Sample File:

	MD5 hash:
		093d2634168cf168d59bfa49550a4010

	SHA1 hash:
		8ba04fcf149265e2ed1ee63af73087ee09d729aa

	SHA256 hash:
		c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51cd341

	Filename(s):
		c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		Global\{FD64C8AB-F74D-C8D4-F31D-96A1BB45705E}


Registry Key IOCs:

		HKEY_CURRENT_USER
		HKEY_CURRENT_USER\Software
		HKEY_CURRENT_USER\Software\Microsoft
		HKEY_CURRENT_USER\Software\Microsoft\Windows
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
		HKEY_LOCAL_MACHINE
		HKEY_LOCAL_MACHINE\SOFTWARE
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
		HKEY_LOCAL_MACHINE\SYSTEM
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msiserver
		HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient
		HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters


IP IOCs:

		- None -


URL IOCs:

		- None -


File IOCs:

	Filenames:

		C:\$Recycle.Bin
		C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000
		C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini
		C:\BOOTSECT.BAK
		C:\Boot
		C:\Boot\BCD
		C:\Boot\Fonts
		C:\Boot\Fonts\chs_boot.ttf
		C:\Boot\Fonts\cht_boot.ttf
		C:\Boot\Fonts\jpn_boot.ttf
		C:\Boot\Fonts\kor_boot.ttf
		C:\Boot\Fonts\wgl4_boot.ttf
		C:\Boot\cs-CZ
		C:\Boot\cs-CZ\bootmgr.exe.mui
		C:\Boot\da-DK
		C:\Boot\da-DK\bootmgr.exe.mui
		C:\Boot\de-DE
		C:\Boot\de-DE\bootmgr.exe.mui
		C:\Boot\el-GR
		C:\Boot\el-GR\bootmgr.exe.mui
		C:\Boot\en-US
		C:\Boot\en-US\bootmgr.exe.mui
		C:\Boot\en-US\memtest.exe.mui
		C:\Boot\es-ES
		C:\Boot\es-ES\bootmgr.exe.mui
		C:\Boot\fi-FI
		C:\Boot\fi-FI\bootmgr.exe.mui
		C:\Boot\fr-FR
		C:\Boot\fr-FR\bootmgr.exe.mui
		C:\Boot\hu-HU
		C:\Boot\hu-HU\bootmgr.exe.mui
		C:\Boot\it-IT
		C:\Boot\it-IT\bootmgr.exe.mui
		C:\Boot\ja-JP
		C:\Boot\ja-JP\bootmgr.exe.mui
		C:\Boot\ko-KR
		C:\Boot\ko-KR\bootmgr.exe.mui
		C:\Boot\nb-NO
		C:\Boot\nb-NO\bootmgr.exe.mui
		C:\Boot\nl-NL
		C:\Boot\nl-NL\bootmgr.exe.mui
		C:\Boot\pl-PL
		C:\Boot\pl-PL\bootmgr.exe.mui
		C:\Boot\pt-BR
		C:\Boot\pt-BR\bootmgr.exe.mui
		C:\Boot\pt-PT
		C:\Boot\pt-PT\bootmgr.exe.mui
		C:\Boot\ru-RU
		C:\Boot\ru-RU\bootmgr.exe.mui
		C:\Boot\sv-SE
		C:\Boot\sv-SE\bootmgr.exe.mui
		C:\Boot\tr-TR
		C:\Boot\tr-TR\bootmgr.exe.mui
		C:\Boot\zh-CN
		C:\Boot\zh-CN\bootmgr.exe.mui
		C:\Boot\zh-HK
		C:\Boot\zh-HK\bootmgr.exe.mui
		C:\Boot\zh-TW
		C:\Boot\zh-TW\bootmgr.exe.mui
		C:\Config.Msi
		C:\Documents and Settings
		C:\MSOCache
		C:\MSOCache\All Users
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.locked
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.locked
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.locked
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.locked
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.locked
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.locked
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.locked
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.locked
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.locked
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.locked
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.locked
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.locked
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.locked
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.locked
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.locked
		C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.readme_txt
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.locked
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.locked
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.locked
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.locked
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.locked
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.locked
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.locked
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.locked
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.locked
		C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.locked
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.locked
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.locked
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.locked
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.locked
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.locked
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.locked
		C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.readme_txt
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.locked
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.readme_txt
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.locked
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.readme_txt
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.locked
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.readme_txt
		C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\Users\5P5NRG~1\AppData\Local\Temp\eBFA6.tmp
		C:\Users\5P5NRG~1\AppData\Roaming\VQBKVY~1
		C:\Users\5P5NRG~1\AppData\Roaming\VQBKVY~1:bin
		C:\Users\5P5NRG~1\AppData\Roaming\VQBKvYnL9c
		C:\Users\5P5NRG~1\AppData\Roaming\\V5HW0H~1
		C:\Users\5P5NRG~1\AppData\Roaming\\V5HW0H~1:bin
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\\V5Hw0He6ZTJa4
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51c.exe
		C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
		C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe:0
		C:\Windows\TEMP\22F89.tmp
		C:\Windows\TEMP\63ECE.tmp
		C:\Windows\TEMP\BC3380.tmp
		C:\Windows\TEMP\FHB2F88.tmp
		C:\Windows\TEMP\I3R3AA3.tmp
		C:\Windows\TEMP\P6419D.tmp
		C:\Windows\TEMP\PK3D66.tmp
		C:\Windows\TEMP\Uzz3ECF.tmp
		C:\Windows\TEMP\ac3D65.tmp
		C:\Windows\TEMP\hD041AE.tmp
		C:\Windows\TEMP\hF3B7F.tmp
		C:\Windows\TEMP\qe3B80.tmp
		C:\Windows\TEMP\vp3AA4.tmp
		C:\Windows\TEMP\xL3381.tmp
		C:\Windows\servicing\TrustedInstaller.exe
		C:\Windows\system32\nbtstat.exe
		C:\Windows\system32\sc.exe
		C:\bootmgr
		C:\hiberfil.sys
		C:\pagefile.sys

	MD5 hashes:

		06168d1f6816c8e436a7edc21e9b879d
		086373bb3091fccb4867c68e4f70633d
		093d2634168cf168d59bfa49550a4010
		09df57e77262ce4f697029e649b2cee3
		0bc0492de07d5409b7beef24cd63f1f8
		1011371b8bd0620ece647ed07d002021
		120d748dfc78fb485e736ce2583a8765
		19e11cacd01fcb8c63ded05319074420
		1b7e353f7ba28b42a113dde8a44a32df
		26f363582b04ffcdfad0b117d5e7caac
		2c227f16dde154d4da598293098893b7
		2c7c00e180f99944c4b0c967e74c88fd
		2e2781b95b37a7e2a8b8a19c1d204290
		313b34769116eaeef9a5080708871452
		31b8cf444574e57e1e0f8d6b16aca11e
		3937585cd3846e6a4f87fd60d0ee616c
		3c0f7a2b31af211ca2a289404f9ab135
		3e82eaa6097eaf8e6f4087e2ea40442a
		3e9f84c854625f34018b7314722b7dd6
		41d3917d489b1b59223e16f695357218
		4ebbc2b0ad7f9075ae9d6835d2a62b6e
		5063cf6b74fe60d979d8d0b3bc39b103
		56f928473cf3e0144e3b46a62d2a8c45
		592cec83ca9fa68e91ec482f3a9aec73
		5bb60c144e11eb9799a85d38c48cbeb5
		659b4b3e1456baef728192341b11bc43
		6f5b00b54ebf274ba9e8c5bcd4f76cc9
		6ff41b4c62185a4be52ab9f2c499a5ea
		7b1bf8df15c178958fa673145bb9f39a
		7c006a249adb42c6aa2a4299a87d8f5d
		7dd4d54cb4359a4a9d09478e89a87df7
		7f0d9e1ed833eba61cf09aa5a3e3ed1a
		7faca9abbdf671254cf1731ad73680ac
		7fb576b9ef94921a82ae6d249811fd85
		8268aa9cd9176f472b7d17e0cb4c2791
		8335f6d1f9815bd0aeb92172e2279edc
		8bf14dabed668e5ffec9ceeabd8fb1aa
		90657b5945963181634d2065ccff14f3
		94718ba752042e550be3138afcc50747
		9c7c5b7cc2f5a423e62a8e94e0a8525d
		abb11ceec65e899b02a7160e459d1e8d
		ad69bc138979fce1badba138a9f14cf4
		ae98d03696f4eb9149386dbf797837c7
		b9873578bb1bca6a856d8658760b8001
		b98aa6ad01cd85805f67d71713287afe
		bc73d3655973b9d9ae08309344184b8e
		bfb894c0dbcbdc656bccd586eedba655
		c25873aa86f865005bda6780b3cb1d2a
		c54c1f7d13ae3277cbc19e5697622e53
		c66322760f7f25a1767b2bcf78b3ea6d
		c8fe7dd3a48816ae1ef5b6140e83837e
		ca0a3ccdcbdf897c1c38150c73967fbf
		ca94f50d895e4ec4be00c7d18aed7226
		ce9dbb5d78b692d1e54fbf5c2af904df
		d1dadb0bb2ad700415f1a17f61d2cb84
		d23291fe8ae1839d2478c06bcb4296b5
		d33dba0388975e348dcb92e296fb20ab
		d3c07e4f6f6ae99737e6c1b2e6d72675
		d41d8cd98f00b204e9800998ecf8427e
		d6a9fe571146099d6d75a8e4e7871506
		d767e0b5c07621f6b77ded6fdbd705e4
		d7d8efe1ea8d06f1aa2bb9276c23af00
		e42b9d851970a83f12d54cbd1460e356
		e480b75c232cda28257634f70ca8d0b3
		e6a01288565ad166df16ad609cdf83d2
		f986071de349953c3e451e15003eed1d
		fc2e77867d9ae083952a8b2e726ea963
		feb56261ec9f1d5b6f50a75f529f0e80

	SHA1 hashes:

		03edfff8d28b1e2d24defbe1e6505064e4ccfca8
		0ccc5b46f08cbcc5f9ee7c655e94e3e6b415fb30
		0d25c8d5636c74292450876b581541c1a4e02c65
		0ec52d59aa98aa530ff17dce6e4ba9ab3d988a61
		0f116572acfeb41ad09e0e1765e9825c23d0dc9d
		13b08ec8cbf20dcb67d3c0d674e8732e8488373e
		152e1aff8c3896f144eb9e2be5ab1794a70f3f4c
		1e6d20820f1c87e6e95bb1e16e97eca5806118ca
		1f1526e327a4c545dd1dfbd96f96bcff88df184c
		221ed4a51e562947dc7426ee5525c9ba691546bc
		2652bbe07fb99b091fb68644400b3ef5854cff32
		2780ab6aeb3737465f094b5df7caa67dff23292b
		2a7f52c22ae27b0a26dc451188c87e11f0012098
		2a9427942fd95cb8cbe264cd764bfa35fd43daa9
		35d1b17dbd5e858af6299fc67dd4443b1685e6ac
		361946299957ee5229c0671d813f8b1b37a995ae
		36491328e907694b1b0baf1b6aa5da6129db6bf9
		3a3472d9de446afcd3054434723a27ca8ad8f1f0
		3a786e08775d0dd46ad0889b0430f5a8355b1f4d
		3b58f69b442f05cc3e142238e9b20f680f718804
		45952cb0a84509b5eb5fa08144b788b8d01e7b4c
		4984434e30dced35f32dbac0f92023da15b82c04
		4b87463a1dbe992249e13e993740242e215a242d
		4b9f83df0d905516c04eb2a99d9a93bdf3b3d889
		4ba2ffb7782182d57302468fbe161b0139fe411d
		4f5719249d74938949112b72cffaabe847dc30af
		5ed05a18c4234a8f1dca5a5f7621c41cbecccb7f
		61607eea12dfca24ce901e42d55bcc29a1c868c4
		6465d2c39e378b573148807f23171d011869f17f
		68dba140959ed155f720060c5466f5fd90a176f6
		6d9a12f987d2ba865644dab29e648bef5aea2374
		71aade8f1eec1467bcf7457acf58b7d2caa4fa5d
		73f9d1fefa1da2ac52fc91c23813793134a99282
		7fb156908e3871098c0b750678a5377aa9f1d681
		803dfe6210f299355823b0eb59a29416ee0c5409
		8a6c4b6d443f024b29a5e526924d6fa1d3356e15
		8b2f8d4f79e8f97088cf05667f4f06379eb130aa
		8ba04fcf149265e2ed1ee63af73087ee09d729aa
		8e2bde313e4b1cbec31e8f770f2b279de46bb66c
		92f8879825c9be1aaf92c030c1ef4fc288fc28e8
		97ada28037075bcf81b462070b454954fcfba24a
		a0831896aac93ceffc27bf94a260c771c1b1d9b8
		a67260c827d36158e3c4a075fc6f2940570df8e5
		a8305fa16e4498b3e515a3119e4a4fe5b93bffe1
		ab6b891d6de014610346ab592bae32de3717b9b9
		b26eab4194196084a785440f43f72cf38b1f2f97
		b5355742676e7d808e002f934ea8b6cd740d9608
		c1c9f22a06d36aab1eb38b6dac529031cd455218
		c210783a7af3d31f3ecb3b12049492e1f6020c6d
		c6ebed531ead62b01495dc31d448faed819965df
		c727e22a5635ed86b28dc6493ae3cac19330652b
		d5bbc45d4ddc9039979fd09ef14365acda07d0b9
		d9f69c952456fc14798319ac2db9d34d79172f5f
		da39a3ee5e6b4b0d3255bfef95601890afd80709
		db1f81f5e209fed6df3255f6c820555cf17a839c
		dbe6802f47332d5ba40d881815db2d91fee34bc9
		dbf8db7ea883647f7eeadfbbdecf88599ec322c3
		e40a71bf78fc0cb50f0883dc1dcd87f8d94d1858
		e8ac5c59763f877cbcedb20d1fbe971e0eba3e56
		ec8411f40d2865199956c2820ca908f40a853baa
		ecfe400ba14481691d76520b30279e43b0d301c9
		edf5e9c91ffcd26d3ba6c741ee4af2d3baa85934
		f2b25f6edbdcfb4ad6b71adcd7866bdcd3b1c889
		f5b0145a25ec9a4fd9effbb651b079574713623a
		f75aec3db1fbd5aff741130e051d91f5ae8b27a9
		f9d80ec8e0a5aa3ab5d967cacb027509a1727398
		f9e3c93cb5ca064ec4e0b791a1c8037ea5afca14
		fe098585bb813572c65ac411bc238820b6ef9eb1

	SHA256 hashes:

		025a6bad72864e2fb8eb714b00124e1d49aed6498e599b5d5b2d9fdfd49dcfd2
		04f8ec88f6abe723bec26139fd5d9551e11c1efbf11921352673cd1e443ff1ff
		07e5a1143da75b091c7396f39f48caa5477eb2e400e3b838a5fb5347008d1cd0
		0ddfbe35baabe01e96a2ef1c37df3760e50b09aeb146aae8eafbb0c579b5f463
		103cf63c6aa575cceec876d22f7b692d8c53aeccbb189dd57fa6034f434415c2
		1645e380d5269c2f499db858ddcaeadd864a28d6aa488da86e9cb8d5e1269e2b
		16f3a0fba4967fde9427409f350bf33e6cbf18b60884e5cfb6c3ea3bed74ac37
		186e24f5fdc77f244b43c2698fb35daff295959f5cb3166f2f2538e80872c5d8
		1c5fe3ac1c317b39bb5f78bc13333146313ad00bcabc5e0424c468d367ad49bc
		252c24efeea20ad8b9014e8a41d43cfa8cda7e33ebbf4022514c9c882fbbbdfa
		25858b50163910ec99faef7c5c8e18be735770f66f11f382d67a000de39f7db1
		320f9bf0cd999855baceb9fd9f0d9f3d3edcd3d542474ef1f7545f29ac6fbe68
		35d761c59cc5c5170c169db08aca5cfd1495df3f4bd1680e1d222bc52d9507d7
		3fdd81d1a0b170351f0083aadd057ff97a98f8d607b14842baf30d8a94ffac8e
		42cb746388dde612aa0daca51a6effd5e7c0a7a99d07757abeb11b6b0b9eca2d
		486eb967d80a1e1961501ca1a96f1117b8a45b01d13a6c31e290e19582e3f222
		4f54c412e24df2918d161159635dd0aa8caa5fc2300a8b26fdcb5c2f06d80d2c
		54fac46d09dc463956a4ca92c9f7ca48666186180683a3ad1d674201877b162e
		556f6c9ac2d73d863ef096f13e6caa7c14780035cadaf7bc8cf6bf39f0b864c9
		5622b5ef3230d9b8c0ae7cbd0089138da8f6d9e07706e5a2921a0979d81c46e9
		5ba9996ab77135a88d8dc5181746266675f9ad19ac9813d7bfdb5a61faf4df81
		5f3cf733739616a6e906901199a5cb138fe4e0145fa27dbfc9f37e6d9aea2cba
		5f42b074fa11d9277dfef0fd7d8fcfc2820aa4c4a2ed9957544bf01525f3a1e4
		63777c81f1006a3bc052bbcfae6301b7fdbbacb2320489300f2cce90a7b9cd05
		63f6eac251e8413d556680be6f834a189d631622ca2f6f15e339b79792c443e6
		6820e3a271cd6634c02dca8fca397735bd311a9e6272c99d72c8d9c7dfceabd3
		6895b6bae4b6c87941cbc8a1774f9d9511a1814065943591230e967d396cc4cb
		700360eb35161725defd1f21cf74677cdcb687e3c4a7ceca4d44a22865723cb8
		7070f416a4578d62ad3d8804e446179e3a0d932cc4b763659d0c588967bd6ce4
		70c07da37f0a383166c7b90c361e0471315ab191d22f34b355c1fdc962040ab9
		71ff862a89f0af6ce58e46564e7fb3981be7179ddb4d66d429db8adeb4d05f80
		735b9844536c2c8fb78d884032aa4d7c0d2bec5c05343db1804d1e847f582068
		76d315b4391bf1846c3fa4734f1054eb30e607791c910f7a4be8bc3563d61b0f
		78e32cc68edd0e2eda6b1446a398d54eed4480e4a5981e57ad5bd8e04210c2d0
		7a5972525cc20679a682c738475d968a89e1453bbbf070a18e6216ed7801a3c2
		8189623b3139bf8c1b4dccefc3224efdb559bf4d0c977db1d1ba47f255b2b773
		85d9bcf960714ec8ce8571efcd2e4faf98ced542775e733432d35b838cdd9b59
		88a630153ae60c364446f625892f74eabd8d0b81df52cd3171655709866270ab
		8c871070485bd61a3e0806321e0af8fc9ecb637d1c4dc0fc90dee2cf8073f6cf
		900e4dabe9cd916abfe6326274b1a888939aa63fe52d577224261ed9a3328186
		92cce02899649e84cf20b3ed022a7b134eb368b66e7cdfbd34e9144bdc835fb4
		a0d12074fbabd66d945010e4460a42cfe0b8d9f5d261de9b9acb2da9c15ea851
		a3019fc1f759f283ff225a3b8916183bf334ac6b5722559ea4015ad879d01e76
		a42a19f6c5ac29d0597b27418e545a85d373057e896df8bebedc59e4fb3532bd
		accdc67ba3f2ff2f0acfb799ab2cb0eb39e78095433baa8ba97322ce1c174540
		adcb4f140796c13480d57b88afa429c35b3473e1e5a51d75391a25c91f6f539e
		b57a12d8da53f9e90d01bc1d66f2cb36ef72f3896fa3de5b7775dabbb94ce36c
		b669ffa1126db4d89fc046567de402f1ce05ddb9a8a09ab9e36498d19c15907b
		c04c541f066a2b089bdc261616894a2f6bd49fca2e29350698175d9fc51cd341
		c1f902e928f4e2e51ada19ac202cb593c6a8db76800d74a1d07a2a9fe6e1065f
		c3579174161a08e0c954f0ff8cd5fc38d8a77a63050780beee23bad67da0b0dd
		c4d616e0223f37e6b4aad632cc0a1934d53575b910b690b1c551ca04a547e4c3
		c4e0709cead19e0c8b34c29712f5fa6ac6803cf70b30ab1638fec38ed516feb9
		c5185d669b96f7cc15a820eaaf6370f7f70149edddddab9d5ea973bde08ac2ab
		c5b6f0a8db7328caa19406cc99c60fdac52efa61b0bfd4dccce75c28a4dcb4ec
		c91379f00177c6dfb0103532b42bd2ba284264de018ab943f1e7b5c39ff35140
		c93a14b9aee2ddad31e62620c71128916e44d77756e1988e32dec44cf0472919
		d335b6fe1d708efc0528a3f89448c85a59e5b02a6b93ceeb7f7643c2855a5410
		d836d46fd56fef8febcf1729999e9603c0d91c4ea599225cfefd7596ecb525e5
		dc6fc67e8ac4ef16a509d865c8a4bbfa9cc4b3291a0ce9f990970796e1800f6c
		e127cb1b5ed4a4a5d5970e8c5ffcff9f4567e0f0386f7b838e99e28a2e034672
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
		e4eb36a66405c93168a0b05280275e3d89ae07e039f3c4ed987268c72f2f3728
		eaab690ebd8ddf9ae452de1bc03b73c8154264dbd7a292334733b47a668ebf31
		f03a28bb6e520e254413011a1d467e6fece5cbd52162e1bbdf3752523e8a7deb
		f2a89fc17f1e1a8f7402894758231f9f89ea4310218e69802da5a8a6cf7d4c9a
		f556c20eef8ac692736a204e800fdd1142de848dec0a7577051df437b7f1bb13
		f63d1a87e8d264321bd2ef30b017758ef77cf741849f3f7f214bb169c0c9a461