f94814ac...df0c

Master Boot Record Changes

»

Sector Number	Sector Size	Actions
2063	512 bytes	... Actions Show Code Modification

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mdsqvy.exe

Sample File

Binary

Malicious

»

Mime Type	application/vnd.microsoft.portable-executable
File Size	19.00 KB
MD5	be2d892667464c9f34d4f3dddf7f0165
SHA1	dd9aac5c4d7dbcd6650dbd38291f72144a8cb486
SHA256	f94814acaa06d4c006bf5f5f5c2f18ccc02e6859a927b6f4250f4c5b0985df0c
SSDeep	384:eD6vLQRz85r118AVuKTOm3Hr/T74mxIOgJqk9Vh+QKgV/t35Tcmp:eDULQ9arPzsm3Hr/T74IIr9bV/t35Tp
ImpHash	562209bc194bb4050e946ee2d381e792

File Reputation Information

»

Severity	Blacklisted
First Seen	2019-05-19 17:15 (UTC+2)
Last Seen	2019-05-28 20:56 (UTC+2)
Names	Win32.Trojan.Uac
Families	Uac
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x402d70
Size Of Code	0x2c00
Size Of Initialized Data	0x1e00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2019-05-17 14:59:33+00:00

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x2bc3	0x2c00	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.31
.rdata	0x404000	0x1b8e	0x1c00	0x3000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.62
.data	0x406000	0x28	0x0	0x0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0

Imports (10)

»

MSVCRT.dll (2)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
rand	0x0	0x404134	0x54ec	0x44ec	0x2a6
memset	0x0	0x404138	0x54f0	0x44f0	0x299

KERNEL32.dll (40)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
FindClose	0x0	0x404078	0x5430	0x4430	0x175
CreateFileW	0x0	0x40407c	0x5434	0x4434	0xcb
CreateThread	0x0	0x404080	0x5438	0x4438	0xf3
SetFilePointerEx	0x0	0x404084	0x543c	0x443c	0x523
ExitProcess	0x0	0x404088	0x5440	0x4440	0x15e
lstrcmpW	0x0	0x40408c	0x5444	0x4444	0x630
MoveFileW	0x0	0x404090	0x5448	0x4448	0x3eb
lstrcmpA	0x0	0x404094	0x544c	0x444c	0x62f
GlobalAlloc	0x0	0x404098	0x5450	0x4450	0x32d
WaitForMultipleObjects	0x0	0x40409c	0x5454	0x4454	0x5d5
GlobalLock	0x0	0x4040a0	0x5458	0x4458	0x338
GlobalUnlock	0x0	0x4040a4	0x545c	0x445c	0x33f
GetVersionExW	0x0	0x4040a8	0x5460	0x4460	0x31b
ExitThread	0x0	0x4040ac	0x5464	0x4464	0x15f
OpenProcess	0x0	0x4040b0	0x5468	0x4468	0x40d
LoadLibraryA	0x0	0x4040b4	0x546c	0x446c	0x3c1
GetEnvironmentVariableW	0x0	0x4040b8	0x5470	0x4470	0x239
lstrcatW	0x0	0x4040bc	0x5474	0x4474	0x62d
GetUserDefaultLangID	0x0	0x4040c0	0x5478	0x4478	0x313
WriteFile	0x0	0x4040c4	0x547c	0x447c	0x612
CloseHandle	0x0	0x4040c8	0x5480	0x4480	0x86
FindNextFileW	0x0	0x4040cc	0x5484	0x4484	0x18c
FindFirstFileW	0x0	0x4040d0	0x5488	0x4488	0x180
GetLogicalDrives	0x0	0x4040d4	0x548c	0x448c	0x268
ReadFile	0x0	0x4040d8	0x5490	0x4490	0x473
lstrlenA	0x0	0x4040dc	0x5494	0x4494	0x63b
HeapFree	0x0	0x4040e0	0x5498	0x4498	0x349
IsWow64Process	0x0	0x4040e4	0x549c	0x449c	0x391
GetModuleFileNameW	0x0	0x4040e8	0x54a0	0x44a0	0x274
GetCurrentProcess	0x0	0x4040ec	0x54a4	0x44a4	0x217
VerifyVersionInfoW	0x0	0x4040f0	0x54a8	0x44a8	0x5c5
GetProcessHeap	0x0	0x4040f4	0x54ac	0x44ac	0x2b4
GetCurrentProcessId	0x0	0x4040f8	0x54b0	0x44b0	0x218
VerSetConditionMask	0x0	0x4040fc	0x54b4	0x44b4	0x5c1
GetProcAddress	0x0	0x404100	0x54b8	0x44b8	0x2ae
GetWindowsDirectoryW	0x0	0x404104	0x54bc	0x44bc	0x326
HeapAlloc	0x0	0x404108	0x54c0	0x44c0	0x345
LoadLibraryW	0x0	0x40410c	0x54c4	0x44c4	0x3c4
GetSystemInfo	0x0	0x404110	0x54c8	0x44c8	0x2e3
GlobalFree	0x0	0x404114	0x54cc	0x44cc	0x334

USER32.dll (6)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetWindowRect	0x0	0x404158	0x5510	0x4510	0x1e6
GetKeyboardLayoutList	0x0	0x40415c	0x5514	0x4514	0x165
ReleaseDC	0x0	0x404160	0x5518	0x4518	0x2fe
SystemParametersInfoW	0x0	0x404164	0x551c	0x451c	0x397
GetDesktopWindow	0x0	0x404168	0x5520	0x4520	0x142
GetDC	0x0	0x40416c	0x5524	0x4524	0x13f

GDI32.dll (21)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SaveDC	0x0	0x404020	0x53d8	0x43d8	0x32a
CreateFontA	0x0	0x404024	0x53dc	0x43dc	0x3f
SelectObject	0x0	0x404028	0x53e0	0x43e0	0x35b
CreateCompatibleDC	0x0	0x40402c	0x53e4	0x43e4	0x31
SetPixel	0x0	0x404030	0x53e8	0x43e8	0x37f
RealizePalette	0x0	0x404034	0x53ec	0x43ec	0x316
CreateCompatibleBitmap	0x0	0x404038	0x53f0	0x43f0	0x30
GetStockObject	0x0	0x40403c	0x53f4	0x43f4	0x2b8
GetDIBits	0x0	0x404040	0x53f8	0x43f8	0x274
GetDeviceCaps	0x0	0x404044	0x53fc	0x43fc	0x275
DeleteDC	0x0	0x404048	0x5400	0x4400	0x17a
SetTextColor	0x0	0x40404c	0x5404	0x4404	0x38a
TextOutA	0x0	0x404050	0x5408	0x4408	0x39c
SelectPalette	0x0	0x404054	0x540c	0x440c	0x35c
GetObjectW	0x0	0x404058	0x5410	0x4410	0x2a7
SetBkColor	0x0	0x40405c	0x5414	0x4414	0x362
RestoreDC	0x0	0x404060	0x5418	0x4418	0x323
DeleteObject	0x0	0x404064	0x541c	0x441c	0x17d
BitBlt	0x0	0x404068	0x5420	0x4420	0x13
CreateDCW	0x0	0x40406c	0x5424	0x4424	0x34
SetTextAlign	0x0	0x404070	0x5428	0x4428	0x388

ADVAPI32.dll (7)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CryptDestroyKey	0x0	0x404000	0x53b8	0x43b8	0xc8
CryptAcquireContextA	0x0	0x404004	0x53bc	0x43bc	0xc1
CryptEncrypt	0x0	0x404008	0x53c0	0x43c0	0xcb
CryptImportKey	0x0	0x40400c	0x53c4	0x43c4	0xdb
CryptReleaseContext	0x0	0x404010	0x53c8	0x43c8	0xdc
CryptAcquireContextW	0x0	0x404014	0x53cc	0x43cc	0xc2
CryptGenRandom	0x0	0x404018	0x53d0	0x43d0	0xd2

SHELL32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteExW	0x0	0x404140	0x54f8	0x44f8	0x1b5

ole32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoInitializeEx	0x0	0x404180	0x5538	0x4538	0x5e
CoGetObject	0x0	0x404184	0x553c	0x453c	0x51
IIDFromString	0x0	0x404188	0x5540	0x4540	0x102

SHLWAPI.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
StrStrW	0x0	0x404148	0x5500	0x4500	0x152
StrStrA	0x0	0x40414c	0x5504	0x4504	0x14d
wnsprintfW	0x0	0x404150	0x5508	0x4508	0x178

ntdll.dll (2)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RtlLeaveCriticalSection	0x0	0x404174	0x552c	0x452c	0x4ad
RtlEnterCriticalSection	0x0	0x404178	0x5530	0x4530	0x397

MPR.dll (5)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WNetAddConnection2W	0x0	0x40411c	0x54d4	0x44d4	0xd
WNetOpenEnumW	0x0	0x404120	0x54d8	0x44d8	0x44
WNetCancelConnection2W	0x0	0x404124	0x54dc	0x44dc	0x13
WNetEnumResourceW	0x0	0x404128	0x54e0	0x44e0	0x23
WNetCloseEnum	0x0	0x40412c	0x54e4	0x44e4	0x17

Memory Dumps (1)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
mdsqvy.exe	1	0x00400000	0x00406FFF	Relevant Image	-	32-bit	-			... Memory Dump Actions Download Dump Go to process Go to AV Match Go to YARA Matches

Local AV Matches (1)

»

Threat Name	Severity
Generic.Ransom.Outsider.BB2D3DDE	Malicious

YARA Matches (1)

»

Rule Name	Rule Description	Classification	Severity	Actions
OlympicDestroyer_Gen1	Olympic Destroyer destructive malware	Worm	Malicious	... YARA Actions Show Ruleset Show Match

\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml

Modified File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.53 KB
MD5	37806358124de52b3b02a66f8676c0c6
SHA1	c9886cdbb21cd88fd6eddd1b36d5c5495875f519
SHA256	9529c75d1261c6748f2d9fcc88b9cef08f3f1d5353dc16a21d400f30c03cc128
SSDeep	24:6IvxacXaDyA3y3DilNsvncs363py2lScFyy2JTPQE2cFrVRBq54G/7/XZF+Jk:TyDF3yivuc4mpyThyUfrZx4dFMk

\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml

Modified File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.42 KB
MD5	c42a2e34822b56c6e95bebdfcd83fe24
SHA1	1a9f19f3dab4e5fcc7550846f85d15f34e4b0477
SHA256	ec4913bb592a9028011cef10bd05d47f9e6edb2b05cdf808c5be842d88a88cdd
SSDeep	24:6IvAjCvmIBC1tdAAw/yEDrlN1dmH6BAOIy2qYFyz+V1k3Z8kkOymUHkvBSgltbvR:IC+IBgKLjrvDzAOIyEF0RyuhJ+V5C

\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml

Modified File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.76 KB
MD5	e8d033a09afa8b6320e3c93c687296e3
SHA1	f37154c8b5023785c791f5979f83c78d12526588
SHA256	c1e4c4ce369c8ddf75990665b88fb2194c2ea746a09d48e5012a559f7726e587
SSDeep	24:6IvWFjv+LgnpMAWabg7rg9cAOvm0GukCgsXUsRjmF9lxiMmeln9lxUoacBQAO4GJ:gjv+LgprWBAVVukChAEoQAT20tBjUyQ

\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml

Modified File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.42 KB
MD5	72881927b442f923e595ed305cfc05ef
SHA1	1ee65ddd03109defa225d413f5684e8481cb0f02
SHA256	8a8d85b86429622388832d573de10538635d2c59829ee31eccb9b53fab0edbe1
SSDeep	24:6IvAjS6IWY5KWAqr6DdhkAvPfiYeu9QpFBdMy29uL5AbrbRBZO4G/7iXZqLSdzq:WO6IjcfDdhkAXx9QBCyCUqrvZT4oHdzq

\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml

Modified File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.35 KB
MD5	a899f80a3dbfb49b460b00d75d9ff550
SHA1	6c6fad2e0587d3236d67d376484581d8a7e25efb
SHA256	da9d111e3db3c736ba19797728d571fcb789fed280a9ebaf4d06bedcce7617a6
SSDeep	24:6IvxQaQC0YA44WvVg7z0FaNYvbIeiE47jHL+/ROH1S/fcFrYSgoXwP:TR0HWCeQYbNIv+/ROVU+RoP

\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml

Modified File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.20 KB
MD5	1840e86417195e4909efd37d3cecdcb6
SHA1	a5787113cf75371ab323650bc1e7bd7acef6cd12
SHA256	aa13200dd93c16ab922af11334306e7dbdc66a8620581dda6f6063b752a6afd8
SSDeep	24:6IvPe1rxAdWNWg7ZpAhKYkC/eNcHYkOymUds5YSgoXwP:1wqg5pA9kCqYuoP

\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml

Modified File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.57 KB
MD5	752e6be1be2463e4feb4a5659777dee7
SHA1	779db2666f9b49dd7c888583fbf842402e53b2fa
SHA256	044e115b95e7dd465eee12e0e0592521b0bec7d599a2ac876906af73d1f058f2
SSDeep	48:pfG6zSTR6zzzyU4mpybQP3TGy/FUrOtwpVV50:pflzSTRAbekrRO/g

\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml

Modified File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.42 KB
MD5	8a94f0b60076af090132564c6eb3ed6f
SHA1	61c71c614bf16e1ea9d5d4973c1cf4ee4956d50c
SHA256	fc7ce14661a2dba55717fabb373cabf10b64db39090ef7dbbddad9fd7bcc7c06
SSDeep	24:6IvFTh8JbgA1JGMyDIPI2FsMhsSsphIrmf78y2NPAeYB9Qvpzf3ky2NGm/4P:Sh/1J3yDIPI4RRs+478yF/QBjUydF

\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml

Modified File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	819 bytes
MD5	c0a8432f7ab6f4fb775dad6df59ad612
SHA1	165198984f17e769a42424a103dae8426987ab79
SHA256	d8a25afd703ab4730daaf0cbe9ea7904041de3b76740971ad0e6dde66cc8f99b
SSDeep	24:6Iv0szb3PdsxA4GyUBDElN1dmH6/eFrYSXDxSX:WszDeuBjNEvDBQRXUX

\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.NHCR

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.41 MB
MD5	7836fff3f74b233070356037d33631cd
SHA1	a13ca1ad0714fda0641cecca07a65c6075c3e6fd
SHA256	21eefe02115433b255c95aa5a4437a737bdeb603f676273c1df68831cef7d8e6
SSDeep	49152:7K9DxL8QBoI9eljidTex4S120ytJyhaM6CLC:u9R89EQ1o

\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.NHCR

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	20.09 MB
MD5	addf9d7e718c2f65d01054e528df0fe0
SHA1	d4779accdd400bf8efc370c0db1dadc6bba70a70
SHA256	7b01a7950fc3b9cc2816355f88e36714d67439e04d723afc5754ddb7b5fe232f
SSDeep	196608:YcFNUxdiOm1j3/abCsYwFOSQo2eWDOQs4hW6s63HS:gPmN3/abtYIQo2OQ93RS

\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.NHCR

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	853.50 KB
MD5	5d97e099aa92a0548528e2e37a14688e
SHA1	f0ee4e407c18f6633b6d0f96a8538a3701dacaee
SHA256	71e2664fbc1884ce1a903da36c4e735248ce252f12321f36038552ce659f4f97
SSDeep	24576:fYg4gEgx3P6WBWkmf3egDqo8o93PU6py1p:fYCzgLf7qo26py1

\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.NHCR

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	9.28 KB
MD5	2e74c7ee17acbcd58ab657e40de8b5d6
SHA1	08b3a9738f0b1a2784ab3f7e30b70ea577871594
SHA256	857e1bed58029b6dc6bb6b3c55f7f7eeff5fe08025cdf19095fda48bbdff4784
SSDeep	192:R/bi2gngyfq+NPBbBUMjzozn6uCnGDuvv0uUoghgtJ31GBV8z9R:R/bOTZBbBxjkzBCnGkUoEy1GBV2

\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.NHCR

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	3.50 KB
MD5	9909ea53dba324b89e201b688919ece5
SHA1	e53349020aac2a6de35024cb8e8b1893e28e6e7a
SHA256	28177c666922c63e7b67fcf933aaa8a596499d5437931d0002263b1475ff3075
SSDeep	24:MoUAwheCHiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii4g:D+wJWOLr2OUHWr9K5KvvBC7QhCtUL

\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.NHCR

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	16.46 KB
MD5	1d26d305072747afc97bee84182a07af
SHA1	c36499c04a1482028196525e5edaccc5215a7238
SHA256	f78187ec11000fae162e8108a69ae72d0d44f1901c8f37fc634a2c68452889ec
SSDeep	384:Eaac80WEnHA0lnx3np1rXUjOfrt7niwPZ5Zz5kX4i:E0HAImOT5Q

\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.NHCR

Dropped File

Stream

Unknown

»

Also Known As	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	4.17 KB
MD5	5e4170a3a1dba32af74e4793094ffd0f
SHA1	6fb2cdb0e6bd5c88309570523e3d967a692ed4a7
SHA256	fe390ae4b4702477de7852a811e47c7dcdd2e77b299fbb7ba50cd0c7515d281c
SSDeep	96:r92sTJi6YCy2+2/9QYmZNi0CIPIQQjSYtof6q+I19+W:AQivv2+2/juQ0CMijSYtof6q+I4W

\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.NHCR

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.31 MB
MD5	123b973f0627398f39d2de0dccf524c1
SHA1	ef4b0ca19326e7e421582ca52d344eb815221f7e
SHA256	db3930685aca3f6a42f4961ee005b0493d68edb50ed3537415103170d4589372
SSDeep	24576:50YWf5eMkHHfKnE+RUi/LHgZJJkbipjZSMP:50YF+RUi/LHkJkOZ3

\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.NHCR

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	16.29 KB
MD5	63fc122b0793e39221800edefb11d054
SHA1	36eefdfe8706e4bb9f8bf8fa405f3c50cffdcb77
SHA256	f74f0e6737feece2631fd68cf4b3032983466e8199c464e55ed0e792f905a06a
SSDeep	192:b9oymG9i0VzmdtJTqjTDBBc93dqak1hip3mg8g9GVWz8CuDMk7hbTBNM0OorzsE+:poBsaC4pMNPBNMxSW0DSVP0y9bgkfOG

\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.NHCR

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.90 MB
MD5	f7bf23488c694b1ceb7a87770712cc49
SHA1	59bebd54ac92047e84465f9b1000041e0c22b12d
SHA256	753ee226dad40b571afd99a9984174c872c874df2b8fbdad3f79ca7617623929
SSDeep	24576:4kTxhF6WBckmh7EgVEG8o93s0ZWdrU+MAR+acIty0BqEI2S+o0k4Xqb9:ZHWLhHEGr0BqEI2S

\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.42 KB
MD5	53dd1847fa9d13850c9395092346d5f9
SHA1	d24b4802b975da3905d1ad6c19c3b1e89997eccb
SHA256	77b13deafd4cf4d1fe3e0a56223f7c4150e8d923439e798c02d1844c208e6a3d
SSDeep	24:6Iv7lqkOSrprImACdM6EhkAsAwUdyIw/kAXcA5k+09u3/XZGQyy2bAw0gltbvR+i:Kl8prIJCxEhkAsAuhXcA5kpUOyCAw0uD

\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.84 KB
MD5	0941cb9d161a4771cc8d046a1832e7f6
SHA1	6fe646d80fc2e0a1f0b8763c37e387fc46d78af1
SHA256	745796c541770a9a566d0bb75b7c10e9df5fecbeaeb977fcf77f7a6f78cd70ba
SSDeep	48:0xxMwcP/lkKldSOcQNESEgB0aWPpsEP1U4dE0K4:0Xeu+fcQOH7dPV9tEG

\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.57 KB
MD5	1ccaee907c3f2806173c620011b21899
SHA1	2236dfdecaf2e4ca5775e0a83ec4101bf6cc6048
SHA256	9c95938cec8b4c263c38517393cae33b22c73757a94b2d965ef33c420ce774f2
SSDeep	48:YRgRTvpq2MVGFrpq2MsiUBw5J72l/4zjTap4hbNw1hR:YQvU2M4VU2MtUBw5J7YYTapphR

\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.32 KB
MD5	67eb1e618a4c58e4bf549f1370c2d349
SHA1	86f25d3295e74f73c2bd05d187d020d94fd42520
SHA256	a83e6a8a512c399bcd3b130369513553ae0c70e657540179e951150df3c096fd
SSDeep	24:6Iv38ww6rWAtr6ShkTxFVs363py2KjeDt2b9CrbPBQAO4GfCyRG/7iXZqLSX:6Z6V4ShkFFV4mpyH0r1QATI4oHX

\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.42 KB
MD5	7b33b6877d6ddb40fee374c5b79123a5
SHA1	8e0979aa489d5eeb62473cf3865c338e0efabf16
SHA256	a60fe80ba96471cab8161282253d697138c5bf288293f97423c35aab3694c4c8
SSDeep	24:6Iv3i2ZWY+Aar6udhkCtEO4GvvP2f/glkMkbpFSTTy2+4WRdmCbxgFXZzEMX1C:LvPudhkCtETSEuT0S/ykWRdPUzEMC

\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	811 bytes
MD5	40602f9ccb139ba45afe9b439e66ead6
SHA1	9fa288b70b72854f469b39acb094d3b2259a4bc1
SHA256	92f8d4e09039cec808630fc7dcb32d61426aed7f3e5015369b3ae68c076581a9
SSDeep	24:6Iv1ROX8YoA30DFDalN1dmH6/eFrYSXDxSX:/YX8YX3mhavDBQRXUX

\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.81 KB
MD5	a79c70e7b28c1c1f113e7682987c5231
SHA1	18b280e1dbdfc14e5e42c2cc52f5e312d2f1fc0e
SHA256	44c6b6489cd571a200692b2fa6629e7edeb80b4a69ca165b113a0fa3e01be557
SSDeep	48:nOYqgAYSghiUTMYpRSMfmEU4jnTVXKGhV6BtlGdyQ5K:OYqgAY1cUTHpRjuEUkTs2qtwdyQ5K

\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.94 KB
MD5	9fef390f0bb0a649bc560f2123d16bf6
SHA1	095565a1e9b58b9cdfeb456ee85cf733cf002ee9
SHA256	f07defd74a6270873f34d10efaf90a20320288da1975c136c2566f153499140e
SSDeep	48:KYoqasTkO2Mu6fy2DbwSHX8XYlnm8cNQ/DJLxIP3zmGdyQ5K:noqas22DbwUX8olTKQ//I79dyQ5K

\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.83 KB
MD5	f13fecda5df322520849b34a1c84f127
SHA1	5f837bce0b9759c2e0c668a3f89b08f9b079c3e4
SHA256	5647f262c58e13b6e208e3189e9ac1e7bc9a840cb017319aaed8a970ef7f526d
SSDeep	48:+bCx2Mu6fHB9yRSkQPkB0voDgnPf5Nw1hR:MOB9yRFSwsn+hR

\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	913 bytes
MD5	8e3d51837caeaabf52b3210627900f39
SHA1	d6cb2cd7b446d590fe333602af74480fbfa61c7d
SHA256	26301a9e2c0d48baa565d6da252232de44134a740664dd3df2419993e9921537
SSDeep	24:6Ivlwx3ADA156UhkAvR+V+Uvy2OH2rmff:MQUaUhkAJ+VLyFo4f

\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.42 KB
MD5	6d6b0dffcc3f7486c15f45da3eb53541
SHA1	f5b88a355196499f2fac5c34e2914bd50c85acef
SHA256	126b7d47f08fa26008ac38a7ffed3d83982c804a6d5702a48b35d8c68b29b733
SSDeep	24:6Iv/DxVu0vL3tJF/lD8f/Mq1ffYlD7IW45/66tzUSplnPlgWnsQ/kyN0FGdyx+xw:3jvLV/lkKloph666SplndBhiGdyQ5K

\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.81 KB
MD5	0ce46a9229f7adca02372817c08c5947
SHA1	16690300b3981afcda479da3e0f567e7fe63c574
SHA256	453d77a654201feb6a6e53c1783417f728e29d8090ae5cf6a8e5bf49ebe47e2c
SSDeep	48:KzSa3K3nRM5Zl2TUjQMVGngmLM1u9GS4n:KzSiynIZl2ojQoGnlKuAN

\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	1.32 KB
MD5	06e9977f8d5306ee1a84da225dcead05
SHA1	c5dd8d9175eec752f4bb01f447df6aeb59d5be64
SHA256	204e6dfea004a739c768da9bcf7a55f13c4b0c310e891f48371218c79c7aeb35
SSDeep	24:6IvkIRpzbTjtA/MAE1oa6vhkgI1bxA4DIPI2oTZklWuki+fXDxSglef35k:LNTi/rEy9vhkxA4DIPI5XUuQpk

\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml

Modified File

Stream

Not Queried

»

Also Known As	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.NHCR (Dropped File)
Mime Type	application/octet-stream
File Size	819 bytes
MD5	d653f795663be54aacc96d4b90e2196f
SHA1	d4a5201d4465c15abb9d204323d55b6dd343325f
SHA256	d2923a2b11e4b27fdf55750f6bda628a0cd9e2c40e3602f82970aff6b757695a
SSDeep	24:6IvN5bGgx0AXyXsD+lN1dmH6/eFrYSXDxSX:P53jXmE+vDBQRXUX

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\encrypted_key.bin

Dropped File

Text

Not Queried

»

Mime Type	text/plain
File Size	684 bytes
MD5	4a11b2284091fcbef7dcd16bdb88a47e
SHA1	092ef932b0c748b4b82d9393129e829c2a35c0a7
SHA256	d4eb12d36b0e3b9b644f18a509c551131aa43e9f899c6d95366e28112354f037
SSDeep	12:lLns4fiAjk20iKka2UDdumdIlm1gE/1huQ792L+7a3bF6OOwgqXO0HeN4jIlMvM:ZjqxOfURtdIMNRm6OZHeN4jxM

\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.39 MB
MD5	4dbf54e38d68669d6fdacf542fe04406
SHA1	6c33940e7c81217dc23fafeb2ccbf5f99e8904a1
SHA256	b63dbdc34f5aa1fcf9658e9a7b84464f3ddefe731abbf4cc91fdea90f5a5fc93
SSDeep	49152:xK9DxL8QBoI9eljidTex4S120ytJyham6Co6:c9R89EQ1o

\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	14.13 MB
MD5	81af8425eb02984fa0593be1b27a480d
SHA1	83e6dd62566b86a2ad3cef887535286ba561d3be
SHA256	9cb577c7776c550cd1ab625f4582142328e122d0a9c80054f7a2141972049df3
SSDeep	196608:rIwm3nNVAl+ig71eZ8FclBElWHp8byLbyo9crpLlR8ioLO0ZF9CrpbQ:GL71eiFgepGHyo2rpLkcoCrpbQ

\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.11 KB
MD5	d56866c92b74dbdd7e2b856904973615
SHA1	55d917072b38e077962a2311fdcaa3fe13ac6550
SHA256	bc54c9d9ece7687a0a7d961929a1154b39c3eff171b891d4942d00d82ca22100
SSDeep	48:8mkg7XzHy6/yolGy8H9IqHSEsjA4YXpz3wa0/UrXLT3Zy3yykC:hkg7j5aM8jkSzUEXLT3q9F

\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	10.95 MB
MD5	15aae47c663acec6da178877f8a59efd
SHA1	9db561aee5fb579d989d5fc9067a62e52cc11469
SHA256	16faa59f5b5ef6c19017f7c530ae43b894466773921c054b3825e4e446941c4e
SSDeep	196608:hffxkf1gRyjQR9g8YYIcjfX+vntQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:hHxU1WbR9YY5mvJGBZWGRz1kaza0h

\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	860.50 KB
MD5	a28aa372da71487e6cf8fbdf13ee7edd
SHA1	f45a120179ecaded17c0621b62dee54633b04b36
SHA256	169b17be24552eb2a3a868da4675ffbd1d301a026fdec5b0d98530515dfc1b29
SSDeep	24576:9RcQPmbxnP6WBzkm83xgDBo8o93OOr8Bky:rIDxL8QBohr8Bk

\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.00 MB
MD5	b4b8f9ea1e3b27253446bf294b543443
SHA1	9f8f4ed601da71fb0a0a7eb3e3da4c3b0a5427f0
SHA256	2bef8ce6ff641a266ddd9c3ce77e04cbfdf0151280049561dbb95ad859afe921
SSDeep	196608:0aDH9F7/iHXDI2CPKBUq6qMuGm9vqrRxoi93nnedBwzSlmKwDhANZbPhn:NDdFDX2J5uuGyCEi9uIQmlANRh

\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	640.50 KB
MD5	0c21b97ac21843329053cbd0073f3683
SHA1	1ac7f3720d52e8e50978eade9d3485a6ac452eb9
SHA256	9bc64c1aea2ee8a730e257cb7ee15b7dc6cfab277475531618d9bdebf62bea64
SSDeep	12288:/fwlQ+kEwOqdZkDlqfeHTA80gIZ4BgmOEGVN9vtI0E5uO9FAOu8axPFmRyy6aE:nwlQ+kxZ5e2g5gmO791I0E5uO9FAN9mW

\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.43 KB
MD5	32e7e650f5a08a544a30fb900041e756
SHA1	4558a91f16d1ca5b10b8962bd1e828dd491f6f69
SHA256	f47e0a0332d313578d4bf492dfcbfa3c9b6f6d9a342a61e4d2b69527730fec21
SSDeep	48:PIFcIug8hkKqByhIryqscrNYAFKVA4Qy2VmyQy3yLeVArZ0A+okAO4QyAo+7WxTB:gFzJq7hn+fK/2b/CSCXR/Ao+Jr7SYtG

\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	9.13 KB
MD5	64389e61afcab0fb46c84b8aad988109
SHA1	9a864c6c2a8eebae79755963ecaa574f3d6ce9ea
SHA256	dc55bd5dfe05c31767645a990510ef1845bad402ab9a122f8053ac4e7d1da4c5
SSDeep	192:ktaoMZs+BVAZwto0Y4CjJ2MqwZcp8E6Nup9hxneOQdhKUUTLEhR:koxBuTGAQ9PnfQdNcLET

\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	212.62 MB
MD5	8f20e87c336e51854294e2738fc59c3c
SHA1	6f62804f2e8ba2a36cebf9ff46cfbc5e510b93a5
SHA256	1a782a812cfc569cce4fa28b27fe633f97532469d53a62524d4ae7ebd3e8eb59
SSDeep	196608:VP3/TFnjAduH665BYmIx2hgRz86QBtbFCGNlxXcbKHG6yNmE:V3TH6QBYNx2h4hQYGNlVOqGfJ

\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	30.37 KB
MD5	8947e3403ef1fde38bc71ff6e0d80c74
SHA1	e8af052eb2550aac0d7277c0ae4ace7300268546
SHA256	0f8b8de1b009d442a58b040e122cc796d4b9897d8cbd2f803d6c105f3675bc74
SSDeep	384:ssRMEHlhV8zHiy99beHGiaybe2mcgUXpvv3mfpKUtG6rS5xNNMsKwSxtcG:ss1lhVUCelo4ybKcR9eKkGmOG

\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.27 KB
MD5	29ef4499abfa278cdabcc0bd050f50ba
SHA1	f3e410e5706fdd4969f97fa599f94df8ca398e9f
SHA256	d8840a8ca910262698b5c41ef8aa255ac32baaa5d00757a5786083a9a6775cec
SSDeep	192:kiMbH2zUNOBFpgHeHZjrMtyrJ6YJJke+FhUjJ+BzlOmnt5:kbUE8g+5Xsy6Y/kFFhUm4mnv

\\?\C:\# DECRYPT MY FILES #.txt

Dropped File

Text

Not Queried

»

Also Known As	\\?\C:\Config.Msi\# DECRYPT MY FILES #.txt (Dropped File) c:\users\# decrypt my files #.txt (Dropped File) \\?\C:\MSOCache\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File) \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
Mime Type	text/plain
File Size	1.38 KB
MD5	f25c04975af79c8baf77b44af7e534a7
SHA1	18bc638de65f212095cebcf629dc90ccf1381cb0
SHA256	2ba7fa23a2d63918616893d01c0937fe1aff11adaf1d2a6cd26de3e7c87f0b64
SSDeep	24:zgTZgizuV3jqxOfURtdIMNRm6OZHeN4jxLenR34eksVHFymW+KEHav:zg8mof8gMN4J+wxLcRp9Y4KTv

\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	34.55 MB
MD5	46fc5c2efdc4bbb68a99ba74231c6a80
SHA1	1fbf5002cb04c42af8777e65fb01e3afc9d235e1
SHA256	6b1f5386de31e00c42423f2ee8242c1e9159ef68f66b5f45379dec0d9245ba1b
SSDeep	196608:J8veXcJFdz5BF4YeDuFPDNErW0uwIUIvilceWyiKjnh+KvxKA:WveMJFdnpEu7mWrwIUIKV9vxKA

\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.NHCR

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	185.98 MB
MD5	cbb7678b36b78f8997db01e1813c9cd7
SHA1	2ae7cdac0f740543e6a7496ecf6d91dabc1968e0
SHA256	4d65855f545f9a88210cff3a28304558c46dcf300999e4ec9609c35e91667c47
SSDeep	196608:dsILwohZMFfAzx8Am1TUXqVu0NhwZOUjmAZF7bPHmUJ71u:WwhZMpff1Qo+5jRZlzHfu

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After