d77378dc...c8d0

Master Boot Record Changes

»

Sector Number	Sector Size	Actions
2063	512 bytes	... Actions Show Code Modification

C:\Users\EEBsYm5\Desktop\o.exe

Sample File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	183.00 KB
MD5	07fadb006486953439ce0092651fd7a6
SHA1	e42431d37561cc695de03b85e8e99c9e31321742
SHA256	d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
SSDeep	3072:Ealy19emgKe0QuYS3UmWuDTEltI3S/7IarDrjCgrQp0M7W:EaqxxDwx/7IS40MS
ImpHash	f54741bf2bc5cf600caac19212c9a72d

PE Information

»

Image Base	0x400000
Entry Point	0x406314
Size Of Code	0x13600
Size Of Initialized Data	0x1c000
File Type	executable
Subsystem	windows_gui
Machine Type	i386
Compile Timestamp	2018-09-24 07:47:02+00:00

Sections (5)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x13474	0x13600	0x400	cnt_code, mem_execute, mem_read	6.57
.rdata	0x415000	0x6ee0	0x7000	0x13a00	cnt_initialized_data, mem_read	4.59
.data	0x41c000	0x138f4	0x11c00	0x1aa00	cnt_initialized_data, mem_read, mem_write	4.86
.rsrc	0x430000	0x1e0	0x200	0x2c600	cnt_initialized_data, mem_read	4.7
.reloc	0x431000	0x13b4	0x1400	0x2c800	cnt_initialized_data, mem_discardable, mem_read	6.65

Imports (10)

»

KERNEL32.dll (113)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ExitThread	0x0	0x415094	0x1af54	0x19954	0x11a
VirtualUnlock	0x0	0x415098	0x1af58	0x19958	0x4f3
OpenMutexW	0x0	0x41509c	0x1af5c	0x1995c	0x37d
GetSystemInfo	0x0	0x4150a0	0x1af60	0x19960	0x273
WaitForMultipleObjects	0x0	0x4150a4	0x1af64	0x19964	0x4f7
lstrcmpiW	0x0	0x4150a8	0x1af68	0x19968	0x545
GetUserDefaultUILanguage	0x0	0x4150ac	0x1af6c	0x1996c	0x29e
DeleteCriticalSection	0x0	0x4150b0	0x1af70	0x19970	0xd1
GetShortPathNameW	0x0	0x4150b4	0x1af74	0x19974	0x261
GetWindowsDirectoryW	0x0	0x4150b8	0x1af78	0x19978	0x2af
GetVolumeInformationW	0x0	0x4150bc	0x1af7c	0x1997c	0x2a7
CreateThread	0x0	0x4150c0	0x1af80	0x19980	0xb5
lstrcpyA	0x0	0x4150c4	0x1af84	0x19984	0x547
ExpandEnvironmentStringsW	0x0	0x4150c8	0x1af88	0x19988	0x11d
GetTickCount	0x0	0x4150cc	0x1af8c	0x1998c	0x293
lstrcmpiA	0x0	0x4150d0	0x1af90	0x19990	0x544
Process32FirstW	0x0	0x4150d4	0x1af94	0x19994	0x396
Process32NextW	0x0	0x4150d8	0x1af98	0x19998	0x398
CreateToolhelp32Snapshot	0x0	0x4150dc	0x1af9c	0x1999c	0xbe
LeaveCriticalSection	0x0	0x4150e0	0x1afa0	0x199a0	0x339
EnterCriticalSection	0x0	0x4150e4	0x1afa4	0x199a4	0xee
VirtualLock	0x0	0x4150e8	0x1afa8	0x199a8	0x4ee
FindFirstFileExW	0x0	0x4150ec	0x1afac	0x199ac	0x134
WideCharToMultiByte	0x0	0x4150f0	0x1afb0	0x199b0	0x511
lstrcmpW	0x0	0x4150f4	0x1afb4	0x199b4	0x542
MoveFileW	0x0	0x4150f8	0x1afb8	0x199b8	0x363
FindClose	0x0	0x4150fc	0x1afbc	0x199bc	0x12e
FindNextFileW	0x0	0x415100	0x1afc0	0x199c0	0x145
GetSystemTime	0x0	0x415104	0x1afc4	0x199c4	0x277
GetNativeSystemInfo	0x0	0x415108	0x1afc8	0x199c8	0x225
GetDriveTypeW	0x0	0x41510c	0x1afcc	0x199cc	0x1d3
GetDiskFreeSpaceW	0x0	0x415110	0x1afd0	0x199d0	0x1cf
GetModuleFileNameW	0x0	0x415114	0x1afd4	0x199d4	0x214
VerSetConditionMask	0x0	0x415118	0x1afd8	0x199d8	0x4e4
VerifyVersionInfoW	0x0	0x41511c	0x1afdc	0x199dc	0x4e8
SetLastError	0x0	0x415120	0x1afe0	0x199e0	0x473
LoadLibraryA	0x0	0x415124	0x1afe4	0x199e4	0x33c
LocalAlloc	0x0	0x415128	0x1afe8	0x199e8	0x344
GetModuleHandleA	0x0	0x41512c	0x1afec	0x199ec	0x215
LocalFree	0x0	0x415130	0x1aff0	0x199f0	0x348
GlobalAlloc	0x0	0x415134	0x1aff4	0x199f4	0x2b3
MulDiv	0x0	0x415138	0x1aff8	0x199f8	0x366
GetTempPathW	0x0	0x41513c	0x1affc	0x199fc	0x285
GlobalFree	0x0	0x415140	0x1b000	0x19a00	0x2ba
FindFirstFileW	0x0	0x415144	0x1b004	0x19a04	0x139
ConnectNamedPipe	0x0	0x415148	0x1b008	0x19a08	0x65
CreateNamedPipeW	0x0	0x41514c	0x1b00c	0x19a0c	0xa0
CreateEventW	0x0	0x415150	0x1b010	0x19a10	0x85
GetCurrentProcessId	0x0	0x415154	0x1b014	0x19a14	0x1c1
GetFullPathNameW	0x0	0x415158	0x1b018	0x19a18	0x1fb
SetStdHandle	0x0	0x41515c	0x1b01c	0x19a1c	0x487
GetConsoleMode	0x0	0x415160	0x1b020	0x19a20	0x1ac
GetConsoleCP	0x0	0x415164	0x1b024	0x19a24	0x19a
FlushFileBuffers	0x0	0x415168	0x1b028	0x19a28	0x157
OutputDebugStringW	0x0	0x41516c	0x1b02c	0x19a2c	0x38a
HeapAlloc	0x0	0x415170	0x1b030	0x19a30	0x2cb
RtlUnwind	0x0	0x415174	0x1b034	0x19a34	0x418
TerminateProcess	0x0	0x415178	0x1b038	0x19a38	0x4c0
OpenProcess	0x0	0x41517c	0x1b03c	0x19a3c	0x380
InitializeCriticalSection	0x0	0x415180	0x1b040	0x19a40	0x2e2
GetDriveTypeA	0x0	0x415184	0x1b044	0x19a44	0x1d2
GetCommandLineA	0x0	0x415188	0x1b048	0x19a48	0x186
VirtualAlloc	0x0	0x41518c	0x1b04c	0x19a4c	0x4e9
GetProcessHeap	0x0	0x415190	0x1b050	0x19a50	0x24a
GetComputerNameW	0x0	0x415194	0x1b054	0x19a54	0x18f
WaitForSingleObject	0x0	0x415198	0x1b058	0x19a58	0x4f9
SetErrorMode	0x0	0x41519c	0x1b05c	0x19a5c	0x458
GetSystemDefaultUILanguage	0x0	0x4151a0	0x1b060	0x19a60	0x26e
CreateMutexW	0x0	0x4151a4	0x1b064	0x19a64	0x9e
ExitProcess	0x0	0x4151a8	0x1b068	0x19a68	0x119
GetSystemDefaultLangID	0x0	0x4151ac	0x1b06c	0x19a6c	0x26c
lstrcpyW	0x0	0x4151b0	0x1b070	0x19a70	0x548
lstrcatW	0x0	0x4151b4	0x1b074	0x19a74	0x53f
GetProcAddress	0x0	0x4151b8	0x1b078	0x19a78	0x245
GetLastError	0x0	0x4151bc	0x1b07c	0x19a7c	0x202
LoadLibraryW	0x0	0x4151c0	0x1b080	0x19a80	0x33f
GetSystemDirectoryW	0x0	0x4151c4	0x1b084	0x19a84	0x270
GetModuleHandleW	0x0	0x4151c8	0x1b088	0x19a88	0x218
GetCurrentProcess	0x0	0x4151cc	0x1b08c	0x19a8c	0x1c0
LoadLibraryExW	0x0	0x4151d0	0x1b090	0x19a90	0x33e
VirtualQuery	0x0	0x4151d4	0x1b094	0x19a94	0x4f1
MultiByteToWideChar	0x0	0x4151d8	0x1b098	0x19a98	0x367
VirtualFree	0x0	0x4151dc	0x1b09c	0x19a9c	0x4ec
lstrlenA	0x0	0x4151e0	0x1b0a0	0x19aa0	0x54d
CloseHandle	0x0	0x4151e4	0x1b0a4	0x19aa4	0x52
lstrlenW	0x0	0x4151e8	0x1b0a8	0x19aa8	0x54e
CreateFileW	0x0	0x4151ec	0x1b0ac	0x19aac	0x8f
ReadFile	0x0	0x4151f0	0x1b0b0	0x19ab0	0x3c0
Sleep	0x0	0x4151f4	0x1b0b4	0x19ab4	0x4b2
WriteFile	0x0	0x4151f8	0x1b0b8	0x19ab8	0x525
LockFile	0x0	0x4151fc	0x1b0bc	0x19abc	0x352
UnlockFile	0x0	0x415200	0x1b0c0	0x19ac0	0x4d4
SetFilePointerEx	0x0	0x415204	0x1b0c4	0x19ac4	0x467
GetStdHandle	0x0	0x415208	0x1b0c8	0x19ac8	0x264
LCMapStringW	0x0	0x41520c	0x1b0cc	0x19acc	0x32d
IsDebuggerPresent	0x0	0x415210	0x1b0d0	0x19ad0	0x300
TlsSetValue	0x0	0x415214	0x1b0d4	0x19ad4	0x4c8
TlsGetValue	0x0	0x415218	0x1b0d8	0x19ad8	0x4c7
InitializeCriticalSectionAndSpinCount	0x0	0x41521c	0x1b0dc	0x19adc	0x2e3
SetUnhandledExceptionFilter	0x0	0x415220	0x1b0e0	0x19ae0	0x4a5
UnhandledExceptionFilter	0x0	0x415224	0x1b0e4	0x19ae4	0x4d3
GetStringTypeW	0x0	0x415228	0x1b0e8	0x19ae8	0x269
HeapFree	0x0	0x41522c	0x1b0ec	0x19aec	0x2cf
GetModuleHandleExW	0x0	0x415230	0x1b0f0	0x19af0	0x217
DecodePointer	0x0	0x415234	0x1b0f4	0x19af4	0xca
EncodePointer	0x0	0x415238	0x1b0f8	0x19af8	0xea
GetCurrentThreadId	0x0	0x41523c	0x1b0fc	0x19afc	0x1c5
GetCPInfo	0x0	0x415240	0x1b100	0x19b00	0x172
GetOEMCP	0x0	0x415244	0x1b104	0x19b04	0x237
IsProcessorFeaturePresent	0x0	0x415248	0x1b108	0x19b08	0x304
IsValidCodePage	0x0	0x41524c	0x1b10c	0x19b0c	0x30a
GetACP	0x0	0x415250	0x1b110	0x19b10	0x168
WriteConsoleW	0x0	0x415254	0x1b114	0x19b14	0x524

USER32.dll (11)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DrawTextW	0x0	0x415298	0x1b158	0x19b58	0xd0
FillRect	0x0	0x41529c	0x1b15c	0x19b5c	0xf6
wsprintfA	0x0	0x4152a0	0x1b160	0x19b60	0x332
GetDC	0x0	0x4152a4	0x1b164	0x19b64	0x121
wsprintfW	0x0	0x4152a8	0x1b168	0x19b68	0x333
CreateWindowStationW	0x0	0x4152ac	0x1b16c	0x19b6c	0x70
SetProcessWindowStation	0x0	0x4152b0	0x1b170	0x19b70	0x2aa
SystemParametersInfoW	0x0	0x4152b4	0x1b174	0x19b74	0x2ec
GetForegroundWindow	0x0	0x4152b8	0x1b178	0x19b78	0x12d
DrawTextA	0x0	0x4152bc	0x1b17c	0x19b7c	0xcd
ReleaseDC	0x0	0x4152c0	0x1b180	0x19b80	0x265

GDI32.dll (17)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SetTextColor	0x0	0x41504c	0x1af0c	0x1990c	0x2a6
DeleteDC	0x0	0x415050	0x1af10	0x19910	0xe3
GetDeviceCaps	0x0	0x415054	0x1af14	0x19914	0x1cb
GetDIBits	0x0	0x415058	0x1af18	0x19918	0x1ca
SetBkColor	0x0	0x41505c	0x1af1c	0x1991c	0x27e
SetPixel	0x0	0x415060	0x1af20	0x19920	0x29b
DeleteObject	0x0	0x415064	0x1af24	0x19924	0xe6
SelectObject	0x0	0x415068	0x1af28	0x19928	0x277
CreateCompatibleDC	0x0	0x41506c	0x1af2c	0x1992c	0x30
CreateCompatibleBitmap	0x0	0x415070	0x1af30	0x19930	0x2f
CreateFontW	0x0	0x415074	0x1af34	0x19934	0x41
GetPixel	0x0	0x415078	0x1af38	0x19938	0x204
GetStockObject	0x0	0x41507c	0x1af3c	0x1993c	0x20d
GetBitmapBits	0x0	0x415080	0x1af40	0x19940	0x1a7
SetBitmapBits	0x0	0x415084	0x1af44	0x19944	0x27c
CreateBitmap	0x0	0x415088	0x1af48	0x19948	0x29
GetObjectW	0x0	0x41508c	0x1af4c	0x1994c	0x1fd

ADVAPI32.dll (18)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetTokenInformation	0x0	0x415000	0x1aec0	0x198c0	0x15a
GetSidSubAuthorityCount	0x0	0x415004	0x1aec4	0x198c4	0x158
GetSidSubAuthority	0x0	0x415008	0x1aec8	0x198c8	0x157
OpenProcessToken	0x0	0x41500c	0x1aecc	0x198cc	0x1f7
GetUserNameW	0x0	0x415010	0x1aed0	0x198d0	0x165
CryptDestroyKey	0x0	0x415014	0x1aed4	0x198d4	0xb7
CryptGenKey	0x0	0x415018	0x1aed8	0x198d8	0xc0
CryptEncrypt	0x0	0x41501c	0x1aedc	0x198dc	0xba
CryptImportKey	0x0	0x415020	0x1aee0	0x198e0	0xca
CryptReleaseContext	0x0	0x415024	0x1aee4	0x198e4	0xcb
CryptGetKeyParam	0x0	0x415028	0x1aee8	0x198e8	0xc5
CryptAcquireContextW	0x0	0x41502c	0x1aeec	0x198ec	0xb1
CryptExportKey	0x0	0x415030	0x1aef0	0x198f0	0xbf
RegSetValueExW	0x0	0x415034	0x1aef4	0x198f4	0x27e
RegCloseKey	0x0	0x415038	0x1aef8	0x198f8	0x230
RegOpenKeyExW	0x0	0x41503c	0x1aefc	0x198fc	0x261
RegQueryValueExW	0x0	0x415040	0x1af00	0x19900	0x26e
RegCreateKeyExW	0x0	0x415044	0x1af04	0x19904	0x239

SHELL32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetSpecialFolderPathW	0x0	0x415288	0x1b148	0x19b48	0xe1
ShellExecuteW	0x0	0x41528c	0x1b14c	0x19b4c	0x122
ShellExecuteExW	0x0	0x415290	0x1b150	0x19b50	0x121

ole32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoInitialize	0x0	0x4152ec	0x1b1ac	0x19bac	0x3e
CoUninitialize	0x0	0x4152f0	0x1b1b0	0x19bb0	0x6c
CoCreateInstance	0x0	0x4152f4	0x1b1b4	0x19bb4	0x10

MPR.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WNetCloseEnum	0x0	0x41525c	0x1b11c	0x19b1c	0x10
WNetOpenEnumW	0x0	0x415260	0x1b120	0x19b20	0x3d
WNetEnumResourceW	0x0	0x415264	0x1b124	0x19b24	0x1c

WININET.dll (6)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
HttpOpenRequestW	0x0	0x4152c8	0x1b188	0x19b88	0x58
InternetOpenW	0x0	0x4152cc	0x1b18c	0x19b8c	0x9a
InternetCloseHandle	0x0	0x4152d0	0x1b190	0x19b90	0x6b
HttpQueryInfoA	0x0	0x4152d4	0x1b194	0x19b94	0x59
InternetConnectW	0x0	0x4152d8	0x1b198	0x19b98	0x72
HttpSendRequestW	0x0	0x4152dc	0x1b19c	0x19b9c	0x5e

XPSPRINT.DLL (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
StartXpsPrintJob	0x0	0x4152e4	0x1b1a4	0x19ba4	0x1

RPCRT4.dll (6)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RpcBindingFromStringBindingW	0x0	0x41526c	0x1b12c	0x19b2c	0x15f
NdrClientCall2	0x0	0x415270	0x1b130	0x19b30	0x95
RpcStringFreeW	0x0	0x415274	0x1b134	0x19b34	0x1f2
RpcBindingFree	0x0	0x415278	0x1b138	0x19b38	0x15d
RpcBindingSetAuthInfoExW	0x0	0x41527c	0x1b13c	0x19b3c	0x16e
RpcStringBindingComposeW	0x0	0x415280	0x1b140	0x19b40	0x1ee

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.75 KB
MD5	c30f7c451f90e4542386f657f17a5ccd
SHA1	a3a70f40cd384bfb8257b21e4e560b29c8c29fe7
SHA256	2faca9452f7336aaf91b820386e2251b0f50d9f2d46e6b1f6ef2a317bb02899f
SSDeep	24:e1SFs8TFfyRNTkEkW6lhI+rAp9FY/gLIiKQO/:eEFs85u2EkW6l7ru8KK7/

C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\b652534aebe43ee746cbc40ead5a6d17_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\b652534aebe43ee746cbc40ead5a6d17_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.57 KB
MD5	04dc1c6221d635bf9c29eb1e6c8c1c15
SHA1	7d7b77f284f1b071eea40baf53d0ed12c66fa662
SHA256	48ef1b1da9290c33fde2a12a1c54dc6b10fedb110d120fbd57d0952116d0d8d4
SSDeep	12:Xz+stIF3YxbgoTsdm2rTqUIpkD7JlgxbWC:D43Yxmdm2rTqVgfg97

C:\Users\EEBsYm5\AppData\Roaming\eybr.mp3

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\eybr.mp3.ibagx (Created File)
Mime Type	application/octet-stream
File Size	22.89 KB
MD5	707f84ec045133943b88addc931ff046
SHA1	d691d0adfa1e71a0d817d881ed74ecbb10b94e25
SHA256	80a782a5110284ff7fa15736c8c617a55d290ea9a7964b1368cb294ccd43e56a
SSDeep	384:0ul6a9Al1rOWjiqSEVnMXWBZgI9LySxLBC4FvScQnvd9m6wCJ2UOMgibADvlcjg9:l6ug1rOqVPVnSWDgItTXZvQXwC7OMgpF

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\06_Pictures_rated_4_or_5_stars.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\06_Pictures_rated_4_or_5_stars.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.29 KB
MD5	ca3fadf17a6cd05514e1bca65be2eeb8
SHA1	bd65cc62485579dccb3c884a40580642573b9d35
SHA256	e7e8e61d310b44d74719b88ad6faceb4299b0bc8f13a643295252b80fc274ae4
SSDeep	24:GtuzM4T1KQx/bnOX2NPTQHISWBX1e2/0IZAJv59931j/B9UL3OkP:GtYM4TIQxCXckHlWW2/9wv5911j/Bue+

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.76 KB
MD5	20fda93e224c1c9f93fb807a9aadc67b
SHA1	db4050e6573ccf241b9253e4c4ce76ee75107b01
SHA256	d336fc9e79ff7b9c20f66f5d19401169161fdb712c8257c2eb1b5146372cb3cc
SSDeep	12:cbV9KSL+0bjA0te/K4vAg9Z3zSOHRM+w3WZdkBo1qqNxr5zYFsGZosr76AEC:YV8S0+4vA8jRM+70BWdraFV606O

C:\Users\Default\ntuser.ini

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\ntuser.ini.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.55 KB
MD5	ea6c61a5e8d2449aeea082799e749211
SHA1	8ba381c1483fd0c59d7995191c3182c36af9ff09
SHA256	2d3d187bda08daa4cc4f617aa9bd697683317e599af9bc1e59b76f6cbf789d71
SSDeep	12:ktd18ueIB0pFCWvHiBjAXskLRnkhV+PR4/8KfiNpKEzmwC:ktd1B+p1H08lLoV+Z03KbA

C:\Users\EEBsYm5\AppData\Roaming\40id.mkv

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\40id.mkv.ibagx (Created File)
Mime Type	application/octet-stream
File Size	85.66 KB
MD5	856439921529ebb1d7f736c769066ecf
SHA1	2d32e39201c68edd8c40cc05e8a176db62f0649c
SHA256	35f6d579bd1c90b715afa45e91c99eaee024b9042778003ce1ee36c7eeeebb85
SSDeep	1536:xSNQBpo7YKEXDyI0EFuDRsU+OFmab+s3Ot/TPKb9T3XesIGF1jeI7kjj:E4poMKpoFuOU+O8U+LjKpSsIM1jek2j

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.78 KB
MD5	7f2a95721a46c7768c2794fca7818f48
SHA1	789405bd1ddf8c39502bf4d8b270c7e62b1bfbc2
SHA256	b76e5e5f76e9e1d70977ffc2547aca875ae528de16184d4a5025975662e71c8c
SSDeep	12:UZM2N7dNN6DTW/RAg2OsUFCrWMtIi3eU7Z+22sF+ZO/acQFdjG+xcuTdipwXwjBE:H2v/yW/RHsDrqctJEZQhQbS+C4dja6gc

C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.ibagx (Created File)
Mime Type	application/octet-stream
File Size	28.53 KB
MD5	4f871b7f359d21d75e6193e46cfce088
SHA1	67a5b73f22897f6b191e8e6794323269b544086d
SHA256	3a5657f6715cf8c1e99eca21e33129d9922ee4fca896146627a3dd06effa760a
SSDeep	768:pCFSUtWGRZoPqS1jVMckq6e1m6tln25zxugNztAEl:BUt3oPqSgcv6ell2xQgBtAEl

C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	5281a5e5f8e21d04ac3b83f929703cb7
SHA1	078b9c631e460b2d8a374dfac0336cd7c2e60370
SHA256	5046b4df6aa15549cd81ae9e074f1b75c90eef1617205183f383d509ef3349a0
SSDeep	12:TulgZlnh2qhqhqRst1f0UoWzzp+iaMYjVXenDWLRQeafH5fmay7j9J4cxC/6C:TuKlnh2nhFttospzanjVOD+qTfH9u7j0

C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	11690206385ef412171fc9b751182ffb
SHA1	fa05cd02291c1dc05178d73d3d800a96415bb75d
SHA256	0dc9ef51cfb826568a3366bd1f545999f71e1f23a45170eec68d510d3ec051c1
SSDeep	12:FooavJunFEqoe232EZTrgkcSJdVlpkSXK8NtwumLZTxCusC:moavgnFloe232UVlpTPNtyLZrV

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.40 KB
MD5	09ef80e93c8e178155ea88ad8c64fa77
SHA1	a7c78ffaca70ba8e7e2a279391cdd40bbb6e1d5f
SHA256	adcf7c8500d27dd586d38a6cf8960cffb89e488cdfa77f8d69d9b9af825b9087
SSDeep	48:xcKfmfB3YvFKXCHrhbaYHZhKMwKohvEMHxWqNcVV6zIQz96hWqQJ5Yy1:ynovkXCLdnK42MQWqNcyzIi4I5Jd

C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.54 KB
MD5	eff5a840cafee9119e5ba935c62427ff
SHA1	a2df7e77cf5d93f87a9aa415347e7b9c604739aa
SHA256	68e8f63cb0a382702074c047abb9d685b6b6d274c2641892a786f868a0474aa0
SSDeep	12:NF4Y1BqAjfIFd81Ty6Ksd7wsZZUGk77F7EwSomHY5/GlwU0FQC0C:Q6qAjAx6KsdEzhEwxmeGlwtFQCt

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.75 KB
MD5	fa4b52b42785d48b1970a6a47d5d95dc
SHA1	18ba77b16b354ee8c92e5f5a8bf5738b3748404c
SHA256	d8a1c1033b272de4a7b5232f57299ceaadfa0e07e7f6a89dc42650ec84e9c85a
SSDeep	12:FRJ/JDmadmJhWsUTX1gBfwiY2fo/5iuvmz9dURaf/rE4Y5kF5M2Szv/Gn0C:F/kJhoXXiYlhiuO3Uor7Y5kU1zH2

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{DD8DA3D5-48F0-4F18-846C-50E4200467F0}.oeaccount

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{DD8DA3D5-48F0-4F18-846C-50E4200467F0}.oeaccount.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.18 KB
MD5	647400c8c615ae0bbae0e66c050be1f0
SHA1	09dce00ae65f4ad81080b707c9fee1e37303ea26
SHA256	896719eabf24e89d64c45108b87e81abab56995076b177adeb41bf12ab9d55d7
SSDeep	24:4gvfNLLc06qjR7Q4B/3ekrj3pWsPxedQqloh4ew59eI7X0iWJ7BhtLVy:FL59OE3JPEVp9NYldLI

C:\Users\EEBsYm5\AppData\Roaming\D1Mcqgb3FDTv-8KryA5.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\D1Mcqgb3FDTv-8KryA5.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	76.34 KB
MD5	b64ce85a92d617b4f4328943dc3b48c5
SHA1	e2ebb9614f7b396d3d5346959a9972f4fce1958e
SHA256	8b081bb255dd3eb8b27f1569b888f4dfe5cdcf638b073ba1872f48b76a3e8e65
SSDeep	1536:tm++TKTJjKDi+wLf2arHIeEtt6tayYqGMuLBF9mDTv5oifoo1puu:tm+eKTJjgi9JWekiKifR9

C:\Users\Default\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.ibagx (Created File)
Mime Type	application/octet-stream
File Size	66.93 KB
MD5	a178bb3757271532807198ae2034ccb7
SHA1	094fbe05113d6587fbedb2f2ee0074c9f7b7af52
SHA256	d142124d24eaba937b648e9582f3af09534450cc8d1783c88f2fe84ac4d6bd15
SSDeep	1536:JHaIdIfg2I2m0uCqxb5UeETrYhs3zSnKLrS0cuv/QyPx1MFmwHfP8d:JHu6muCgcXIs3zS4201/QQIFmwHfP2

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\04_Music_played_in_the_last_month.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\04_Music_played_in_the_last_month.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.78 KB
MD5	f175bf1a56bdb6a0c89fb960230a6b4a
SHA1	841fd7583648c9a970be8ead983b1ff980d21158
SHA256	c1e50ae901167d88f2f27f7d9c136550c5834c7b292daf8c40de0402eb058712
SSDeep	48:Fxl+CG53BjVcYhFgCjOF+cUGzKKUKBTvtUtQVN+n9g:FVkgoxj5uRpvyQH+n9g

C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	40e308e76be72564f8c265dc0b2153e6
SHA1	eaa55eb11bf4fb85bb37afc548e47bebd5a6a6cb
SHA256	7cf95aa1b97b0869b71db4f538f254017c448d2e46d40e06b596083c44270b6d
SSDeep	12:WPCGUswQNA91l17aEEiARE/PVxerxdjaMMwws2PkCmtt1AJoMgXEC:WCubNymRi6E/P7e15aMMyWmtt1AJnu

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	6.78 KB
MD5	c12c774292b6211dfe0763918af2988e
SHA1	7304255c5af276980b2f711cff597c07d672bc79
SHA256	e18af46741c1fe541e96c40cac4ef4075410d042e966bf92fd809b9578d03c6e
SSDeep	192:AoTcfKF1Fh1TsYkaR+qgrmfMS1XzFtg0GN5E2wxQ:3ofes3Ewm1l//GN5EBQ

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.75 KB
MD5	31a98a74dc566525eabae64752ca46e7
SHA1	078d36536d10b5cfa161f15bc929557867ac0581
SHA256	80bab6ebd122e3ebb91302d6d1b26ee97c2d59ee9fa15f3e447da0172349e6aa
SSDeep	24:J6UwmnEWRgYHqnnAlNpwuiftTm4d2Mc0Nb9Jm4O:lwmnEWRAnypwuiBO0o

C:\Users\Default\Favorites\MSN Websites\MSN Sports.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\MSN Websites\MSN Sports.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	531e543609937064983dbfd399932bcc
SHA1	6cff70cc115a906e9f7c462028840e1a350ee79e
SHA256	a53cfbbc14aadf0980c488b9e7c9bf64dfd22213fd2fb737509ab8bb4036132d
SSDeep	12:A3t8Zt/tJknJhAmJktenqzqEn3UCAtpnzCxUs0bhW4SqK7b8EJzjgOEre9+EC:Ad8Zt/sJho2RpnWx6uJmre9+d

C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.ibagx (Created File)
Mime Type	application/octet-stream
File Size	28.53 KB
MD5	a25e8ba722ddc612bebe7b591223ff0f
SHA1	acb3eb40e04c39377622bba55e7e7da9ab884813
SHA256	d5b2f55728973c220dad3c90d4b3273f7e7becfe5d54f2695c64e70f59e5553f
SSDeep	768:WFNgpIrrSXybyWtgZks0peYCAkkl6T7EJkAsnul9JBe5OYdGsEOP:Wr4IGybUms0pxzk+VJkAP9JCXdz7

C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\boot.sdi

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\boot.sdi.ibagx (Created File)
Mime Type	application/octet-stream
File Size	3.02 MB
MD5	2b9909fdea8fb580e0c902e462edf41c
SHA1	bb18f05acab12df6032256cbdec702cf9756efe8
SHA256	ce281434c12f290cc1c7704e41c2612b3fa186d017f288524f895067f7255da4
SSDeep	24576:ugeknX9XKzyKUzyWWEUiNaKc9XJOwgcac8F1NEG369+PPdllBH/ve:uge0xKzyLzgAaXXY1NL36ipB/W

C:\Users\EEBsYm5\AppData\Roaming\H5WuKLQ 4 uu.mp3

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\H5WuKLQ 4 uu.mp3.ibagx (Created File)
Mime Type	application/octet-stream
File Size	56.22 KB
MD5	2a70304bd3d0fd0693b06f22b4564874
SHA1	68abe7904868e796c5ce1b590da5da5df06d3321
SHA256	ea00449016e83af1963007638e6ddca14fbf2257720b76c1acc1306e3da4e076
SSDeep	1536:zDlhPR/mf/5QDRuZvNU8slIRZhxd+u69USXuBDyfd:zDlFR6RtZVUPiPoU5yfd

C:\Users\Default\NTUSER.DAT.LOG1

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\NTUSER.DAT.LOG1.ibagx (Created File)
Mime Type	application/octet-stream
File Size	193.53 KB
MD5	054149c493abea88d289f13678dc9bb3
SHA1	0555e80f8a32375fcbccebe6e3a146ee442110fd
SHA256	cb68aea295249d60de6f8bde255772b4d617dadbbd2ac366da114ca4825e6989
SSDeep	6144:CA8ViETAJXHwOabkATBDSlYo8JDNoMabFHVkkNa:6/u3ikGBDRo8NNolbFHVzs

C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat.ibagx (Created File)
Mime Type	application/octet-stream
File Size	32.53 KB
MD5	3ae587e40a62bed97be33469e4749f40
SHA1	1206d98147da7db758e46ac0365b2068a9fc6c0d
SHA256	3d00c1362d92540499969f1a6d04b653ad8784f5f43a89449460bb731a39405e
SSDeep	768:Uc9KyMRgx8WZnzSEm5nix9H2RAOnUdKldvc1yeZOeAN0a73a2Lvn2ezggOv:UGKyMo8czk5nsWeGU6dsyBeAXv2Yg7v

C:\Users\EEBsYm5\AppData\Roaming\jEsyH8xMpokXjc mOu0.ods

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\jEsyH8xMpokXjc mOu0.ods.ibagx (Created File)
Mime Type	application/octet-stream
File Size	63.59 KB
MD5	edb811df3dea650e368e9b651a6a9184
SHA1	976c0805c5063a2e73f176320380e396b913377d
SHA256	23183ad9b75dd9f0cf0302cdf3f3c78a98ab09063474d5904bc5b6fdac8a94f6
SSDeep	1536:LGh8IV5U823Vj3XPTD2Ef+bKZLJiVmBI/mgtgU:LGqI/Uv3VbTD2ySOLJiQYgU

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\12_All_Video.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\12_All_Video.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.58 KB
MD5	4785b7b937059add40873186c78da206
SHA1	2787a1e36de189e5f1ea4feaa3ff24ce61e622ae
SHA256	602d52626f38d7b252170c0b14d8154321c1ac54046493c2b6a49afd69749847
SSDeep	48:lVp0QpTgERlw1kvXhp8rFZWg6myivOMrRZ1ROlyB:mQWUwqPLUZWTgvOkfOli

C:\Users\Default\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.02 MB
MD5	759147dff1d103e4f37c451d20afb32d
SHA1	4624b632f13d6c568f7019b60e9242dcc1c5d3df
SHA256	613c601b4601fd8c0e6a7118661f2b3e92019f5b102b4e403f3f5e76a3491202
SSDeep	24576:YSPlJfsvYCs6i7DsMLpTuMaeGHwL8P8huJqbVpmKI8jHR:YElJfQNa7DsMLpgHwL82/hjx

C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	e834abb851ad70b73d96c7d3f80d8861
SHA1	e78d9db42842489f633dce85d96f357f451238fc
SHA256	f8be6489a346497d9d2df6895b92b96aa3f71c458e1bdfef2301bcba8443188e
SSDeep	12:MVXF+mfZOLnBcr2jb7nogdz6GvWcsa9QXL8/YKCIeOnhYMAsX0C:S5oo2H7nZV6AqM8mhYRsXt

C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat.ibagx (Created File)
Mime Type	application/octet-stream
File Size	32.53 KB
MD5	fb971a91b0f824a8f3eed9d2f1a0da47
SHA1	9541de218d6d7463a9538f40d06b70ddc4fe4116
SHA256	0b45b6105d597481a5377513b992d6337e648a311ce9a0c32c505b5300ef3724
SSDeep	768:8N1skyyHLcpfNhFv49S/YSxAcWK5dk9QiDK9v6n0:2TIpmAA+AcVvkPqk0

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\01_Music_auto_rated_at_5_stars.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\01_Music_auto_rated_at_5_stars.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.55 KB
MD5	14d44a791b667848a60c6416e8e2184a
SHA1	74a8ca16ec8ce6cc5e42aff51b4dd3ed8eecd161
SHA256	e6cd0ef2d4976605e234163f25414006fcfd911fd85723fb5d4e28a51062c0ee
SSDeep	24:43BznA3zBeLYYeVFhKGLwc7/ScPGQ10zdvdVnijCtN6Ora/IBKCXuxRZl+XO62FR:azhLYYe/Y+waxPGQm9nxpgCORP2O6YR

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.02 MB
MD5	196c53d5bec2b1543186a01c430d87ac
SHA1	2b66308da8a93d784da9040440b1dc0389511d4a
SHA256	f519cc6497eef1b721d8fdafd6263a4a4f89303986bb34b8c078c649956dba3b
SSDeep	24576:oXDD8PQSkf/8obA3h+R12xkb2L++c0oTFDurAwigWN:OSbItA+DskbkZpoTlIXi5N

C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	9cd88b374f86257b7f7470ef294da5bc
SHA1	fc11f82fffd3aae354eba1fab8659b1a5c84e348
SHA256	a7bf0040241354f85517c2d9de8623091b9c4418754fde2199781fd8aff043de
SSDeep	12:7bLpx1/fqeqgRMJklOHocjPEOPG+k01o8dj5H49lUoilZBKYus5qFvZfe387Vw0C:XLr1/M/1IYNk0C2q9lUP8Y+vF7Q

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.76 KB
MD5	dcea0afa183d29732fa2c7a088ec95ab
SHA1	0b097632c02c7099ce62a2e45995dedaf898ca34
SHA256	f8acaf6ce09a0ea669f69468d469f5826d4cb7627987810c2de20ab7bc971789
SSDeep	12:uN3I82QjtUMkYlUYQlvzsWbVpOZOhKCtuDbSiSyX+AfjdHS9FeyyoayJORckK3ZC:QIC5C7zsaAZOzASNWjyLyNgO6kKw

C:\Users\Default\AppData\Local\Temp\ConfigureMachine.log

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Temp\ConfigureMachine.log.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.63 KB
MD5	c3584fc08cee9060a3d9e598430be647
SHA1	89703490dfbcc4675b1dab42d121b029fab1c89c
SHA256	892cc2087d18c329f17bafbef274f85319011cd901048d3b48600878afb33b69
SSDeep	12:lhnMSc3HYk2aGBMT0KGXAAmJOyKN3Bj6yYyAuGrhb5z8DsukYOBtrx8O3NcC:lhgok2actfAo/Bjd+zBR8DeY81x39l

C:\Users\EEBsYm5\AppData\Roaming\D4hFvv-xbwD80n_k.mp3

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\D4hFvv-xbwD80n_k.mp3.ibagx (Created File)
Mime Type	application/octet-stream
File Size	69.36 KB
MD5	a5a4129912e9564e3be3bcb1af32ec3f
SHA1	0d7c9e20d22487943c0a0992aa7d9297e9e4913f
SHA256	6c51b6af01ecb0c7cc2ec54d57f84db27f0e26a20b431df46b2a5cf81a88f9d1
SSDeep	1536:opE89ZekWkl2yZnNYFXBtVK69akpqLIpXtukZST0rEMzag:opTQkkyZn2FXjr9LpqsdtuwSi

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.75 KB
MD5	455ba2fa50e8a383a2a057a3e3e6155d
SHA1	477a409464633254ba13e8dcb5cee1078f41c25c
SHA256	4addb9ed87bbf24fbbca0624ed7c81875b7d57a46bf72948b898d0e2785fc366
SSDeep	12:jPLlsKtOAaj7GybmR4r/vjOkN8QCNmVLdodLNMEtxyk5a9HChiWjc5SC:jLgDiG7vCkN8pNmVLuwcxyPB3Xx

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	4.65 KB
MD5	7d5480e07788cd9010dabbff1669a6e2
SHA1	068424719033bd5df5e53bbfb265157ea3fe7524
SHA256	2d1684aab91586b76d91663f99370d604962868df99ffdd52ac62601c2f80687
SSDeep	96:ZsKlrRaOCE/gD+lsp7aIG3x8lVxs3ZRU8DpfennXMyu0FdZ3bPn+sanbpd:GkruylhtxCVx4ZBpfen8KbZrPn+vd

C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	206e667224c1717de0f052eaa3588a71
SHA1	2e6e0d087d9566198c51765afd3da88cfd23c403
SHA256	48f46f586f1edc0675a0c69f824cc6beef1e53691638fbc0391ca3bcc5d75d10
SSDeep	12:LzC7wwswpSuHMr22AwnZT7EWbN/PLUeT1E3oRD6d8B9D8vWzvIGhOjlCC:K7FxpSuHU2KZT7EWJ7Ze37wIX

C:\Users\EEBsYm5\AppData\Roaming\iaG_GkHNHdnzSAk_0f.avi

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\iaG_GkHNHdnzSAk_0f.avi.ibagx (Created File)
Mime Type	application/octet-stream
File Size	49.27 KB
MD5	8e738dbdc24b8dda784c5714d3afa8a7
SHA1	3ef14211ceef313e36e63cd0315f80062fe70cce
SHA256	9df25a7ff0228df01029b66958668982f114c7b1b0ca4ed88d7aa47c6863de19
SSDeep	1536:a6ekNk5bjEHrA9m/HqXu7EEi6bE48+halab0:8IkVELA9m/H97EEi4j0

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.58 KB
MD5	17f06d07bf929d4bed7af1c6f2c2f05c
SHA1	4d81ee399067f36a163ab365cf2aeea139a705da
SHA256	82e80a283feb8493fa9709a586b9df293ba149fb8403908549b19f4faee7eb45
SSDeep	48:ltKoDhdsGLCRRkoTPRwnGsMe0G+H5rQKmUsi8h9GrUaepP:7KKdnCRRkoTPL9eMHBJSErUa0P

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\08_Video_rated_at_4_or_5_stars.wpl

Modified File

Compressed

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\08_Video_rated_at_4_or_5_stars.wpl.ibagx (Created File)
Mime Type	application/zlib
File Size	1.52 KB
MD5	cf453a97102743d3378816bdd47c0e40
SHA1	80c615dfca15f61814b6877f20e90caa0ba819c5
SHA256	a2e95e104cfe60923d26bca185c234c495a9680f842ef9026c85c2748b33caf4
SSDeep	48:oihkrMA3O1ZhzykkhDTdqo2+kBrH7MpJWKP:3hklS/khDUr+0oJrP

C:\Users\Default\Contacts\Administrator.contact

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Contacts\Administrator.contact.ibagx (Created File)
Mime Type	application/octet-stream
File Size	67.31 KB
MD5	b7ff1843a78c41bbbac5103f6e985e4d
SHA1	c1ab89f100e691ae952c04bc41d70ee31565e374
SHA256	059759c37f45a5afb39056d9d2460d1fd045f40fed6625737d607d4ccad78a8a
SSDeep	1536:MReYumf8vkzcUyt1BgXQgpX2ye37LwP1yC2noAoyfX:MkYu+8LUYLUQ2mfwIZoy/

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	10.85 KB
MD5	f5b1ec958e690f158ac7c92ded10b731
SHA1	f9e929a49efd7c06da458682e1821eb2880c222c
SHA256	aa6c72d2b55fa17e8a23806cec60a29ce99333396b604a6a42a71bfaf6e8fe8c
SSDeep	192:CL90BYWjLQf0azFpTSOUZ87lFifdCMxlA+1wjJOHy/C+awKMcnEybW5GpMy:CLSKSLWzTAZ87TifdCMxlQNOHyHakcn9

C:\Users\EEBsYm5\AppData\Roaming\Microsoft\HTML Help\hh.dat

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Microsoft\HTML Help\hh.dat.ibagx (Created File)
Mime Type	application/octet-stream
File Size	8.92 KB
MD5	a9a673b83eaebfad079abaea7c497dfc
SHA1	4c020c986c8aee74eba6cb897f961ad257c157d5
SHA256	3ea4b2d698b8b22609817b0a9ff0248177b08be2f02300cadbde4e23dffa36fe
SSDeep	192:GiOCi9RAcymoWiwxEb7cgg1lZFwMe7yoXvQkF6tWSXu:gRUmo6ib4gAlDwMe7nVFqje

C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\Winre.wim

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\Winre.wim.ibagx (Created File)
Mime Type	application/octet-stream
File Size	10.00 MB
MD5	c2698ce163e28905ff84891238959589
SHA1	9be2f65b63f7ec6be7f10e70c343b9e2f4b52539
SHA256	0fe434114080e778e0712b3665a4ca1c73ed7e9d115ccb916eb49e215dba6829
SSDeep	196608:96aX6gTQIGkqojQRljrffo1feRTC+JO2Lg9VgqBpiTGWv8tvgwSDP:R7cI1jeljrffowRxdLgjciWv8tvgV

C:\Users\EEBsYm5\AppData\Roaming\5TbJjRTqQcJAG8oUNN.m4a

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\5TbJjRTqQcJAG8oUNN.m4a.ibagx (Created File)
Mime Type	application/octet-stream
File Size	97.23 KB
MD5	29ecdbbca561061dd6666fa8613a8363
SHA1	774057da038f3b8229e21731f39efca909a3fdbc
SHA256	9760d330419d04407ce1a0ca985323465388fdef2d4dace8d7dfb9d7ecef4ab1
SSDeep	1536:/mMcikbMxvbnnRBuhxr3WVXSz3CuCNisVZQl6MA1+qoMWJ4kTf9t8X:/ZciQMxvbLMxaVX03PCHG4Mk+qcJh9KX

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\07_TV_recorded_in_the_last_week.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\07_TV_recorded_in_the_last_week.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.54 KB
MD5	5a6f5be7d3982b678362c882456afc09
SHA1	330fbd200c85b3dcdf9c35214dbfeb69997361e3
SHA256	21d64b3857f919cb96ea94d03c8079735fdd6e2fd3bbdb18cacdf0a1a59e8c67
SSDeep	48:E6XuCg1YegXN6n7TNtvL0k++O6v1T909Akw6vlQ9:E6+MLN6nr0k++3v1ZQTlQ9

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\09_Music_played_the_most.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\09_Music_played_the_most.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.53 KB
MD5	fd9eb73b7364a07d2f8ae5914dc19025
SHA1	929adc02a68de88f516337ad6f50ce9f3fe97d28
SHA256	c5aa9bda172f301fb06696ad30ef88d2c563b218ab18146ac7586c131343d048
SSDeep	24:urEcuhFL+Cc0Jwg1zP1oOLRsFfF8Mgm/9E22ZxMa7SyTGNu4gSBIBdOeUAZGQYic:urEcALVD1q8Ml12uyTXzSCdOePGQYMF6

C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.ibagx (Created File)
Mime Type	application/octet-stream
File Size	7.03 KB
MD5	832eb902041889733cc0ea72e0f5e8d3
SHA1	0c12aea6cfcf4fd1c890a38db751c4eca6641fce
SHA256	8022386178506ad9966851aa2b2df958faefbac2fc7ff9b6fd5d4fcca4227e95
SSDeep	192:VKw/j3/3MKNfoU0zYxywbOjDTF9BPNGDMBIfuIeuC:9/j3/3oU0sxhbOj1HNoMBouIe3

C:\Users\EEBsYm5\AppData\Roaming\k34HcmsYrEK4_.bmp

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\k34HcmsYrEK4_.bmp.ibagx (Created File)
Mime Type	application/octet-stream
File Size	15.71 KB
MD5	54003f1794e58f776d7947858accec3c
SHA1	ae5cae40728c78985bbb8877191568b40d37def9
SHA256	2f368e817ac686c204873635f8497ae1aaf0c7c7370aac23067f46787bb8041e
SSDeep	384:b700KL/A0iAh9tfodWfSukcmAzeGErVl8xiD05Sf:4tXh9tgcSfDzAI

C:\Users\EEBsYm5\AppData\Roaming\Cav7r34AQxz266BdGIX.m4a

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Cav7r34AQxz266BdGIX.m4a.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.09 KB
MD5	28647c40bde73c36643dda2040237e2a
SHA1	ddf8cb87d6bfe9c5e73d5ad24c2f72faef62314e
SHA256	980073dc28c25b51b5298294c29fa80950a0dbbd480a8bebe71455070b87ca91
SSDeep	48:VVNtNMvSQgq28uDWF33jGzRwGX/ZxrBU5E3Ds4rzLgWAF0W0ZD3Fq:VVzEhgqEDWFDUtXRxr2asHEfU

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\02_Music_added_in_the_last_month.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\02_Music_added_in_the_last_month.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.78 KB
MD5	02b2a2a5381dd2193f9e94d3f06db25c
SHA1	15828659893d102b9468418ae9c824f151475530
SHA256	87248771f32c1691ba60f255e5b6853f93daed59d8fd4b09a584dece01a85601
SSDeep	48:8w0G71mqFrZOY98c/5Pe5jSML+TZ6yU8CO4UZQQ2MKZod:SG5tZO9c/5G5Dh6gk

C:\Users\EEBsYm5\AppData\Roaming\-vZCBx3T8O8PG8Z7.rtf

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\-vZCBx3T8O8PG8Z7.rtf.ibagx (Created File)
Mime Type	application/octet-stream
File Size	25.21 KB
MD5	b97c6795dad8db7892aed6f14215ff8b
SHA1	904ddb24d34f439b7aedb82ad0d78269636d5ff1
SHA256	d11d6b1128294ce2cf01c12d207854eb080aaf2b9effb2e5a8235b3a93be3ca9
SSDeep	768:CYqk7LA0UiKmU+YWclDiMejsHHWpekJFmC:zD7LA0PKm5Yz2MejsHMeIEC

C:\Users\EEBsYm5\AppData\Roaming\ABdV76mhVKc67XfMG.odp

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\ABdV76mhVKc67XfMG.odp.ibagx (Created File)
Mime Type	application/octet-stream
File Size	66.22 KB
MD5	4864882cd403a18bb0737438a3da58b1
SHA1	98c22a826221a2ab4e8fddeb635e865d3362005f
SHA256	7321483960b6937143f106d083f887fdba0c09fcfd97dfb0ea16c2e19a02f3d6
SSDeep	1536:9PsC7Aovxj8SiER0CwVWmVhDJKeE3V2gH1AilqxTmvFeFOLfUuVizN:ZV7sSDw4mVLOAm5UFtuC

C:\Users\EEBsYm5\AppData\Roaming\g-uvZ0afpQw.avi

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\g-uvZ0afpQw.avi.ibagx (Created File)
Mime Type	application/octet-stream
File Size	7.96 KB
MD5	7ae121cd98cb40e4033162243ceca69c
SHA1	5589463c11c1e0096578d9aea36eb3ede7526555
SHA256	4f126b31c91afc01d536f4280b5b725c58d5bf5c971b20b45b19b776467f7cdd
SSDeep	192:DeWwhg8jielQaiIwL90UQfh/V53ACXEogX:qWw/+aiZGUQhfX5gX

C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata.ibagx (Created File)
Mime Type	application/octet-stream
File Size	5.80 KB
MD5	c6edb72e9f798253256bc5183f6f35ea
SHA1	6cbdddb17be4df8f18cbc7055b9594fc322986ed
SHA256	8f6fd56f7fda672de691175d395885593e852d7f40f5f017c2dc9fd17d12b351
SSDeep	96:Sp6oVfDpryMAJ5XnXogElA4U4AphxbIBjQUAZ0+hydYaSrl34lLYgSnxJEkY:ScoJDdyd/XKlAn4AFbIEfUdY3rlIlLYw

C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3Q4BCXJF\id[1].xml

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3Q4BCXJF\id[1].xml.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.61 KB
MD5	6d7313243fe5a428086e2e714b99593e
SHA1	3890ed18f93e7ca4e2881eb6ca7271609716799a
SHA256	4bb5e9369c04f845e08a5d83574e5c71441d4d80f1bc00546af2b34ef163e222
SSDeep	12:2Exthn1eQBa6JRTvFeNXLULMB+FsFsApiw5It6FIKvhfTaa0+2C:2Exthi6JRTvFYYMIAp5544XvhfTHLb

C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT.ibagx (Created File)
Mime Type	application/octet-stream
File Size	382.03 KB
MD5	1d38665ea206e7370e18b16be17188d0
SHA1	bff901a929ec4dedb039c6c4fe3dc695734577f1
SHA256	6b7bcc573729d5388f6fccef563fee67ff8031accce6e8ca9380fcba7f7efb49
SSDeep	6144:CPDnnXPETcoRAX0raqZZyqG/0ZSuOmmDwhewMcPZV+qIYdpetwXA7AUSrdxuoPf7:sf2GkraqZscZSdmnewhn+q5dpetwXA7g

C:\Users\EEBsYm5\AppData\Roaming\CmR7tOD7XC.avi

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\CmR7tOD7XC.avi.ibagx (Created File)
Mime Type	application/octet-stream
File Size	37.43 KB
MD5	ac4f762ff81bc8716eaedd2db75386cf
SHA1	2269acd985e14b689cdf4894d52ccb4ce77d03f2
SHA256	f05e17959f8f307dfdf3cb1f1432a71829d7af09bf8a095e46b32eb9284b3589
SSDeep	768:+fTFDZn1ROqmRM3OR1eXX03YX0YGRsxXj/eJDKzJxjO26PmenTpeJpZrrx7NxkK:+fTZZGqm63OR4XFwspWDKz6TpoZHfOK

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.00 MB
MD5	01941b4ea3545bed637450fc70157732
SHA1	0f858614c72e456d5fd2621ea88a3aa1e407a46a
SHA256	4ed723f5cc505090301a154f2c9a9e372d1df2c9197b0a9ad4771cfc66cd5e16
SSDeep	49152:N0QDZMLPrYBPYG9ygECdNN5BzD7S5XzvY1V/6rdFb+ncT7Whyo5:NXDaLDYBPYG9y8NfBLS5XLWhql+cT70

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.00 MB
MD5	91d982e45fd1bddaa7380a32dd48b0e4
SHA1	698d63fb446b580df3bc412bd27e3bc8ba1ec198
SHA256	fffa2de436f7e7c9573d0081a76734b764a19d7e40b99070b126196ca214b5f3
SSDeep	24576:OTIC8F1cMn4jjV9B5M5f9Cg1XGgR4lLvivYKHH4luz:OE1N4jjVpwfkGR4lLviQKHH42

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\11_All_Pictures.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\11_All_Pictures.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.10 KB
MD5	4faec776691fa7c568bee307b76674ba
SHA1	3302e1216e7926ae7ba83671c54fc8dca1ef0770
SHA256	9e870133f6176f1344bfc7c5a9a3aef3f50b9fbfa66c86590b5407b92f83ac88
SSDeep	24:zQGnb9zJ66XZEjvDWimrRcRdjsfRwxDiuCDYpMdURmpuH8:p9zJ1wVGcLjSEyF

C:\Users\Default\AppData\Roaming\Microsoft\Protect\CREDHIST

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Roaming\Microsoft\Protect\CREDHIST.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.55 KB
MD5	1a696ccc254483f721f440cbcd8d93b7
SHA1	9382f35d6166e96e20868cf8c7f0db83cad64b26
SHA256	6694748ca8190d255b42a0a39266ce4623affbc1c1061aff3e03808d1041968d
SSDeep	12:s/jYxQmOWMu6GFmq4fe6XaCWxb+y+qyPP0+wX54LSdZYBolf94dS/kLvKtZIRhCx:Mj5WshnfeZCob+yHyPP0+wX54LmYelfN

C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	956c473697185117bf199612f0defb23
SHA1	728a23eeda010cce31d7afa334d6b02af436b04d
SHA256	0952fe3d1670dd4e40768cdf2a8a12b460a85fd6ce6d454344db9404db724aa0
SSDeep	12:TTubjDXxVWmqxCkUxPCP6QMt5kXEGen0hxr+25waqLWFA+raI6dlgOC:WbpYmqEkUlDQMteEUh1+Wwa6f8FTj

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.ibagx (Created File)
Mime Type	application/octet-stream
File Size	16.53 KB
MD5	f282e46fd54553795d391cf898330d90
SHA1	2e340d5d56cb6b30afcbc4023a41303ea393af70
SHA256	3f2dd58706c1799db68afbc98e8a6d4de96475995fe681c35d60791da22c51bd
SSDeep	384:AzG6bARYK1yE6H0lq2/8+Lp6GA1WMrC0mk9tnREG:6534yE6HuVQKMmrmdR1

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.76 KB
MD5	37051351dd6d04989be0f964a6d1991e
SHA1	8413c6047150aea580c48e548c84a50550357130
SHA256	97ae678ce34a10559c0b637a9c268c66a172a6e42909842226b194562d8b2bd7
SSDeep	12:XUaRRKcnkVBbTtnOoZn+G4Z6tg1FwoMVdlQigrAaZLt/TUcTjsjuiVC:kaRIusrOc+5qyfMVgiN0Ucf4O

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	7.86 KB
MD5	511812a460e4c536efd0b5c993fc6419
SHA1	84cbc4fbae9528d87994e86155a594d17f6e658b
SHA256	e055b542e29986e7005ea09a17ac241ea398aeb36ec705721cc671e45babb002
SSDeep	192:+zYvoBDHHXnUe1smWVTIlVdeP40GvqIbtjXvcrZ:+Y4DImWVTIX440+qszErZ

C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\Preferred

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\Preferred.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.55 KB
MD5	32939e09cdeac9643050ad318a522e56
SHA1	7aa7597c1a17e76e09079e719e530362084b0790
SHA256	dfae25f385281e900fad752e4e34579a4c0db80ec7187279a1ac00d7e8eef05e
SSDeep	12:UtwRUy6KEHhXt9LODgUEKglk1LMgfCQji2cAE9TLX8NUC:GCUyBEHhTvUEjlk1kQDcBTO

C:\Users\Default\Favorites\MSN Websites\MSN Money.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\MSN Websites\MSN Money.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	23d1ed4bffb441e2c99d65a94b87cfb3
SHA1	8a1a4f419a2ca70f529e7c0ada6e1a4bdeb2b496
SHA256	80cfa5e76e18dc92663804341eb11e315c09104d573df5119d6de54c9cd09fbb
SSDeep	12:5C+VHUbxWCjdbAkgCx+87qo3+dlxh2dnuFRCrp8QuEQBeezy3U6i1uQpaSSJfLpy:1j4lAD4+W7+d3h0uFs5IBeMy3K1uQNWc

C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

Modified File

Audio

Not Queried

»

Also Known As	\??\C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.ibagx (Created File)
Mime Type	audio/x-mp4a-latm
File Size	512.53 KB
MD5	9eb242071b7b4703f68cd8dfdfa1ab77
SHA1	eacddb71bda9e44bd0a024c1b7900f13796cc930
SHA256	19609237a8a93c47e0787e5fd3ac8897cc7292164403f0d3de3c7cff4d5126c8
SSDeep	12288:CnKgw+1O3bEca3Lf1ZlU4h1+jGmBRPBhNaRdAHDVIYsrqQ1DSLCyuXX:gKx+8Gpfz+tPBXaR+2wQYLLuH

C:\Users\Default\Favorites\MSN Websites\MSN Autos.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\MSN Websites\MSN Autos.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	17d35b10425bc0320e9345b3afc79280
SHA1	1036e8ac75e92f18e33396565b96c80ca3efcb69
SHA256	5aa7d1c892e221045786ddfe852c62b70fa6a291111d23813a7e3496547ec9b8
SSDeep	12:QAlJEo1ubFxMlLdGDBToGmT4Vex76l4nSHNVTF0R5OZRZfH7fjsTnKs7w9w66E8O:/lOMWILdGD1oG8b5Y4Ifp0R5OvZfzo2L

C:\Users\Default\Favorites\MSN Websites\MSNBC News.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\MSN Websites\MSNBC News.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	11ee7caf3bd1a1e3d116baa4a16160ca
SHA1	61d84ff4ffc844cf47a8713e454bc4f6f9bb9a33
SHA256	41e06d71700253797a8d9b003df5379ad8398c9c0361accedcb5a014fd772ff9
SSDeep	12:j1ga981AgUNpydV1DWN9ecZlgBQzGKXgH0F3ySakReX8L6POGEIuC+C:Wa98ygbV8NZlgBQiPH0F3ySNziuEz

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{91E541D8-6C9E-48C0-AB69-0A7168AA62DE}.oeaccount

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{91E541D8-6C9E-48C0-AB69-0A7168AA62DE}.oeaccount.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.00 KB
MD5	3291e82d938cf3039fdedca46c32716e
SHA1	207a6c1199be9085469a99b7c8937305c361ec1e
SHA256	3657fa7e648068cb0fa3c48d79d4367447a639c1e7a213d2386eafffd2d23a2f
SSDeep	48:cmvweUO2A+3RNueO9YbRKPk4eF6t4puSDia2fdb8+:DvhD2n3hIYbmk4cQg258+

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{553187ED-CFB2-4763-8DAE-48D3609A76AC}.oeaccount

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{553187ED-CFB2-4763-8DAE-48D3609A76AC}.oeaccount.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.22 KB
MD5	2ec450d27a3d3fa61d4db36b38a45883
SHA1	9f3044b993f556db5f1b5024b6dd0d9b7ff12c4d
SHA256	4de0d0dd96986ef80b3008002196ccd3ddd236f50d8c55c6131d8f44f86dc201
SSDeep	48:2c0+hdbKgCX/QsXzKQe0oovO1iGR+LBerSKtdJsztshk:5hdBCX//jKQqIqfaQr53J4b

C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.ibagx (Created File)
Mime Type	application/octet-stream
File Size	10.48 KB
MD5	31b570bda9928cfa77b9400c3ac2de0e
SHA1	72e523eed3a81bb9f3693a4288da3920aeafc589
SHA256	219dd9f408c06c70a6a104dd798f6dae6cdd56998c777eedf7ebb223a2fbe389
SSDeep	192:/C1gFyOc4zneB7wNsRGEkLcfmAGnpuBq9OAeTSm07awj68pDcJ:/C14NzzeeNpMiWJyewj68pQJ

C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.ibagx (Created File)
Mime Type	application/octet-stream
File Size	64.53 KB
MD5	cf70009edfe6b7bf9ab21615aa245a60
SHA1	a16c3de68aa58ceb3d8bff4524bb4ac4c7d14ac9
SHA256	814a73151f58f5cc090c5c1c29a12327f5594574320ab0bb6f7ef71dfd6c9bed
SSDeep	1536:yrT0nD5xld8XUtnqb4Mpu0V/V15zGrInJ5lQBLb17S:pDld8kRXMAQ15zGraFSL5O

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\10_All_Music.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\10_All_Music.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.57 KB
MD5	fdb27fa5d8e110b20ea0db7f356e68c4
SHA1	680432600d4177adffc494a76a13a2746c069802
SHA256	bddb078e38e4dcefba9daa3700d6387120d60513699638219503b3c54803a13c
SSDeep	24:MULj8w0+sz36wOkqoxtFzsqhjBHfJMegtQ8kQZ+ct6pv8BtKIBy95XvF9TTrQ/kf:zLcAElzsiXMegtYQ0cIpgBy3/3QIoq+K

C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.ibagx (Created File)
Mime Type	application/octet-stream
File Size	28.53 KB
MD5	c642dccbaabc1ac5d2070a10b1486449
SHA1	8590c442b6ed2906f59140c75fc63429a2721ebb
SHA256	fb30fb269d6ec5bbd38d8b150569c7025ca9d410b475861571e77fb6dc64cf2b
SSDeep	768:FUCViHlB+poF5alVgtuK4n7EBrdXnz3CxU305Fw1:FUCViHj+6F5alVg34n4BhXO071

C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.81 KB
MD5	d7ff79a732a1d62b5319457801096e04
SHA1	3d4eed2e06da601457b2d724c2021c1e99f0e2c4
SHA256	b66a3564ade63ff97fdf00ac9180a4c8a4330b43a92f558f12b7bfb848a9a06f
SSDeep	12:tOQgrPxCeRFOTE26DvsC2AfE8D46Me5eujdHQ1G1AKGeQcjtwp5yShNEAsf123wv:0pvEAc8d5eedHQ15PAWhSAMAA3eHCX

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.76 KB
MD5	f50f7419f49ffaa8aa2291f31e572bbb
SHA1	ff809bb4958916967c6b958d7b9b7b98dac922c1
SHA256	51188af708beb749205928e42358a0d9801b662708d04ca0170d72cdc91931e0
SSDeep	12:sdHxFDwadzT6czwmkKNrYUbk5mICQejlQoxion8UU0izLb+gcdlZTv4XmVyMvqSC:sdRFN5RUm5F7lQosoupsZ8WgMA

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.00 MB
MD5	d93a44e501e5c3cc2b6937c1d3d0168f
SHA1	267aabbff3225cb6ae478491eebbf5462cf7cb17
SHA256	b569508d9f685853740ac5aca5be27139763edcc70eb7b36236572f3635bf5b9
SSDeep	49152:shxJziMmsyUbifkB1MLqQZ1eoP8PjbamOTkHul2C1/h0myXv:exxiMaUeMDMLqQjeokPjFmkHHCBz4v

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	6.76 KB
MD5	3e9d681cc8eeb716b55d08fe17756d11
SHA1	b1a2df0cdcb4976a3b5be33686ffdd48df21c4eb
SHA256	f8ec0d873d4e374a7e8fada6224bc7f52140a5c270257f155b5237295c488f68
SSDeep	192:jh5QKTEtos75LYXdIVfddOZ+3YiBYiAA2K4/A5E:F5QKTEtoKsNwTeGuJ/SE

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\05_Pictures_taken_in_the_last_month.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\05_Pictures_taken_in_the_last_month.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.31 KB
MD5	42d63b1f0bafbe255569b5ec52570c15
SHA1	ed28d34c1ff4574c722b5e0d5e67fba96c52ad61
SHA256	cf4b0ae5065f1ffce3fb80ec4003a4ed4dc90ab3b94c1ff69d256456126a5bb2
SSDeep	24:JBBHK9kjveXV5Qm7gGPFgsMoQXCh/wnLF0Edhj+wY5rKwglVUbl:fBq9kr07Qm7Z/3Q5LBqrHglVYl

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.00 MB
MD5	c0104241ff99983b2634b150f29effb7
SHA1	e6f64bfaa399f1c49d3fd68fab1b45b7f09b5cbd
SHA256	340ee7b49035d2a8269e9de3c9965407e67c7f7a726b85e0a987cf454fa6929f
SSDeep	24576:kSnPI2XPx+FNm2H2T/E770JlJe3WYB7QUDEqQfmhFl/RS:hnP5kFovaSG3smhDRS

C:\Users\Default\Favorites\Links\Web Slice Gallery.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Links\Web Slice Gallery.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.75 KB
MD5	e6fa0249ab3444a15f4a8dd11986b109
SHA1	c6466b1076f94801f57429e97bba6440ed6790f9
SHA256	e876fa7e8e53bb516218fc70b7861cbe9d9a016458311f031d21b0bfb7b3ca94
SSDeep	12:I/Pf9Eg/qCRIi3fLJ5uZQCo0vmt0fwweAXN/citP6f/mM36qXCivVg3ItoI6BFyd:IP9v9Ii3dy2Dt04Tm63mo6Kd9g4toxFy

C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	37.35 KB
MD5	8292e61691a7abfb88b484d37b445484
SHA1	e494eb83aecb03b58f1867d1165383369a8398af
SHA256	dca89b31d2656bdba4ea7cce89d61b88f13d11b2eb3118d9896ee6b7a198c85a
SSDeep	768:rpmlCq5ybvJkyiNgNeVbMwNUcZjmquZx8O4bsBgtWSJ+UEFtz:9I/5KJcg2bZvKqE4ztWSUU+

C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	25da10502e6c2ccebb32467fc8493819
SHA1	a616b9eedea23d2fd02270141c5235cedd0f8ac4
SHA256	2f64ee5a208e66ff874cc9d06770a947e565b73ab6af69538db713042836ca13
SSDeep	12:sKeLQ17gXbWJiCZiO4e+QdMUVhO66ej1mJPydjFgKCzS26LTM/Ofyw1EC:sKeLdbUiCSWOa6ej1mRydjFgKZnMcywH

C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\83aa4cc77f591dfc2374580bbd95f6ba_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\83aa4cc77f591dfc2374580bbd95f6ba_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.57 KB
MD5	3381646a049e590114f7679de8f12dde
SHA1	5984e6a5fe312bdb906f128ba6afde6817c9b6e0
SHA256	01ffb95b44214dcceab33a6b2b887d6abd454ca899b527be135c8dcc254d05ac
SSDeep	12:TCmoN8O/rc/2pLJrAvF+ZNUw3iBK+PkRtdMpsxeCB3M6FE3pIuHmhyC:sN3hJrkiCCT3zypU6GEhmJ

C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.01 KB
MD5	d186b0ff13789fd47dbfcf8e8684581a
SHA1	4ca91c3dca2649206857ed1d21efe13458ce71ca
SHA256	9866d21596d33a6b957cb3be3dd74d681ac3dfd4d23185266309d32760508365
SSDeep	24:0lLHcEHyXNeHvrf/PuBU2I5Cw7OZjKzA77c8VN41GyfVwT7s5qQMA6XSWNtS8qhf:0l7tyIkGnOZOzU7c8D4IwVQ7s4pvS7h

C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\L3DK0KAH\id[1].xml

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\L3DK0KAH\id[1].xml.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.61 KB
MD5	7cb7490f85e987a464dc83bec18e7f2e
SHA1	56de93d0326cea37deef2a8fad32fc719323dbe1
SHA256	d6fcf9c8e14009381ae034b9c69996d9f6a7dfae4301f53f5d8d865ff694c2bb
SSDeep	12:mMqe6GI0v0D/RP0AORKhChOlhP0N7rmHcVCGzZMHMZdxQTlQODSNDsMcE30FMC:B3tJv0V8lRKUhe8tMJGzZ+MuTO99y

C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\03_Music_rated_at_4_or_5_stars.wpl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\03_Music_rated_at_4_or_5_stars.wpl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.76 KB
MD5	7132af5b0bbd7e790601856580991fed
SHA1	53efa04ec35d36bc074698e0e8746417a3eb18a9
SHA256	a5fe2cffbbe64ef0a203f63ee164730ec741cdadcb47ced6af5e1f9867de0e8a
SSDeep	48:yvrftDztCzUX1ZbJ3ws0IJnEfov86JL3+N:aFzgwlZbqUZdRJqN

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	23.84 KB
MD5	e16410bf598e90d136c8fd6b2009f3b9
SHA1	134dfc47220bb0a3ffeb396440532fdf5fb187bb
SHA256	77387dae9ab0ccf9fcfb30f301ec51283e78db7a1739fb393ebc9947a22655f2
SSDeep	384:rbymG6JmxVDleTx2TDoFPChbAg2lkr4NEwkWdVacA6eSBJH9Fkne+JUEP9k:fExVRwqUz7ker26em5EP9k

C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\7c86938c-9ade-44b2-a1b9-d6e5269c7ffa

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\7c86938c-9ade-44b2-a1b9-d6e5269c7ffa.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.98 KB
MD5	c24dc758d109c74a498a029acb1bbbee
SHA1	ff52f5d140ceeb16a4b11ecf132f714f13451b39
SHA256	49a48260d08e9dab1e8b2f81350f66bf24b0281a7e795b2379a756a92022ea44
SSDeep	24:MTTON5BNU3RgDDGdPomXXxwrh3As5KO4gW+A:MTTOnUhgDcXXS5MMA

C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.ibagx (Created File)
Mime Type	application/octet-stream
File Size	28.53 KB
MD5	983b63593e2497ce3a7c1c6acc6530b6
SHA1	6778043df7ae369b1d5d88612a9b8c1b9e42398a
SHA256	f014b95ba7d2251ff9fec2943fc78a768055bf06ea420cbb6b2e45d575b5ab32
SSDeep	384:LyRpz7TtA+46zSazcyDFsItTlUb3sQ2okpBFTIqxJiNfsuBA2cWEYSxTOFn6Ctej:LeTe+46zSyRDFs13sQC/6qftcn6seBqS

C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	964edd71f5e8132944d4ca011352a5ce
SHA1	9b8a3c9e16c10178b721b07cc6403e9cdcc1ffa7
SHA256	02d0d8952700d264e5c2d2f045466330153eeb9d18b34eb6ddfddc3e6544cb04
SSDeep	12:SqOtVMtJVUPV7swliaNyajB148UO8aGlD6kp6AvsiqKb0nBNMb580C:gwtb4lXyROYl+koAvsiqKb0nQNK

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	5.15 KB
MD5	c1e1fcab20d7bd44d6d72131347f3c60
SHA1	293030b9fd329952178621a7bbf2e75dd9fcf250
SHA256	eea85711929d0b7f4bfe57e04176a6f4faceb9f7e53fb481b25802c9b99de2a0
SSDeep	96:hGa8d1THTKTDIt8MYwutwRrse2RpEAP47TqtYDTHBJuxe5ZthCjI+4RXFR2:h98jTzqD7MYVRpErKWDTtajIxr2

C:\Users\EEBsYm5\AppData\Roaming\41xTLbSy8hho.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\41xTLbSy8hho.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	66.80 KB
MD5	b31697b470f048e7a38b4ba63da7dbcf
SHA1	0783308ae45ee96a12075495860b3ec4ed670b40
SHA256	079c0aa865846e5059a8171690381bd14f6864f0f4f9a6f2b5ea5964563f2322
SSDeep	1536:bq7yJw/Mm8idRSPzTvuhnglQ7BkfpM3LU9qyDl0NY:bwODifGEnaEst0NY

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.ibagx (Created File)
Mime Type	application/octet-stream
File Size	5.52 KB
MD5	7ae6a28d22c40f09fb4e06c67ade9d42
SHA1	127ccb4c3534845d1d0769039c3ad37b0a7c1219
SHA256	a833c9c8c60c9efce614f390f33c4bf6e9a5cdd4aa6f1cec5378d6e7a1b95d77
SSDeep	96:HJDyYnZcMjK2vjdShq3olGW/tG0J0QXolQB57oAdmLtesmyKLZQCaI88k:HJhnKx2hSIo1/cy0QXoCYRpKLeCp88k

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.02 MB
MD5	8d9715387a37982ff707e813b019340a
SHA1	0c1113a839b265fa507710494f7dbf36d5c0b10a
SHA256	102e5bc9c4273310511db779bf211f7add298d1c7a17a076f82676042c0e9a89
SSDeep	24576:AhRk5Cl7e/ge9Y5ZLWX5W+KhdVpmXgZBF5aKsK2cBti9WCPTuT:AeCl77Nt6w55aKnIWETuT

C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.ibagx (Created File)
Mime Type	application/octet-stream
File Size	12.43 KB
MD5	204bd85c5d5a4f4b30067734169a9160
SHA1	1a7e257028c91b04f34dda4b1aad34231a3e61d4
SHA256	7b714e635a095e1b658693ab91e4884236efe2cde5f2ed814956a2ac88284d6c
SSDeep	192:1V6l/+f3ti5wb7wcjxFwlCcEl1VuH17eFJa2bo1pb9hQh/l8AVj:1Y9+ftswbscjx+rELVuIjZbo1pvQpOQj

C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.ibagx (Created File)
Mime Type	application/octet-stream
File Size	512.53 KB
MD5	0ca864764ea59ad67650cc9c58172d5b
SHA1	1ff6954e5369386f488dc3ae7d7d306bb373a1f0
SHA256	f291bf29dde2fe376cb62f8c77754c75a326d38d3da4fd5cdc01c017a4b48a1c
SSDeep	12288:W0r8kAYS+oQUPU0YyGyB0AkLg2lW7i9IKGURydp:WK8tYlU80YJPLE7irGUR2p

C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.61 KB
MD5	4635cdafdc6e74980c791aec3bb543db
SHA1	367d620da7b1daacd3b2d10fee6e1b9e14e2ae97
SHA256	e47a989a468ce6d8ac7fb2364a61ef8a484f2de4d1b960e581f52f3570b25d78
SSDeep	12:ALw0mFuazsukfZhEVyvQjrZTg2Ub5/aYoKBEK59FBW/1O+ooU++7BgC:ALVyubu2Z6q8TghVouEK59Fc/1uoU+i

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.75 KB
MD5	d0be0685c6415a2b8726dd0e02c9b08b
SHA1	5353af159b943956eac2f89a3499267f40d60497
SHA256	e3b237e5a07d4ffd4c74a4d0ed717624d5efad3537aff005a0ad74c0de7b3b71
SSDeep	12:YJ9baak8onyhg+0E662CMnfiSZtCH+4LvbFWgCwC:YJ9btkbnyh2OP+sIPJ

C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat.ibagx (Created File)
Mime Type	application/octet-stream
File Size	32.53 KB
MD5	6d25d007f79e1b32d5063aaf34a5bd79
SHA1	f3b12233223c74d1e4c0baeab91f97897ee1d75c
SHA256	2abe4bf5f4a7f49d294fe5302346f86b2fecc375bbb69637329f840887c1f859
SSDeep	768:W3iTd2w2lxeUyxtQf0BB8mwnb0ptdE4EGl4nmP:W3iTd2wuixhwnb0jq4dl4nmP

C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.ibagx (Created File)
Mime Type	application/octet-stream
File Size	1.44 KB
MD5	bbd1023423e5973cf94b68d1f691212b
SHA1	b72e21129596b54d157be7337c063a44ab55ce33
SHA256	adcf93f66ba743486bd400817b9a81dafe52aa5dbd7325dbd938df4cd0fc3b56
SSDeep	24:GE5pcSrRCo5H4ylxH4a1sp5psoQ1ymwdPpIQYsxeOzMR97PXp/tN//t9OoJtEdPZ:Pfco5YIxYa91ymwdOjs5zMRBxlB14IOH

C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.ibagx (Created File)
Mime Type	application/octet-stream
File Size	3.99 MB
MD5	ef304750860074dfca21b97f76ad5d24
SHA1	3cc6620133f46a212b8a9776382b0fc0c35cab71
SHA256	a2138977fffad2c4aabf46b62d9d5028a5f9e1f9bb7baff99070238560b4472f
SSDeep	98304:T+BJn651h+s8aa8NHLBvUaylef22P5xGM0p:KE51h5XKaywz5czp

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.78 KB
MD5	87d0679daf9dd12201706f6377521ba4
SHA1	89eefc1f2127034b18d0829f800a38c3ba6daab7
SHA256	f12c53b705e0f3fa0e92803d214a872ad5d395ffcfba16cacd23e1e25c8e0e10
SSDeep	24:aJjtCrVCY0TlZRQj/RdIXU1Zf2z1Pyl8l:aJ5CrIhnKzRdYUZOkI

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log.ibagx (Created File)
Mime Type	application/octet-stream
File Size	2.00 MB
MD5	129c9e124c4143a8de67919f43d79172
SHA1	769296b7b61575411560016733efc64179ffed24
SHA256	aa7f16324adf732f55afb5e01f7437851a947ef5a2655a376ff1b18f4c62ae67
SSDeep	49152:1ynDFTGvXDIkOodrwMXuqs6/assXHBDYZStH4Yg6:1q5QXD5tHXuqsFsApIG3

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk.ibagx (Created File)
Mime Type	application/octet-stream
File Size	8.53 KB
MD5	9ecfc5931a92f3f9942b8503a33bad15
SHA1	f333f5d0d0e9f5c1bfb9f66596a883e72e3bac06
SHA256	9a89dab1740dfb9639fc8bd281c456fa4e626b221a743e7e72d11c1597c747b5
SSDeep	192:oNUfYmGExmO9tZjWm0f6z96eaGjKf+5ZNHkJ4k5gSXWjvk:0GYDyrp50Cz8eHjDIJ41js

C:\Users\EEBsYm5\AppData\Roaming\0IDnC0H9EMmV.mp4

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\0IDnC0H9EMmV.mp4.ibagx (Created File)
Mime Type	application/octet-stream
File Size	30.24 KB
MD5	b3d4c8991947180a27a11b5fab3ac046
SHA1	27b4521a49325c82c6296ecc8b99533bd15d4064
SHA256	4e4e5e6d96fa53e5e29940712ef90a6ea288ef9ab4ba22b298fcc676510f9511
SSDeep	768:9zGHHstAWE0veo/k7D5RetuJo/YUVOM3uAXWP:btLE0Go+1svQUb3uAXM

C:\Users\Default\Favorites\Windows Live\Get Windows Live.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\Windows Live\Get Windows Live.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	a45c6c54dfc4a3191c4c4b1143a99aea
SHA1	1ec94b42d655d36852f34b1f548e122dce553807
SHA256	c30cb8b0676fae3b67be5ba1d455c1d937e2e62ac75c464a8448dc4c93113e0f
SSDeep	12:qN0bCd1gzv3WbyH2NddCyvLmEoEasOkN7pw328dxQHNUAdwq1C:7Czs3oyWLdCyvSAaTkI32bHquM

C:\Users\EEBsYm5\AppData\Roaming\d9-2p9zLf4.pdf

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\d9-2p9zLf4.pdf.ibagx (Created File)
Mime Type	application/octet-stream
File Size	37.41 KB
MD5	db8e8a7fc6587329fd2fd21d376a96be
SHA1	25506e96a4e6b76861735af3a8575e312be005db
SHA256	bfd963b2bd4a44d1585ac6ed62165c9d382723e48207b9da8ae83743779e2d63
SSDeep	768:8YFmIFpevuLLoVZ26FsArd+1HCqSmFEoM+VG7OluYvQAIYeoqNvRmZQ:8YVFAvuAVZjyA0RCd7qaouYY6e7Nv0m

C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.ibagx (Created File)
Mime Type	application/octet-stream
File Size	16.53 KB
MD5	7b3bf4d1ee365be20279a24ff71f4fa4
SHA1	9e49d881cbb08480411d3e18d1e1c9f90a41c13a
SHA256	a6a2c0ee170825aebb72a7a70eb6939bb8d30cd385d5472587dd40b53fe479a6
SSDeep	384:0yc9u8Ar2E3pXnCqnsbkX8iszuKVM5tAeKfU1iJ6K0O:SU8GHnDXAzuKVQbKfUIJv0O

C:\Users\EEBsYm5\AppData\Roaming\du-5F19JYW5jR0wN.png

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\EEBsYm5\AppData\Roaming\du-5F19JYW5jR0wN.png.ibagx (Created File)
Mime Type	application/octet-stream
File Size	66.05 KB
MD5	abee6d05cfd94261da2f80dd22be8197
SHA1	1c5760a163d09e5aa405e0d1d46846a1e874976f
SHA256	3f33558f9bd359cd93411ac666bb41762553a660de86657144929c8de39b19a2
SSDeep	1536:e38gUDClglpRZ8+lNriAYZq1jmEajUTV95q0czvvLf/0KkXIZS:slUDVZDHi7ZqFtx+xlcIk

C:\Users\Default\Favorites\MSN Websites\MSN.url

Modified File

Stream

Not Queried

»

Also Known As	\??\C:\Users\Default\Favorites\MSN Websites\MSN.url.ibagx (Created File)
Mime Type	application/octet-stream
File Size	0.66 KB
MD5	1aaf4cce89bb026ab2861aa8b79e0347
SHA1	d9c5bdb86e063cfda4be1fd300398c960ee9ddbe
SHA256	f99fea69d61b7e8b6810d47f722a244903254a1dcb07bd7ac2615405945795eb
SSDeep	12:yIvbpzin+5GMGXxkE87YuNeKn91EuvrDQ/dTSD6r0BRZmI3Z5CYks2mk0C:yIvNzi3i17H/91vnwdTSmrIpp5CJsLkt

C:\\IBAGX-DECRYPT.html

Created File

Text

Not Queried

»

Also Known As	C:\$Recycle.Bin\\IBAGX-DECRYPT.html (Created File) C:\$Recycle.Bin\S-1-5-21-3785418085-2572485238-895829336-1000\\IBAGX-DECRYPT.html (Created File) C:\Users\\IBAGX-DECRYPT.html (Created File) C:\MSOCache\\IBAGX-DECRYPT.html (Created File) C:\PerfLogs\\IBAGX-DECRYPT.html (Created File) C:\PerfLogs\Admin\\IBAGX-DECRYPT.html (Created File) C:\Program Files\\IBAGX-DECRYPT.html (Created File) C:\Program Files\Microsoft SQL Server Compact Edition\\IBAGX-DECRYPT.html (Created File) C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\\IBAGX-DECRYPT.html (Created File) C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Desktop\\IBAGX-DECRYPT.html (Created File) C:\Recovery\\IBAGX-DECRYPT.html (Created File) C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\\IBAGX-DECRYPT.html (Created File) c:\users\default\appdata\local\microsoft\windows\history\ibagx-decrypt.html (Created File) C:\Users\Default\AppData\Local\Microsoft\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Credentials\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Feeds\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\0TOZKA9V\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\28NUQX6M\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\8S73DLQL\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\QVTV2WL1\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Media Player\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Windows Mail\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Windows Media\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Local\Temp\\IBAGX-DECRYPT.html (Created File) c:\users\default\appdata\local\microsoft\windows\temporary internet files\ibagx-decrypt.html (Created File) C:\Users\Default\AppData\LocalLow\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Identities\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Identities\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Microsoft\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Microsoft\Credentials\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Microsoft\Protect\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Contacts\\IBAGX-DECRYPT.html (Created File) c:\users\default\appdata\roaming\microsoft\windows\cookies\ibagx-decrypt.html (Created File) C:\Users\Default\Desktop\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Documents\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Music\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Pictures\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Videos\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Downloads\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Favorites\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Favorites\Links\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Favorites\Microsoft Websites\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Favorites\MSN Websites\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Favorites\Windows Live\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Links\\IBAGX-DECRYPT.html (Created File) c:\users\default\appdata\roaming\microsoft\windows\network shortcuts\ibagx-decrypt.html (Created File) c:\users\default\appdata\roaming\microsoft\windows\printer shortcuts\ibagx-decrypt.html (Created File) c:\users\default\appdata\roaming\microsoft\windows\recent\ibagx-decrypt.html (Created File) C:\Users\Default\Saved Games\\IBAGX-DECRYPT.html (Created File) C:\Users\Default\Searches\\IBAGX-DECRYPT.html (Created File) c:\users\default\appdata\roaming\microsoft\windows\sendto\ibagx-decrypt.html (Created File) c:\users\default\appdata\roaming\microsoft\windows\start menu\ibagx-decrypt.html (Created File) c:\users\default\appdata\roaming\microsoft\windows\templates\ibagx-decrypt.html (Created File) C:\Users\EEBsYm5\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Collab\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Forms\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Flash Player\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Flash Player\AssetCache\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Headlights\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Linguistics\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\Linguistics\Dictionaries\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Adobe\LogTransport2\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Identities\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Identities\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Macromedia\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\AddIns\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Credentials\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Excel\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Excel\XLSTART\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\HTML Help\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IME12\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IMJP12\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IMJP8_1\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IMJP9_0\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\L3DK0KAH\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\05P2C0FB\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3Q4BCXJF\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\SFX4RKM5\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\T9DX4T6Q\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\PB5UWKXI\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\TIIZUCFY\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\ZQH8NGYD\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MMC\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\\IBAGX-DECRYPT.html (Created File) C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\1033\\IBAGX-DECRYPT.html (Created File)
Mime Type	text/html
File Size	63.77 KB
MD5	8c17ae2a4e8a386a93ef05f02821fbc4
SHA1	0cad8851350065189f2ad048f765cb1575f6d60d
SHA256	d20c370aef35e65e75007b601f53e87de2a33f653b3aa6bf68ee7848746eab10
SSDeep	384:No/7cdfUSQwGYZVI/IT9cGQ+aCB0I+iH+wUWjRLW/tydFl7gPE2VvegZuH2d9:Ne

Notifications (2/3)

Remarks

There are no files for this filter

WHOIS Domain Information

Before

After