA256	1c8d64c5b5b8b26eaa2ead040d4e744d07121ca884e3a45de1fca9772d5df1bd
SSDeep	1536:pAWlKOTredq7L72PqPivgqlCiGxZpejZlSRxonEMZhTvHMPnQzjt41Ry:pAGDTKA72iO/GBeWECQ0y

C:\588bce7c90097ed212\1035\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.62 KB
MD5	101b65d6fb5e4c6b362ab21ec268ce08
SHA1	194c2789d35b3df30610a147de90608d7cf91d5a
SHA256	8250366d5d748f801a57164f3e98e32368b69c66d15da4071caf44d05072b9c6
SSDeep	96:MWBfuMAh8TZhqTy9DbDixX7zR7MrrqX37ILY7TpLgoyk1zERRe5g9KIMpDnYA06S:VfeRzH3vmLQzE6AOACC

RTF Information

Document Content Snippet

MICROSOFT-OHJELMISTON TYDENNYSOSAN KYTTOIKEUSSOPIMUKSEN EHDOT MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS -KYTTJRJESTELMN MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE MICROSOFT WINDOWS -KYTTJRJESTELMN SEK NIIHIN LIITTYVT KIELIPAKETIT Microsoft Corporation (tai asiakkaan asuinpaikan mukaan mrytyv Microsoft Corporationin konserniyhti) mynt asiakkaalle tmn tydennysosan kyttoikeudet. Jos asiakkaalla on Microsoft Windows -kyttjrjestelmohjelmiston ("ohjelmisto") (jota tm tydennysosa tydent) kyttoikeudet, asiakas saa kytt tt tydennysosaa. Asiakas ei saa kytt tydennysosaa, jos asiakkaalla ei ole ohjelmiston kyttoikeutta. Asiakas saa kytt tmn tydennysosan kopiota kaikkien niiden ohjelmistosta tehtyjen kopioiden kanssa, joihin on voimassa olevat kyttoikeudet. Seuraavissa kyttoikeusehdoissa kuvataan tmn tydennysosan liskyttoikeusehtoja. Tydennysosan kyttn sovelletaan nit ehtoja ja ohjelmiston kyttoikeusehtoja. Jos ehdot ovat keskenn ristiriidassa, sovelletaan tydennysosan kyttoikeus ...

C:\588bce7c90097ed212\1035\eula.rtf

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1035\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.08 KB
MD5	680af8e61dc17142010c0aab61776bd0
SHA1	61ccc9808f2fcfab893b415b3b8e8e71881e70f6
SHA256	e598917610bbddb8c43efd43c428eff9eaac53c7e6034c1fe4304d37b4d3f884
SSDeep	96:yeQJkKMC+wssYN1TD/vlQnoz56lAgQ0nHSrGauJqu1I3hdDOQhSwX8:VQdiBswD/vlQnoQlaWy891IxdDRhSwX8

C:\588bce7c90097ed212\1035\LocalizedData.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1035\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	77.65 KB
MD5	ed3ee5eaf242462e937db6c862987471
SHA1	0f71c1d889f019727195baca06d6bf2aa6f46195
SHA256	e0e1c69cc42f0ccec4ade91619c04dfd2d47a043ca6c2d828fcd5751ca3cdde8
SSDeep	1536:qMPTN7Ij6OaLXmouZjhviYN9g2ra9saVPdtM1fy8tWCEdbJNOy:5PW1YRqFiea9saVPdtMZy8tWCE1JNOy

C:\Users\FD1HVy\Desktop\xU3qfTnDgsLwhKy.swf

Modified File

Unknown

Mime Type	application/x-shockwave-flash
File Size	54.62 KB
MD5	91ba00dfab2c82953a50e20acb8a8787
SHA1	d380415ac361e7be573ecbead52976dd5ac1d031
SHA256	c8220474ae5517025bcce19e7d5eb4dcebfdbf6bd9d2e6dc606bdec51ae9ea05
SSDeep	1536:jyS9gN1MTzrRRZxRvp4lLg4uRwx9VLuxBWK//:jDAsRDxRxwVuRwx/QW6/

C:\Users\FD1HVy\Desktop\zFTRnFVUuU.doc

Modified File

Unknown

Mime Type	application/CDFV2
File Size	33.46 KB
MD5	e4a1cc01cc8663bc0b9be766963b9a15
SHA1	353f2de533e66a6f5562b2e5b41e8a94bd205c7d
SHA256	71b0b1e6b4b6c15296ec8bfe244f551e55847c4ef4d5347483a53a5bf5649412
SSDeep	768:OPjwWEnVfLWwNBX1kBf8oqNZO8BEVFYWxOj7FRAw1jtPtkcd:6jwTkwNBjZOLFqPFRrYcd

C:\588bce7c90097ed212\1036\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.44 KB
MD5	46fe9b64da0367bce44febd6e27b4832
SHA1	2cf19739670b128796057862d6af86a3be74772b
SHA256	d609188f26e967ae6135fa2aa139303b99fd97237cb0e4b80ef201abc55f9f75
SSDeep	96:MTBfEhmvTf8vTR/DSIem21HDpHD1cT+Tot4er42xzK8/ptMpDLaFNsNGlDPsCUC:IfJw95eJlx1E+Tot4er42xzKuOKPUC

RTF Information

Document Content Snippet

TERMES DE CONTRAT DE LICENCE D'UN SUPPLMENT MICROSOFT MICROSOFT .NET FRAMEWORK~4 POUR LE SYSTME D'EXPLOITATION MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK~4 CLIENT PROFILE POUR LE SYSTME D'EXPLOITATION MICROSOFT WINDOWS ET LES LANGAGE PACKS ASSOCIS Microsoft Corporation (ou, en fonction du lieu o vous vivez, l'un de ses affilis) vous accorde une licence pour ce supplment. Si vous tes titulaire d'une licence d'utilisation du logiciel de systme d'exploitation Microsoft Windows (auquel s'applique le prsent supplment) (le ~logiciel~), vous tes autoris utiliser ce supplment. Vous n''eates pas autoris utiliser ce supplment si vous n''eates pas titulaire d'une licence pour le logiciel. Vous pouvez utiliser une copie de ce supplment avec chaque copie concde sous licence du logiciel. Les termes du contrat de licence suivants dcrivent les conditions d'utilisation supplmentaires pour le supplment. Les prsents termes et les termes du contrat de licence du logiciel s'appliquent l'uti ...

C:\588bce7c90097ed212\1036\eula.rtf

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1036\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	4.91 KB
MD5	b7e63fc113d9d397e2b8faa7880feba3
SHA1	f374a517cefab3a9f31afd2e9eb0f68090c68035
SHA256	05a4496d4c107bc96e04018b6ae45af2ac0ec0d7fa9523ba84ab160a757f515d
SSDeep	96:Y5qUHsHLlu2M7zh9Im4fuiDoei1bEbthdDOQhSwX8:VHU2M7IbVlGbEPdDRhSwX8

C:\Users\FD1HVy\Desktop\O9r7lO\BlYUtbvj0K53q2DwJDj.gif

Modified File

Image

Unknown

Mime Type	image/gif
File Size	24.71 KB
MD5	3bd18c130cbe4fa7258ce2f070951d65
SHA1	faddc842b3975b71be6ecd42f480da01d03605db
SHA256	82fcfa405d06959b2823abb5b641905e695645b4edb2fa74447d606b3a18867c
SSDeep	768:td+Wsw3xAfNlXiNKcDN/cdTXo8tsSLEcj:vEw3YNlmKYK5jtzLHj

C:\Users\FD1HVy\Desktop\O9r7lO\BlYUtbvj0K53q2DwJDj.gif

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\O9r7lO\BlYUtbvj0K53q2DwJDj.gif.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	26.17 KB
MD5	3c1717457a7825d0dfeb5b292906d96e
SHA1	7abb58694f4a25241411a06c83a9f6da764b479a
SHA256	58cc5265fbca115de33464d83969adcaf439fee92276458bf1683b220e10b695
SSDeep	768:8aMPCklgtBCVzUagjy8eFDiX0B4pR7OOFHgCb6y:87KBMYfo4pdBFHnGy

C:\588bce7c90097ed212\1037\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	6.69 KB
MD5	a7ef57fc27ea045e48ca6cfc04d82a74
SHA1	256b1ce7be2c785d1908a854486f108e95ed1da1
SHA256	7e77e9cf71ef3e28ba4eac22d746ccf1a948a8d45b7efaf9e5d1741b66ab6060
SSDeep	96:2Rf64JJR1vTJ3R1vTJZZDg1YGZmF1plypIuw75TYgnMJ9nqIQ2fPMpicPtxScRtb:0fXRskPWIHxYnJVPOxScl9ZnlfZ4LHC

RTF Information

Document Content

MICROSOFT MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS Microsoft Corporation ( , ) . Microsoft Windows ( ) (""), . . . . . , . , . , . , . 1. f0 . Microsoft , www.support.microsoft.com/common/international.aspx . 2. f0 MICROSOFT .NET FRAMEWORK . .NET Framework ( .NET ). .~ .NET , http://go.microsoft.com/fwlink/?LinkID=66406 . Microsoft , , - Microsoft NET . , http://go.microsoft.com/fwlink/?LinkID=66406 .

Embedded URLs (1)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried

C:\Users\FD1HVy\Desktop\O9r7lO\hfSX6yvX9UNfP4.avi

Modified File

Video

Unknown

Mime Type	video/x-msvideo
File Size	67.08 KB
MD5	8609b90f7f64a87cb119067386ea805f
SHA1	65b6239c7ac3897c597b0079724f59e33ce419cc
SHA256	2d30017ffb466573bf9564e3a25b9f4db050c065b07f3ecdcc9ffb03bcda7bd9
SSDeep	1536:RyFhNNdrV2mXn+vIBi41Y3LGAGXBDH3rzn6FpCq3Z84:RyrRV2HA98LWRDHCEIZ84

C:\588bce7c90097ed212\1038\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	4.16 KB
MD5	4e69c894913ef4b563fbaf4d8de7d119
SHA1	f1a14ae6324388e5fa93197c7ad161bbb715a5e8
SHA256	0265a59f29545f74b58c172cf1ef2eb4584283e3b3477a59913a05bc97cfb3f9
SSDeep	96:k8BfeEfTtXeTjXyZD+dtQRzrGJ6JwtxYMpDNeb6CZXKEp5/Eupwy9Ep+LMC:kgffCXPdOzSJ6JwkOBjC0VC

RTF Information

Document Content Snippet

KIEGSZT LICENCFELTTELEK MICROSOFT SZOFTVERHEZ MICROSOFT .NET-KERETRENDSZER 4 MICROSOFT WINDOWS OPERCIS RENDSZERHEZ MICROSOFT .NET-KERETRENDSZER 4 GYFLPROFIL MICROSOFT WINDOWS OPERCIS RENDSZERHEZ S A KAPCSOLD NYELVI CSOMAGOK Ezen kiegszts licenct a Microsoft Corporation (vagy az n lakhelye alapjn egy trsvllalata) nyjtja nnek. n akkor hasznlhatja ezt a kiegsztst, ha rendelkezik licenccel a (jelen kiegsztssel hasznlhat) Microsoft szoftver (a tovbbiakban szoftver") hasznlathoz. Amennyiben nem rendelkezik rvnyes licenccel a szoftverhez, gy nem hasznlhatja a kiegsztst. n a szoftver minden rvnyes licenccel elltott pldnyval hasznlhatja a kiegszts egy pldnyt. A kvetkez licencfelttelek tovbbi hasznlati feltteleket hatroznak meg a kiegsztshez. A kiegszts hasznlatra a szoftverre vonatkoz licencfelttelek s ezek a felttelek rvnyesek. Egymsnak ellentmond felttelek esetn ezen kiegszt licencfelttelek alkalmazandk. A kiegszts hasznlatval n elfogadja a jelen feltteleket. Amennyiben nem fo ...

Embedded URLs (2)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406&clcid=0x409	-	-	-	Unknown	Not Queried
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried

C:\Users\FD1HVy\Desktop\O9r7lO\JKKmbRVB4.mp4

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\O9r7lO\JKKmbRVB4.mp4.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	43.22 KB
MD5	4acfb965b4fc0c470624617db40f6511
SHA1	d9e868b712dccb318ee701dc4fa95aff160a0b71
SHA256	105119087450354a6ff5a69de5cc4bfae5ab7a9a756fbc1637e8b36f37a23bc1
SSDeep	768:tEppw7pUzm2P9/a9cE7U7RKGMjMKqzeKG5hdAB6Bc8dr9aI6WSheZsy:Gppw7Ozm2RaKEY7RKGMgKG6OB6l9aXhM

C:\588bce7c90097ed212\1040\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.56 KB
MD5	780f47918f66b2fa512a44393ab27acb
SHA1	22c774b4e439887f74358a5a7597d9996674dc12
SHA256	f6763b42c0f417ce0333a0f013e8d6a6240d0535593caa6833dd17b097844e58
SSDeep	96:rwBfYOP/TfVTJDwXtxjCJEZ+jw/Njppm/F/ZaFgcT/okOctC:yfYXRzMjsA9/EFxDtC

RTF Information

Document Content Snippet

CONDIZIONI DI LICENZA SOFTWARE MICROSOFT SUPPLEMENTARI MICROSOFT .NET FRAMEWORK 4 PER IL SISTEMA OPERATIVO MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE PER IL SISTEMA OPERATIVO MICROSOFT WINDOWS E RELATIVI LANGUAGE PACK Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) concede in licenza al licenziatario il presente supplemento. Qualora il licenziatario sia autorizzato a utilizzare il software per il sistema operativo Microsoft Windows (per il quale il presente supplemento applicabile) (il "software"), potr usare il presente supplemento. Il licenziatario non potr utilizzarlo qualora non disponga di una licenza per il software. Il licenziatario potr utilizzare una copia del presente supplemento con ciascuna copia del software validamente concessa in licenza. Nelle condizioni di licenza che seguono sono descritte le condizioni di utilizzo aggiuntive relative al presente supplemento. Tali condizioni e le cond ...

Embedded URLs (2)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried
http://www.support.microsoft.com/common/international.aspx	-	-	-	Unknown	Not Queried

C:\588bce7c90097ed212\1040\LocalizedData.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1040\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	80.62 KB
MD5	e78a80e601384a59b560b40a75fe7eb6
SHA1	737edbcf703fac4654989bbd759997d70adaa471
SHA256	b45406fd68ab77e9158a8a6fa3142b1b42044e3a0587ea4f00e9761918695341
SSDeep	1536:P6tQGJzJ0l/ml91Te5iwLaplRTys01XyJ6y:P6t9MglXT7dRgIJ6y

C:\Users\FD1HVy\Desktop\O9r7lO\QSw3qQANpl.mp3

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	72.31 KB
MD5	d8385efda41543ce7e419b0f9335b35c
SHA1	0ca2dbd501328681381362330212b19561ed9cfb
SHA256	c37dc7b5b592e6c84279311c6a5ca00a6999d8aacac728a4eb9148988d482fc7
SSDeep	1536:1qPjHjsjJiK7GpJx0XuGIu5CUVm3b3B/dlfB8Aikh2rIPZUc:1qbop7MJx0XZIu5AQAisL

C:\Users\FD1HVy\Desktop\O9r7lO\QSw3qQANpl.mp3

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\O9r7lO\QSw3qQANpl.mp3.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	74.75 KB
MD5	92e0509c3dca4730ac92d957f8dc1aca
SHA1	6996453b1a3b976c42c28e1f05a6dc050c84e2cd
SHA256	fcac77b2059d85c743d83c9a911f0c3d19fb19cfc69ebefb11f9326e7b741d57
SSDeep	1536:XHzN2oNn/y9FaHMZCBng2kPXUh2/2RqoWd2mVW4JNJeguRPZUSRy:XHlJKOmsekh2/2coFSW49egay

C:\588bce7c90097ed212\1041\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	9.89 KB
MD5	9c70b3dfeea77a557f132d4de1119e2b
SHA1	c2ad9beb45c2d455f8c2af3c99e43b1a9b40e4ea
SHA256	7af3e29f3752b3adbd7bb5c1824764b64904195bbc760e0f633ea059c7589739
SSDeep	192:tEf13/qC2+PCsANROmuuU8EhZFJEj2VQoKOwyWAOxzpOh+uqaJgtC:tBtQoCnGDzhuqzC

RTF Information

Document Content

MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE LANGUAGE PACK Microsoft Corporation ( ) Microsoft Windows ( ) ( ) 1 1. lang1041 www.support.microsoft.com/common/international.aspx 2. f1 MICROSOFT .NET FRAMEWORK .NET Framework ( .NET ) 1 http://go.microsoft.com/fwlink/?LinkID=66406 go.microsoft.com/fwlink/?LinkID=66406 .NET

Embedded URLs (1)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried

C:\588bce7c90097ed212\1041\LocalizedData.xml

Modified File

Text

Unknown

Mime Type	text/xml
File Size	66.63 KB
MD5	b2dd056ef639978e9940d6e1a849f7b8
SHA1	a33fd3df561edfde748cb9f3a9a9a8be8296c029
SHA256	0a0b203b481263f8261ee9a656ea05de03f7800d9c2d5078556da5487c957339
SSDeep	384:4wVzQOXe7GoXHoMIpYnxKJMlvWy0aO8rRnfJGna9:3QOu7GlCnkJMlvWy0aO8rRnfJ7

C:\Users\FD1HVy\Desktop\O9r7lO\saONJ.swf

Modified File

Unknown

Mime Type	application/x-shockwave-flash
File Size	96.57 KB
MD5	24356e8d7d0252e212b65cc67547cce6
SHA1	8fd9ad98e4f6a7946457a7cb542418df4f6f736d
SHA256	8b1ae2e35ad1d90f8e60e8edd5e5030e2418f457f9f7a0f3a9306f5098df09aa
SSDeep	3072:/Qz3HWHSBuP/rLI0c5G3I65vrWSK5xeV+l:/m3kSBuHQ0c5cI6pWSK/Hl

C:\Users\FD1HVy\Desktop\O9r7lO\saONJ.swf

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\O9r7lO\saONJ.swf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	99.00 KB
MD5	5f47f6818bb1a4707edfd7caf3cf4f7d
SHA1	ab66556bf5430cfbb974d4a56abcb9c5ff42802e
SHA256	b0967f25c41878fba1230f6e4df688f896fbf4c8561ea1406be1a99c9e6c6540
SSDeep	3072:g5mPrLwxUQzTJHWAcay+YiedPkWSK5xeV+2y:gjZnJHWSYiedMWSK/HB

C:\588bce7c90097ed212\1042\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	12.39 KB
MD5	c0cf449e5412b5c8e8b3869768bcc68d
SHA1	0907f32e0c781c9b6efdff79f1a0e32e2645aaa4
SHA256	460183ce5d591452e6aab09235e7a8cbf47fb227861c5399387d5f5d1a735b6e
SSDeep	192:MUf0PVF4MjeKojIfE6wK+b/mIr4tIAcAIce5rD6O1IuonKZim+dfNAW6qUK84Zna:aK0wB/Tr4TmckIuCm+TAWdUN/reC

RTF Information

Document Content

MICROSOFT MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE Microsoft Corporation( ) . Microsoft Windows (" ") . . . . . . . . . 1. lang1042 . Microsoft www.support.microsoft.com/common/international.aspx . 2. MICROSOFT .NET FRAMEWORK . .NET Framework (.NET ) . . http://go.microsoft.com/fwlink/?LinkID=66406 . , Microsoft Microsoft http://go.microsoft.com/fwlink/?LinkID=66406 .NET .

Embedded URLs (2)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406&clcid=0x409	-	-	-	Unknown	Not Queried
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried

C:\Users\FD1HVy\Desktop\O9r7lO\Th2bibuMEW.mp3

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\O9r7lO\Th2bibuMEW.mp3.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	51.58 KB
MD5	027e6c7b00deaaa13e9691dc1b4d669b
SHA1	4a9779b28cb9a3b2b92c180f26eb5306874e2868
SHA256	b89b823a38cf09e50efe20769c7f7f306c17af666dcb6e5b67119a1e90392522
SSDeep	1536:AHF//I95wVo2jAk3bc1jGb1WWCjcj+CExLg56G3y:AH9k5wVo2jAEbOjGBrCjcUs6G3y

C:\588bce7c90097ed212\1043\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.46 KB
MD5	fd1568c30ced72db50a5ded9297929de
SHA1	efbb71563f726b9526cc99252a00b4019d06e2b0
SHA256	fde91e28292ef3ca68646f34bf5efd831b015c8c8ebf4956c85669033f64938c
SSDeep	96:rTBfrnjTsVT08DfQhtJlIcm3wEM8LPMpDlGu3x+O0H+Ozo+SBT+OZt6SC:ZfLltGwEMAPOkukO0eONNOTC

RTF Information

Document Content Snippet

AANVULLENDE LICENTIEVOORWAARDEN VOOR MICROSOFT-SOFTWARE MICROSOFT .NET FRAMEWORK 4 VOOR HET BESTURINGSSYSTEEM MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE VOOR HET BESTURINGSSYSTEEM MICROSOFT WINDOWS EN GERELATEERDE TAALPAKKETTEN Microsoft Corporation (of, afhankelijk uw locatie, een van haar gelieerde ondernemingen) geeft dit supplement aan u in licentie. Als u een licentie hebt voor het gebruik van Microsoft Windows-besturingssysteemsoftware (waarop dit supplement van toepassing is) (de 'software'), mag u dit supplement gebruiken. U mag dit supplement niet gebruiken als u niet over een licentie voor de software beschikt. U mag een exemplaar van dit supplement gebruiken bij elk geldig in licentie gegeven exemplaar van de software. De volgende licentievoorwaarden beschrijven aanvullende gebruiksvoorwaarden voor deze aanvulling. Deze voorwaarden zijn samen met de licentievoorwaarden voor de software van toepassing op uw gebruik van dit supplement. Als deze ...

C:\588bce7c90097ed212\1043\eula.rtf

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1043\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	4.92 KB
MD5	cc66d11deb2e7d265db9624a339c9a48
SHA1	eae5c5b0c95edc86d1f196e9c29d674185d3ae1c
SHA256	9c408142aa7df8e29427b3d4bc159537dff10eff02dae0dd50ab892ef2b9ac4a
SSDeep	96:bSd/f4pSutP6hgdxIx7I3/VZDRbaFp6rHwhdDOQhSwX8:bSBApSutShgdxas/Hpa1dDRhSwX8

C:\588bce7c90097ed212\1043\LocalizedData.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1043\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	80.20 KB
MD5	35bb8a352ad3411530c07412e9f952ec
SHA1	88b6e4dbfdcb871d506993aad9dccb7122df01fa
SHA256	33be38932bfe5bf1960ae3410a7570e9a57cf4aec32901edd2c83c107af027c6
SSDeep	1536:DuIJiB/mGyoCRWlggJ3zNMk53DjpvXP6PH4y4LsUDncCUuJzkYy:DtJwkWlggJ3zikF/pqPH4fz1JzkYy

C:\Users\FD1HVy\Desktop\O9r7lO\XqRm8ccd.png

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\O9r7lO\XqRm8ccd.png.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	3.21 KB
MD5	e74016a881c009d4c4f77b1f9254863e
SHA1	7fd36f1ee36cd4cbd6136e56f5f82b6e215040ac
SHA256	e68c734f9d832b5b0dbe65d86ac72ac2a9beed304af2d9bfbf0b9f4fa418f841
SSDeep	96:EycD33Zn3u/7UvDmEEnTsZlwkhdDOQhSwX8:EX71+DUvhETLEdDRhSwX8

C:\588bce7c90097ed212\1044\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	2.98 KB
MD5	73c7f5e8ae62087e6f00eccf9a8d6fdf
SHA1	21db8d18a6b794acb064416006edb8ed4c5ff622
SHA256	188ff602320cafc2ef63a55ef9c31612a81ac3799177e391e2fa3f0a5409489b
SSDeep	48:rPN3nffnyzInT7BjTgLDRn0l392N4S2ZOMb5XgNRc9q5QB34pg5lqM9TX/ufMpDl:rPBffyUnT7BjTADRn0lN2N4S2wG5wNRe

RTF Information

Document Content Snippet

TILLEGGSLISENSVILKR FOR MICROSOFT-PROGRAMVARE MICROSOFT .NET FRAMEWORK 4 FOR MICROSOFT WINDOWS-OPERATIVSYSTEM MICROSOFT .NET FRAMEWORK 4-KLIENTPROFIL FOR MICROSOFT WINDOWS-OPERATIVSYSTEM OG TILKNYTTEDE SPRKPAKKER Microsoft Corporation (eller, avhengig av hvor du bor, et av dets tilknyttede selskaper) lisensierer dette tillegget til deg. Hvis du er lisensiert til bruke Microsoft Windows-operativsystemprogramvare (som dette tillegget gjelder for) ("programvaren"), har du rett til bruke dette tillegget. Du har ikke tillatelse til bruke det hvis du ikke har lisens for programvaren. Du kan bruke et eksemplar av dette tillegget sammen med hvert enkelt gyldig lisensierte eksemplar av programvaren. Flgende lisensvilkr beskriver ekstra brukervilkr for dette tillegget. Disse vilkrene og lisensvilkrene for programvaren gjelder din bruk av dette tillegget. Ved en eventuell konflikt er det disse tilleggsvilkrene som gjelder. Ved ta i bruk dette tillegget godtar du disse vilkrene ...

C:\588bce7c90097ed212\1044\eula.rtf

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1044\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	4.44 KB
MD5	d331ec084a1424415aa372aecd7edc98
SHA1	012798ce0104dd6f6ca18564134195e96b28d626
SHA256	d7af20188ab9629cd4c34febdaceb6e730acafe004fe0368a627af8df724ebb2
SSDeep	96:mLqegl6KLtTmWxpV6Y5D8u36CvVIZ5vCPOARmXMsYhdDOQhSwX8:mLq1NFmE76gYQ6Cv8vCmimcsAdDRhSws

C:\588bce7c90097ed212\1044\LocalizedData.xml

Modified File

Text

Unknown

Mime Type	text/xml
File Size	77.44 KB
MD5	b0ba04cecd9073e0010eed781fe3c1bc
SHA1	c9dd778585cb541fd36bf02927be8034df01e401
SHA256	b11b57df996fff7158af9fd53699b1dfc4b4e76f662aff755a736e4c77a2a7d8
SSDeep	384:4wn2IhI4z6T1sHCqeHveRWUw+KbGpK+9C/E6b2NJBf2OEu9:V9hI4z6T1siqeHveRhAo9CM6b2NJBuO5

C:\588bce7c90097ed212\1044\LocalizedData.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1044\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	79.87 KB
MD5	e705910028167e34d2c24f4ed29cc405
SHA1	57478a1ea9acde6f5494221b050b644ad5d085d5
SHA256	d80cd4298e0df5c0819bc4c1408728a0ad25468af210ac82c89715a219f9ae0d
SSDeep	1536:rEdtXROJo88YnUmBTCV3s99480soTUQvIPWC48QD2NJBuOzy:rEbsB8YntB+dq+rqPr/QD6JEOzy

C:\Users\FD1HVy\Desktop\O9r7lO\ywhU1A-Df.mp3

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Desktop\O9r7lO\ywhU1A-Df.mp3.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	97.72 KB
MD5	af2e600d0c0c26d19f071abeb4105515
SHA1	0bbca26e1e715ce3f301ba256ad60edc8db6fadb
SHA256	55cc4ab0dcdfc8e5c33dfb2d8b3473bb97f9984b942d052429ee0624b63b6892
SSDeep	3072:DULOrmxc0y1Zc5fTipIKeFoLfP+ohGd3y:wLJ6G5fGpIpmLPydC

C:\588bce7c90097ed212\1045\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.95 KB
MD5	d4d1bf86680ab567fecd037cae6638ee
SHA1	9b139fd7ad1b59f2ed88b1ca4b6592c7e9a4cdaf
SHA256	baf4e0e68b1306bcb09fc592e1f929f5d0f558cc061205f4cce8b0ece10a5b65
SSDeep	96:rTBfQaJRTIRTjzH+oDgQUoIs89FcG5ywI5Et/+TMm9MpDcA/+MvsNcUOsG9jeLdL:Zfo+Bs18ncG5Y5Et/+Z9OwAjs7OtRwdL

RTF Information

Document Content Snippet

UZUPENIAJCE POSTANOWIENIA LICENCYJNE DOTYCZCE OPROGRAMOWANIA MICROSOFT MICROSOFT .NET FRAMEWORK 4 DLA SYSTEMU OPERACYJNEGO MICROSOFT WINDOWS PROFIL KLIENTA PROGRAMU MICROSOFT .NET FRAMEWORK 4 DLA SYSTEMU OPERACYJNEGO MICROSOFT WINDOWS I POWIZANYCH PAKIETW JZYKOWYCH Microsoft Corporation (lub, w~zalenoci od miejsca zamieszkania Licencjobiorcy, jeden z~podmiotw stowarzyszonych Microsoft Corporation) udziela Licencjobiorcy licencji na to uzupenienie. Licencjobiorca moe z~niego korzysta, pod warunkiem e uzyska licencj na system operacyjny Microsoft Windows (oprogramowanie"). Licencjobiorca nie moe korzysta z~uzupenienia, jeli nie posiada licencji na to oprogramowanie. Licencjobiorca moe uywa kopii tego uzupenienia z~kad kopi oprogramowania, na ktr uzyska wan licencj. Poniej przedstawiono dodatkowe postanowienia licencyjne dotyczce uywania tego uzupenienia. Korzystanie z~uzupenienia podlega niniejszym uzupeniajcym postanowieniom licencyjnym oraz postanowieniom licencyjnym dot ...

C:\588bce7c90097ed212\1045\LocalizedData.xml

Modified File

Text

Unknown

Mime Type	text/xml
File Size	80.44 KB
MD5	f4b43ae9d804b416c68d7cc2fa181224
SHA1	0f6c2ac52221ef9c3818dd506bc907073cd442dc
SHA256	bfb5e3d3bc21817c6e80299581dcf5adc81da30f89e34d178c74023d5edd22ff
SSDeep	768:lz2ue+xTxXUpUqTvvUOfUs6LArUpFymrqQtr8BAyfO4RkSzXunasvJH2TF0wpYlh:lz2ue+xTxXUpUOvvUOfUs6LqTavdJkUx

C:\588bce7c90097ed212\1045\LocalizedData.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1045\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	82.88 KB
MD5	99706bd3eabe630f1da2efb7ef8b46be
SHA1	3fba9a5bb7e3461c642a4bf53ad9139854179f76
SHA256	d481c24b6aacc1b9c9d24e21bade6bfe14fe30ca6bd7b1a344154d7fc16890ea
SSDeep	1536:HzSTSdFk8GncZwBc3DiIYUOj9MNQgicozYWWasPmeG3ncq0xkyTavdJkUDy:HzSLRcZwyziZ9QbozrWaWfG3cqclSJDy

C:\588bce7c90097ed212\1046\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.60 KB
MD5	9928917336e84380afe46b18a4cc7165
SHA1	e96d66a77ee8f56a48504f4be51d7536bccad605
SHA256	5dbbfea77984717650784ca387199ac9112324bb4da8d5cbbdc2093f78179d1b
SSDeep	96:rTBfAlMu9fTp/9fTdIDsGJ1KlhREerHr7uStmESWp55ztFuMpDl/BRwZ+qf+J4En:ZfeuqhGeHVIErn1zuO9BC8q2WEHt+BC

RTF Information

Document Content Snippet

TERMOS DE LICENA COMPLEMENTARES PARA SOFTWARE DA MICROSOFT MICROSOFT .NET FRAMEWORK 4 PARA SISTEMA OPERACIONAL MICROSOFT WINDOWS PERFIL DO CLIENTE DO MICROSOFT .NET FRAMEWORK 4 PARA SISTEMA OPERACIONAL MICROSOFT WINDOWS parE PACOTES DE IDIOMAS ASSOCIADOS A Microsoft Corporation (ou, dependendo do local em que voc esteja domiciliado, uma de suas afiliadas) fornece a voc a licena deste suplemento. Se voc possui a licena de uso do software do sistema operacional Microsoft Windows (ao qual este suplemento se aplica) (o "software"), pode usar este suplemento. Voc no poder us-lo se no possuir a licena para o software. Voc poder usar uma cpia deste suplemento com cada cpia licenciada vlida do software. Os termos de licena a seguir descrevem termos adicionais de uso deste suplemento. Estes termos e os termos da licena do software se aplicam ao uso do suplemento. Em caso de conflito, aplicar-se-o os termos de licena deste suplemento. O uso deste suplemento representa sua aceita ...

C:\588bce7c90097ed212\1049\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	53.18 KB
MD5	8ecceb0f1d52e0e87b4019fbf08ebfec
SHA1	8176433fa1d3349cb385be64dcb35d3090fb6fe4
SHA256	1a47edc64bab9f65e7e2e6305359c44ecaff5ffdf9173ff4d73fe87334d6cfa6
SSDeep	768:3CR6rdlWFJv3zGz9tWQ2ni8UNo/8PZrS14b:3CcrMeDb

RTF Information

Creator	karenor
Revision	2
Create Time	2010-03-05 10:46:00+00:00
Modify Time	2010-03-05 10:46:00+00:00

Document Information

App Version	32771
Company	Microsoft
Page Count	1
Word Count	291
Character Count	2340
Chars With Spaces	2626
operator	karenor

Document Content Snippet

MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE MICROSOFT WINDOWS ( LANGUAGE PACKS ) Microsoft ( , , ). , , ( ), Microsoft Windows. , . . . . , . , . , . , . 1. . Microsoft , www . support . microsoft . com / common / international . aspx ...

C:\588bce7c90097ed212\1053\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.78 KB
MD5	1342e945bea79bc277ea10b5b858c276
SHA1	f2a961afaadb35e5bd7bf72cc4e683aac095c708
SHA256	f6f6780ef8275cbdcf0dca2447bc36e6aa2eebda79f5cc2fa9759402c6139382
SSDeep	96:rTBfv+/9TfHTGDXtZEOuAs50Y1EIF19VWMpDHvuKMLDBD+d54+QFEp5Tf+8K+l1W:5ffduAs591EIb9gOpqDoDZQmx2WC

RTF Information

Document Content Snippet

TILLGGSLICENSVILLKOR FR PROGRAMVARA FRN MICROSOFT MICROSOFT .NET FRAMEWORK 4 FR OPERATIVSYSTEMET MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE FR OPERATIVSYSTEMET MICROSOFT WINDOWS OCH ASSOCIERADE SPRKPAKET Microsoft Corporation (eller beroende p var du bor, ett av dess koncernbolag) licensierar detta tillgg till dig. Om du innehar licens fr programvara fr operativsystemet Microsoft Windows (som detta tillgg gller fr) ("programvaran") har du rtt att anvnda detta tillgg. Du fr inte anvnda tillgget om du inte har ngon licens fr programvaran. Du har rtt att anvnda ett exemplar av detta tillgg med varje giltigt licensierat exemplar av programvaran. Fljande licensvillkor beskriver ytterligare anvndningsvillkor fr detta tillgg. De hr villkoren och licensvillkoren fr programvaran gller fr din anvndning av tillgget. Om de str i konflikt med varandra gller dessa tillggslicensvillkor. Genom att anvnda detta tillgg accepterar du dessa villkor. Om du inte accepterar d ...

Embedded URLs (2)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406&clcid=0x409	-	-	-	Unknown	Not Queried
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried

C:\588bce7c90097ed212\1055\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.77 KB
MD5	0e7da8ca10278e885162bbafdf59c027
SHA1	e7ad38486f2d38a1233992b7ffab6557f6b65ec0
SHA256	80bf5b8ce1b64eb7cb3937b9c858ff4391ed7179fb3a84c9ad78892c7308b8f8
SSDeep	96:VSfjQOTqfRRTqfSD+vmScfQEz04jMpDLiIzhZLlZhDC:wfcFpcfEo4jOTC

RTF Information

Document Content Snippet

MICROSOFT YAZILIM EK LSANS KOULLARI MICROSOFT WINDOWS LETM SSTEMLER N MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS LETM SSTEMLER N MICROSOFT .NET FRAMEWORK 4 STEMC PROFL VE LKL DL PAKETLER Microsoft Corporation (veya yaadnz yere gre bir bal irketi) bu ekin lisansn size vermektedir. Bu ekin geerli olduu Microsoft Windows iletim sistemi yazlmn ("yazlm") kullanma lisansnz varsa bu eki kullanabilirsiniz. Yazlm iin lisansnz yoksa bu eki kullanamazsnz. Bu ekin bir kopyasn yazlmn geerli lisans olan her kopyasyla kullanabilirsiniz. Aadaki lisans koullar, bu ek ile ilgili ek kullanm koullarn aklamaktadr. Eki kullanmnz, bu koullara ve yazlmn lisans koullarna tabidir. Bir ihtilaf olmas durumunda, bu ek lisans koullar geerlidir. Bu eki kullanmanz bu koullar kabul ettiiniz anlamna geli r. Bu koullar kabul etmiyorsanz, bu eki kullanmayn. Bu lisans koullarna uyduunuz takdirde aadaki haklara sahip olursunuz. 1. lang1055 EK N DESTEK HZMETLER. Microso ft, bu yazlm iin www.suppor ...

C:\588bce7c90097ed212\1055\LocalizedData.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\1055\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	77.45 KB
MD5	c145b2f41fb23159869a1d0d811f33b7
SHA1	1bb784f31d572bbb4806453312ddc1c3299cd935
SHA256	b44c1cae14640bffabee15797fce4c9ed262c039802e608b63622877e762a40f
SSDeep	1536:6SVkvYvi+AxKouie52cu7VtMlCgAO69faIZJhO75Hvj8uPezhvjJNJ7rtRpUXjJ1:svgisoupUD8AO60IzhO75HrlPetjJNJs

C:\588bce7c90097ed212\2052\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	5.69 KB
MD5	09f7b0f6301680e22868b5424d210d48
SHA1	68d61d2721769480cce1db31c7d7eba3d30bb69d
SHA256	0ee2800bd745b93f6d588f40babdcba89be67d8722a9920e38047870d0f713b8
SSDeep	96:M5DBmf0jLTCLLgLTCLLmDjxrDT2k9rkKp7aDKaXzaWZMa/O9wzy6n/MpDTKTGpts:EmfJXoQkRGDtXeWZv/O9XmOdZzQJWBBG

RTF Information

Document Content

MICROSOFT MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE Microsoft Corporation Microsoft Corporation Microsoft Windows "lang2052"lang2052 1. lang2052 Microsoft www.support.microsoft.com/common/international.aspx 2. f0 MICROSOFT .NET FRAMEWORK .NET Framework ".NET "f1 go.microsoft.com/fwlink/?LinkID=66406 Microsoft Microsoft .NET go.microsoft.com/fwlink/?LinkID=66406

C:\588bce7c90097ed212\2070\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.92 KB
MD5	484ebdb9fc4cf88882b894beeb45bc47
SHA1	f063fda55e36f2fad4a1045225d2d30ec67d30f7
SHA256	de9c18fa037ccfad76f91638d5f6cd8fa1d4071a7ee1263fb34fef705388b328
SSDeep	96:r4IffB09DkTLGTHD28ygHx0LlHKe1rvGA9mE0Eyh+iH/OMpiKwIurpEpiT0T8x8Q:VfB8ygHclqe1ruAYEBm+imOvurerVC

RTF Information

Document Content Snippet

TERMOS DE LICENCIAMENTO SUPLEMENTARES PARA SOFTWARE MICROSOFT MICROSOFT .NET FRAMEWORK 4 PARA O SISTEMA OPERATIVO MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE PARA O SISTEMA OPERATIVO MICROSOFT WINDOWS E PACOTES DE IDIOMAS ASSOCIADOS A Microsoft Corporation (ou, dependendo do pas em que reside, uma das respectivas empresas afiliadas) licencia este suplemento para o Adquirente. Se o Adquirente estiver licenciado para utilizar software do sistema operativo Microsoft Windows (ao qual este suplemento se aplica)) (o "software"), poder utilizar este suplemento. O Adquirente no poder utiliz-lo se no tiver uma licena para o software. Poder utilizar uma cpia deste suplemento com cada cpia do software licenciada de modo vlido. Os seguintes termos de licena descrevem termos adicionais de utilizao deste suplemento. Estes termos e os termos de licenciamento para o software aplicam-se utilizao deste suplemento por parte do Adquirente. Caso se verifique um conflito, apl ...

Embedded URLs (2)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406&clcid=0x409	-	-	-	Unknown	Not Queried
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried

C:\588bce7c90097ed212\2070\eula.rtf

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\2070\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.39 KB
MD5	a7608cd03888b0aab47d5b8bc8cb099f
SHA1	169b0047287f92a0c9787b05efed2966cbb6dffb
SHA256	639a776aa94c1c2aa12f1c0bd577be446293611e3ba70b1fc43f2e713f816033
SSDeep	96:hpfSPaNRO9bkZFg9WhitlfwkYmookZe3lptjhdDOQhSwX8:hFSPaP4AZy8hiXf0mTqe3jdDRhSwX8

C:\588bce7c90097ed212\2070\LocalizedData.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\2070\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	80.81 KB
MD5	23e06488f11080300c00946a014c43d0
SHA1	a8c2f4b440efbb632d38ae7aeb4d8da35b0155f2
SHA256	4b382df994dfa236edc3580cc7edc5d20eaf13d508352152ac29e6f474c84e12
SSDeep	1536:SggyesSw5GNJLmjoNBBMHC4iaerwRcdjxKS35UzoPzvmb50JMTjy:tg7sfGDCj6AnkwR0jxfTjJKy

C:\588bce7c90097ed212\1028\eula.rtf

Modified File

Text

Unknown

Also Known As	C:\588bce7c90097ed212\3076\eula.rtf (Modified File)
Mime Type	text/rtf
File Size	6.16 KB
MD5	a5a1817c73f33b5caa3ebe381c008646
SHA1	3fa57546191e5c58587eb64219c4e68279a3c9d1
SHA256	19f2ff51265e651cbb90ba9a301102a4f5cfbe6eb897190777a5e0dcf5231a79
SSDeep	96:/R8NRf8TTVKTu4LuTu4LrzZD41raZM4HbegdxqKZJQ1/FSMZJujgzc/MpD1JzIfC:/R4Rfm2NBZMjOfro2n6CAC

RTF Information

Document Content

MICROSOFT MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 Microsoft ( ) Microsoft Windows ( ) ( ) 1. lang1028 Microsoft www.support.microsoft.com/common/international.aspx 2. f0 MICROSOFT .NET FRAMEWORK .NET Framework (.NET ) http://go.microsoft.com/fwlink/?LinkID=66406 Microsoft http://go.microsoft.com/fwlink/?LinkID=66406 Microsoft .NET

Embedded URLs (1)

URL	First Seen	Categories	Threat Names	Reputation Status	WHOIS Data
http://go.microsoft.com/fwlink/?LinkID=66406	-	-	-	Unknown	Not Queried

C:\588bce7c90097ed212\3076\eula.rtf

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\3076\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	7.63 KB
MD5	2f1a1c7ad1aff9faa80a0e2c08864745
SHA1	49aa8762ecb1a6c5c723fad8ee6aa9bab5c82ce9
SHA256	dc61b0f97ed53f6effa19802b9337c2102513141d35ca487a71085f39bff7b9e
SSDeep	192:1Oi69E3I+RIhvh7nvZedNk+hSojBdDRhSwX8:1OiJ3IyuhqVhSUvSf

C:\588bce7c90097ed212\3082\eula.rtf

Modified File

Text

Unknown

Mime Type	text/rtf
File Size	3.00 KB
MD5	f605fe42f1c3c47ec9759c06aea6a850
SHA1	7c81f4d14d3f9e1d7b19ca44c658431edd1d096d
SHA256	c533eb4554e620d9ecefc7268aea7a1a00abecacd8b7f48681621f1d9e5a91f5
SSDeep	48:MTN3nfZQZXRFOTfyTZQDeK9xxMFcJ55HsUXHNX/RgMzsrMpDgLmqIy3W0b8EwKgV:MTBfZQZhoTfyTZQDeQxpDHsOH1ZvoMpH

RTF Information

Document Content Snippet

TRMINOS DE LICENCIA COMPLEMENTARIOS DEL SOFTWARE DE MICROSOFT MICROSOFT .NET FRAMEWORK 4 PARA EL SISTEMA OPERATIVO MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE PARA EL SISTEMA OPERATIVO MICROSOFT WINDOWS Y PAQUETES DE IDIOMA ASSOCIADOS Microsoft Corporation (o, en funcin del lugar en el que resida, una de sus filiales) le concede la licencia para este complemento. Si obtiene la licencia para utilizar el sistema operativo Microsoft Windows (al que se aplica este suplemento), en adelante el "software", podr usar este suplemento. No puede usarlo si no dispone de licencia para el software. Puede utilizar una copia de este complemento con cada copia licenciada vlida del software. Los siguientes trminos de licencia describen los trminos de uso adicionales para este complemento. Dichos trminos y los trminos de licencia para el software se aplicarn al uso que haga del complemento. En caso de conflicto, prevalecern los presentes trminos de licencia complementarios. El uso d ...

C:\588bce7c90097ed212\3082\eula.rtf

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\3082\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	4.46 KB
MD5	ff1c2f8b91f28b239caa6acb927b75bb
SHA1	d09d557fe09e77931966a2445f797fe0d0693c0c
SHA256	e6dded930597ed6cb4c763f402bef8c973229c4dac4d624bd3b5f46dc06d1e13
SSDeep	96:KNDDegorpFwyD1Ao5kDjsc58JxSOVEmjU/chdDOQhSwX8:mDiXp++vkDjD8WCgEdDRhSwX8

C:\588bce7c90097ed212\Client\Parameterinfo.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Client\Parameterinfo.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	199.50 KB
MD5	a37277edf01197c48e718ca503910122
SHA1	b91ac30eded379239dcb5ff3f88a58cb84dd398e
SHA256	5a7f187075ba8d7b7285df082d708f37d4c2a3aa603d7e6247e0570b65614083
SSDeep	3072:+n8jxCVdsRX0c0EA2aLHJlc9UJwYsdPMIry:U8lCrsKc0yaL3c9UEdPy

C:\588bce7c90097ed212\Client\UiInfo.xml

Modified File

Text

Unknown

Mime Type	text/xml
File Size	38.13 KB
MD5	b0bbe7a6aa327d266c76ba63ba0e2ce8
SHA1	b641422a4b925320bd38f7be7a01194d3f76c4a2
SHA256	c6afe4c5eefa02939d0ed16e3edeeef100563b1a5fa4c974b3d8c7788d6fd4c7
SSDeep	768:24URyd5vssgP7ZgZ/vSguJQvFQXvDINJh6F8hZkV1GO0N0phUl9eu+dODOOODOt+:24URyd5vsTPuZXQYQLIN/6F8hZkV1GO9

C:\588bce7c90097ed212\Extended\Parameterinfo.xml

Modified File

Text

Unknown

Mime Type	text/xml
File Size	91.13 KB
MD5	da2c5003a8bf885e62aa6e0d144f2a47
SHA1	58594d7d695591d4632d2ae66e2150d2d6f714ba
SHA256	3bc935619119c3cab75fb3bfe8fa0bfbe80b9242faa67dff0437ed258a47a44d
SSDeep	384:tYDmmqzP4JUaGMLiqedW0XeeUnG3GPcbrKF/:tRTaBG2PcbrI/

C:\588bce7c90097ed212\Extended\UiInfo.xml

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Extended\UiInfo.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	39.60 KB
MD5	f52eb2bda5914e1f917908ace0b9aa9b
SHA1	0faab4be630412583151835ffb2cb3daf791966e
SHA256	d0bfa6931eb0ddf55ca7b37fa1104c6ff289c89a70ebf4deca7a49c3288c5e04
SSDeep	768:rmxrsO24NA3/vlR7yAX7dJz0yy6o//9VbUc2UyWAvcwmjF+L+SMxsy:Arsd4NWvlR7yqrzUn/vN2UyWxjJxsy

C:\588bce7c90097ed212\Graphics\Rotate1.ico

Modified File

Image

Unknown

Mime Type	image/x-icon
File Size	895 bytes
MD5	52902fefc2777df7377fa8745dfb7560
SHA1	97f6f678a4e20d9574565e63f344809b433ce3c2
SHA256	3ee6da4a7f6d077aa6b90a1bd37d6b8b151f0f8c693693141c602e4dfa69398b
SSDeep	6:kRKqNllGuv/ll2dL/rK//dlQt0tlWMlMN8Fq/wbD4tNZDlNc367YCm6p+Wvtjlpx:pIGOmDAQt8n+uNbctNZ5w6AsXjKHRp5U

C:\588bce7c90097ed212\Graphics\Rotate2.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\Rotate2.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.35 KB
MD5	a971c42e154e992b1aceee3e7bf3bdbe
SHA1	7d96026eeff96eec534f5baabf19416d498ba683
SHA256	f0534356f2543348a7faca31e7d3180cedb7259f37ce9bc73b41845f9276dcd3
SSDeep	48:DXQ/W/YiK1OOrFudyioTUlLJJJITSdqVUWeC6OtV0h6lrtsyGrXYEk:DQOgiK1OuFu8io4ldhdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Rotate3.ico

Modified File

Image

Unknown

Mime Type	image/x-icon
File Size	895 bytes
MD5	0e896d935722f5d67c16550ab94f9a52
SHA1	05e4ca103d711014e27d929215a03dce02320299
SHA256	c53341dd2ce56e0a378af9e241d5951b21801c9e7bb4e1359fd5343a1138f590
SSDeep	12:pPrMIMxPWk3AyORrabBQ+gra2/MXWM4xfQHRp5U:1gxPbXlBQ+gr1ffOo

C:\588bce7c90097ed212\Graphics\Rotate3.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\Rotate3.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.35 KB
MD5	bc352f861edc04d38623602d1ea02ba0
SHA1	f1ab2e9bccc4eaf6c76171c6e8f0be2e74dbbed1
SHA256	6a703a92c64a72a9a1b3e351dcdb170f405f02f2353ba01494fd623b4754150b
SSDeep	48:DdJ5zE1advm3lHSbyx4V1Y2AvJITSdqVUWeC6OtV0h6lrtsyGrXYEk:RzE4dvmVYb1YJRhdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Rotate4.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\Rotate4.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.35 KB
MD5	ff9e21215e0489dc4fc626401211b62c
SHA1	750a1c8059b7f4be7a7ccf1fc6b02fe9a6730a7a
SHA256	bb11945d44bdd2e3288c80c8a02cdbf59c13ce7e6efaacbb9d3378d9256eeaf8
SSDeep	48:DnCpEOF6sELVJrATa4D6uiDq3PJITSdqVUWeC6OtV0h6lrtsyGrXYEk:sEOF1ELVlIaHFYhdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Rotate5.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\Rotate5.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.35 KB
MD5	5fba7eec8c04176743f01792f3fc40b0
SHA1	12b5a56000c9990490a8fec3034ab843c46cf7d8
SHA256	ae0ed6e7ab02944791edbb6b4218b1b5216e7d28ab68e63051a4970e2015d211
SSDeep	48:Dvl+OlJEpUoUlBunUgtK3JFw5rwY5gJITSdqVUWeC6OtV0h6lrtsyGrXYEk:XlJEclBunUgM3JF8rwPhdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Rotate6.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\Rotate6.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.35 KB
MD5	03c34b8feba4afd2976dcb8965a57656
SHA1	023735402f50f80d9f12564625f055674f4946db
SHA256	29dd38a5c5573add4890c5f4a4acb4f47ea8f41beb59ab6b9951913d60bdb336
SSDeep	48:DRYScgd/91lbeJyt6xARuK6UPsMVtJITSdqVUWeC6OtV0h6lrtsyGrXYEk:GScgdTlbewQQuKvsu7hdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Rotate7.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\Rotate7.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.35 KB
MD5	ccaf8e1e747a220b44bf76df0cf0a27e
SHA1	d630e32056e074abc7af5842fe0623955397d4c3
SHA256	db99ac888388dba3c9dcf4c4c2de0a633e2afb075e414bc2ae211490db152398
SSDeep	48:Dqc6c8FxOH3qhcl9FJITSdqVUWeC6OtV0h6lrtsyGrXYEk:BH8HOa+lJhdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Rotate8.ico

Modified File

Image

Unknown

Mime Type	image/x-icon
File Size	895 bytes
MD5	6aae2bd31616ec52d809536ceea0c09d
SHA1	c7e6c24588d6eab431a090558b6284eaeb11d39d
SHA256	7403bc3f70ee412ba0e9ffe57b2f3fd9418ff00e12bb22f9b5c724652f1ff703
SSDeep	12:pPv1OuTerb53mpOBfXjQuZfKWpIXE1D6HRp5U:91OEerb53eUQsflpIPo

C:\588bce7c90097ed212\Graphics\Rotate8.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\Rotate8.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.35 KB
MD5	acdd166c94148cc7ebf001c9c0058244
SHA1	e1a6a5ab636548b6a1de4e6e06ef84cace7e60eb
SHA256	2d6a0394c3e109a474551f80333965154c7a8d6b350ddd826962da3a74a29d31
SSDeep	48:Du2IufZ7DZnY49WReiekDLDBTsxJITSdqVUWeC6OtV0h6lrtsyGrXYEk:zIufZ63ReinDL8hdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Save.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\Save.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.60 KB
MD5	c3730ae3ba25b43d396c69e6ad1e64cf
SHA1	976cf554642423377c8cc35cd61cbaeb64dc2c36
SHA256	0eaf3ede1f09261621aa87218894e416273c52d63301a4fb19e09d1c21a98a59
SSDeep	48:kFfqDBxXoEkq2XJINGfuD8JITSdqVUWeC6OtV0h6lrtsyGrXYEk:W63W3qxshdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Setup.ico

Modified File

Image

Unknown

Mime Type	image/x-icon
File Size	35.85 KB
MD5	b2c2e74aa7b98d4d75cd7303bd1ce7d4
SHA1	f3503167f2a583872248a7b5602df475ae953a7e
SHA256	585493ff14a97770ef7461a219c2d3acb6089163ae4d9b758ec9f71cb24182be
SSDeep	384:IXcWz9GU46B4riEzg8CKcqxkk63gBh6wSphnBcI/ObMFp2rOebgcjTQch4:IMWQ2Bf8qqxMQP8pc4XessTJ4

C:\588bce7c90097ed212\Graphics\SysReqMet.ico

Modified File

Image

Unknown

Mime Type	image/x-icon
File Size	1.12 KB
MD5	b2ce57c038c8137ebfbd9490da4dfbac
SHA1	1d3b23d57f9d8e1cbff29ad158d31d69f2d7096f
SHA256	81323d98665ebdd0faebe5cd5e86b87671146f77bd3d32c6c1f6b4c471721866
SSDeep	24:MuoBP5lj49s9NRDe4LakKcTM8cv99uGzM3:MlFH3/Ri4LaN3e

C:\588bce7c90097ed212\Graphics\SysReqMet.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\SysReqMet.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.60 KB
MD5	6ea2a82c7cf0e12a6e2db566156a4141
SHA1	2d9ddc52c6765f37d7a46dac29304f7c023f0834
SHA256	c5d4ad2ea5e17c8575c3af9e3f06cdb876d9f4d8c900ca23de9a6f4fc4e232d8
SSDeep	48:kkRPTXUp89U6ZKy1vxtSi4SqV/0qP5+FAWqORYJITSdqVUWeC6OtV0h6lrtsyGrs:zPTEpCvR4Sc0qPTjOShdDOQhSwX8

C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico

Modified File

Image

Unknown

Mime Type	image/x-icon
File Size	1.12 KB
MD5	5ecaa0e6b6ba215f34746c0c1cd008c4
SHA1	92295904dab30bd8f64774cc8e4d3cad5a5e9479
SHA256	ba87c196205eb6fbe79a6095512508d6fd81a2e97271730f5b9df4a555a9a827
SSDeep	24:u2iVNINssNQhYMEyfCHWZZ7rTRrbWjcyuM:uDW871fdZ1lbWjMM

C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico

Modified File

Stream

Unknown

Also Known As	C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.60 KB
MD5	5ce6fcfcf21712a5ed345d7cad19267e
SHA1	6f3a3bf7cd6ef35de7d63569bfc14c520c0c9050
SHA256	a1ff2b6adcfc3926506a0f7e3092aa00b5b5a891f637ff7695b16f89ba5f18ef
SSDeep	48:kVl9dWFu5OKx0HRo65uEINQQ2ve1D+AENLJJITSdqVUWeC6OtV0h6lrtsyGrXYEk:U7dXOw9vN+m1iFHhdDOQhSwX8

C:\588bce7c90097ed212\Graphics\warn.ico

Modified File

Image

Unknown

Mime Type	image/x-icon
File Size	9.90 KB
MD5	1261cb1a93a820e0049be43d755acd35
SHA1	552ef416cda7cb15476b5c48dc53db40a3c4b3c6
SHA256	f390186cf77f4a40cce2fb6d3bb9b990c6555e6bab4f1ccf219abc37e48dd0dd
SSDeep	192:USAk9ODMuYKFfmiMyT4dvsZQl+g8DnPUmXtDV3EgTtU:r9wM7pyEBlcgssmXpVUgJU

C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	9c71784b5669550f794a5355ef1624af
SHA1	97c51297bc048f34d584a2d398a71f78c798331a
SHA256	a8317821e3a25e22bd4e3d1b6888582089d35799d9261f9c9170d319b5a63de0
SSDeep	192:bOV7puQ7YYhgHqdXptK45WlR3TsaICbHtUOykATnRQjdG8yKg2GqFShdW:bOheYhgqdXptKHICbHtULkATKyKg9

C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	1.00 MB
MD5	cdaeb7db9a64dd17bf78869e7afd5655
SHA1	6c685cb505eb624a0dadae6ee88d250bf18003d7
SHA256	ccabffac9e18f5286fc5e31eb8da55086aec94927a24a39b240e1a9e4298b356
SSDeep	3072:NZTZKPJ5r+5CJn/X3dlvwrTzt5AXqtclb7vF1rum/lZmJauFMbTZ08bD1p5Qv6wH:NV5G

C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	1.01 MB
MD5	7083fdc64640f2e82ae025152a8e18b4
SHA1	9e0d6e82593c816b0a92d5a19067d11a93b3cd29
SHA256	ed5f27faf3d43613a7f6af08a46acf4fcad886549b2be1888f894da97e196e22
SSDeep	3072:bM24yCSFj9QsvU6iZzX2XKE6fcgTZKPJ5r+5CJn/X3dlvwrTzt5AXqtclb7vF1rO:bFFjniZzXKcfc85GE

C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	d42cdaf70fde69e352a85e07df04fdcf
SHA1	065da7122fa2b051a54df3f4b421c7008423133c
SHA256	8b52778a6949f0e2331516d87c877ad7183a5bc620c0a4f80ec0196dc7a65cc6
SSDeep	1536:pdvNSlxeRFl7mLsHWqusJEhXWPflxlOiWCkVkXGy:gxeRFlLLuHW3lxKCkVk2y

C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	5d9c3274e3f4cd51341be68925f7c6a1
SHA1	8221f1fcb1f79d885ad2740d4f95208e4dcab651
SHA256	91111e58c5f47d646ba9e3ef5e6fb018ac57a46cbae4fe1f4455be1c3586773a
SSDeep	384:GhIYT4Y2YnYKY4YjYXYRY3YoY/ulYaY9UYCYOYGRYXYCYsYJxYDY:GCuiQ

C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	d16b73cd6093d2718f2f9c8a32e691c2
SHA1	b586286648c40cdec4ec563e8503e5622a1ad1f6
SHA256	9c18f33c1bd6414dae85a8bc7d037bb71f577d43632b81703bb91e3f966fb067
SSDeep	384:9hINe5BN5fNSNzN5NaNdNgNrNcN1Ne/NMcN9NBpKNtNmNzNsNINcRNj2NUN/NoSM:97LbUXCn5

C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	ef437c2d0ab39345632fb20bd9b8b354
SHA1	164cfa933c148979d19092a464163708f5bd3757
SHA256	28815c6bded7dc2a14e9f7a4bad833f6678eacb3591947fd23336473f22e57d3
SSDeep	384:UhdIlItI2I4XISyI5I8IlIcIwIsI0ICI8IDIKIQzLI7InIGIrI5IUI/IRILIlIXT:UmFj

C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	90549c6fba63c3956f421e0050cb2b81
SHA1	396440b24628d59420b83e19f2d8b294e6f5af75
SHA256	a4a99bb96b6070f9c5d86e41f4849c887643a5d0c66a07b10f878e14ca7c5abc
SSDeep	1536:femP6Bb3K6xsU4ZH5+oAkMHJW0rlj5BDKzkE7QSyIy:rq3lWooB+VB5BOQUpyIy

C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	1.07 MB
MD5	a075016be8be1bb2a21029e97bb074a7
SHA1	fe7d88d59563fb93cad654058005d0d583e7fd14
SHA256	90fc524e3299813f5a6b208edf1599dacc08493e6c28450a0c256700103f665e
SSDeep	3072:fz7njUN/r7nrNe/zNzyBmB92I70yivBDSf/zHmsy:77njUN/fpedBUIwezHmf

C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	67ec0de84de193b8dbe7399b664600bd
SHA1	3b5517c3975a223f6ea9930527158a1a302dde84
SHA256	aaef6c938618212f7cf52cf2834a7fc7c90bc9544b7ef51f813750746ae8e36f
SSDeep	384:vhh8VOV2DVxV4VqVpV6VXFOVLGV9VvzV3V6CVHVbVLVaVnVlViVaV:vLvO

C:\Logs\HardwareEvents.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\Internet Explorer.evtx (Modified File) C:\Logs\Key Management Service.evtx (Modified File) C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx (Modified File) C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx (Modified File) C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx (Modified File) C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx (Modified File) C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx (Modified File)
Mime Type	application/octet-stream
File Size	68.00 KB
MD5	2ee084c48fa2a28cb9464069f37cdbb7
SHA1	d115cbc5e88dd63621adcbebbdbc680765c6799b
SHA256	e15f7086edb577f2671e1f020a52d56cc7d878b357bbaabe3e782de0ea94ab30
SSDeep	3:MgAWl1lH/1EY+qfaltpRTtPl2tVRl/l:Mkf7NijRM

C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	0315a89613c522562d99c303fd1db32a
SHA1	79cbde4ca7b84c9a440f3a70b56b399a94de352e
SHA256	c8fe3d405f8cd0e1551d216a8357b1cf9b6551f338293d9c3805e26e8ebfe0e4
SSDeep	1536:F/CeL3mgobKF4lN2podmXGmqz2M6QWx8i9qnGY64Hy:FxGOOf+odmXpm2M6Qm9qndHy

C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	9ee4445b03e1294079583ec9234994da
SHA1	b65d64675b6e2a64d863e60770aec2cdbf15d43d
SHA256	714371c5b293b654e393286beed3cadadfe1d9741dc61a9fe4506e145a2e448d
SSDeep	1536:D0/XnTdTUc8AhvCH7JfJZd2VpzImLvLypJZLgAWr7r6dQjC5rXy:0nTdTbfcJfJ/G5u7ZLgAWrHC5y

C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	9d102384ff361742aa4df9fd1be0b5b5
SHA1	e624897bfbdd1d87f0e0c630c55147db77d47981
SHA256	bef5daac5f811565a8873425b37a7f66e7d286bfe8d870c1f79cdfad58b03dbc
SSDeep	48:M+x1WOJlerP+MZQNRBEZWTENO4bpBY5oaeSSZDS9kqkp:eKNVaO8OotSoAkqkp

C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	def43912cd518c74f1e3cab2bf1099cd
SHA1	575533a70547bf7aa2dd8ee122604c58db2d069e
SHA256	8c7b95bcd5491bb42771502c1c9706b025a91a2393cd55970d91d958717be60c
SSDeep	1536:bOKTmAlpyZbo4qEDptrgM+d0nDrZpkTf7q12gd0ua4XTmM0y:bOrKLEDpD+mrWvV4XTN0y

C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	a6abed728ff13f7f7b58cbba18499c70
SHA1	1f19e5799b314def771f6d5cec193823147d01e9
SHA256	64cc1ac600cb0e2a78898797553af4b1531efe17cb55b1d7902127929ac5e0e7
SSDeep	1536:X0HATdgNjlzl48MbNMewTPESgHkNFif9IECDCui0jrtD8WZ1IxSpy:X1d6GWAhuqIECDXjXtD8WZyxCy

C:\Users\FD1HVy\Desktop\08fba4I6SOgK wgZq.avi

Modified File

Video

Not Queried

Mime Type	video/x-msvideo
File Size	8.70 KB
MD5	5a0e97cd3ff9cb0dd2a1aa3d6ed57fa0
SHA1	b89d5da23209c41430f785049f009627f6852159
SHA256	e02054c8de1d61fd9356a343964218fecd9bf39d1ce4d67b5181858a516707e6
SSDeep	192:W2lsU5luaOwdAslBsUo6Xc4ELmfs1NhNca9lrzEH0X4QFcE9uXkp:W2KOOwplBsUo6XBSmfINcozEH0XFp7

C:\BOOTNXT

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	2 bytes
MD5	c4103f122d27677c9db144cae1394a66
SHA1	1489f923c4dca729178b3e3233458550d8dddf29
SHA256	96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SSDeep	3::

C:\Users\FD1HVy\Desktop\2lXdAqAoOvGcbUB.jpg

Modified File

Image

Not Queried

Mime Type	image/jpeg
File Size	10.28 KB
MD5	cd3a07aa0bf3d83533276b1ee1ed9625
SHA1	aa0e3d8ac131940db0fe456eda0b12e97b913515
SHA256	52286a6b385dc397095d3065c663b50c664077151ff7cdcc27dd39edf8a8d346
SSDeep	192:QEdRox4w20b7yh+nVQvj1VcHsScicih/KuQAlnXWVAVxRImDdbo25:QEdR44XEo+nVQvj1VcHPPYohXWVSRRtl

C:\Users\FD1HVy\Desktop\2lXdAqAoOvGcbUB.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\2lXdAqAoOvGcbUB.jpg.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	11.75 KB
MD5	f9f554ca827dcde5f5007de1ff749ba1
SHA1	3d75274fc290ca408a779952e4e665a7624c3954
SHA256	6a294aabacfa76a0c3b32a5707d95a14ad441f689df727154b0118614c338b50
SSDeep	192:eydWPX2BIRe9BtMKJQ5JOf8h9mD6lvBNb0swaylwqEBky2mdDRhSwX8:roPX28IAKJk28TfNwf7G/BnvSf

C:\$GetCurrent\SafeOS\GetCurrentRollback.ini

Modified File

Stream

Not Queried

Also Known As	C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	1.61 KB
MD5	6fc901149b20b86792b919dda91769fa
SHA1	1e86dab89bd4a5ed8a3501b58c0563dcaefdda84
SHA256	7375d4b9da91278c478d8cf178a926c28214be0e50d2408bd01847127d3691f6
SSDeep	48:KsLZDNmvJITSdqVUWeC6OtV0h6lrtsyGrXYEk:PchdDOQhSwX8

C:\Users\FD1HVy\Desktop\3isATBSPQ5 UOqmv.mp4

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\3isATBSPQ5 UOqmv.mp4.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	32.49 KB
MD5	5c26a67defe2e3f1b0c689dd346ca20a
SHA1	e2c73febbfbc462e8e7acf109b3176ae314a6cea
SHA256	091c7b6792d0f489e4731a5a39a63ee3b2c69cdef316098b9bb188ac8414d1e0
SSDeep	768:ctKCjSO32Sdo8rG/Krfao1XyJg6HEepMJUs4psHTy:3ySMrCVirynBqUvsHTy

C:\588bce7c90097ed212\DisplayIcon.ico

Modified File

Image

Not Queried

Mime Type	image/x-icon
File Size	86.46 KB
MD5	5b5e76e373edc1c3f173ef3c98fdf144
SHA1	34f9d7a8a51d489f6286448db950e9d6df2de332
SHA256	1e747b967f180c4ede5c41c40398d8acfa773b6e1ecfd17387ca6cd716f01408
SSDeep	1536:xWayqxMQP8ZOs0JOG58d8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEdB:e/gB4H8vo2no0/aX7C7DcX

C:\Users\FD1HVy\Desktop\3zlss.mp3

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	18.99 KB
MD5	f1525bb028e052f958f368a7f2a0723b
SHA1	6fa79f43947cfc30b24339caeba2554a72d2bd61
SHA256	15cc5dc539e7088767e812593401d9ba79141886d2cc08ea7deefdb557615cd0
SSDeep	384:1dm5j8dp+UuAhsPYduDpaCC753/Yoyt5M7qtSDD7M5:1E5C+KuD5m3/lyTM7oKfM5

C:\Users\FD1HVy\Desktop\3zlss.mp3

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\3zlss.mp3.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	20.46 KB
MD5	0558ea68a4d7ecefef453e7a38362ee6
SHA1	d0a174369c4c24accf5666f14404a4edebe5fce3
SHA256	de712735348e0c87524d39d3a43754d202c05fa15a238f8d39558a73c683f87a
SSDeep	384:ubPIwqjwiT7PzmKxlKgmNi5thxoHjEIb34jIZ+faiD7bDruV9IuB90JAQRJW6ylE:UPIwqjwmeKjCi5thq5IjIZ+fz7uVeu/G

C:\Users\FD1HVy\Desktop\4xYyYJRwyB8L.bmp

Modified File

Image

Not Queried

Mime Type	image/x-ms-bmp
File Size	13.29 KB
MD5	4ccd8d8844f0d5cf506b057648f15318
SHA1	d6f9ed438de882100063d37b5a29f8ed1590c37a
SHA256	98fff3ce8f079c859f3f42bfc6c4c9664ca512bfbcff9064b2d2a4fb12b117af
SSDeep	384:zY/ZrUZ8WiChQ4AnxAHeSX3dFUz2v/xnGakbDIlO9c:zY/A8WNDAxA+SXtFFkNg/

C:\Users\FD1HVy\Desktop\4xYyYJRwyB8L.bmp

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\4xYyYJRwyB8L.bmp.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	14.75 KB
MD5	a84ef365f90a15208bd7dfb1c31e4090
SHA1	0c1dd7130664cdc364565ce0a5ec2362ba819ec3
SHA256	aaab1e9bd571aa70424309bb818383903ffd87b2597045e97fd7148138bb6247
SSDeep	384:Vvmlic+veufAFAYupEdIOzOsRCwUhykpvSf:V6VOeR9LOsRCImy

C:\Users\FD1HVy\Desktop\5Ef169y9ix6rZ9.png

Modified File

Image

Not Queried

Mime Type	image/png
File Size	51.57 KB
MD5	36317f3e12a25650236eb599bd2d563c
SHA1	ed3a937582815cae4d05883e9487e37f96636468
SHA256	dc5a751ab1e7c46ac65cc28f19b25f0ce31ff264b89bc0ebc4bfe19057c8cf2a
SSDeep	1536:vM12tG3kdJ61nOTUSthfzcevLv27d2kNEYssKVt:U12tG32JcithLb8AkNGsKVt

C:\Users\FD1HVy\Desktop\5Ef169y9ix6rZ9.png

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\5Ef169y9ix6rZ9.png.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	53.03 KB
MD5	4a18561669d65e5f6b38b43b520fbfca
SHA1	dd4a450ee295eb4194e24771a9985d543954be68
SHA256	8f16b1fcf32f369a57b17b7d4c9732a6af7a21c8bc6cb62b69b8871fd9fbcdd7
SSDeep	1536:1CzT9sZ8UtCoJYQD6cUNfcN+1nZu6/Se2/kdlDXly:1yT9ktCfQmkU1SZ8dvy

C:\Users\FD1HVy\Desktop\5y_4_NDHts5.csv

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	76.12 KB
MD5	093b98503bebc59c5d9f39a1c3aee6bf
SHA1	01ac3e0842cdad6b76440945668db5bedf9fdedc
SHA256	0f3c4e6c24d25376b96241fbae92e784cd4720fae352d5121cd57dd84d6b3fa5
SSDeep	1536:+wVWTid97uiSDxWEZmmQedrNQZCobzRqTfznoRC/WEYlHqkUK:XWi+iSwEZmJy2Vqj/WEYlHV

C:\Users\FD1HVy\Desktop\5y_4_NDHts5.csv

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\5y_4_NDHts5.csv.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	78.55 KB
MD5	61d5bcfb3bc39b78095fc19c464012d7
SHA1	cd29f496e447c36fb55cbe3eda5bd5c92c4d22a8
SHA256	4d98d517364a41ca550e40b1ffbe532929787e8aa2d1829e00406fb55373409f
SSDeep	1536:6zI7XInh3EB9RZ2KCA/x3Ftb7ss7Evs14vvO3v4mvACkp7Q+i+dJpjymQp/WEYlH:6TZEB9oA/xT7sOmXOAWACkp83wO/WEY1

C:\588bce7c90097ed212\netfx_Core.mzz

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\netfx_Core.mzz.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	173.08 MB
MD5	f20529330e2afdde326ccd8377b7171a
SHA1	0e57dfe9370260d2d168644d393fbd0d9c9a44ce
SHA256	39cf792eac62b9ddef23ce5d47c3071e64a5e2bd4839a8d8a09ae5848ed469cc
SSDeep	196608:A3V04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:34Y7qZ3CwFISoT46ooP8Zyz+hm6Mp

C:\Users\FD1HVy\Desktop\681YKRSA.m4a

Modified File

Audio

Not Queried

Mime Type	audio/x-m4a
File Size	4.98 KB
MD5	bbeb9985c8d7c52c9bce67e07ed16241
SHA1	34551b04fdd59014939efada32e8580042e86eed
SHA256	fa1670cbf0da8e220056168954ee76f9a2f20f0095787065598d4374d89a5a36
SSDeep	96:J+RWkCxghORcaaOD+vUo4DaL02FvqGOY50Ff5nHpBIIfY3anxEQDZF5LFZsacV:JzcpO2isBOdHpBDfxxZF5FeacV

C:\Users\FD1HVy\Desktop\681YKRSA.m4a

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\681YKRSA.m4a.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	6.44 KB
MD5	0167f2208ff72ad891da99427c1f88b8
SHA1	b41a8f90005249aebdb4b3134f6041ef66cded36
SHA256	de2a9bf0f8d986d1108109bf94aa60e42a23bab525877c3a019965819a1ab7ce
SSDeep	192:w8IxYtwM26TCgtyE135cxA1vfNM+4B/dDRhSwX8:Ketw62gg+1XNM+kvSf

C:\588bce7c90097ed212\netfx_Core_x64.msi

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\netfx_Core_x64.msi.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	1.82 MB
MD5	3931aee3e1159f71a4834a79275a99b4
SHA1	81cece86f6a006b9efd45a728858368c50e21e42
SHA256	934b6ea3255d6579475de3bb6eee206bf9bfce71e7a1225efdf29c4c47ace6f5
SSDeep	24576:HevcPZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0t:+06tuQpcxisfQf2M6FGoMLA

C:\Users\FD1HVy\Desktop\bmTX7T6qIPE71rpZx.flv

Modified File

Video

Not Queried

Mime Type	video/x-flv
File Size	18.88 KB
MD5	bd975aaf72bef5d13e63dda36cb57a6b
SHA1	879db21bedad465ced069c86ef3cb2c821aaf289
SHA256	412974a2d05279d8e9282023c10131d14e32eb323d5d94b3bd0ae9d13241e109
SSDeep	384:L9fddd4X85xAG3lJLO3gV7LSaXqVzH72feWaW/AZyAMjRIoyxIycyeVyCAEBBQU:L9d4SxjlxO3gVKzHi2War0jRI7DveVYU

C:\Users\FD1HVy\Desktop\CDs-SLlJt8Y2ch.wav

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\CDs-SLlJt8Y2ch.wav.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.69 KB
MD5	5a19104dfad78a11dbdc95850224772b
SHA1	d16ae29de6456252cb652a3bd6283569a63d7bed
SHA256	4ece766bd70d8f20dfa58325f6c50fa74da33203a1a34f7fdcc2842a3a8b7b60
SSDeep	96:7JSRZcGDvmtn3l++xwKPOnyWqdlYSIxmEJvrs1fVjmoX2R62TfFZwAL5hdDOQhSf:7aKGDvmR1XrWq/tIIElijJXCXws3dDRU

C:\588bce7c90097ed212\netfx_Extended_x64.msi

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\netfx_Extended_x64.msi.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	854.43 KB
MD5	f3ae6009ee15e7344ff5fd82aa330334
SHA1	27881f562a9bf0fd45871efddbf2993cafdbb945
SHA256	dbd279d56a920a857ae776694f11a4f52cc5e7729df5bc00d171af5b0a77f374
SSDeep	24576:FEL+96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SVF:FEO6dKQlc4Fc216XmSX

C:\Users\FD1HVy\Desktop\CytKFPE5.doc

Modified File

Unknown

Not Queried

Mime Type	application/CDFV2
File Size	79.04 KB
MD5	5c307c283248e614a7b79e3f641d5fa1
SHA1	75ec65058c6be8ba6583a847714d98f8592efed7
SHA256	f95184c05bca7ca56a594760e829943bead3a5cc97e52788acbc143bc3d4caeb
SSDeep	1536:2HT1pfFr0Jm46Zbygz4zh0O3ZEHR4gZqFV/sS9ASOZO0HN7Wq/tZNDh7:YT1pfSo46FVzw0OpEycqpdOZO0k8t/h7

C:\Users\FD1HVy\Desktop\CytKFPE5.doc

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\CytKFPE5.doc.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	81.48 KB
MD5	c86487e37fc312cf0011dd8316b15988
SHA1	8800402a72338653cf9e50e4f40d9a34054efe90
SHA256	71765aa5af845ee1ce2c6c25ee5282157304927aff93c05ea704e22b5c214987
SSDeep	1536:O93cipDlkbjCOVR5/xvFhCSBi84tyqpGC9HNo3srrv0+mhuZNDhyy:2pRYTbC6HLCOeI7hu/hyy

C:\Users\FD1HVy\Desktop\D9LkZMc2p44kH.docx

Modified File

Unknown

Not Queried

Mime Type	application/zip
File Size	63.27 KB
MD5	162c03c8b85da265e1fc09a2105a3f80
SHA1	e74806808668ffb0e1e0229f468339485d691b5a
SHA256	ff0452603872b74171d4956922866caaea35d21cff8c760d77f52e2352607e4d
SSDeep	1536:9BvMDlQSOa1ReQW4MpU5g6tUUONtQrgCPGLVi:9hM5vfsUa6SOQLQ

C:\Users\FD1HVy\Desktop\D9LkZMc2p44kH.docx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\D9LkZMc2p44kH.docx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	64.74 KB
MD5	3d8b7ae01716c38ab00f4ae8deda0bc3
SHA1	ccb794430873b07d50a86157f1020332ad4ae3d4
SHA256	8d00b5863aeacb8be607ccf4eba512e8aca34725430d269503bd152d7ed14e0d
SSDeep	1536:iht1j8aMVUhLH2K3Z58t1WM9rRwpk4iABby:4t1j8aYqLHJn8XWMx4bBby

C:\588bce7c90097ed212\ParameterInfo.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	265.67 KB
MD5	44fdb7bc14937774f6da793e2b13f2b9
SHA1	92aa2c14f22b36de06d0d6f3d091ed7c4e571bc6
SHA256	9f074a689c9a2597e63a7ed80da8922af7bdd769c885f7f9711c7da52edb2333
SSDeep	384:EYSROAGiYNVrkT+8TodTBltw11VTvcL1wCiUj78leRqmH9Hej2iXWKYP4JUaGMLG:EFROYoVQTLTQTDFdhaaot6PcbrI/

C:\Users\FD1HVy\Desktop\dwQA5BYJsvrvQJJF.mp3

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\dwQA5BYJsvrvQJJF.mp3.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	25.64 KB
MD5	6e87322fbc75f67bcebf574295ac90ea
SHA1	1f47c88a4b321713ff8001efb09303c530e45981
SHA256	d414d0a76753e7e7ff049bf61f9f3d83dfe0009a2052cff2fd5ac296940197b7
SSDeep	384:Mb2fsdHA+E9shTdbhzuOOgRtzFqkb7S03y+9ZaDvpeEADYMIUpEmZ95WQDLS6vSf:O2fS8shTFFJOKckv998NepcMIyEmpWYy

C:\588bce7c90097ed212\RGB9RAST_x64.msi

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\RGB9RAST_x64.msi.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	182.93 KB
MD5	2244a40f404e06e8fd73a583f3b0c9d8
SHA1	aff261c15559179ac5544fddbfc9caa75c5b9719
SHA256	3162ad1845bb7fdb1e5fa0c50b6b608c97e0939876073dd54ad9c4ee97bc4822
SSDeep	3072:ihANAfAvSEPuVkFzaOAKve3Hg5BszizUVQzB7m09g47aEqPNWZKq5uXp0sy:zNYAaEPuSFDAKm3Hg5CzizuE99gVEqib

C:\Users\FD1HVy\Desktop\dzog-jbn-C_t.rtf

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\dzog-jbn-C_t.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	94.41 KB
MD5	07ed0828cee5d6394bd4ef8be723178a
SHA1	eb04ea6217343f9a441aff2378f244de25ab83c6
SHA256	2e895a1bdef2ed9849c0e24c4fd60b1db0eaa2d6056497f57cbd5d6d330fa0dd
SSDeep	1536:KEK5zYtCbJ5NLiC4/O/Wg7iwt9+5JC195/nGoBAbBU/VLh9fZtdt5R2PYFuL5sUY:KLZN5ZZ7ulQ7ZOUrJlHR2PYYUUkp9alO

C:\Users\FD1HVy\Desktop\E YwxqdawOFZHmgiXB.avi

Modified File

Video

Not Queried

Mime Type	video/x-msvideo
File Size	6.92 KB
MD5	c47aa8e8bf3ea954704a3b1784671197
SHA1	e117400eff0593bc536bdf5237c9c1e1cedb560c
SHA256	7c296c2646dba569d999d614d861d1c53284952727e7644f737746383871359b
SSDeep	192:RAI7NW3TPnfmSc4YBZKSCa1elOdcznvTozqRBjcYx6Fs1o:RAIivf0ewqboWRBjL6Co

C:\Users\FD1HVy\Desktop\E YwxqdawOFZHmgiXB.avi

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\E YwxqdawOFZHmgiXB.avi.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	8.39 KB
MD5	0e6d10bd3bf92e35b7940833c94d1489
SHA1	c7051374661887efe2a5a1aecf59b02f02cb1872
SHA256	768777a522de623e364c155f2b7115c55f3a74db36f9337a9602d0cd96a1aa3d
SSDeep	192:R5/L4eqTIyho4cLs5FtnDo6ZcbNd99jc4c1dDRhSwX8:TLqTI+o4cLs5TxZcvLjc4cXvSf

C:\588bce7c90097ed212\SetupUi.xsd

Modified File

Text

Not Queried

Mime Type	text/plain
File Size	29.42 KB
MD5	c07a2b4823ec1735ddafe4c2543b1027
SHA1	09e08306f8d15fa5e5d298fc3f54cbfb68f44086
SHA256	e06f9e2e498e902c90d43d82aeabe0b621e2334b53a3e1882e57686cd43b6275
SSDeep	768:hlzLm8eYhsPs05F8/ET/chT+cxcW8G2P4oeTMm:1wchT+cxcDS

C:\Users\FD1HVy\Desktop\GckNJj3t1Zdg4qa.png

Modified File

Image

Not Queried

Mime Type	image/png
File Size	45.99 KB
MD5	70d1bc24e4d828555d1bbede204e53bc
SHA1	84c8b124d699bad0f4b1d8e3596a8bb5487e0b0f
SHA256	253273301cdde9a752401a0926d9b1fdfbe4cd48c53a8b88dda668e9bfd8cc44
SSDeep	768:RJxkFqvRyUe0Jo2o47gHgD5joTeeSyCjqX7VpSYiH3/DH2lCQMsHDJCHP7cuk8+t:FmqJyVpb42g5oTeeSyGMZiHyl0sHDEH0

C:\Users\FD1HVy\Desktop\GckNJj3t1Zdg4qa.png

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\GckNJj3t1Zdg4qa.png.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	47.46 KB
MD5	9e95deaca65974935fd68997262e11fb
SHA1	80a2ebaa708c0ae7062ed139b79e17dc311c7662
SHA256	a8a7dc160fe32382bffaabe184555318bac9b063421f1f2323e710d9172941b4
SSDeep	768:aG9mUN+r0iOdAZ7mh8Sr9Mold6wLSh/Tv6vidzQtDSD8oI8y:BmaiKAZmhpLlYwLqT6vidADPb8y

C:\588bce7c90097ed212\SplashScreen.bmp

Modified File

Image

Not Queried

Mime Type	image/x-ms-bmp
File Size	40.12 KB
MD5	c3748d96fcbaa6ab1f140614324f5621
SHA1	cbb57fdb1da41c9bd43619a3bdd83e02654ac8d7
SHA256	09244cc15eae3b5bc1849d9c39f260a0b1ec6939a0ff6d5a03f86f918be6d4dd
SSDeep	384:G1o2kgxmJGEsU3pP28+Qq1ms68/tUqHUlHGwM7bwv3ETbFrW:kkpoapTbimsqHGY

C:\588bce7c90097ed212\SplashScreen.bmp

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\SplashScreen.bmp.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	41.58 KB
MD5	3b5f104c11ddeab2af83d896a8ba431d
SHA1	4128eaa9845f9c07a04710d63eb36d76fb6a36ee
SHA256	e4e8d84f952a20cd7b1c1ca1838cb57d5883aa1fb94aef050ba235d73666d264
SSDeep	768:tO/mm402+hxSa3Iii5QZi6QMAFUKDlch8idobCJF4hULjrXRCA858nb/vAxC/y:tOexKhoab7VYF/Y4WeFA5bHWCy

C:\Users\FD1HVy\Desktop\HA2nEiovwoU5yCpOBpKq.mkv

Modified File

Video

Not Queried

Mime Type	video/x-matroska
File Size	58.11 KB
MD5	7acc1d48246e4cb9245da048b4e64354
SHA1	25bc5037d6f5fcfdb06fac693f180c46de30693e
SHA256	7d87a2ccea0c749295b9aef5ce82868b4ab5d45f22124d63b2e494ac521780c8
SSDeep	768:IEfoLILgT5EX9ddeywCwUep//m1yq0tZIIrhjRyv/Ul0WW9ciIKHHB2N+nTXxXNz:IPEX9d8+ep/vICjRb4Bc+TXSogkrUDa

C:\588bce7c90097ed212\Strings.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	13.75 KB
MD5	646e3e3f1ffc26055ee1f0db0cc88041
SHA1	ff3d8ea31495d682afb823e9a982b8e7aa1a2769
SHA256	589eae4449c8d988cf534dd96ca3e5fcd71a67af0484fc713b7af009cd2a9b93
SSDeep	384:VqZo71GHY3vqaqMnYfHHVXIHjfBHwnwXCa+f:VqT

C:\588bce7c90097ed212\Strings.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\Strings.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	15.22 KB
MD5	b411fb3f9d0a35a214c027f603136d15
SHA1	c57a8f932686252dd729e77b5da931e57fe772e0
SHA256	257e798f488efb34ca6f483d8197e76e51de05a8d384db7749cc0b7ebf14f0c3
SSDeep	384:6wQobvayL2Vhv8vFUEjkxCDXEz78w+8e0aL5vSf:6GL2VStpkY4zgwze0ady

C:\Users\FD1HVy\Desktop\hhkmX.rtf

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\hhkmX.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	93.06 KB
MD5	dd9bbc9d77896cf68310d05df79d2314
SHA1	0dff5dcf2cd0ab50a2ef660bfc5faf77de2b7a03
SHA256	24d564f3a54074c1bead5b5ab6cefcd61974e6d1f6716f8cfde4a2f6f02b646a
SSDeep	1536:FU4fnVU1l5tPg1EqFpQaeihesuSe1bk3Yce4rs2PkkqbTawQ9A9WrWNRPa3AYkNK:FbVU1l5tIjpQW0pdk3T91qbT6A9hNZa1

C:\Users\FD1HVy\Desktop\iOcDO48n7le3j3NyLj.jpg

Modified File

Image

Not Queried

Mime Type	image/jpeg
File Size	10.03 KB
MD5	585e8daf06f4a39570ca21a8b21e7b78
SHA1	0bbd8338867216b2fe634ded3d46702c38367def
SHA256	23bb228e997eeec4fc053df3251b13418fee28eb276dede41ecac69393569109
SSDeep	192:LACOStIR/n+G7cnJT8gy6ZTEeSA5tatBDpPKUmhBDXqMNSqzGeKmI5sx4ix2:LvOR7cnJQFWEXhh6axXeKmRNw

C:\588bce7c90097ed212\watermark.bmp

Modified File

Image

Not Queried

Mime Type	image/x-ms-bmp
File Size	101.63 KB
MD5	bfad32e0f8b9405ff819bd437f06eff9
SHA1	7dde2dc9c55742921ca0bc2cc72125983f317216
SHA256	9fb4c6349357e1a17ee2959b8ac7510ef427311a8c9bcc6fc6c6a6c2368bf17c
SSDeep	768:QKUpOeBmAj72KbvEvffvCv7cTIMUHuRzHA8X9H51T9ho4xw7CgBv:QKULmAfbvEv47cIHzE9vo4SuUv

C:\588bce7c90097ed212\watermark.bmp

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\watermark.bmp.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	104.07 KB
MD5	2ee3555735f2940e624911d104701bc4
SHA1	23d6f3bc9734ef225c6866b592d252d80783e079
SHA256	69a1122ae79172cb64b1f213715040f692be90d4e07f14ee9cee564a454bca27
SSDeep	1536:Zeb4OLFJvrtE+rnT23EzEUmhrW//+KCeZY+k4IDHo4SuUxVy:04are+rTPzEUmE+hYXISdxVy

C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu

Modified File

Unknown

Not Queried

Mime Type	application/vnd.ms-cab-compressed
File Size	4.96 MB
MD5	c1a911ec77d5b586c0e8240ad4625858
SHA1	27c6f5efb7f4987cb98290b7d4e619b4c96afa1b
SHA256	c6598ab09284795e8d010f469bcdec6b1a673f5bc6b6f36134b9bb7f4a3fa557
SSDeep	98304:huEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhll:F3ZBkOK2Knq45mY4H5OMKkKzll

C:\Users\FD1HVy\Desktop\nwBUAO5bJhvpWmYg0yk7.wav

Modified File

Audio

Not Queried

Mime Type	audio/x-wav
File Size	47.73 KB
MD5	a9fa0789adf2f82e3b9219fcaa862353
SHA1	fad9e7e81cbdb181ae97ce822dc165a9a36c35a9
SHA256	68a1e3800097773af0648832e6e9933dfc866820a33ae2731156f05048666b59
SSDeep	768:jVZue1R2GEmafqRxZ7NV2Yx28ihkZl2FhYc1RxETU4mcO3n/EVEkG151lC4tXTD2:j7V1RzEmayPM0ih5RR+wn/EVEkG13lCj

C:\Users\FD1HVy\Desktop\nwBUAO5bJhvpWmYg0yk7.wav

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\nwBUAO5bJhvpWmYg0yk7.wav.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	49.19 KB
MD5	8a39cdd1a2c693248aceef7a039c24a6
SHA1	778b6417dff3c7da49e48801b5dfece96e9e3a0a
SHA256	6e79203f8b2d88ca8060f2b58bb8230d71fb1e3ce4f68fc67d01ecf3922179e3
SSDeep	1536:aXdnxU9Sx2y+CAcwWtS6P3QcB6XFWgdkgcvZiy:+dnfVNt33vB6XF9d+iy

C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu

Modified File

Unknown

Not Queried

Mime Type	application/vnd.ms-cab-compressed
File Size	2.09 MB
MD5	7729eae41949bc3240c83f67b399224d
SHA1	a87b11236f9076e8f94d470941e21f5189d847cd
SHA256	318073cd8279fdd6abc483edc106b0932c54f8c1c02465c88fe7fff2323b3e20
SSDeep	49152:d7Ti7TD7TH784x7Tb7T6YV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0z:2V4YakTo1PAdXZzKUYxs3pKZnKxfeS

C:\Users\FD1HVy\Desktop\OsnlHvY8Lt.doc

Modified File

Unknown

Not Queried

Mime Type	application/CDFV2
File Size	84.24 KB
MD5	a1fae630d437d8ac5e8b20e2d3446283
SHA1	6e69f0de9a979e9df8063ef54766155b02ce70d7
SHA256	adf7df74451fbbb6b270f50a875a233d4c25dd9deff9f8e2b1af2d2a69b8a602
SSDeep	1536:lbWZ/pknSU5qLmDyaO+wE0muMc+nQT5dFHHXw/yf8KXF0DjzQ5J/2UQLPT:lbqhknhNhwEKhvTf9Hg/2XF0DnDU8L

C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu

Modified File

Unknown

Not Queried

Mime Type	application/vnd.ms-cab-compressed
File Size	4.86 MB
MD5	db4cd1c4b3b1b271ecd0e949ea79036b
SHA1	61b83fa349cead22b2df90db871adfd0fb341dd3
SHA256	5b04daccc4a1f2d7b5ae6a324a49351d0eda0345f28fd2741128b9f503c235e1
SSDeep	98304:MQf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCb:57BBHTK8KXZ4UuY1kB1iKFKmu

C:\Users\FD1HVy\Desktop\PoSOTNP0h8PW0cv9JY.mkv

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\PoSOTNP0h8PW0cv9JY.mkv.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.72 KB
MD5	e467257224cc3bca3bf3f84b774be080
SHA1	11e6436753c02cf1264098bb46fe2f6250c2d094
SHA256	a891e3e72bb51940cf507d2fa63d52c19d470f92d7d50f430c0376686a438c1b
SSDeep	48:ohGmZH967YGa4ncSKQKramPpMG4/BXAF0IJITSdqVUWeC6OtV0h6lrtsyGrXYEk:o7Zd6kGa4+raeeGFO0hdDOQhSwX8

C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu

Modified File

Unknown

Not Queried

Mime Type	application/vnd.ms-cab-compressed
File Size	2.04 MB
MD5	5bf3eae8bb85bade0a080e77256ab204
SHA1	f010434b1e0868c1ca01d4e181294ce015180b82
SHA256	a805c53a28a1b3609b1f75cad6db1519f80c881be910fb1f188a4aa383c57ede
SSDeep	49152:Z7uUU7N37NM7u6/7uUj7uU6cP4UJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKz/:zP4UJneDGnRau84KUYcs31KfFKzdN7

C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.04 MB
MD5	24e685ba7b454b8fd0e86168b2013724
SHA1	9823e573d05dd0f391bc1601d5c10c78aa3029be
SHA256	b4a8f5441407af2628021985a92d3e47f4d0f4398ebfee55372a14bb38200ac4
SSDeep	49152:yE7uUj7uU6cP4UJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNN:3P4UJneDGnRau84KUYcs31KfFKzdNN

C:\Users\FD1HVy\Desktop\PYG0GG.flv

Modified File

Video

Not Queried

Mime Type	video/x-flv
File Size	39.50 KB
MD5	0ee9c126d69de7ed49abdbe504d75cd6
SHA1	a326ee2588e4851f090770c5a325136fe1c36619
SHA256	60fa097aef648c62d472ce79b505fb8b68ddaf4d1b7fabdc3f6a1ae12be3a9e8
SSDeep	768:tQPhIEx444455Ud8kca3DAwSMDM8qI8+Jk5KH7m83OBvxkAY5tq:t0eExH5uGkHAwSMNqc2o753OhSAY5tq

C:\588bce7c90097ed212\1025\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	72.48 KB
MD5	94bb599b92668318277d7d7b5bf64ded
SHA1	e38493b0e68b00762ae04b51afc73e6d04ff92d0
SHA256	4063ab858ea540327a953c309382897b7a24d2d558c50bd2b4ff844d1f78925c
SSDeep	384:4w1hDxsSsxGMZzhKtQOsitz0SBijTJ3ejrwdd9:PhDxsnxGMdAVBijTJ3eHS

C:\588bce7c90097ed212\1028\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1028\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	7.63 KB
MD5	00038eb1bcc2a102e29eaa67caa7e802
SHA1	201eae5e163acfdf15a084ba63b49d300fbe2311
SHA256	f6f57103e33d19e265a64440a91728abbf339e97b70eee555d2c1523935a4596
SSDeep	192:fXyTBNMvsBbLB3cMNiCHLoWNwQM0PIe+y5TjJQPfg44bTWsP0dDRhSwX8:f0BqvWbLiOFHLo1QMrm5fJQPfzeTWKE6

C:\588bce7c90097ed212\1028\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1028\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	60.86 KB
MD5	1520242e1d8f98f7209e4320d81af956
SHA1	caffd314e2cb552148dc217003252853a3acf276
SHA256	73448119e9f97a159ee96ab3b47fb54da8f893b575ecfad1f49e75ca5c38c5d3
SSDeep	768:fUPP7xq5j5UYIpIZY7qFjIhW3O0lTtQ6W+dpwqQtioDm0Zk8EzvVF93szp3YkL7y:4DeDWeFjJO01u3vvwHU1e90p3Yk3y

C:\Users\FD1HVy\Desktop\QNoEEObXXbIbCi.pps

Modified File

Unknown

Not Queried

Mime Type	application/CDFV2
File Size	34.25 KB
MD5	65c7042387d18f3ac38e4adfc6aa23fa
SHA1	c999a097a31dea17be44e24f499f589afcf3e9e5
SHA256	487b6ffd5288c70d2bf02e05e42c8cf5bea3f28341af0dfac611d7d913c8d075
SSDeep	768:7og8P9oZ+NmRpmC+hGiGkTPDVgW0Ru0IaoVMV2guHVWxjVYE:7lY9l0KC+hGiGMPDVP0R7IVGcgPxiE

C:\588bce7c90097ed212\1029\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	79.07 KB
MD5	8ec05d99979a5ffd967e3b4759625b8b
SHA1	f30648ab50ec8de04631b62f9f7e3510ce91846e
SHA256	b4ffe5f6afcf2bd5afe71a332897bca76c208b372b52c753419d3f3760ed9bc2
SSDeep	384:4w9jRY/svLov/QvQovOLeyndT/jfB7eyNdT9eTiyn15byYOMbqav8qAMrZEXw/FS:Wt/jPvoZJZ0J

C:\588bce7c90097ed212\1029\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1029\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	81.51 KB
MD5	ba69ca943d5ab2d5a1b7318ab2a5b396
SHA1	6fe467c4fbe13d24d7f2977c4ceae6a0f128ed26
SHA256	92419d082d2c793e450f47d6630a38d4857016994b00c40997a5f982572b2873
SSDeep	1536:ZrancTyyxm7kCgf1HfVVSz4AbXMQM1jisumqJqdTuvZJZam4y:taGrm7kCgfZG4Un3qdTQZJZahy

C:\588bce7c90097ed212\1030\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1030\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	4.71 KB
MD5	5bf818d47b395b82a98e9fcb5053247e
SHA1	7ae0e80734ea927f22038a395ef8b4f3f97b0b47
SHA256	4c4f03f594c6a20d9384ad56105ba2bce06703d53cb1211ce1a8f0ab3e5d31ab
SSDeep	96:00Idf0vKQT5HqQsVMCoXffmT89I1NhdDOQhSwX8:00IdKKQAQsVMCafmsI1DdDRhSwX8

C:\588bce7c90097ed212\1030\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1030\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	78.36 KB
MD5	3111e7c6b24ce657b515b863d9e07ff2
SHA1	66aed493b1a90b7e1592c411999e9dc0df658821
SHA256	a8a14af0572c1ad22a2880368f091156b58d04a8f9de18d716eec88fa6955a1a
SSDeep	1536:h76d/XNzneCETvJ01rRaD2job5Xdu+RJuy:h78XWVqaKa5Xdu+RJuy

C:\Users\FD1HVy\Desktop\Sfe2_dbPQXp_kb.mkv

Modified File

Video

Not Queried

Mime Type	video/x-matroska
File Size	35.10 KB
MD5	6f46a5a9bf96ada610af1b17ac2d038a
SHA1	beaa58c0d4623684fb1916e836fae6c2ddfad179
SHA256	c055c177722d74563040fc3a7ae5ab7f8f69b60c4f3e172ea7bbdcbd2b105338
SSDeep	768:JZm2HYsJTiXu3tJFak4Bfq+NAoEzSn+Iq6M+qbAe:JZzH1Jau3xak4ZOog2+TrUe

C:\Users\FD1HVy\Desktop\Sfe2_dbPQXp_kb.mkv

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\Sfe2_dbPQXp_kb.mkv.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	36.56 KB
MD5	0ac34b89ad173ff736c9e9e520b238cf
SHA1	8ef9375c887a27ac7c35cc62d6bbce33c0938853
SHA256	19db69c02a8da94f90a1c7aeb90b0f17c68bb98c00a2d0ec505bbc6ac6d806de
SSDeep	768:O7NCY/geeebYZUgavYmuE1URnollKk7JiSMmt8fqc+Zbuiv+je4jBOjy:U/geeeNgxuURnGlNiS2fqVZbuiv+ROjy

C:\588bce7c90097ed212\1031\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1031\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	4.80 KB
MD5	15a4f3d4b8140056fd0add250348c23e
SHA1	3746479dbb452879f6acb503d4c5bf26a482405b
SHA256	fdd064e5c6d2828189cd3c71633ca6f12c5afca7ccb76bf2669dff4376026c9a
SSDeep	96:0rGJOzpvArGSh6QKExhHSH87UwsjtI2Idlqav+zl7sIhdDOQhSwX8:zQBp+x5SH87Uw4I2klqll7ZdDRhSwX8

C:\588bce7c90097ed212\1031\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	80.42 KB
MD5	28782c9bb9aebf430c0631d3b6364965
SHA1	7abbfa9982e2beb6a037ad57c43f480eeab686aa
SHA256	f814f8b6a4fa8f5d2d87fb5bc902e2947e54ee037248b6c737b9ac4614bf6f84
SSDeep	1536:guayUbZwf+2CzQHsjz1VbxzPGnz6solo8xKc6JT/1S2:JayUtwf+2CzQHshPGnz6solo8xKc6JTn

C:\588bce7c90097ed212\1031\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1031\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	82.85 KB
MD5	5fab1725c3dd7a121a30ff7458206b2f
SHA1	a9a787e4309e1ca96cabd4cbdc4c3e2b5d2e0325
SHA256	ec53d96478b969e83ed645d3690dca1b44bb747ce6c0311b80a425102049fbb3
SSDeep	1536:V0u5BfPhqFw3wvZv6+P+mzFr8Ni7l3r19fdj0j7+rOt/c6JT/1SY6y:Vp5BfPhZwVPDz60l3ZFBRat/c6JT/1Ss

C:\Users\FD1HVy\Desktop\Tg-00W-azMp.bmp

Modified File

Image

Not Queried

Mime Type	image/x-ms-bmp
File Size	28.70 KB
MD5	451afed7c6e3d13d6774c16b432fec8f
SHA1	7628789478aad048bb5bf823c6fc07d9807151fb
SHA256	464942a735fa27ce79584f0d11176c701e45a3f3e3855aaba86b181f45ba32f9
SSDeep	768:ofR0QCWMurSTjNhzCayXNfa4yWODJO6woVwavS:6R0QNrSTjN0NIQ+wavS

C:\588bce7c90097ed212\1032\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1032\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	10.13 KB
MD5	cfc0cd3ed1537170a2c211d36d53cf5e
SHA1	c8d33c9414d38b8dafc6b4eb9970e184b6ca0111
SHA256	cc22dceedfc18ebdb55dd2ea0fac06a8487c6f17f06b2dc844aa191ee3c6aae5
SSDeep	192:HI/ywsEZzWcADYgbIgKWDVPng3ajndZ7RNC1l1aob1nlgjoaxv3dDRhSwX8:cyTE6UgbIhWxP0ajnnQmoRpGNvSf

C:\588bce7c90097ed212\1032\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	84.26 KB
MD5	ec916c3da2d86b12e6254543f1139051
SHA1	6b53e9961f54e52d37170193bf20cc505d046c87
SHA256	0885999b9bcab897bf2ed0c99c1983182591bd2f06f9c12caac534e05bc0bced
SSDeep	384:4w+7UVysuXHXeXAehlT++sTGoheXrW4MgcyvF773/xSFVQbleaS8tOnjiJLtchHc:+3OQeHll5PunjiJx

C:\Users\FD1HVy\Desktop\Vbk14Vwygp7FMg.pptx

Modified File

Unknown

Not Queried

Mime Type	application/zip
File Size	37.08 KB
MD5	3c4febbb5f165647df38acded15f1405
SHA1	9d74d8053131331a37e784bafd188c45bbead76c
SHA256	03faaa3a54d22a7663eb2d94573f3cec157be4a3f99157e84deb2fe654a5cc3c
SSDeep	768:2JUt2DHleibD6RRccwXlbVIaxFU8PruI2h/ohdfH22iurBIEzmCMxMeN:2Q27lewuR10RVIUu8PiwhdfkACCxS

C:\588bce7c90097ed212\1033\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1033\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	4.58 KB
MD5	22a865c45b74650afd8986ca1b1c4b91
SHA1	a62eac7ebf6fe01922f913ad5312fa922975c1e3
SHA256	43f70ff3c0d07d3162acd84dd688e26f6cb28c7a4a939a9f31a26352a61c79f3
SSDeep	96:SrlPit9qP6/6LLBZZuhqd1EesZjJm5jMdVthdDOQhSwX8:MlqtsSwBZwqqj6ERdDRhSwX8

C:\588bce7c90097ed212\1033\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	75.42 KB
MD5	1cd0c829256abfff31928b425935a63c
SHA1	42277be013d2d258ab9b1dc6e2984de627d2ce96
SHA256	b4f55f3afe08b1f580d58f6986d548c6a603ece466d637c74f413c3de3bc467f
SSDeep	384:4w6JjgKW5D8U2JhrDheHQTBNgNSdfUGNatvcc7QDBuGdSJgkR6Sqzxq:gJsKKIrDPT7lSJYY

C:\588bce7c90097ed212\1033\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1033\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	77.86 KB
MD5	a1f0007fbb2f988025795642340534ae
SHA1	27ba207e2e6f65325666905c7825c30e4da91fdb
SHA256	689e5e1191f85ca9b14c3f1adb894e8cfa76fb8cfd1d94edbd20be299e9c3086
SSDeep	1536:Kl7qO8J1sNJbifVb73VVPZfL+XGPAGOm0NEQcn/bpJ3R2elDEsZcftJmy:G7l8TsNJbaFvjDBOm0NEQcn/t2sZ0Jmy

C:\588bce7c90097ed212\1035\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	75.22 KB
MD5	48566609b656a3863375fe2969ce6468
SHA1	ca65300d3c90ea2235a3657e2974d6da24c34387
SHA256	dd5594caf8426312a778341faf005a5067c950a1f958859096fc1aaa2c291c84
SSDeep	1536:wT42CX8ugmmuM92kEMeeGOCOUJPePJiWGICG+JN5:wT42CX8ugmmuM92kEMeeGOCOUJPePJit

C:\Users\FD1HVy\Desktop\xU3qfTnDgsLwhKy.swf

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\xU3qfTnDgsLwhKy.swf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	56.08 KB
MD5	7d072e59454169af0b102c0e9d0e8eee
SHA1	227658abde7cb85a355f7e54cbcaa1fd395048f9
SHA256	e95e0de05bcc0d5bb0590b1808d5b5b8eac6677c572a01d130541e2bc8aeb80f
SSDeep	1536:4/Gryu+5V+3XoZ23Rkv+kmbII5G/37yXYPIy:4/oyu+f+noZ+RT3MmGv7yoPIy

C:\Users\FD1HVy\Desktop\zFTRnFVUuU.doc

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\zFTRnFVUuU.doc.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	34.92 KB
MD5	f6dc530f942c308db0e92f86c3c5f99e
SHA1	35dbca36eebf08bbfc593012825bf752e94a6221
SHA256	01e1f78c58a1e9e383329ad52675c04292a95a45ad9ca3ca0565b418dc75a08c
SSDeep	768:XxldhNZ9kpziOZqMGOK5kKw0UNreNAfBKdQ3E48hhVy1h3LEzTy:XxldhbEhnKVgaNrUih7y1Oy

C:\588bce7c90097ed212\1036\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	81.02 KB
MD5	2828f21f771325c39c4b7b85279f50d7
SHA1	dd70d5c7d077d29d6d2410c6dfbd44095291ea2e
SHA256	e49940157889f20d1061add4b4667b2e096bb945eb070aad86541eb9cef0bf4a
SSDeep	384:4wCFpNvOvt1jagJVzRzchryjiTIJz0kbG52bxV9:WvotpaluaIJzaI9

C:\588bce7c90097ed212\1036\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1036\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	83.45 KB
MD5	98b2fac5a3283b6bb3ba0625ba4b48ae
SHA1	89f2a4b1b99d192bf3aff478bcc9ffb2ac5b1602
SHA256	14ee89444282f5f2a58739cad2bf5616e50c883342c518bb2017a4ef43a5e131
SSDeep	1536:lwk/ii6ansDMrAZNZryadigwi34MAXBGsJeIdy:lwHA0NZryW94rJXdy

C:\588bce7c90097ed212\1037\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1037\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	8.16 KB
MD5	92e130416e170f2231b1dc95cc254dfc
SHA1	307101a979cf513b8ba002c6f7b7d043983381e5
SHA256	42c7fd11bba04be99bc1dbdcb554d4d409c1a425a6a4bb2eb01e2e5f25d747db
SSDeep	192:4tRbXAQ3i5FJWtEdxbgebALQtcDyCVRSUVVFYz5DISTzdDRhSwX8:wRzAF5Fcux8QtcDys9Fg5DISFvSf

C:\588bce7c90097ed212\1037\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	70.39 KB
MD5	aca5aef9a141a4e9a36635e2b6d13d82
SHA1	f7a5abd32aa0c79fe5eff898f0c8f17a4d9cad78
SHA256	962f7bc7da36ad46e67a1ab65a15680bed6c141ffeca47a7239f255fb903e6b2
SSDeep	384:4wkvJlqaYsxaAzdNhXdQGKbvvGu1kZJNvSX33qL9:OHqaBxaeJN7p

C:\588bce7c90097ed212\1037\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1037\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	72.82 KB
MD5	8ba1a43d0053f3e0ec006cc3077e72b6
SHA1	3537531e3171a83cca72d518ddd7c266fbf413dc
SHA256	160e58e5c0c3f744b10800e9f317789af13812f5d2a3b66e4ecf2d7086b250b2
SSDeep	1536:2u8+Uvzq6G1f7P9lfZdKs7fW9KE/KIutRby:/UvWd1hlxc6uq5Rby

C:\Users\FD1HVy\Desktop\O9r7lO\hfSX6yvX9UNfP4.avi

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\O9r7lO\hfSX6yvX9UNfP4.avi.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	69.51 KB
MD5	f9d766c0067d66d37d0616e1c1de681a
SHA1	b12443d22512fb029e196a2512cac9e2514b7984
SHA256	b39afdd3f7474dfbbac0b2c8789e7a49cdc2b5203924f1cefd217c0214bf22da
SSDeep	1536:5zlrrx0J2nFhetyXYzxiIdvKTPWBTp0iZbtOGZtSY0s+Ndy:9lrrG0etyozoYvgPWTZ5BZtSCGy

C:\588bce7c90097ed212\1038\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1038\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.63 KB
MD5	b260867104a1f11aabc9c555ca89dcb2
SHA1	81bcc1bf53f6231e0672268bda8e7189c5dc9856
SHA256	70a030460620d98f0c5b3d9f4635e7f3d9c666449c996666f45d1a5560715b44
SSDeep	96:YA+E6+NcYX2GO2XsFPoz+J6etMtl1bhWIalh1OlDFrhdDOQhSwX8:YA+p0cYX2ddRoKJ6Z19WIMAlRNdDRhSf

C:\588bce7c90097ed212\1038\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	84.42 KB
MD5	c09df2ed33d4205629d9995cea7ed338
SHA1	27003219c3a268c441d332cd3ed12a5c5e8e9b92
SHA256	9c9266f13242fc30c16d43ff2ad2528fa7dd2ab84ec398700a6127410fe70b59
SSDeep	1536:Ji+5JLuNF70SNjPBzuXrXdJHbdi3kC4kLv:Ji+5JLyF70SNjPBzuXrXdJHbdi3kCZb

C:\588bce7c90097ed212\1038\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1038\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	86.85 KB
MD5	6c40e389094eb67dfef6b1c96cde16cf
SHA1	0a399beff5dbf9e2cf95f13b723357ba267cbdfd
SHA256	2281904415b9d6f26347ad097c75ae5d2bbdebc013c640e8a0d61ccdda758af4
SSDeep	1536:GRlGc8zpGXaRuTZuP6bKbe/pJp+dPm2V/w4mGBUypntzuXrXdJHbdi3kC4kL0y:G0GX5uJgpJn2V/5mchptzuXrXdJHbdiX

C:\Users\FD1HVy\Desktop\O9r7lO\JKKmbRVB4.mp4

Modified File

Video

Not Queried

Mime Type	video/mp4
File Size	41.75 KB
MD5	ae22fc5a40a750c803ff426bc1ab8467
SHA1	7b32701c1e16ae455fe1249963e13f57a5c3c4a7
SHA256	de4c411241d9dce264a020775c4789d1e80cf420522b72c2852d096b0680f142
SSDeep	768:m47Yr9eS5Ms4Zc/5GDF6SKaodTJcZm2/eiLLxFpKNHfoUXE2b4wIaGPx4IOQKhk:m47pSKKwF6SKaMTyZiiLFfK2Unf9YxFn

C:\588bce7c90097ed212\1040\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1040\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.02 KB
MD5	c4d2bc64c088d219a12a51ec8dff96ef
SHA1	762b34b5f4eae6493fa0737a44f3e8e7142a11d4
SHA256	1f794d9302cebdaf97c1e8760539398df1df0b04200dcf6465759b8ed261bada
SSDeep	96:ntGbMDbf0xojMYI0+Qak4ClTs3yT+cOWdIY6SUd2125yhdDOQhSwX8:ntYMDb0bRKfRGyLOWdIY6SUdn0dDRhSf

C:\Users\FD1HVy\Desktop\O9r7lO\kXL7xCl.mp4

Modified File

Video

Not Queried

Mime Type	video/mp4
File Size	16.12 KB
MD5	dd0055485543f25269ca15ad2d82ff04
SHA1	12962c0a601483fd9c300d8103ff8c2cc779cd2c
SHA256	3586f087a0a8f4e3c6b1bb2768d9ac64780034dd9b23529ac4b4a19c631c4a10
SSDeep	384:FXKzxDGGO3JJ5AlSWYU/JFs2RJURXUAi5VpQ5Zx6HB:FXWGf+SYFd58x6HB

C:\Users\FD1HVy\Desktop\O9r7lO\kXL7xCl.mp4

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Desktop\O9r7lO\kXL7xCl.mp4.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	17.58 KB
MD5	32712d85332fbf2e8136a19f60dace87
SHA1	b33ae655ae6244f4c33c8541443cbb96a7d9294d
SHA256	297c820ee9f92d5c37078346876e2234af155e4fe7bec7d3ffec78bdb0b7a563
SSDeep	384:F1X1PIHKqwfrBzpjnBSA9z3QWGduh6oG7/Ujy199FfGD5hNGc+KOCvSf:3V/qwf1FBSYGdK6dDUjy19LfGl7G/Cy

C:\588bce7c90097ed212\1040\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	78.18 KB
MD5	38617c8ff7b087e31552ee0b394179a3
SHA1	560326379bd7d2d5db86214e9062bac4449ff099
SHA256	64c41d7c48878d55ca473364dbfe84e27ff99653f937b5629d0362d7d71c6ccc
SSDeep	384:4wFACg1fPK/YBZ3tMa9eIzNZNs4fzWmJVo5HnscuR9:/ACgNKjaVLJiC

C:\588bce7c90097ed212\1041\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1041\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	11.35 KB
MD5	2b41b27822d3ae9716b8218b8e510a74
SHA1	cb8e44d6a4a1c88146599851ff51ee58824be56d
SHA256	c64d383afdf700f2007d34f226b647468b892342d203f2efa8a87dd1b2221610
SSDeep	192:4G/nJEeiRu2fivRkcWYuDOcf4gmaAtXjDfSKApafmivZMWGibORh6H/sUD3pE2T7:lvNig2fivBxC7vA5y9OjlvlfbjRTpP66

C:\588bce7c90097ed212\1041\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1041\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	68.10 KB
MD5	ff2fc38fc35a26e300b2e33ca428f40a
SHA1	9527bd107936836d7977503c99d8b846662aec55
SHA256	afefa9ef708e5a917fc1d40d5ddc54b821a989de9c61c5963163c1d54b621643
SSDeep	1536:l3G90j32SDJsJ5sFb+E5r6Pw63S1L27tjba4wGC+TWqUdi2Gy:jj4Jmhd0I63FttHCw9Si/y

C:\588bce7c90097ed212\1042\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1042\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	13.86 KB
MD5	419007eecd62abcdeb2bdc8dc7bffd42
SHA1	16bb5a054713d20b6edc6a3da33b5c1196eaf428
SHA256	cbe687fe24e506aa8eafdc2512ca4ffb35552f2824b306322eee6b1b3d5a4ecf
SSDeep	384:lhQgqL1z0HwxdKPaKLkqh+tLgkSdTM8bZLOyaEvSf:lhNapYZiKBIGRdTMKZ7aAy

C:\588bce7c90097ed212\1042\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	63.71 KB
MD5	6ccff786cd32fe69817d7b6211f2d513
SHA1	bc5447c70206f1f92d79f39021c0430d6c134cb9
SHA256	600e76da7a1c482a73e4724a015360519c6c63067c38a032275fb6261e59b218
SSDeep	384:4wsx1QzSzXLGKgooDQA0pb5ywW4JSUQvEQzH/d9:egtqpb5yw5Jg

C:\588bce7c90097ed212\1042\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1042\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	65.17 KB
MD5	3e9f1d95d0849d9356d049d6e3f18baa
SHA1	8e4929ee5767899f2b24e717daaff1da6bca302c
SHA256	71c6cb7e34046b66c933ebe3b3e5b1d18bcd5f5737a1d8a35ea1ff7adae6a290
SSDeep	1536:u1V7X16jmXeDiMuANlpffP2pEPsGxejK9OHe8QZny:urkQiJuGLHPmEPsG0K9O4ny

C:\Users\FD1HVy\Desktop\O9r7lO\Th2bibuMEW.mp3

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	50.12 KB
MD5	3139a6e409b8f9a4d1abb9fa5b44d088
SHA1	fdb4e5113432486f32db9864f2808e72883327c8
SHA256	7ab91608cda6c596451194388361c7f0599f72de519a78e3ba850ac140c9f16b
SSDeep	768:1Yrf3m0SHdA5wm7VHYDurOQlzQp3MCibNpTAetl6ucvzp3bhJdz8eeY10P:1c74d/M4QOuzQJkNpTVtwpN3bhJV5eYG

C:\588bce7c90097ed212\1043\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	77.77 KB
MD5	bdd3b3019e2427a26becf624ebd17347
SHA1	daffd1579e2c546dfdee32e4201c35a0fa97f584
SHA256	06cdb38d14b80fdfe518b4825b53d2ae768e23365ee2350fe099e274c87ec981
SSDeep	384:4wCsfDNzgDbRiRVqxdYRF405vYtyVB1HaAzTGZUeJvuQFKhlQ5gwJBKQauJf1tSI:jbZKbRyVqb82IB+GlQ5gwJBzauJzkA

C:\Users\FD1HVy\Desktop\O9r7lO\XqRm8ccd.png

Modified File

Image

Not Queried

Mime Type	image/png
File Size	1.75 KB
MD5	bd2b2cd69accc7463b56eadabb58dbfa
SHA1	4008b8dd2d27bf0eab1f6ebf225064568ce4157e
SHA256	a8a3b0c1c436461a6cc77c4f7eb6fb9ad43817eb23fa8143addb0f5737faf387
SSDeep	24:Nd8UiSejKK78YltSI//6VdFXp6DE4BFy+OKiPaS58JfgGGix5xsdCFyYqa7kB9w/:8pSeRP7SOCdONHydaSqJ7sIFy0gQmTTW

C:\Users\FD1HVy\Desktop\O9r7lO\ywhU1A-Df.mp3

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	95.29 KB
MD5	90f389305ec12cc48e2bb857b3a27e7a
SHA1	e7ab3777d60292d57ad011d187de9e61d0a84e54
SHA256	b2b9d8d19da6e3fc75308f8e9a1f7a3d83be8574fdfab3851fe68e7f8c31ca18
SSDeep	1536:1g26bJV4RCu6QtdZl+dgl9WZy6k5jg8Xd9hn3daQDpzzfUOBEFIS5Z6OmPJLkMVc:1g2COwuDtA+oXk5jPdzV9f+ohGdN

C:\588bce7c90097ed212\1045\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1045\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.41 KB
MD5	d652e4dcc59e855a637ed6a6b9b91c35
SHA1	9c368083eab768e85520c6183863943a6d3d1ea3
SHA256	3c5858c276995238643ca1e9d765331103b9b532b395d5a8be8ad0c80e224594
SSDeep	96:VGHplWjXM7rZHfu/kdUfcx0BbUHVsPR/ojeLs5gZjugj3hdDOQhSwX8:IcEhUUx0BbUcddjfdDRhSwX8

C:\588bce7c90097ed212\1046\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1046\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.06 KB
MD5	b028f11bfa389b1e72f71e052927d2af
SHA1	6c939027d060cf616f3f42c50f8808db584942d9
SHA256	7211a0ad2f032cb8fa4feac06ddc5f174f0284d4c8c2463ddc2c512c41579737
SSDeep	96:iNEUTOU7D6OIO5lKrnQk8rX8ZxqUKQ58ZiKqRuByONPTcRhdDOQhSwX8:iNTVMO5lKrj8ZiKqAPxSdDRhSwX8

C:\588bce7c90097ed212\1046\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	78.85 KB
MD5	a6ecb08b86bf706ddc6aacf4ab5b8327
SHA1	edf481da0308baeef59fb7cd0f17be5668decd03
SHA256	49bb6112d5c2b2373c4293525f5b4e0e96e79c6532e1b710a30edca7e2c2a06f
SSDeep	384:4wl7DAQput9emRem6cvMOem6QemIAY/YEQTeQoqk7EHd9nKxXq5fKsLaG5m73Rd9:geOeqeCe1CkyJtG07g

C:\588bce7c90097ed212\1046\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1046\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	81.28 KB
MD5	f0adc151501c4be841fbf33775d03b06
SHA1	05d073984ecb9b20c532f4a913295a06d4051648
SHA256	205e662d0df5a36e3e5fe3bcffbf5485716b3511ce398eed1b957cd913f03f5b
SSDeep	1536:LGk5228fJDfyBqFzjIeNJbQLD7ClGjyfFUgp4lYwG5qluyJtGcy:LGk52V/Pg72fFUgppw5FJ9y

C:\588bce7c90097ed212\1049\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1049\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	54.64 KB
MD5	ed11e44141f67ab5b63f153071b5a161
SHA1	e9217ed70527a9478c0a35e3ce5996514385e0b6
SHA256	9c5e06e6fb511f6c6e43fd014ecf822fd63d05d61cb0a454b3fe6a1185f4288f
SSDeep	768:kOG+Eg+STa5ZZsaU3vBkrdLWaQZuirbUBEpdIlVILEow6NYpx7LmVKjy:W+OS2vk3pkrdyaqU6dIl+EpL/m0jy

C:\588bce7c90097ed212\1049\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	79.57 KB
MD5	4d4c3423cc2b558df51b0afeb8efa085
SHA1	c241aff87cc7eafda36a489afeb320476d649bc7
SHA256	78cd34eab328305bf6a31ad1c1d4db6965f0ae2bb647e323c6817ffba5c30fe4
SSDeep	384:4w7iPuXsPXBUhOLGvVVA5/Fpn9zJop9TE+zkX6JS/5cGhj/69:MP5XyZVrJf

C:\588bce7c90097ed212\1049\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1049\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	82.01 KB
MD5	bacdde0e7424c64ef11e5bf021616420
SHA1	d2de95291ec5f6c7619a21e9f3c18cc821238c8e
SHA256	4e75ffccdf8699323e69ea21ce60202a9f91a7317292460736a015c4b7f39b72
SSDeep	1536:wgTxod8Cx2GmMs9q6grPXQ2c8CFNwBWdR+icNx62IpHlUFyYIryJuQhFuhJuy:zodiGmMsA1I58D/JIRaFBWQahJuy

C:\588bce7c90097ed212\1053\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1053\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.24 KB
MD5	b80a598c9e002c064088a6f040667cbf
SHA1	cfc3510076c7f9a464215c670035e96bdeb008fe
SHA256	9322d9ee87358729a85e643afd955a6641d029dca61f144c90cf0114fd1d9a59
SSDeep	96:zy0dl+S4z0eakKPKAWNbOJxtRy8SI9XRy1IZH6BxhdDOQhSwX8:Zb4zjakKSrbOJxtRypLIZH2fdDRhSwX8

C:\588bce7c90097ed212\1053\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	75.86 KB
MD5	658bd829edddb60f56fa2b8135290024
SHA1	bcbada8a7bcdabb2e9197ca219b970c655d655de
SHA256	0c30a7fa7d98740dac6dfd5d0a371841a672aa552244f0d13882339b6e3d2a91
SSDeep	384:4w+optBSCVb5v6iMSsCtD7jjktDhHfLSGM3zD0q0Xt//Vvcinnl/06N9mGktJsIK:QqtBSCVb5v69SsuD7jwDkqmGeJsoO3

C:\588bce7c90097ed212\1053\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1053\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	78.29 KB
MD5	c42854d09dcbee9f3875d4c9b1440c17
SHA1	d54e327bb80e76700da3f613c73bf998ec62a2cd
SHA256	74d32ffd9da90f8646d942afa73c7a8e0f5fb02a8098f5c4671c02b7ea45e5f3
SSDeep	1536:2xVprfBEhVuMOXARMDBv38EsXDUGXIQJTeJsoO2y:WprfBEadw0qT1XIQJiJs12y

C:\588bce7c90097ed212\1055\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\1055\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	5.24 KB
MD5	3c06bbe4a0d7f741ddf899455ae3bc3c
SHA1	8c91cbb75ceefd197dfdf81b8c31a4d7f6e8188f
SHA256	6aa9f1c3e200f13a55f606dbab63adea19c884209a7c7a76f0805fcb9056a3e2
SSDeep	96:C1CzHKLHngLrHRaiBEh8j/e5HdAz3BQuwVFxEwFwXw/OgACiyOZzC95OsZPjcdhc:gCzHK7QHzBEaLKCQdTz6Xw/FdXcTdDRU

C:\588bce7c90097ed212\1055\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	75.02 KB
MD5	44f6e1998d98a1a5a27c32105f4445a1
SHA1	d9de4b386417b39df3d604f35c19133e7723fab4
SHA256	d5e9108dcd3963813848765aa612baac27c0b59648fdc0cef898c173e4174a25
SSDeep	1536:bM8DL5YHRL87mlQg5IgrbGZzwOS8Frc+iI0jJNJ7rtRpUD:bM8DL5YHRL87mlQg5IgrbGZzwOS8FrcW

C:\588bce7c90097ed212\2052\eula.rtf

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\2052\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	7.16 KB
MD5	125f285ab1d4df4c3026fd8ef0806095
SHA1	34c229870eea736ffe3fe51c69184af046a030c3
SHA256	2345d8a9cbf38e2f9d98c6c47a47541e6d59d0a6d88f81c6148a3efba097dd03
SSDeep	96:HyBcqwlULKa+GBy/2FEoctzwlFcYaItx+60mKhX7FkZrJjerU5XliBhdDOQhSwX8:HyBRwlUuaNpcteFcYyPaZlUvdDRhSwX8

C:\588bce7c90097ed212\2052\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	59.26 KB
MD5	0f30d96dab312a161505977c2c8636b1
SHA1	985b1d478d97821470050a5133630c15be8cdaee
SHA256	123ffde8c82a8ce482ab0d218f8de4ee8ddfb1610cd0a923928ecfbc31566718
SSDeep	384:4w7yHdhTgqbbT1HjWZez2jtKgst+7x0x8EM5NnqQivGXU4woZukC7FQKAuXR/4ml:dyjg2z2bXXwoZukC7FQKAuXRgcJN

C:\588bce7c90097ed212\2052\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\2052\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	60.72 KB
MD5	c8c0e0db2a1b492ac4383a5ed79e4d02
SHA1	e04eac38e472f5cdd8369e3b31cd28cc54424db9
SHA256	f8c1be1e2378472c9b6d7d4d6c5f96261904a5b69af57ec9c252bbd72c4da1d9
SSDeep	1536:ffuBlKY5Q8lubNUWVy56TzU9sIWouqYNdy:yAY+8uNUQy5Cz3fo/Cy

C:\588bce7c90097ed212\2070\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	78.37 KB
MD5	559644d37bf07f15b6704c7f1efc90c0
SHA1	9170d56f6503df215de1a6eda5c5b2c82431b299
SHA256	a4ff868c831fb05f4cf3d481442f8795e1ce794b8f6d0ca2152cbc77b4b81dac
SSDeep	384:4wdLPpRgMjLeUueUA48DYeUOqeUd/iboeuXWpFPYOAjw/BdgysR0AmhRod30J0qN:fenekeCeRuXWpFxgJMh230JMaWE

C:\588bce7c90097ed212\1028\LocalizedData.xml

Modified File

Text

Not Queried

Also Known As	C:\588bce7c90097ed212\3076\LocalizedData.xml (Modified File)
Mime Type	text/xml
File Size	59.39 KB
MD5	8b3793cefbb1650e2eb88f72538fd235
SHA1	c93599ac3cca4a49eed73146b45f261710ca1055
SHA256	7d64803991e38ffb0d832b5ae391dd83caa76619336612751b1604fdf9005938
SSDeep	384:4wCGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPi9:tbCWYFrewYTJCN

C:\588bce7c90097ed212\3076\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\3076\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	60.86 KB
MD5	7ed1a1e36fcb56c1f9faf3d4f49d288b
SHA1	89aca9444dc4ed444a2780c7246fcb36d98b0ae0
SHA256	f3764facfc15ad4ea3587ceadcd3c74cf35a719bf3ea5f183b5136d1df5fb04f
SSDeep	1536:H0GD+K1f21qy6ZcOUI2Onxcaie1sDXnsQxntkU29Mr72oj+obbhYAy:H0GaK1fqqyQdnx1ysQxntoMrbTHy

C:\588bce7c90097ed212\3082\LocalizedData.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	78.12 KB
MD5	262313ac119ea9bf08730c8605e2b56f
SHA1	74f3a1ac5da610c7c8339ca03cb74624c3d17e0a
SHA256	de105784286f4d8f489b80aecac408d60fecebf51bbf4620281a252818c243b8
SSDeep	1536:Xo/yYrDKRqvf+ffl0VMf/mfL94T+7j2JoiZe:Xo/yYrDKRqvf+feVMf/mfL94T+7j2Jre

C:\588bce7c90097ed212\3082\LocalizedData.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\3082\LocalizedData.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	80.56 KB
MD5	be1a7c8b8c592f018f5e5d40414e2e9c
SHA1	f5090a0855fee10235847d450810b268c4402494
SHA256	eb11fab0e5a0be1fb470d87e6e82c14b9287e04d297c16f12682bdc351971411
SSDeep	1536:Kd0GPm/ExLTK+U08RRp+3XksiL6PlUodf0boxg4xz0eanZxl4rj2JoiZSy:KdpiExvmNv+3aL6PlUodtzxgZxSrj2J5

C:\588bce7c90097ed212\Client\Parameterinfo.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	197.07 KB
MD5	84cb0278635f2882412c600eea7c41d5
SHA1	5dba8c09501cc49097851be8ce50e5e25cc3c575
SHA256	22a3f491ca1f94c71b111ecbaeff490e0ec4ece7d6bfe4fcc92f97d1093e744a
SSDeep	384:wYQH0RbAGiYNVrkT+8TodTBltw11VTvcL1wCiUj78leRqmH9Hej2iXWKMNGIe9bE:w2RbYoVQTLTQTDFdPknZ13GpPcbrI/

C:\588bce7c90097ed212\Client\UiInfo.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\Client\UiInfo.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	39.60 KB
MD5	7dac6cf1b744caad6fedc1866d81a34c
SHA1	f21cfd481bee8a9b995ccb2bd1f1a4de4e8fd763
SHA256	efb5a1676b5ee754de1ad3f72f18d3956f1efe3ea8fc35d397641ca17619b4c9
SSDeep	768:qQXWeWbuS+g0x8gJAOr6D2f16AJOwycITS0KNzmZnOfblYxhRGCzwoy:qvb1+ggFJAOeD2g6eWNNzYzxjFy

C:\588bce7c90097ed212\Extended\Parameterinfo.xml

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\Extended\Parameterinfo.xml.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	93.56 KB
MD5	b5a1bd3e01debdcbf3d1b656438c8a26
SHA1	2dddaf5cf1385f48448e86b8b80e681616b9ee65
SHA256	423c4a338b240e6140b1d69d3afffc70950b5ade50a0eb0dd2bb79a82e61e7d6
SSDeep	1536:HW1vX9gxc5jd2PlhTAR3FWMC7OhNMQ287L2i7+CKdfH3kfr4IYy:HJc5KVAR1RWOw67ii75Vz4IYy

C:\588bce7c90097ed212\Extended\UiInfo.xml

Modified File

Text

Not Queried

Mime Type	text/xml
File Size	38.14 KB
MD5	103e3804aaf325e00ea83a30bdb78539
SHA1	3435ecf2fdcd9c5fffd21ec766c9198deafe9d94
SHA256	7a234e816f3cccf8334bd34df4c7704936977236cb53d984aa692bc70cf27508
SSDeep	768:24URsd5vssgP7ZgZ/vSguJQvFQXvDINJh6Fuh3kr1UO0NWpPUb9cu+dOtOcOdOjw:24URsd5vsTPuZXQYQLIN/6Fuh3kr1UOT

C:\588bce7c90097ed212\Graphics\Print.ico

Modified File

Image

Not Queried

Mime Type	image/x-icon
File Size	1.12 KB
MD5	2cd7000aa52356b8762bf7ca7a2a776c
SHA1	c2580167d4d6700212e31bc89290ef478544d642
SHA256	7201f67baeb0204274af3be27be1ee771b8e317919c2c65d6c00dcb37cd9a3dd
SSDeep	24:dOjNyw2aSGZHJi4U7Wf0mDX+QF7s/AemFAz:MjNyw/0NW9DOp/ANm

C:\588bce7c90097ed212\Graphics\Print.ico

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\Graphics\Print.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.60 KB
MD5	a0f1ecd41dcf72bb179df7099012cb12
SHA1	e464a2ce23563aa49fdd918725a581cdcd16aa01
SHA256	bed975bb969561674b29931041273567ca60922d0d3bedb8f4da8dce58b1338a
SSDeep	48:kK8ieVm/u+WEua27zQYORpk1jxHsMvqxdJITSdqVUWeC6OtV0h6lrtsyGrXYEk:wrcW5a23NqkJxHShdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Rotate1.ico

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\Graphics\Rotate1.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.35 KB
MD5	9488674c0ce164268bc4ce4f998993bb
SHA1	2776f0b14b2468ace2225a98f7ddc92d0df6ec23
SHA256	32564f533f99d3e07e6fdc0c23b82bb789c84d44bee28ae67986996405f4cc98
SSDeep	48:DhL+f+t5+OzZVtA3OfAHNJITSdqVUWeC6OtV0h6lrtsyGrXYEk:NKf+t5+qZVXkbhdDOQhSwX8

C:\588bce7c90097ed212\Graphics\Rotate2.ico

Modified File

Image

Not Queried

Mime Type	image/x-icon
File Size	895 bytes
MD5	84601e0fe8a0927bea93a37406f572db
SHA1	ef35c2ef2d52b521678890a9eb4e859456ac52a7
SHA256	3dd53e63ba082039274608e3a454aaa6e1194ea342a1bc97d068ec48b1ce659f
SSDeep	12:pmZX5+9wQaxWbwW3h/7eHzemn0iLHRp5U:Md5EaxWbh/Cnto

C:\588bce7c90097ed212\Graphics\Rotate4.ico

Modified File

Image

Not Queried

Mime Type	image/x-icon
File Size	895 bytes
MD5	50126934c8aa542bd783d8a72675a64e
SHA1	7303e7d0ec529f1d4ed8592264be70355ca44388
SHA256	607334cb62090a9065333d9ac2f293a7976eb188cb3fb8e823eb396632e7d4f2
SSDeep	6:kRK///FleTxml+SzNaoT9Q0/lHOmMdrYln8OUo/XRWl2XOXFBYpqnHp/p5U:p///FPwxUrMunUofRReFNHRp5U

C:\588bce7c90097ed212\Graphics\Rotate5.ico

Modified File

Image

Not Queried

Mime Type	image/x-icon
File Size	895 bytes
MD5	acff277a7feb607c30ee50a6461d7361
SHA1	f670a616cc113afcbb4f9266d233f0a2c3fabcc7
SHA256	bf818036fdf1690cf1f83b678957420b9ac83360e6d83d58c479482f72d14943
SSDeep	6:kRKi+Blqkl/QThulVDYa5a//ItEl/aotzauakg//5aM1lkl05Kaag2/JqnHp/p5U:pXBHehqSayIylrtBg/bk4AgzHRp5U

C:\588bce7c90097ed212\Graphics\Rotate6.ico

Modified File

Image

Not Queried

Mime Type	image/x-icon
File Size	895 bytes
MD5	2bf69afea81db24e2af58c7aa2bee39c
SHA1	9ba271980e12657f51c1575a6c34c0ab0df76f1a
SHA256	834b3f203a8951eb28d7d091b553393a9a08c514fefa27cd73795063865f9cc7
SSDeep	12:pjs+/hlRwx5REHevtOkslTaGWOpRFkpRHkCHRp5U:tZ/u+HeilBh/F+Rdo

C:\588bce7c90097ed212\Graphics\Rotate7.ico

Modified File

Image

Not Queried

Mime Type	image/x-icon
File Size	895 bytes
MD5	d62a0f5f11b45f6108fa95bc87616d40
SHA1	482589e9f5b8885511a2a18f88229dc6b17f9627
SHA256	485fef60a642cee29b38e2f4d7c1d4871950ab07c3da6ef321eb76c3f473cbb6
SSDeep	6:kRKIekllisUriJ2IP+eX8iDml8mS8+hlxllwqlllkg2klHYdpqnHp/p5U:p8os0iieX8iNVHX//x2sHYdoHRp5U

C:\588bce7c90097ed212\Graphics\Save.ico

Modified File

Image

Not Queried

Mime Type	image/x-icon
File Size	1.12 KB
MD5	88f6d7e4c6d665958c6f3f41f5bcb856
SHA1	6550d6c7f9b091babeae84aa2c795436f076885c
SHA256	1e8cb3817768849489083be4d46fe2f2a8b6fd6e41edef33cb6d0a1420cb16b0
SSDeep	24:Br5ckw0Pce/WPv42lPpJ2/BatY9Y4ollEKeKzl:h6kPccWPQS2UtEYFEKeq

C:\588bce7c90097ed212\Graphics\Setup.ico

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\Graphics\Setup.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	37.31 KB
MD5	05cd85a8a1c7887ab23f86b9302207d1
SHA1	ddb40d714989abface7952924355e671b97c0bc4
SHA256	f7c060f86a15de541256d84d233cd0b7f17e1ba54a8dcd4f54d987bc4fc8c53b
SSDeep	768:jDFVLBGJM13h1Veuv1yOibyhTToWjqrTwh4nE3mM8sAXOFUMvmkjQXSzvBRSy:jDnBh13hnv1yOAyhY3wht3mpsAXOFU+b

C:\588bce7c90097ed212\Graphics\stop.ico

Modified File

Image

Not Queried

Mime Type	image/x-icon
File Size	9.90 KB
MD5	a095e272b785b66a707689cdf367014a
SHA1	19fb49e0c277e63099a1a98170b2794bbdc9d392
SHA256	73396feaaf0bcaf872a78e35e10138bbb9fc4d59477e197cdeabdeaf47d2c826
SSDeep	96:uC1kqWje1S/f1AXa0w+2ZM4xD02EuZkULqcA0zjrpthQ2Ngms9+LmODclhpjdfLX:JkqAFqroMS9lD9Ngr9+m7bxpXHT5ToYD

C:\588bce7c90097ed212\Graphics\stop.ico

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\Graphics\stop.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	11.36 KB
MD5	c59b1fc50d01fb63bc13ae56f31fa81a
SHA1	1eb2bfd50c8093106a35a59c0c989fbe77ad5948
SHA256	6d76248c58a0f23ca5e57cc865de67003c83b5884e652de9db0332757cc43edf
SSDeep	192:K67KigHtFVNzUUkJmmxyECt8Zv4dPBnirWZNkbsSsdxryM8TFOdDRhSwX8:K6Qn8JmmsELv6PhirWXNSsdcM8TIvSf

C:\588bce7c90097ed212\Graphics\warn.ico

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\Graphics\warn.ico.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	11.36 KB
MD5	aca8b3f7d320c6bc9dcf99a272e6ad62
SHA1	7a114ce4a3f38f95745d01c70edd8aeff2d8618d
SHA256	99cd4c89677ec97920ac9ad752e7b17c971736868db7f6ec4fb2eeb8291e76b1
SSDeep	192:BW1pJVM15pdujFhv5aU3tOATzQJ7TSWzVt/ckJ69/N85ByFtJiMxZGrwdDRhSwX8:BWfbM1fsaassonSWpt5i/C5BAtUMzGrX

C:\Logs\Application.evtx

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	594173e25c434cd074ce4ce1e64cb57a
SHA1	026850595874597e1277e9c0abf95d124a3f302e
SHA256	0fc64e3f02204e8846dc7944a4c512a98897439d40bd07317092044f80aa3f8e
SSDeep	768:xHIz8GFMIxEkigqJqAczhqbIkq6cqiqdqCIXIuqCLIHNI3R:48xIxEzcWcouR

C:\Logs\Application.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Application.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	99b4dfade4be377f560ccbad6c3b984b
SHA1	3800ed3d091c62850c1d3a8ee6813e9a0317087b
SHA256	c432210a1751637f5b802d1552e5722d6f73fbbe97a4f750632965b72fb71130
SSDeep	1536:JJWq6Xwl6h0VT/L9AdyKFmmYNvfpitgBVleKQIy:JJWqewAgTz9AMNXV9Dy

C:\Logs\HardwareEvents.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\HardwareEvents.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	9d35a1315076b0c7db50c97898de7677
SHA1	f8ef4ba9b4cc627c5f47f1de2c18b32e096720a5
SHA256	c2b9a64fb2e4dfbe430d37a0b217f50b1e4a07d0a8b07fd07c6f2a27e407771f
SSDeep	1536:/y1tVkAN5cZ8J3VZxmQiygd8qAqybQxuP5mg0j71T7v1+Zy:/y1tRcmJF8y/+y0xMmhjRjay

C:\Logs\Internet Explorer.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Internet Explorer.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	20a5096ea2bc5d9d43237332411b57ab
SHA1	aa45c4566f1810e70accb31d086b3f3e24f318ea
SHA256	1ada9c099293ecb9da7778f0e65a0012924c27f7319234576647b83a3f673cc6
SSDeep	1536:PkXKkZSqpEsoQYZqClkuk88dpJjB6NoK8L5T3mMgkP7PBky:sfZS4ENQQkukhdp1INiL5TWU7PBky

C:\Logs\Key Management Service.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Key Management Service.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	dcb3bb4f1f59365bfef4e16e6209a2c2
SHA1	eef01f2a69ff42effcbcd0b4f58cc79817e22400
SHA256	d3ac471977b1f8b3ac364c4b79e6c680096b747014cb1f50803596dd0297b016
SSDeep	1536:Eu1t//Cri/fozDFPvouOVoTdQHiKifiU/UdVZMN1zWuqQy:EaJB/G54uOWT+CsHdVZMN1zWuqQy

C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	18a58b189fcd8f67d2c8952f614a3986
SHA1	40673cd2f322e38655a01cc6ee78ccb15a5cb17f
SHA256	b0e6fc32939b797f1f70d029535f9e10a301aae2ee4c3b876de770b681c71e52
SSDeep	1536:hZ3vkBO+MvIrlcsaLpG/NxdDSZcnN6Pxgy:hpvGO+Mv8czI/Nxdaqy

C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	3fdbb5a461729319c465d94ab3b7a61c
SHA1	5fca38419dd366f4b67b0e7700e5175a050f25f6
SHA256	f078fe0451c27b54e25e417180524ab119635dbcd38a5ddbf345194c65132e99
SSDeep	1536:IVFgiBAn7GWP2ANr0LV1XRhP8nKwRXtQN/d2HaP0UcL7V3by:I4iwGSR2LV1XRgRiL2HhLxy

C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	32fe1c3d2b000b04c7992422684a2e4d
SHA1	961a501942dfbb9147298e2172f4d73e9f018604
SHA256	674a4439d9597c6a64d5ed719dc8414f4396cd5750d43f11d70652326c432197
SSDeep	1536:Vbk9Hh4DV6dzcyaDTmUzBuBaAkJoAW2co/xy:J7B2cy45Qa/JXWn+xy

C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	bdb597d9f488aa751bd8760b5d0ea27c
SHA1	608782744396ef4587fb20b77a3df4b18493a643
SHA256	13c5ecce6be6030ed3d40735411739459afb2379fb5769c5894f5c4dc3da90a2
SSDeep	1536:Q5LCJaHKoVIW/e0af9VgTIE0O7R+60Q1oDrsuOwypy:Q5LSaTVT/yKIHsQQW4py

C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	f9b7845d537b04a607bf327c440409bd
SHA1	5fa61b6b36bbaf08fc7161b1b5321480f48681b4
SHA256	7da851f14de06e671a30c4d8de2dabab050e03c9fc532adf1c2b457ed514bd49
SSDeep	1536:nvoqCivevs9vJbLvzIGp0ts7VNRB7t+XQj7HTzubsDKeB+LZmy:nvr94sBh4Gp0t+VNRB7t+XYzzuMKe8Zx

C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	e035b133881a23878be32cf0fd5f8165
SHA1	3c4ab6353904c4b6ea243413cd7dee5d72544c18
SHA256	59b0047901b9e204572bace30b34879811c5c863e7e8c87ab5830990b2df8e1f
SSDeep	1536:igEuZWi5zWB1/6dzMQE+/ecLORoHt2zLE+0KkBpG2oLoy:iWXaIzMQE+mcLczLj0PbWMy

C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	1.07 MB
MD5	dd1e686a8c23c83623311bc7f2106724
SHA1	cfd40e74fe87f0a118a1e5bb8473a9951fa435f7
SHA256	27e2e2bd98e7e2e1323f663419d4816beedbff39f1fc2e30baeb5e1a35d0ae41
SSDeep	768:ut5eUJYnFP6TPSZR86f0FCaWc7BsivBDSBYHjPY7p+1/5TV0zx1N2aw:IJgdT07GivBDSyHjA/zx1m

C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	0094f016b06ad419e9a46b15979fe9b9
SHA1	d331a17223e548711ddc3c2ae7907ddb2496b27b
SHA256	1824568aa80c277b7bb908036c28377ec91a212e7fc6c5686d07dfa70c82aab1
SSDeep	1536:R5dbDPSPEj0+bej5SqvEjp/cGqKh+cyBwC2oEihxzvFi67y:tD6p+SVNo/3hc6piDrFiiy

C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	2.07 MB
MD5	0b2121c7e1296462d67c92a0383fe2e8
SHA1	c0f82f32baecf9e3ec9ce3d18cbc5075060a196c
SHA256	092baa8b90f961ab1c3eb7fbd284b7315c0b28c8be572186d34597043bad12aa
SSDeep	3072:yT8ZfIXU4bgUzJCANS7ebOKXQbwkqBYxbJ1OAzLU5vQ4LkTK2JNiHim5WN/jAQgw:U7cPT

C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	2.07 MB
MD5	532a81318b5e81fe34d2483655ca516d
SHA1	7a0a79f771a3af43a13ca8468a3bc6b7e4426ea3
SHA256	bfe1f1f9495ae3eca0cf39c8c81bd7bdd05fda284fac88c6554c1b35306164b9
SSDeep	3072:OUp8c83/bFH+3ZejVU4bgUzJCANS7ebOKXQbwkqBYxbJ1OAzLU5vQ4LkTK2JNiHe:OUp8QpiX7cPT3

C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	a98f8b670da2cf2a84726fe8e8d72ae4
SHA1	e6dee1accff693a3bd6ec9c29bf24004c5756058
SHA256	d1480583b6c4b493f4d5fc7b9c85c115e893afb639473c4847aa74984ab4a352
SSDeep	384:VhM6FDIjFksFkkFkkFkAFk4Fk8FkIFkwFkQFkMFkIFkwFkgFkEFkUFkkFkAFkgF4:VFI2LjjfXbnPvrnP/DTjf/f7rXbb/b

C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	4671dfa9bed0751fb25cc59ad591f4a9
SHA1	1b3cd5f172df63fc47758df1605f71f25fdf237c
SHA256	98119ed6819f18f2a2cfa784b62d8c6febb3db35f6b2bdd92687bc19d4b5ddcd
SSDeep	1536:Iqxw3pejtT47/OKkh6o2N9wCc/te0vwU4sBi+tPf45r/12+uBy:I5ejt0/OKc6oSY/te0vwU4Ii+t45bk+Z

C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	97268b2ef398158044cb001b6851f447
SHA1	1ec9b3b0bb1aff253c10854196ab2784fc0f80be
SHA256	16af22bafaf0905d333cb1d07e35208e3dfa2b212582b1a747c83dd986f3e277
SSDeep	96:cdRNVaO8FoUy66eKmDfyPSy66oyP+Guy66rN9:SV7yjeQjDGujo

C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.B3195CE3-F37D-5752-8AB0-F23AD89717A2 (Dropped File)
Mime Type	application/octet-stream
File Size	70.43 KB
MD5	2f898ae0f17af313e67a5b79313e99a4
SHA1	026c8cfab319b11d13f7282512e5baedf21c34db
SHA256	7700ed9bdc269f8955c13fa9e0906c19818572a28f823ce8e8e14237f5894555
SSDeep	1536:81gzJfrUM2MRh4u4wPqDkScqEhdLLe5j0y:u7MvRB4jVd0y

C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	67e9181932f0b8a2eaee43d4223fbf3f
SHA1	4008963dcc1f4ff049cc67c41e843a7eedbfed50
SHA256	265e78297d11a9d3f24cf80bbf8f26771663232e0ec7d40461b3a807cdef6344
SSDeep	48:Mtr1pW5lf0rP+AQNRBEZWTENO4bnBnzoMS1Y1/MKrelm1Y1Wgv6lI1Y1/twkKkIh:fRNVaO8FoMSGVMKrRGL7G9UD8xGQVD8

C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	68.00 KB
MD5	0cabc4dc0cd5862c703dad3d7438ace5
SHA1	117b7143a1845da1a71a3a2eeb7b4c9d3647d7dc
SHA256	23214f4c011b5f6dcb97021c4a5656cfba4725258114e599a2286d2b98ed3159
SSDeep	48:MtSWstlerP+MZQNRBEZWTENO4bpBY5oM2oSGrVSGr1TiclBLSGrVSGr1blXrSGrm:AKNVaO8OoE5V51Wo5V5195V51y5V51

C:\Users\FD1HVy\AppData\Local\Temp\76E69905.ghost

Dropped File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Local\Temp\93A52DE3.ghost (Dropped File)
Mime Type	application/octet-stream
File Size	1 bytes
MD5	93b885adfe0da089cdf634904fd59f71
SHA1	5ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA256	6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SSDeep	3::

C:\Users\FD1HVy\Desktop\===HOW TO RECOVER ENCRYPTED FILES===.TXT

Dropped File

Text

Not Queried

Also Known As	C:\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\$GetCurrent\SafeOS\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1025\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1028\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1029\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1030\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1031\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1032\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1033\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1035\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1036\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\Users\FD1HVy\Desktop\O9r7lO\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1037\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1038\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1040\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1041\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1042\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1043\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1044\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1045\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1046\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1049\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1053\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\1055\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\2052\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\2070\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\3076\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\3082\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\Client\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\Extended\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\588bce7c90097ed212\Graphics\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File) C:\Logs\===HOW TO RECOVER ENCRYPTED FILES===.TXT (Dropped File)
Mime Type	text/plain
File Size	207 bytes
MD5	7eddb637e9dfabab095ae7fac56316c6
SHA1	5789acf63a0660ef2f34391213d548d654498e79
SHA256	9c13703714a839f86624abbca6596e015740127b957a43fa1d0ff6d2380c53d0
SSDeep	6:XIiisFX2mJT5sZA/oUSzMcf/kgkf3cR9t2FLy/v:hXhnJTCZA/2fkgxR9t2tCv

WHOIS Domain Information

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After

Screenshot

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After