Filename
|
Hash
|
Operations
|
Category
|
Severity
|
C:\Users\FD1HVy\Desktop\Mr.TeslaBrain@protonmail.com - Copy.exe.txt.exe
|
MD5:
f1d679e62fc57db06833ecf0fb697dd3
SHA1:
dac424fdf423e4c43637bc9ccb254ca229f511b1
SHA256:
5001d6b2df08b92b70fe5500423ccbad56c8194006906c3721bea4da2cecc394
SSDeep:
24576:hnY//OqmDmyNEB3b4xPM3bbFUxMjuoBFZPNTV8lcpGf05:hnY/2myNEZclM8N+clcpGf05
ImpHash:
26fec8684af3427e6a9c950aa1c08b68
|
Access
|
Sample File
|
|
C:\ProgramData\Pkey.txt
|
MD5:
6cf553f1b56c93c70ba36f6d5fb83bcd
SHA1:
51bf93de9b23db33837e5cad6a8727e286a9b49a
SHA256:
dcbd4c5f74f845f313e4e6554ae0aec46f3ddc3b86d4fe325d8e866614e8c7f1
SSDeep:
6:kg8fx160EVMr+CQBmEYD4RzS7FkVw5NKLnn67neQMJcIcXmfClTXVRAVBFikEcw2:pSx1xEV4uC5No2ecB6CZV6ck1r
ImpHash:
-
|
Access, Create, Write
|
Dropped File
|
|
C:\ProgramData\ids.txt
|
MD5:
03fc0a6668b9ecfa16aaefdb08d51625
SHA1:
dd31944cef47f6e618bf3f51986c4132de675e62
SHA256:
6e44c210e56e5f6a34f3f436ce924ddd03dc839c2ebdf343f9acdb4f0bae0167
SSDeep:
3:FfoOp08n:COpFn
ImpHash:
-
|
Access, Create, Write
|
Dropped File
|
|
C:\\$GetCurrent\Logs\PartnerSetupCompleteResult.log.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
d0d6770fe9451c49cff46d8870ff96d3
SHA1:
838c46f49c5b2fb2f0dcada64339d2bdfb38a9af
SHA256:
e2e695a908c15096888b49b73aa96f30224c89fb082476ca315877aab14f91b7
SSDeep:
6:2hQIUclSkDLSk+MTcVLnmTCMYPClCHNKeVchjJR1GFhrP4+DgdQIztN4TC:2hJPlBX+XTmuPCmAIQjb+4+DgfL4TC
ImpHash:
-
|
|
Dropped File
|
|
C:\\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
0e15e70c29d41f7ac2389bbf8551d941
SHA1:
8989b8b623c12db03b1ebe66837f0e93503963ca
SHA256:
a04729ee7dcd1230abd9237def46a1a3a47433bd81b2934c85987c6cb1ee967c
SSDeep:
768:NiY3RyKZDHEIYr2f+FWl27HOuIpOHWru3XLXOMRT6S1Xg+bA6qKO/C32bcSkKM:NiY3R9kIbf4dOgHFHqMsS1XJbAD/C3w2
ImpHash:
-
|
|
Dropped File
|
|
C:\\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
f460a1d6c178647f7d288fab7d59c05e
SHA1:
6e9875a7808c0e14aea3577ba3f6236897a327d0
SHA256:
31be677daa80bbb9c874e976dae41eff437b1b3ee7ffdcabe6a69a5809aea2c6
SSDeep:
96:uQceYYAdEeji3nckyPdbVMO77hxHj7DICvGQQI4Z5FPhqkLy0gUtPRUMcSONMIAP:fAdETyFRr9xHXDIg43qAyeZUvvSrP
ImpHash:
-
|
|
Dropped File
|
|
C:\\$GetCurrent\SafeOS\GetCurrentOOBE.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
f9aa17e57e0f75d013955dc746b907b8
SHA1:
e7bd5e41846b425ce3cff500582c72b82dc19d23
SHA256:
3e61400e5ad14c77fa87e8796f5fc7530822da66ee3d8de04d701e0a9c2ec047
SSDeep:
3072:Fji/RWNlR/EV/mnN+7oqFJpycVE2Ya6JYJqIuM/FiV:Fji/RMR/a+4pKuluM/FiV
ImpHash:
-
|
|
Dropped File
|
|
C:\\$GetCurrent\SafeOS\GetCurrentRollback.ini.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
d4d57fb8f0a3799d701f2f5c7399dcd4
SHA1:
87f51f11a0d86981264d8cf210fcc0a25b71a57e
SHA256:
fe725a9fb671bbc1bb883f223c339fb97177929f00dfad9bd76fd92f1d13ebd6
SSDeep:
12:boLgB9H+V4habnsy7ZZzOrK+7nPJaGncRlbe3bO:U0TFhabns+ZWITibO
ImpHash:
-
|
|
Dropped File
|
|
C:\\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
5190d1fccfe9e7686dcaaaf96fc638c2
SHA1:
b99ad43121247f45f60e41711bb11fab93472be9
SHA256:
092f1a7331fab0a6b3bc5dfab4b159aa51ae0cde632a44ec276cf4b6520e5ff7
SSDeep:
24:y8+dTSfFhKdm0/nfiYSE5kQJ8cdfHInpN0nY7sbCG6ADK:f+dTqknJ5rCcHuY2GnK
ImpHash:
-
|
|
Dropped File
|
|
C:\\$GetCurrent\SafeOS\SetupComplete.cmd.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
0cbcfa7de84932f027299e6a59b1f1da
SHA1:
2b12fea9ec13402460cb5437d0061fa0cec6136f
SHA256:
aa1a1274f9193f8e5865c4f3b632ed9cfae822b8c1a0fd8e3b8bb6bc579c8a67
SSDeep:
12:RHLNVAWNgugZc9FPRuJldbni4fDewx77HcYw4dl7k:RHzpccTRYldi4fCi7HcYj7k
ImpHash:
-
|
|
Dropped File
|
|
C:\\$GetCurrent\SafeOS\preoobe.cmd.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
6f9eb8001c3c5c1d19ee994a473d7e0a
SHA1:
ef3f6e6c19839d8f60fe902419baec9e37223e75
SHA256:
9c67e42cf46a19581611a5b5283c0258fc0113a7f4f4c5ba2c6ac7774345b57a
SSDeep:
6:YYkDV17zx/SqwwVg8gRjKiz6NeBNy2sle9ziFUxWZEFnWTIY+GGf3XyY+:YYS1h/5gb1TcN2tziFAWZsmIYtEnb+
ImpHash:
-
|
|
Dropped File
|
|
C:\\$Recycle.Bin\S-1-5-18\desktop.ini.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
7ce3f456192cdbe7b016950312522869
SHA1:
786382347c8b896b61cd0b35384cf4b9c779f787
SHA256:
d20d03419ea621833578cd406b1457b9ad773dea895873d4e846cc446cdb56fa
SSDeep:
12:6hc3sF4AJiEvHs1fmrdstuKzcg1Raio3Z:63jJPvHK5zXUjp
ImpHash:
-
|
|
Dropped File
|
|
C:\\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
23941809feee877153b891229a492a34
SHA1:
294b0e9dc2c45de53072ce27f1769339954797c7
SHA256:
4d3db2b4bf163c660f642d70c5e99fe203cf3b34d554b0d90b3c811b50292ab2
SSDeep:
12:oiHe/WDn0zRH6WLBTeNrd6Bb+x3eDZskbYIhQ:oa4XlH7YFoBSx3e912
ImpHash:
-
|
|
Dropped File
|
|
C:\\588bce7c90097ed212\1025\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
f296a755d202f72aac182a1ee7ca5b06
SHA1:
63497130c0d3a0ebd3100cf0a238a6bb4c61f418
SHA256:
1649e481e4079c5df60bae1844bbbfc52240cd785e9d285f18057e1762841c0c
SSDeep:
1536:Luna7EdQ7fM4TS1gGrRyEavIXwoS1MoQu:Lua7vZTS1gXvt3au
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1025\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
74f2905978c6446f873019adedebcad5
SHA1:
94607cedaa1b5682925b4edd04dd83c4fab69310
SHA256:
c8c3137507eb88644d494148ff27604847229214fd5ca94bcc1d87492c7115f7
SSDeep:
384:vfzpEJRwGCRfHp1W158nWHks+iHMcrgxAxn6tuaBrvDYR4SFfJF:vfzOEzWUWHksBH1rgxcEuaBrEOSl7
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1025\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
bb016579b95b113966961a010531fab1
SHA1:
90ee9e7d8c72383b74de9df8b375502807b833db
SHA256:
7bcce565546b72016b126ea3cad47178a781f870038e570110fd95fd29e26c8e
SSDeep:
192:ET4cT/c6X+i8v+XVMwE4wqwYpvyTTl+XEZMMucNvR:ET/XXVMIwqwYpqTB+XElN5
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1028\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
6aad5c09e8fa6ce385d7adb48f681508
SHA1:
f1acaa9c0714acb5c28ba1874a717144b79e3223
SHA256:
978966403d661ce9c62085802bb14c149c59010f5024eb8dcbc125d61175cac8
SSDeep:
1536:CjRBv+gbjuWhEJrIpIjf4LS0uX3S5VOwfkEvI:FgXuWSIUKjkEA
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1028\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
4318dd105254d7f4df872f09c90bfe72
SHA1:
1fbf683379fcdad6aafd16f2f250a8076c1e7c35
SHA256:
fe020f3295971170085bdd77677d6efbff90ecc1d2bc3b8cf48651a00b55898a
SSDeep:
192:lI9j507ktJjt68ePDJNd7UHO/utC8BuNCzUJ/3Ox3Z9qyjK8tRrqJ7C6Z+27:cjGPD7d/SRCCoi3Z+8tR2M6b7
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1028\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
aae467a33b5cfad5b48c4088884b7b91
SHA1:
6079156133dcfbb0e505e92f39edec5fa027c0fd
SHA256:
82c70ef2cd9d93076478e6aeace7f820d254333e5cf3f0247dd7dc1cce210f6f
SSDeep:
192:QaNtE317usszIE0BRe6enfdJmZrNabWwU:Dvs17XSd0BHIWZmWZ
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1029\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
ebd2961d9ff78a746e62c295a323026a
SHA1:
4b15352a6aba33dbf8ac9917308b6cefa29e9818
SHA256:
38ac0829d047ccdc3e252d05cf732d1052a4e8e8b7288f72b1922e2aa9e3365e
SSDeep:
1536:Z/IO2MK9r9YjYLfgh/olx5V8mZ9pG1OMEiR41kGdm:9IOIrKYLYhIP8mtd/sGdm
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1029\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
4e88a909e6715d838dfd33bd5aff1f3c
SHA1:
ec065b3f5d42e627bfc71f6d7f0f903155f26c40
SHA256:
64cca9917f8eeec794f53898b74f4a3f01dfe546c9676e6fdf2eb1ed7a267031
SSDeep:
384:XEFw8TbY1G5/kI54/lPLPYRoTKrqzIKiytqELTDcT3b:XEbVMIGTPYRoTKp50q4Pib
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1029\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
d3c9fe9e6b0d8baa5a2c8881b1a22a48
SHA1:
b21ecbd252cc2fc055a7c279e9ed7c6ac946a7ea
SHA256:
2c6409425d4f4a945ab213e81050294519bd3f4e5ddb31eeabaeecb27a3f4882
SSDeep:
96:h6sQOVTxOHLZaiBBpz/vPK53rLhk+ZboE6:E7OVTgHLMsRCpfT6
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1030\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
25f4d73ab007b59d4ae104882069b50f
SHA1:
6e78f3dadd726f989afd4a0e842404abfb77ffc2
SHA256:
2f900cc56fb2d68caea5df021b1e1e5bbf7f8224d75dc22e8c62743a654471c8
SSDeep:
1536:YtjKPh/PsYbIexgqUfbUuICNcHZ+MyPIZrLsqc9HSs/Smk7J:YdyHHMvqUjQVHvFdLCkt
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1030\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
6e9f462a63568d397e29f8c40687e89b
SHA1:
ec924f60eed451e4a1eed16a543994bd85978c04
SHA256:
f60f2391c737de558275565e82f299277adad95e920ac50906c1d5da69bff149
SSDeep:
384:T4j/Ylf/BShO1omo8CxgyE4ZroGtHqPTAIoAx/vpb0o2yJm78c9247wN:8YFBb1bo9xgy1qPDxXpAAJ7N
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1030\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
48177d77bb5e162fb5cbff418d7ead43
SHA1:
66f2620b2a3ceac250d7e257e61aaaf10bb79348
SHA256:
c77ddb4e14833ca6f1eb993ce26be3ccfa3d9f0f4bd0a67d559ae1fab8365fb7
SSDeep:
96:jRbSpmSdINmRNWf+FkYewzWGg7PcixssFW6kVt6jEU7uDn:9OmSXPFXewIPcbsI3z6jEx
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1031\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
72468d86ea3c19038908daaf8ab14edd
SHA1:
b8b24cabc4364783e057e5f904eeacc5ca75c640
SHA256:
f18ac6081a40c361024e354126e3b04cd550e0a0a9c43d531194088d728a8b28
SSDeep:
1536:PmxJwJxvnNQEJcnzNT3i8CopD/EVTM65DsfQK9pdpDmoVfZVP:PmxiPNQ+cnZb5F/EVAisfQKHlVv
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1031\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
e8018f9d3e7205956fdd25662a38596c
SHA1:
5e76eb4a4af45f7f073e995568a179ccc4825eb4
SHA256:
ae99797cf7ce22e20683dd8199bc6085b8740724da73d2dd300220b02aec8589
SSDeep:
384:fgF59aYpdnF41U5NItIK+I0CEr6uQL3WQIaCLg+Czfp0:fg/HdoPtuCgQRNsg+Efp0
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1031\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
c951971d000c4ae396287bc1247217e2
SHA1:
194cdafe458187a3ba870f103b8aa9b9d713abd6
SHA256:
d068ac98bceb53490be222826d7f959c2d85f15f33b8ecedcb679fb595e8eea7
SSDeep:
96:+0yPaqvvPddwdP2VbE28P9/ozcCH6/hQ7KSZsaDuKIa:+pakvPTwEQ2+9bCa5MK1a
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1032\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
76e6c765bc6a637d6e955014644008d6
SHA1:
a7409bf2f93360f6ce5744b557a5220414afe58d
SHA256:
9ef8e7ff54452fbc99976e111b5d3da212a2802183106ecf79ed8667336c2aeb
SSDeep:
1536:ngLxszbTBdU2rWSfGrt9m8SxmC7JCO9crHdn5hqpck9ro7/R+:YxsNdU2rWSfWtzw7V9crZ5KrojR+
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1032\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
94bca0a54f99bfd2235c94f864c30a10
SHA1:
63100cd256f372f9a628e9a467b9575abc2e124d
SHA256:
1a38466c202069dffbdf2decef85b953b7ec3903d8c486d8096d95a627000515
SSDeep:
384:AQAy2ohyZtDBRSSrdk46fd80uzluJ0jLgGbcHz8us0fD7tq0ckaB5nuN8w:AW2oudK2ZJuJ0j29sofA0ckaB5S8w
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1032\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
a1bcac656d16e447721c74d997e7654f
SHA1:
c609aac9c5f856226998b73e77b8fe4b48349278
SHA256:
bd6d0dad6198237c8b1a5606d51f824541a95175f29cc8296830c9e1455a95c0
SSDeep:
192:+qXpjwANguOQDwIy1xPg/j2gD0MlyHuSW4rFY3Hv:+qZw0HEIyfIr2m0mOq3P
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1033\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
c8ac85009b6ca7da4392f1a6a64c09fd
SHA1:
9d8e8b3934d04e7afa2ae4f24009b261afec51ed
SHA256:
e87e6530d21f3331e9d2b38a49ad424022b08e1b42b1b11b705d8f41274578ca
SSDeep:
1536:sxfApV8d/PQqhAvSBpgDJtfLzSDINCErjNa5CU:sdPhLheHtfXS0gEdCCU
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1033\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
c7fb934732528c2ff691732ee8f226e2
SHA1:
b725a37b9495b775eb5d2bf03411660b4766a9b2
SHA256:
f483343db89624fd0f1b33843593b21954bfa47f50f7e2c504fc493af29d45cb
SSDeep:
384:UZKQH2lgnOMIzVQrKlhOf9MB5Txz7U3jkSk4yYYDUiPLU60cZpJ2D:zQvqfL6ApU3XRYDUiP7PZp6
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1033\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
970f068ba0dbbfe25b4e73e47bf6f821
SHA1:
7cc6d9b435da6069fe3864032d649963e6d32bde
SHA256:
0d15b8de18340a0b4d5f220870e6459a09da7ef9d0894a30919383aace276900
SSDeep:
96:u3B5VRv76hyN6JO9PuSpReSLp1TblN8d6LQJ5+:u3n68Pu2zno+Qf+
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1035\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
f6dc2df6502324345b85302d77e9ebe2
SHA1:
84a8bf7d6516bc22d3a5e1d8bda2f63f48ea4127
SHA256:
af19e4f9107924dcaa8214bc3189422bbd2ef4d35c7feaa6eff03992e39dd0d4
SSDeep:
1536:DCS3KPaBJYa23Z1poglMyc2gs3RjPXLwx5fYokpEOW7dd7L+xWjRWQ9M:/KPaBJf2pbo/Cgsh776gokpEfFNRWQy
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1035\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
34d282730fc7ce5c244fe19edcc5efe0
SHA1:
e7521fab4c5ab365a80a453b32cf0aeea5480d63
SHA256:
5d385fcb4c4a95bb1f37677d5fef9bb7ffa7ed18c6e9bbf7aad8078b0a7a6088
SSDeep:
384:C4b7NECbGFRCti4vzv/DCJvREBz3b18wSIrNZsHFWSqkFjRd3JDAiJh:PdECbWwI6DOJvO95HhrN2FlqkF9jDpJh
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1035\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
16de040461e25da0f40fbbc47c81def3
SHA1:
a36f04e5531811fb55915ad902b8b03af02d3155
SHA256:
511d565750522ee8a9a70c5ad2c42f68dc84eb7a63bac6d9748d46f163c25fd6
SSDeep:
96:GZ+dIyGaieTm0kTGFI/ORDqITOQXuka8qrDccCvMgSKWrV:cXYmTTI3qITOyukhHG
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1036\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
8a4eccf46969bf733f1a29025a6eed70
SHA1:
ff19b78c9a878efa792352539088ef6f84ab7164
SHA256:
c8a0c2d04c685c6051c0793882aab13707e2afdd16ed0894557c74d0a52c3db7
SSDeep:
1536:UEOiUC8SfHN+pNSEvBmgyu88nbBYSZHgWEdm2Dfsa8aQ6ycophIVVVddi4/hS:pXzwbSEvZLBbZAWENDUbIoD4VVdvhS
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1036\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
7ac5dbe6296087746ca87fd8140a61da
SHA1:
d88a06178a770db327271f11e1a565f2b87ffde4
SHA256:
b9720ee997f43f8cdad44c7f2a400fc6e10d79c58357ad6b65bd6130772cfd27
SSDeep:
384:zmMjbPLIVOP06zRefYgE8S5wPaRayYhGntbEkBRAWLR0HT:zmMjbzKR6zOE8SOaR1YMNlAWLKT
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1036\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
e61232c9eaf0b43648c61f2f7ed6a638
SHA1:
a8d875aaa58ee9513ff03f511890e383392379ed
SHA256:
c1476dce1fcceb5b7b547192e081a765bb03c768ba03574fe0468962469c9d76
SSDeep:
96:lpKV6Ck+5mRekXkOMqyYo+hLWpr7JqoFjCqxQR:nl89qf9spr7JqoofR
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1037\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
035fcfd58677c92438b8cfb5c5a2be42
SHA1:
e39952bdd80308d65d2a508dca19312e96b1c526
SHA256:
a61245919f98c40b911a5bd69b7505a852b014c40d402724e9af0904f6ba36f9
SSDeep:
1536:9uLA6GFqD/i80SHs1zw6H/SiSIUntjt6iYtuokgbprhyrNFfjErzLt:AkfG/i80Pw+SDtjt2JkwrhuFQH5
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1037\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
70012a9e6c4026d83d55f19150d9eb88
SHA1:
b1aa09bce65ffef866a0743a894d87aba8d3d789
SHA256:
42d1e62c903a50d744cf87f5d42b4ccb32dc972ec088a429aee2e08c37557592
SSDeep:
384:JcuLJsFceDPETi61N/k0sJEymiWG3EKkHIuXxsF:JuFcwPERN/kc7PG3EKkHIge
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1037\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
9332098c575eba2a2c13f11a2732a03c
SHA1:
75cab995a900293598b36a481df09edda1427dbf
SHA256:
ec743b76cc7bcaffc09ea4235ec3e936d8739d81be2393f78733b5e7954f5569
SSDeep:
192:RFvP8og6P82ujI+S/BrCdvgUs2YgWZsp2kjou:UYuvS/kZs2YI
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1038\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
67e6dfc57b6fa914949b36e33d28fdd8
SHA1:
9dfdcaeef133459049f949c40e9fb119c65df63a
SHA256:
0be0e96b0e6cda899a8b2466d4ab74ed98361a555db7cc73deea05e1ecefff74
SSDeep:
1536:EwxYDoh7AEYVEXz+fheweciGlMQpHQzUz2hfX+Yd8wmbnBJS/HAzIFtW36pm8KW:E7DohcLEXzGoRGlLwgYdmbn+HrtWqc7W
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1038\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
7d5750d96542f3e588025961dbd1a787
SHA1:
4efd29154409563fa13fc2613d78206ffa229b9b
SHA256:
9b6f0b568c24bb0fac93a110666dabb45ccf28880676fe6eddc0a762c295deac
SSDeep:
384:YT6J89BSIw++wWqhIxzm9qQL2WYUwOAj6IS60loDN:7uGIw+jWUqKqSH3wfKgN
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\1038\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
6f8a840d835bcfbff809f52786bbc879
SHA1:
b91ca502721cb83e7e4191791b141d4cbe231bb6
SHA256:
a55902e49e917fd5b9336787d1211b2a82f251a7527dac6fd9a62fef9f999a01
SSDeep:
48:XddpMCMP+GECwV6ZGfBkTJ0MJqCW2O5orFhUyIm9WUh8Ffq15eBE90paUSy0Y+v9:tXtMP38OVqs0gFpItAl90eNhYMUve9Fd
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\DHtmlHeader.html.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
9ae18194554b7929748b93869bf80ccc
SHA1:
bdf409e2aef670f1319f1a2fa83dde7b7041d8e2
SHA256:
fbe9dae09f491b67b2cb42195173ef0721ac371dd41a36768e40116e99480cf7
SSDeep:
384:51VOu3N1w/u/mHoGPDRC5VAut33QwawPYJhmbUk9TkrI:57P3NG/u/mHFDRC5euN1C6bT5
ImpHash:
-
|
|
Dropped File
|
|
C:\\588bce7c90097ed212\DisplayIcon.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
136baa27792b72ecbad6e7f03b256478
SHA1:
3c5925e430c74d462ecc5b6f65c0b4dc020ed8a6
SHA256:
641b66d0e656c8068cf76fd23827abbd11bfe5be7c602e40611072227ff45765
SSDeep:
1536:HNUJRyEvM/zaPLR5nYP3vufEvqnfgdsF3MUkC9Ls0LthGn92fY:Na4aPLvnYvu8o18U99LTJzY
ImpHash:
-
|
|
Dropped File
|
|
C:\\588bce7c90097ed212\ParameterInfo.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
876ffe462efe5798ba52d66eb0a30ce4
SHA1:
bf8475e519dfdf30bc825c098c7e540edf17ef0c
SHA256:
63680245457cecdffc3a909a0ea8803307a50d35ff08612ca731fe14e7cebee5
SSDeep:
6144:5Hyz1NYlhnIrQTN2zifn7Hkn7qhXEJY5JDdzt:5Hs1NYlRIOQOfn7HknmhUJSHB
ImpHash:
-
|
|
Dropped File
|
|
C:\\588bce7c90097ed212\RGB9RAST_x64.msi.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
38f07df14e88e9dce1f5717d83afd3fe
SHA1:
fa5d2ecb401fa0265a1fc0181e19ad7dbfadc5a8
SHA256:
bca5c6f0a242311c611ffb9d3d23919ff9db027218999b03d53cacb0e1f1cc11
SSDeep:
3072:UQx14X1cArU9e4UYZ6F4nRQqAXkCHhB/AamP1p7YqSh5rYxXa2IR1R2Gz1QPRauz:nfSJ8Rcf/AP1pUJ5reS1RH8l
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\RGB9Rast_x86.msi.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
67460416cb2730c723edce8f05cce1af
SHA1:
2e89f68345d0c9aff98ec60b068c36d9471fc526
SHA256:
0bf965878b2a67da90c662a2ba3df72cb46e174ec8ff34bbedc4b5b733c224bc
SSDeep:
1536:MrFhMxTZFeXv35o8aHCh9fm5h/mnMRgo/FfP41WCM0LwyQVSFIJQ/:MkFZFe/WkhFmvzio/FfP4kUcvVSFIo
ImpHash:
-
|
Access, Create, Write
|
Dropped File
|
|
C:\\588bce7c90097ed212\SetupEngine.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
b0a5625501a88d0feb1fa6459ef5118f
SHA1:
a90239f05883fa26b903f1e696e19a1ca84faebc
SHA256:
4366241834e2a17ccce9dbcb441fdca29580f1c07ddbe9f08beb114ed464906c
SSDeep:
24576:5DCwcp8Jo+uQG29PlnAAE01Y+PmjCggOHHaieSP7jKjsD8pQyh:Mw6v+u+JS01Y+PmAivCRph
ImpHash:
-
|
|
Dropped File
|
|
C:\\588bce7c90097ed212\SetupUi.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
47ea1c63f564293f8b92a5b3bc053149
SHA1:
1f7484ce91d50353a8b7d963a41c9bc9907b8b8b
SHA256:
5104293c0e48d8fed25dc8fa566e0f34651d5ed5663956b7c7f5aa12740dff4f
SSDeep:
6144:7zzwlXKCHBxFwrkxA0MzPHavu/3Ool3XxQ8xB3/6UF9rXzBu:7AljhwAxxMHOse836urXzBu
ImpHash:
-
|
|
Dropped File
|
|
C:\\588bce7c90097ed212\SetupUi.xsd.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
29c9b8e4b44d3a0cc1b7cca674afef9a
SHA1:
719257f97b1eb69d349ed698d282590792729130
SHA256:
facd39d83599059a545d219bb0e2e0553a2ce614e9b4f33278e58637a0f2997e
SSDeep:
768:K0rNo+FO1IiveHWRbCjZhCzUN/kG+g3mk62WF1c/H:KONhFO1dFGmzUN/kGYR1c/H
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\SplashScreen.bmp.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
8173b55a04678c48f880cac4d885acb2
SHA1:
203e5f8a77f1782f854e427cbd6114831e97c176
SHA256:
9385a7162facf09b0fbc4fb8c2a372907e1233a63bc78198fc4648e41f6e035e
SSDeep:
768:uw+EDvdbUq9NTpI8Wuc8sPQkag0J0g2HN9O6QDDwYALsSsm8m5E+qB7R7TeyWPQT:umDFbUwNTpI8Wu8okag0J0g2DONDQoEy
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\Strings.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
33f5de7f4487839996b4823bbaddf474
SHA1:
c46b858b039ede453151e570d8bf26c34259e490
SHA256:
cabe74acd0e9bf26c2d0e8567b279e77bdef859da8fb6c0dc8ca40a88e9c9bb3
SSDeep:
192:eJlixD+52pBgSk3jyaHg5Tg5joXxvgOuv6QGsLVp8SsT6p+91bfyfEm7+jsdW5:eCQSHk7g5TUUxnk5Gspp8SVo91jaEzsY
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\UiInfo.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
dbf8e040fd1f7a7954e4b992ec183ad7
SHA1:
a0440ff3cbc6807804db9d54e65eb91c609baeb1
SHA256:
af0028bbada037aadcccd1b9c18e82356f94eea2999dff49b36e25eba36758da
SSDeep:
768:fNy7ncyS4QbrEu5t/p04HjSrZd28VgLsMLEw2MlxydjZ:l4nZSRB5tOKid23LsMLEwD2RZ
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\header.bmp.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
f1ce0ea6cd020ff15af7a3133fe78b88
SHA1:
3fb1f32a652007829b41e2cb3ff66d144b3bd3c6
SHA256:
c0c77700491e457cb5c097ee91de96a4c06db50e6111356d07b1f6ed51ea15fc
SSDeep:
96:VMEilASEBq0uTaqj3EvGXCAG4W8OWp0cXEvWoLDgl5m:uE8ASQqj3oGSAhOWp0cXE+o65m
ImpHash:
-
|
|
Dropped File
|
|
C:\\588bce7c90097ed212\netfx_Core.mzz
|
MD5:
8cb53ca58ed4c3672142a2af391bc780
SHA1:
4bc2612966c7fb893bc6da9d5c03be92e97b0ee6
SHA256:
44b1c4f153fda27184412b796a512c07d8d6f5fb1cfa379549c5a7954a2fa9ac
SSDeep:
196608:8bZl04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:8tq4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\\588bce7c90097ed212\netfx_Core.mzz.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
4b894047a9566c5f31f29655bd9cd737
SHA1:
7501d6f45be1f83643a41983ae1b6b7437189230
SHA256:
9783f2ca4768eaf79b49f72cd7fd43882efc4243941c377f7b71cadcd0e8a176
SSDeep:
49152:tEYfQk/9PSclVZ841ouw5rtofZgRCip04XzAQqdbwtVM+:tdQkVS4v84O9ZtyZgMk04DAQHVM+
ImpHash:
-
|
Access, Create, Write
|
Dropped File
|
|
C:\\588bce7c90097ed212\netfx_Core_x64.msi.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
f363b7cc1b64376c2f5caecd80b06458
SHA1:
ea5ac492fab100d7273cd7d47590bdf0de969a66
SHA256:
88b1bbd6e8bac6e84d8060ecaba15262c08917ab78405ad79370e70134f5cff9
SSDeep:
24576:crc6sNrQpc+BQbPyxbs4rONSnfiPBC6xahsolR4fjhOGxZWxw0+:T6uQpcxisfQf2M6F5LX
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\netfx_Core_x86.msi.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
6a439e405da7f5044e17bec767734216
SHA1:
f8067821f7e960a51124cbad7f409351b63655b4
SHA256:
11fd9f30c93bbc2e2d7e572a4a35ee2868f07c1a3939d5690da34c23bd07d0c6
SSDeep:
24576:yYUmmd9sNbQXcUwabPx9bswH/fd63S7PhCYxrX:djmT+QXcWDsK1Nw2
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\netfx_Extended.mzz
|
MD5:
d715af4d1e3d0475bc164f683a7c43f4
SHA1:
a8aed9632715831e8ced19af2212b3723ecef8c1
SHA256:
355f42f09ed8cee86a4c35baf2c5be8bc4f1cbe4daf790510f91f3a43b6b6176
SSDeep:
49152:CkRpSdqU6JLLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwTset:LBZKH2mALErq2nt7rvfI+vZpfQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\\588bce7c90097ed212\netfx_Extended_x64.msi.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
8a8c19d6382ebf4e137c3882070cb21d
SHA1:
d83e639e05701f03f7155b24b4f99718e31699ae
SHA256:
7ffa2514eacd14249b31b8a3e28d097ffa6d3a70fb9c47e1ea8fc43611cf2bec
SSDeep:
24576:p1ymQVRqtEPzh+MQH/WpLJf2SkcDvUWsFoO8n:pAmwVPzZQH/0J+A4Jol
ImpHash:
-
|
|
Dropped File
|
|
C:\\588bce7c90097ed212\netfx_Extended_x86.msi.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
67e986c45117c53503eeb5fa4e5dbeec
SHA1:
a010308f8f8b7948ff2149adb6a3d27b637956f1
SHA256:
e35fcd650c82733fca8570fbdb30018d56b336f6c3afa3de5245f599afc6d293
SSDeep:
12288:HfmNRdwWgz+Rzqb2ZLlhywVD0jAQixSXIWLvaWO0x:Hsw81qb2cUDEix6IpWVx
ImpHash:
-
|
|
Dropped File
|
|
C:\\588bce7c90097ed212\sqmapi.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
6028b861bb14a67ccedf0f5f573855fb
SHA1:
453dba590ce3ae31a4a94d1aea01815fe17a0f53
SHA256:
c54661cc146069971981b3f7c53e1f61f5876ad06dbe15f333ae312b6765fa70
SSDeep:
3072:ICOjWaQ/JOPOZEeG4WjDDGIp+8e3VjHz27jNkSUXLvmmWxjskI+cLnqDXv:LO6acOPOtTWz0HjTKryLvmm+okI+cg
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\588bce7c90097ed212\watermark.bmp.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
0473d88209dc6d180e18bc8673dc2331
SHA1:
77ed7b1b66d9dd6c44fe0ab20c40eff3152224ba
SHA256:
935f3613ac732ae9caf1a6e5aadb2136a61ddb1cee233e939624f7c21af208f6
SSDeep:
3072:NInKJDe5OllXRl9XcOe/rIyMRhnNNJY+A:NBJDw0lXz9XG/srR5NNiL
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Logs\Security.evtx.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
4b26e96969fa9c719930b47c4c64d9cb
SHA1:
473d1253cbb079aa806eee349ffcb6caafcf06aa
SHA256:
e990706eaded648578149e6d0f1d8924d5d031f73ee81f2a946c0d81b13e6bfd
SSDeep:
6144:HOYVODvqPTCP3kdY1JmhYz6zU5KsVv6WlqF568sd6jU5QPL:HfVmygJmWv5KY5AHsxi
ImpHash:
-
|
Access, Create
|
Modified File
|
|
C:\\Logs\System.evtx
|
MD5:
b1241bb0b07f35a7aa327074e8786a4e
SHA1:
e840581267f673fecd3122e0ace30e195c08f524
SHA256:
fc4f9d9c862c9d8aafce7028258040d2ac9da79da5d12d8c765e5b488b9ffdf8
SSDeep:
6144:/ZyjBC0TJkh17YS4AIGeYLSp+P5g67QjbKosIArXCGTUQs:/ZyVCWJkhG6eYHPe/KRCmJs
ImpHash:
-
|
|
Modified File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
2b6f0e3b04c2650d7c7e9d7a6456d9c4
SHA1:
cc1e6a258e6516594aab4aad362582f6c542dfbf
SHA256:
2fc87355a9b10a6f5966aceae66cc4e511633f385ca97a6d4e604d4227d7fae1
SSDeep:
12288:MQftUGiS2gcIkPXgq9PV4V/0rkw7P8DUEoJPcy8zz5k:MS25S/U1PV4WrkA6idgk
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
18adeec0b9839e108d847e1c6a365959
SHA1:
6c735e8fb301c7906a5cd0342b00eff7a1d69fc9
SHA256:
b38535d05c6b66fa6cfae00e9203c06f39f9b7f930d8b155d7acafb00dc1897b
SSDeep:
12288:gljAbOU/oNNyb8jyV4qwvPLzSQ15/FAmlXpT:gR6zb8aXwvikLN
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream64.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
07ef6128d5efdc94fdcbfa00a2777124
SHA1:
5edbf18c987e8aa1bee00a7f85d01acb347e21fa
SHA256:
a297906975979ca12461b49de70ae45ed6d3a482188f763cc24d3c8440b50328
SSDeep:
6144:U+28lLnmnUAEH+agGbB5s8KR+qXxLZy1CVD9xBN9UOmVoKVpMDTmpFPw:jLnaUA2yRdh9y1CVpImKP0TKw
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll
|
MD5:
565ab2b3d846b5e2294853bbd2eb11f0
SHA1:
574a1c7c301a5858931c1542a2adf4ffd2889532
SHA256:
592070ada9a559618f3088a5ad54123df653fb922923399f027e32662be2a33b
SSDeep:
49152:rcq28/ceU0RMu9p9zxBTEWxeKWARPkuwwLM:4qlUw9pZPm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll
|
MD5:
05f16698b9494c999ed5273317e3c7c6
SHA1:
13fd21a015d86de47ac5c0f2c9f61ab879d5d3db
SHA256:
f223cddb3ff1db79d29aceb84ca2a0957f573067a044f734cf2a9a5ea83b2f29
SSDeep:
24576:663tpNYRNwm0YdIrNF1XbaUT5RH3t/depfnhxTl5uquCAQ1u:xyNl0YWr5XbaUTb3B+Tl5uquCAN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
5ebb77ea2d9c2a8603889a97c94c96b0
SHA1:
5dc4460e918a5178dd556b3ac36ea0574ae4b407
SHA256:
302fc435e3e8ad5b3efcced062bd3c75dddf4d1b678c6cb83f7c03d0938036f4
SSDeep:
24576:xplbJS2LEeLtexHvusN8oNecdbYVsgotODK:1c2LjLtexHvu9qYGDODK
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll
|
MD5:
edec1c2e99509a00361a13a48991df2d
SHA1:
ec8a17c5ca62b4107d2b63f7f54ab1b66865ac38
SHA256:
03851d8bd8489919fcd810a0683be4a1dc249e2c31ead1043a13cdcb46db412f
SSDeep:
24576:bKLYu7SpxKEH6K7NVuGthWNy+5yNhjp5ZUrS+tPopGxyZ:3u7SrY2NAGtoREjNUbPK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.en-us.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
d46ca3c2343e68a6c67b88195fb358da
SHA1:
42261b8fb3c32f69e7cc6ebc5dd7275bffec1ec3
SHA256:
96c7109a571a9675097834fd8e50ed1fea45b345ee5b7014cccc32aa6c70e2a8
SSDeep:
24576:qVJUixVsuLSHvd/mrMH4ul6Zoqyk8l4XjDVr:qDUiZAvQZoqfjDd
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
96ac6ffb8678e611a2b703f0ecaccddb
SHA1:
82f1a99650db030484eb9cd8230402a9cdd5784a
SHA256:
273596246a40404a3e374ee85b00b5c778e32a3c66703cf36ad9fbb6346d6e7d
SSDeep:
6144:LBKFTgQvA9BFw32g7RatvVL/psmXZxSWRUAvO76VJewrYXZFmzA3:MFcQ4DFwmg7RardsmXLSWL27Y+KE3
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
4617f14fdbc59e64b079239ba472703c
SHA1:
bcf8e3164c7acffc4642a3f649b5668de55facd2
SHA256:
42b70da1edb2c513f9d64a04d345ab05d4ab84e9e8b3f92f183ae38799b58d4a
SSDeep:
24576:34kK0KdBozUs0SVzWjhLlDm2GF6dqMB7ka7v8hF:33K04hSBWjpIMdHka8hF
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
d3720eb2d6c816a85aeb049feddb3539
SHA1:
7c18edfc836ae5b4bff4207d01d4f59013e2a86c
SHA256:
8c431842febf2168199bf0f190827ca6c02264cf47973a70d1a742b7a50fb297
SSDeep:
192:+mUtBaVlVLfn5KqD/DEEA7rOa8nyO/jMfVBxC4RzFFyo9D:+FtERn58EoaaKV/jM/xx9FB
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll
|
MD5:
d011cbce96b6202e2304b8afd480f347
SHA1:
f320f5f9bffaf452879c43d4cc387b1a58301d96
SHA256:
b5f20913009d0800920559383dc1c4fc11e94fb2b1cdc550222521588c415361
SSDeep:
24576:d1T/Cx3XarpEgYm45iwTEBya9eFW2eef4Kzkk4TY:d1T/D+gyEBH9x2Hf4C7n
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
3e192b02079f11207bfc78c11db9d6a0
SHA1:
d5bee8273b8a57de48d9a86d6c349ce474ad4d63
SHA256:
3c75c298460b8a6d55495dc14d0a1f519266405073907b3523aa34b0f3576c83
SSDeep:
12288:Z0dC8ALY6cLOTY97UWdywcfyYjytMejERs9xpF20Oc:nnM9JIfyYWtZjaAWM
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\VC\msdia100.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
447b1f6a6b808ecc40cce40f6d312627
SHA1:
854cd3b4e47a709a85f97be7f7afa0f92c85bacf
SHA256:
71698c1aedefeef73ef065f0fe8187d4f95442abbc8f4b3cfc0fbee3b975ccf2
SSDeep:
12288:TPTVHtZKsAWdBvzFt3bNsL5J9x0IZikE3TSq1m704aI:tvpXF67GIZikE3TllI
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\VC\msdia90.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
b85bbb853ad71d7c3e7ead97ab914ccc
SHA1:
aaa842e797211c2229bbb20fc5f0d8d3441cb584
SHA256:
68a0398bd09e2039e308e6221e1417103221a17f4c3261ae09c064dfdcacf636
SSDeep:
24576:pK9HVX7P9XwTV4/Oa50dC6jNG3oLgwRWozTj:pK9HROTuOa5iMrwbHj
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
f6586620d28d46280ec9bbaa15cbf0e9
SHA1:
b4bded11cd4dccd3a0a401378a9470118994765e
SHA256:
a156c222da097a847a80ced8411bc9073a44144a1947f10fa18cbaa47f7cf937
SSDeep:
6144:3rhpXK1w5I62r6M9wHcIN4zbdukavtL7Ipj47pjaX/ul0jGCeUd:9kGH2r6M9HU4zZQtApc7w2l0B
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\awt.dll
|
MD5:
944c5c6ef7f0295b01caf9106be18982
SHA1:
cc3e26d12cdaaa7aa0d1290da17e3fe940b81e4d
SHA256:
3fb3b691cdf8b530cc4918f91096e71d9921e2344ac7a7dd15386a665d34bbe8
SSDeep:
24576:0cxsavRPK6Zeyl2e0zp4FCcoRwg61pLeBUhcEniqdmgFf26R5p9QA269dB2H9D:nua5PK68U2e0zaFCcmBUHf26R5p9QA2Z
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\deploy.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
97faf8835d3b282908a3d5ce02bd2642
SHA1:
34f4a20af002945371ec6d258680aab53601a250
SHA256:
1551b998f405d8515017139c25818ea890796d27e7c9e31c71a42a617ab29b6a
SSDeep:
12288:kQPHnJOYHdMOTO9pt6FbeYw1mYEM3J5SQlwOn0OQyD7CC:B/JEidR61myGjVM7
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll
|
MD5:
e1d480edbe38b41620c345b53dc9beb9
SHA1:
c6e4b308c75198af458cb4d96d6c5054d1a10728
SHA256:
f455ca153e0bd22acb88b36e75bef6792c2d8b7c347a6943e189ab52812dac2f
SSDeep:
12288:P7B0Q5O8tRmKOoCyqf0YvW0J7dxzihnrY6lczj93wtJV5+6gzebJb3ctxXhbOsor:PlpMKOoCyqf0r0JUrY6lyjW4CbJbsty
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\fontmanager.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
e59794647764c188241e9a076531f0bd
SHA1:
e63f80c2e4de91914349735771161d2bd2c7fe85
SHA256:
caa04bfcf89448f2e6b540df2c3f625333312f261e2e3e75523f402b1e560d0e
SSDeep:
6144:nk6hdGjxLeaA5nmZdD5QVEEsD48TG1fBv+UgxZN0wRO0/Im:n9AxJP4qD4Zl8D0w4Ep
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\glass.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
80c6ea428af142c0d1ffa485d7ae2ec6
SHA1:
ea3677d8d30b31375b33457b16c9225ded9e44d7
SHA256:
25d143d14ea67de82c39657e7f3ad37712953a3c79f21c8e646d0dbf0aab9379
SSDeep:
6144:6edTdm6BAziSXte61XG0hGfHjm6HakcxZOjsZ5HDT:ddTdGziktd80A/lakVgZJ
ImpHash:
-
|
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\glib-lite.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
c685b70c6e207d0d3ab6bfd0dfe0d202
SHA1:
2c47f8f078536b57aa345fe1f03df588509c447f
SHA256:
845c0d286982c810dfd1fd3054412f04524fa75af376f543ef0c4b6fe93082ad
SSDeep:
6144:eLcJEnB6nWwvuhqSwOZw4ABbqz3EEVv+7sUfVqwpNQ+Y1uqSmvhOze8P2yY4X1:eLcJQwnfcl9gBu3dh+iw4+61s2yY4l
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\gstreamer-lite.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
445c1a4a217bfc36f47db2c2836a8887
SHA1:
99a90d03b1ce0da4b8a3bbd5c84f51813c6d2cb7
SHA256:
794eb8c5435c66538177a28cc14ffdaf440fb68cb7f27831266e9f8d117c04eb
SSDeep:
12288:WUxTTL9gsoznHN+kmSI2CQG5bK8S5CUdEloHo7iJOhqby6c:WeVODmSPCx5bUCU6mWiJzdc
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\javafx_font_t2k.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
7caadeb3b20dad5f72558fb04ad8052b
SHA1:
60e64ccd7988764940b6eaa22099aa238cea80c4
SHA256:
a59973c3e37bccab42d12b01f01db20ca0cde172a892e2eb72f628a0522862c5
SSDeep:
12288:jsMBitLYodMJhFp0g/ht6WksgkxSvmxRRVfya5G11R:jsMBitLY5FpL/kV08mGai3
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\jfxwebkit.dll
|
MD5:
b649e49d19c0128fe5461177f3ebfaa1
SHA1:
23805fa728a6d01529d67ef4fe5bf9614f118e60
SHA256:
347dc0aa7c9207cecef28db98d60c7139b524aeb6dc8c06ff3b50d1efc211ece
SSDeep:
98304:ukfcq7C413/SWjTFgF8F+LvAYDzSWclgmGp:ukfcq2413/SWjTFgF8F+TAASvjGp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\jp2iexp.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
b384be7c9888eca2fd2a4e3c4e5a593b
SHA1:
21d91356176559ab76ec38eb3dc0f46d17723fd3
SHA256:
9a927fa8ee98b0e85424d4e408c538e0bd178fbf1e707f7aa341275e8f864794
SSDeep:
6144:bo4CJcrhEt+Mn38d3Ql4lsLDQEDbWac9rZzeiOIrUyKsmAOEIoMGW:M4uxjn3GoJDtvWH0MpUEls
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\mlib_image.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
622186fa1b459fd93d4ec199e6f2919c
SHA1:
e023819d20399fec4d9768a0ce5eabbeb0a0328f
SHA256:
6d7920eebe9b83abf6bbbdab2ad51f26fa67390cdb2c492b6ec054efe13bf9af
SSDeep:
12288:6K22U3NCs0MyXp6e93juYqwm2cGm78bh0SIKWwQS/BnqYasd2GG13H25a/c:FoNOMu6QoREFnzQS/hasd2f3WgE
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\msvcp120.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
5162573db399d382ced5c10118124a4f
SHA1:
26357025f0777334f62b2b722c994fc28660f25b
SHA256:
903851ac08ceda7ac9d67144c512b7eb36d9d13c2002d55cd20a3c590e34d480
SSDeep:
12288:6EwJBdnlohB6HE0dGf9tJmc7C8tpC2lys96CcPnYLqxE8WKY:6DdnYsG1CF8PFJMCc+4E0Y
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\msvcr100.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
6a0fd6e29a9469184fe9aa384ae25658
SHA1:
ddfa679dddb16af19d2144c4c3adf1e2b788892d
SHA256:
1de80a3f20e910303e1842aede5f9b88a693a5ff51a3c903745e0a558488c1a0
SSDeep:
24576:pKV/18KqyO7fSJYp+P5MBpfJtlidh0MSVWelC:A/1GfSqp+ypfJtoh0NVWH
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\msvcr120.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
15e574cb9e0cf54601a62da09db3b9a9
SHA1:
821e3e6ce54d90ea80a5b4c1017f9617d92503e5
SHA256:
39b857802af1aff0ee4c4a933aeaccf221cd8310a0ed3e0a6a275ea96caae3ac
SSDeep:
12288:4+zvG0JmV9uQgAVXYD9kBiAdh6YYolBLdznLM3U9oeULKc7LR/hhs3l6AA+MAbCR:xqHYwdjTZnLpEnBha16ABMallpFoenH+
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\plugin2\msvcr100.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
b917f44b9845efc435b5f397c38cdf54
SHA1:
51f074772faf4c57860f9fdecfdfee1c9d195f70
SHA256:
68fe7aa8f1b7f6af80e4628cdb93c00761b01f98374837e820fb6683a3346625
SSDeep:
24576:YAlvP+GDWlJ/J2WjMVbCRbWuTrYQh9988r:Vvlql3AV4lrYg9988r
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\server\jvm.dll
|
MD5:
a1dfd567f866f38aff272eb1254b9c54
SHA1:
e5846f56c354c07770bd7280e10c210ae9c57adb
SHA256:
f978d7b57a4d1fdde9a4fe157531dea8b2aaebca2e3af6d6a9396a6bd57e6148
SSDeep:
196608:iSFaolIbfJm3Qq2dcoMlRtJtvpXCkKVCzA:iSFfwfJm33noIRRvpykKVCc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\ssv.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
36c85b3c9b77511fcb77d52dd476b830
SHA1:
626614bb611450ce7d1a2d37d9c9e2bb207ddc1b
SHA256:
cee53bb67c28f14f73dc751fdaa23a099075896aeee5c01a6647a3d33fe44645
SSDeep:
12288:HJsEu3vIMLiSVaZElELaguZlLIaFnGq3Glb/JQ657NG2SahuX:pyIMYZtd8lLIWGq3X6JNGms
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\lib\charsets.jar
|
MD5:
2a9d70b919c8686187e12c79bf370bf3
SHA1:
68a30b2eecc30946cffddceb3e03acc1741927f5
SHA256:
d27d1f94c219be1739c35f175b1cf5b13aeb533d9b673defc6eb183076b618ec
SSDeep:
49152:McgQCibBExz1nZUh7Bj4zw4FgEcLZHnvvFRlbIYy6z:FCibuzNGhcONn37lbIK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\\Program Files\Java\jre1.8.0_144\lib\deploy.jar
|
MD5:
d7b5d1e918cbf5184a78f3491bef2e23
SHA1:
cd4c7ab64f7eebd61ce90bc35f99ee139f623750
SHA256:
b3c7f97734545295fe8adc7959cec0c753bdc2ac67a44d7a8180409ad0d4ff83
SSDeep:
49152:gzoYDal7PV40nw37H88ieZmpGkaBI3+s2cuC25xi9pipDsVQW:gzrMWS2P3iDipw1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\\Program Files\Java\jre1.8.0_144\lib\deploy.jar.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
f720f4b291e120ab180439ed6c7bc9b9
SHA1:
36235cb59799253315fbf2fccfa6ffe95e558843
SHA256:
e66079b808891f5e8620bd617539bb54e6edb73b20d23aecde8526bf3fb6e81c
SSDeep:
49152:gzoYDal7PV40nw37H88ieZmpGkaBI3+s2cuC25xi9pipDsVQp:gzrMWS2P3iDipwm
ImpHash:
-
|
Access, Create
|
Modified File
|
|
C:\\Program Files\Java\jre1.8.0_144\lib\javaws.jar.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
f08fb3af42be57948ccc202d62cf5400
SHA1:
16aa227447814f402afd2e4804eee4c8fd26795a
SHA256:
b9fcda463ce02f55e52615d599473e65d0676fbf2b7a927d7cfde96f6b46bfd3
SSDeep:
12288:0Wba+uL9rQx4mYEDTwte3updnMn++fGJGrdFKemXd8o2UAQXTVIruYOaXFaTpWu1:0H9Qx4mYSwQevnMbOWdFKeA8aUXFgpn
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\$GetCurrent\Logs\PartnerSetupCompleteResult.log.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
7b099f7c354cdf27c9f1e5ddb850e75c
SHA1:
18121317368b9008e3d17389b95331ba9eec00e0
SHA256:
6bc7c02de0d3845d064695f7ad19ee75c235f6f19ada2d927cc181d0916f8457
SSDeep:
3:8sEhQRsvdfrgc3u8bm:2hQIUc6
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
e7e10a816ca056efb6ec22d2f6b495ef
SHA1:
aac84e0b57eed8353cef90ba642f3f66cf075fa5
SHA256:
def980b7c258a257d3d9d2d3a8f242eae5fe7d7b294c14259b217c519d787dd5
SSDeep:
768:NiY3RyKZDHEIYr2f+FWl27HOuIpOHWru3XLXOMRT6S1Xg+bA6qKO/C32bcSkt:NiY3R9kIbf4dOgHFHqMsS1XJbAD/C3wk
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
82b733e26ca8d4b91fb8da91c4226132
SHA1:
5c92570e0bab41bb6011bc7c3c86ef916d2640db
SHA256:
e80bd344a4a9480d82716bccfdd65ed18db55373943cfa5667dfe3265417360b
SSDeep:
96:uQceYYAdEeji3nckyPdbVMO77hxHj7DICvGQQI4Z5FPhqkLy0gUtPRUMcSONMIAt:fAdETyFRr9xHXDIg43qAyeZUvvy
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\$GetCurrent\SafeOS\GetCurrentOOBE.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
099393e773a711f8807ae2a7b57d2c70
SHA1:
f86042158dc5ba17005d9238a65bbca05ef0e23d
SHA256:
4d74ce52be34f45c25856e7a03e2e811bbbb7c470fb733db3e46d29026515553
SSDeep:
3072:Fji/RWNlR/EV/mnN+7oqFJpycVE2Ya6JYJqIuM/Fi3:Fji/RMR/a+4pKuluM/Fi3
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\$GetCurrent\SafeOS\GetCurrentRollback.ini.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
4e782172f21685d0aac21b94393f439d
SHA1:
0a6f4f37b0ccb3260bcc6a106cac2a7831b1ae85
SHA256:
1d5f38c8e865b2247db81e42d07a3de6e0f1e8fe718117dbba0630f641c03a25
SSDeep:
3:uUZu/UT2vkyJqfJ71THG8O2Uketmc7SDkUoGAI+JYK8EIh0/m+2kOlmnBntE:uUQ58ygfJ71THtgkepSDFZ+WhORbn/E
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
9b97ac6cb8a666fd6a13286fe984c307
SHA1:
a5f4572e16f83d659bb0658a469bd131dc60bb8b
SHA256:
44becbea94a4828877f561f1f9f6f2d2e683a335e54345e6ec4f0a0b2977e361
SSDeep:
12:yDg+dMxBn0nrSpxFLZPegCxv4F240/eCfiYgFE5kHf8/TF8ckyzb3HIfO:y8+dTSfFhKdm0/nfiYSE5kQJ8cdfHI2
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\$GetCurrent\SafeOS\SetupComplete.cmd.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
6d2e4bfea513af11f7ad64d9404300a6
SHA1:
386101267666cdaa900f3ea6f787f2f437d9ba81
SHA256:
ccd10a7821ded5c8d96a74ecaeb9ae7d2ef844b8eb8a058cf5b86cb6d4eac4a9
SSDeep:
6:WgPK4jLNBbA4NUAMbApOgWugZc9Xi6rZPU/YVIU3uDgmzldALxln:RHLNVAWNgugZc9FPRuJldQ
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\$GetCurrent\SafeOS\preoobe.cmd.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
60a7fa4b94f1ef31c9e3e26450734d29
SHA1:
6755eb91f8b706ee8a13ce1f75a0ca0257f091b9
SHA256:
3a5ab4546a2a6c2843429da71054beed7e75e6c52af1da3a5e0ae3ff09fe84b8
SSDeep:
3:Y0hKgf4U8V17GnIvp/SCxwwVg83+:YYkDV17zx/SqwwVg8O
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\$Recycle.Bin\S-1-5-18\desktop.ini.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
7d811ac113bfa36f974247c9b9d34349
SHA1:
c7d076d604f01b87e9f7489825ac3c9868df9d41
SHA256:
511cec26bc200d0ac6afa537f7de760a4767adc088ff3e7d40c11e40e29034dd
SSDeep:
3:fZtOhQ6EombmnAzTgckG5EbF4VyBgIxJZmAoQaNcbO8OCVin:fZ8hDYgckG5sF4GgUnmnRj0Vin
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
31edd6e26bb7e168b5c438bf90b0a13e
SHA1:
322de943a2a989049c2265929d86f9c2e8f04f52
SHA256:
1c6ca43ee1a5a4560c2e21a480b1797121248feaa3c9bdcd97f389babb01444f
SSDeep:
3:eDS8bhZxSei+0ZGwETCk6L2wKkLAsnkfUcwv0Cn0EovDGAn:eDSGJi+0ZETCk6C/kLhoUSCn0X3
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\588bce7c90097ed212\DHtmlHeader.html.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
6b9285de941fa7bb56f89f2cae939c92
SHA1:
eb8382aa3002ece5cdeaa11ed65cf1a6eb99ce2d
SHA256:
3c1b1949053b672dd9f036aaf0a5910cd5139a1c11159ace5366d3f0a1522710
SSDeep:
384:51VOu3N1w/u/mHoGPDRC5VAut33QwawPYJhmbUk9Tkr8:57P3NG/u/mHFDRC5euN1C6bTv
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\588bce7c90097ed212\DisplayIcon.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
e69ecfef6541b91683a92b369dab276d
SHA1:
f9f6b61ee53a1f5a5ffee7dc8b1ec809e5d1cb60
SHA256:
767ff9360f6078b3b692dd8c2fc35c0a82face3f4442a7440ac607af7aa61fe5
SSDeep:
1536:HNUJRyEvM/zaPLR5nYP3vufEvqnfgdsF3MUkC9Ls0LthGn92fc:Na4aPLvnYvu8o18U99LTJzc
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\588bce7c90097ed212\ParameterInfo.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
0bba61a26b2954f0d1bbbd526a76a37e
SHA1:
30bd1b50b430f3e13194424ee51f46ab7e985d10
SHA256:
cf9e87386270cfee410645dd357d3c4ba7e70459f463e9556d9c39b818f9f7c3
SSDeep:
6144:5Hyz1NYlhnIrQTN2zifn7Hkn7qhXEJY5JDdzS:5Hs1NYlRIOQOfn7HknmhUJSHG
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\588bce7c90097ed212\SetupEngine.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
142bdb57cc95561290e5179db6477ccb
SHA1:
e3793efa1724032146dd6b19252c513c714f1122
SHA256:
97cc6df1a227d039a080494fe15e8dab2ed31e9bcee68e8bbf39dfb249fbd62c
SSDeep:
384:BeBji73yU17LJXlyDvv1KPcY+TICB4cfkH1iJFm0EvsqAboEVKUy1pKfZwBc7hlp:Mti7C2LwMGBB4CsiJikqMnAUyPUrhGYH
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\588bce7c90097ed212\SetupUi.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
ee85e21a29bb258b89297fc45c9e6c71
SHA1:
563e39269789b97f40f52f86f26d81bff2e02fa7
SHA256:
8a1f977c410ff02f5ad2f737096da2d43aec010a75a1bbb227dc65c18b919c62
SSDeep:
3072:C0RIqGkkh+tZvcxkezAz5wleQoRsw8N5OINrFwL/sr3GAx3Q0ulzPmnnaC:7zzwlXKCHBxFwrkxA0MzPHC
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\588bce7c90097ed212\header.bmp.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
9d9991ccbeec2313e11512a141af20d6
SHA1:
07f59bb7ba35a222744c523167d9852a08129625
SHA256:
cd6f874464074d2406659dad116fe6a9fc998d8f9366a7313569f72c2219cd56
SSDeep:
96:VMEilASEBq0uTaqj3EvGXCAG4W8OWp0cXEvWoLD/:uE8ASQqj3oGSAhOWp0cXE+o/
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\588bce7c90097ed212\netfx_Core_x64.msi
|
MD5:
80885d149b3a15e14f9a204576d67b48
SHA1:
5cf4a744a8502897f7287b35c4176ea53216d31d
SHA256:
8d00cb2705f2b2a2b3d0dcc9b119114a88ade17cfa045f019049bd964ae23481
SSDeep:
24576:crc6sNrQpc+BQbPyxbs4rONSnfiPBC6xahsolR4fjhOGxZWxw0:T6uQpcxisfQf2M6F5L
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
|
|
C:\\588bce7c90097ed212\netfx_Core_x86.msi
|
MD5:
b807bb50990967b251fd4b8e55b4facf
SHA1:
095b2d594e3319da2b091c0728b9bdd2a8085182
SHA256:
ee9cff2b737e304c46fe6d42002f64a15887edd9ebe4c58031d828e482d43c6c
SSDeep:
24576:yYUmmd9sNbQXcUwabPx9bswH/fd63S7PhCYxr:djmT+QXcWDsK1Nw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
|
|
C:\\588bce7c90097ed212\netfx_Extended_x64.msi.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
d3a606c613a401a302a3b4d17f77369c
SHA1:
05b482423f203f6a7bafad3c8c5bc282087d9709
SHA256:
a0512ad278f1b2633a6d8ebbf9619ce54e944fe387c3de33c533b7ec874333af
SSDeep:
24576:p1ymQVRqtEPzh+MQH/WpLJf2SkcDvUWsFoO8Y:pAmwVPzZQH/0J+A4Jom
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\588bce7c90097ed212\netfx_Extended_x86.msi.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
5fb7a15afdff3a55276f1ed0156ca718
SHA1:
4c8018d0220f1de8418f239a02e795438e52abb3
SHA256:
05d644bb00864f40c20e18ec01f6b4f3edaca53b153924f471e855ab328e43b4
SSDeep:
768:cfaY22DcHKn+nSzN3ZJhyUjM3kQVGX4ZnFwrF5wQYMMyUmT79W0HLQjShrGC/8:3lmcE5NXhyl0mrK5tqGW0r6SBGCU
ImpHash:
-
|
Access, Create, Write
|
|
|
C:\\Logs\Security.evtx
|
MD5:
79fbdda8fec5e30d29d0d958f3be500e
SHA1:
84a189680cfc749226a0805e96fdb9b5f8bbfde4
SHA256:
38e599b74e1fa2e3f57be4b78baa20f895cd911e10cdd834686323e3b8c94b94
SSDeep:
6144:HOYVODvqPTCP3kdY1JmhYz6zU5KsVv6WlqF568sd6jU5QP:HfVmygJmWv5KY5AHsx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
|
|
C:\\Logs\System.evtx
|
MD5:
4ae09d8fce442b498b1be243e356f75e
SHA1:
197803a3b2dc88c410c1f70d4f68fa612d5eae89
SHA256:
41150f117bf0faac3e17591170a6cbd88102b8345a163618dd3bada59b4f933d
SSDeep:
6144:/ZyjBC0TJkh17YS4AIGeYLSp+P5g67QjbKosIArXCGTUQ:/ZyVCWJkhG6eYHPe/KRCmJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
|
|
C:\\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1:
da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep:
3::
ImpHash:
-
|
Access, Create
|
Dropped File
|
|
C:\\Program Files\Java\jre1.8.0_144\bin\glass.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
MD5:
e9be219bb616bb0092a1fabc40b33852
SHA1:
f24d339d82ba8d79bcddc576e0f7c542db63fb94
SHA256:
dab630b2f883a6bfcb40a97199d0caf0834ac3e497de41c6a067db6a36e24d34
SSDeep:
3072:6RwAETdmulXxN0ySwwgT5XyTkXwFayWzPGZXDBe75:6edTdm6BAziSXte9
ImpHash:
-
|
Access, Create
|
|
|
C:\\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log
|
MD5:
c4ca4238a0b923820dcc509a6f75849b
SHA1:
356a192b7913b04c54574d18c28d46e6395428ab
SHA256:
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SSDeep:
3:U:U
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\FD1HVy\Desktop
|
-
|
Access
|
|
|
C:\WINDOWS\SysWOW64\cmd.exe
|
-
|
Access
|
|
|
C:\WINDOWS\SysWOW64\net1.exe
|
-
|
Access
|
|
|
C:\WINDOWS\System32\MFC42u.dll
|
-
|
Access
|
|
|
C:\WINDOWS\system32\cmd.exe
|
-
|
Access
|
|
|
C:\\$Recycle.Bin\S-1-5-18\desktop.ini
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\$WINRE_BACKUP_PARTITION.MARKER
|
-
|
Access
|
|
|
C:\\588bce7c90097ed212\1025\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1025\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1025\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1028\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1028\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1028\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1029\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1029\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1029\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1030\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1030\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1030\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1031\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1031\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1031\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1032\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1032\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1032\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1033\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1033\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1033\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1035\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1035\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1035\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1036\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1036\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1036\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1037\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1037\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1037\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1038\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1038\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1038\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1040\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1040\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1040\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1040\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1040\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1040\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1041\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1041\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1041\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1041\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1041\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1041\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1042\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1042\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1042\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1042\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1042\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1042\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1043\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1043\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1043\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1043\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1043\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1043\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1044\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1044\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1044\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1044\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1044\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1044\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1045\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1045\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1045\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1045\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1045\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1045\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1046\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1046\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1046\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1046\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1046\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1046\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1049\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1049\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1049\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1049\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1049\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1049\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1053\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1053\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1053\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1053\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1053\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1053\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1055\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1055\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1055\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1055\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\1055\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\1055\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\2052\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\2052\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\2052\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\2052\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\2052\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\2052\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\2070\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\2070\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\2070\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\2070\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\2070\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\2070\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\3076\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\3076\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\3076\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\3076\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\3076\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\3076\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\3082\LocalizedData.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\3082\LocalizedData.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\3082\SetupResources.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\3082\SetupResources.dll.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\3082\eula.rtf
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\3082\eula.rtf.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Client\Parameterinfo.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Client\Parameterinfo.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Client\UiInfo.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Client\UiInfo.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Extended\Parameterinfo.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Extended\Parameterinfo.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Extended\UiInfo.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Extended\UiInfo.xml.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Print.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Print.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate1.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate1.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate2.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate2.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate3.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate3.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate4.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate4.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate5.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate5.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate6.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate6.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate7.ico
|
-
|
Access, Create, Delete, Read, Write
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate7.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate8.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Rotate8.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Save.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Save.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\Setup.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\Setup.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\SysReqMet.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\SysReqMet.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\SysReqNotMet.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\SysReqNotMet.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\stop.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\stop.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\Graphics\warn.ico
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Graphics\warn.ico.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\588bce7c90097ed212\RGB9RAST_x64.msi
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\RGB9Rast_x86.msi
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Setup.exe
|
-
|
Access
|
|
|
C:\\588bce7c90097ed212\SetupUi.xsd
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\SetupUtility.exe
|
-
|
Access
|
|
|
C:\\588bce7c90097ed212\SplashScreen.bmp
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Strings.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\UiInfo.xml
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu
|
-
|
Access
|
|
|
C:\\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu
|
-
|
Access
|
|
|
C:\\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu
|
-
|
Access
|
|
|
C:\\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu
|
-
|
Access
|
|
|
C:\\588bce7c90097ed212\sqmapi.dll
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\588bce7c90097ed212\watermark.bmp
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\BOOTNXT
|
-
|
Access
|
|
|
C:\\BOOTSECT.BAK
|
-
|
Access
|
|
|
C:\\Boot\BCD
|
-
|
Access
|
|
|
C:\\Boot\BCD.LOG
|
-
|
Access
|
|
|
C:\\Boot\BCD.LOG1
|
-
|
Access
|
|
|
C:\\Boot\BCD.LOG2
|
-
|
Access
|
|
|
C:\\Boot\BOOTSTAT.DAT
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\Boot\BOOTSTAT.DAT.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create, Write
|
|
|
C:\\Boot\Fonts\chs_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\cht_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\jpn_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\kor_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\malgun_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\malgunn_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\meiryo_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\meiryon_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\msjh_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\msjhn_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\msyh_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\msyhn_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\segmono_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\segoe_slboot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\segoen_slboot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Fonts\wgl4_boot.ttf
|
-
|
Access
|
|
|
C:\\Boot\Resources\bootres.dll
|
-
|
Access
|
|
|
C:\\Boot\Resources\en-US\bootres.dll.mui
|
-
|
Access
|
|
|
C:\\Boot\bg-BG\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\bootspaces.dll
|
-
|
Access
|
|
|
C:\\Boot\bootvhd.dll
|
-
|
Access
|
|
|
C:\\Boot\cs-CZ\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\cs-CZ\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\da-DK\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\da-DK\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\de-DE\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\de-DE\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\el-GR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\el-GR\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\en-GB\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\en-US\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\en-US\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\es-ES\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\es-ES\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\es-MX\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\et-EE\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\fi-FI\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\fi-FI\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\fr-CA\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\fr-FR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\fr-FR\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\hr-HR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\hu-HU\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\hu-HU\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\it-IT\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\it-IT\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\ja-JP\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\ja-JP\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\ko-KR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\ko-KR\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\lt-LT\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\lv-LV\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\memtest.exe
|
-
|
Access
|
|
|
C:\\Boot\nb-NO\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\nb-NO\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\nl-NL\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\nl-NL\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\pl-PL\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\pl-PL\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\pt-BR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\pt-BR\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\pt-PT\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\pt-PT\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\qps-ploc\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\qps-ploc\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\ro-RO\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\ru-RU\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\ru-RU\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\sk-SK\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\sl-SI\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\sr-Latn-CS\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\sr-Latn-CS\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\sr-Latn-RS\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\sv-SE\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\sv-SE\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\tr-TR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\tr-TR\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\uk-UA\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\updaterevokesipolicy.p7b
|
-
|
Access
|
|
|
C:\\Boot\zh-CN\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\zh-CN\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\zh-HK\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\zh-HK\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\zh-TW\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:\\Boot\zh-TW\memtest.exe.mui
|
-
|
Access
|
|
|
C:\\Documents and Settings\zh-TW\
|
-
|
Access
|
|
|
C:\\Documents and Settings\zh-TW\8:㺈#ǽt.ex
|
-
|
Access
|
|
|
C:\\Documents and Settings\zh-TW\8:䉸#ơt.ex
|
-
|
Access
|
|
|
C:\\Documents and Settings\zh-TW\me
|
-
|
Access
|
|
|
C:\\Documents and Settings\zh-TW\䔀#Ǐest.\DF鑘#Ǐ\偀!Ǐ\fh꯸"Ǐ\ꕸ"Ǐ\~頰"\udc3cǏ\ᄘ"\ud820Ǐ\鳰!퐄Ǐ\퐨"䟟眽굏°\®°授"쯌Ǐ\"잰ǏÀʄ\䟟眽ꇷà\༰#䟟眽\udddfð\䟟眽\ud9bfĀ\ﭸ$䟟眽햧Đ\ĆĈฐ&댤Ǐ\ᅰ!䟟眽챯İ\䟟眽졏ŀ\姀#䟟眽쐷ŀ\䟟眽쀗Ő\嶨#䟟眽ﳿŠ\䟟眽Ű\鉠#䟟眽ƀ\Ÿź㋈#鉄Ǐ\忈#䟟眽Ơ\䟟眽ư\㿘"䟟眽ư\䟟眽ἷǀ\䛘"䟟眽ᬟǐ\䟟眽Ǡ\세"䟟眽Ꮷǰ\䟟眽࿇Ȁ\짨"䟟眽யȐ\䟟眽ޏȠ\!攐ǏÀ虜
|
-
|
Access
|
|
|
C:\\Documents and Settings\zh-TW\銘"ųest.\DF贘*ų\攸#ų\fh*ų彞㽍\Ḑ!ų즘 \ᣐ"\udca4ų\꘠!\ud888ų\¢¤퍘*푬ų\퓈*큐ų\º¼"찴ų\ࢠ 젘ų\ÒÔ䩠"쏼ų\䈸"뿠ųÀʈ\êìዀ+믄ų\帀(램ų\ĊČ〈#뎌ų\ᅰ!꽰ų\䟟眽즷᪠İ\曘#䟟眽얟᪠ŀ\䟟眽쁿᪠Ő\뀘"䟟眽ﱧ᪠Š\䟟眽᪠Ű
|
-
|
Access
|
|
|
C:\\Logs\Application.evtx
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\Logs\Application.evtx.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create, Write
|
|
|
C:\\Logs\HardwareEvents.evtx
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\Logs\HardwareEvents.evtx.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create, Write
|
|
|
C:\\Logs\Internet Explorer.evtx
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\Logs\Internet Explorer.evtx.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create, Write
|
|
|
C:\\Logs\Key Management Service.evtx
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\Logs\Key Management Service.evtx.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create, Write
|
|
|
C:\\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create, Write
|
|
|
C:\\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-International%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Known Folders API Service.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-LiveId%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-MUI%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-MUI%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-NCSI%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Ntfs%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Ntfs%4WHC.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-SMBClient%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-SMBServer%4Audit.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-SMBServer%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-SMBServer%4Security.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-SettingSync%4Debug.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-SettingSync%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-SmbClient%4Security.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Store%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-TWinUI%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
|
-
|
Access
|
|
|
C:\\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
|
-
|
Access
|
|
|
C:\\Logs\Setup.evtx
|
-
|
Access, Create, Delete, Read
|
|
|
C:\\Logs\Setup.evtx.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create, Write
|
|
|
C:\\Logs\System.evtx.Email=[Mr.TeslaBrain@protonmail.com]ID=[20ZXEV9TMHPKLQY].odveta
|
-
|
Access, Create
|
|
|
C:\\Logs\Windows PowerShell.evtx
|
-
|
Access
|
|
|
For performance reasons, the remaining 1968 entries are omitted.
The remaining entries can be found in
ioc_export.txt
or
ioc_export.json
.
|