Filename
|
Hash
|
Operations
|
Category
|
Severity
|
C:\Users\FD1HVy\Desktop\Ks6GqEtV8vklDvKf.exe
|
MD5:
b31d35c2ea3ec08bd01529dc4bddfaac
SHA1:
7fba8bbaf094c499b90008ee3d8f3421c93791ab
SHA256:
6704bdd23f15685f68de5c7aed1b9919fb4e7e29296c93f7294468892c771357
SSDeep:
6144:308pg4g6d6cIFtF/jqo7P/xNIduUzksjvAPYRRERiMWcUfS0kQwMJ9H5jaZhRxE:26AHFz7P/xAjVsrpdQS0kQs
ImpHash:
8384a9089218573942420efef8263ccd
|
Access
|
Sample File
|
|
\\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log
|
MD5:
477bb55f72e7c704fb40d606536883fc
SHA1:
9930bd7e9b36679844b225b6d52c6b5c84ac590a
SHA256:
8a6e54a3d57c042f560c53dea719c92c60399c3c9e5587ebef82fb64d0f6bdc0
SSDeep:
12:nELSdniu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:WSdniBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log
|
MD5:
49edeefb24275ffd26bb6ed56a142d6c
SHA1:
e36b94da37b5c1b61179ae9f98df9b460826c184
SHA256:
246a4e44acae6acfaab217830bbf05cc54765be0267e767e0da28a633efb2b8d
SSDeep:
768:Zkla0Si0iRq9mqQmvYDSX4zkKpm04QW/V6FwfZtLP++k2l71kxYckm4sgCL:ZkeZ7mUuG4oKRdmxtLP+al71kYc+sgCL
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
\\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log
|
MD5:
f716c700bc9e9a0ad71e4e4fb34003eb
SHA1:
e6a7107f1fb2833191f138a3630afba2a1d8bd28
SHA256:
38578e16c6a7e911d4f26862653f46b4c9fef783fb25723174d0afa1d7f05a9b
SSDeep:
192:rhnO8MFAOZyN83Y1khC9p2mcnriROBfwN:AFAOyN8lhC9sLiRMoN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini
|
MD5:
621b58f50074bbf4d1687e2922d18bf0
SHA1:
fecaf5d85072ac40b7ba05fa067f39113e6b4691
SHA256:
2b868191baf6bd6dc26828544387840e7ea3de8f5c1bfb78d613a3684f4a46df
SSDeep:
12:WmPeHn1Jrst1iu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:W11Bst1iBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini
|
MD5:
de00ea7da46454240f300754743ad805
SHA1:
e3e3a4f7b8bff7eeac674d2b9fee5383395cc133
SHA256:
a9798eb99e0c4cbe687c902918ca7cc0ec01f89af5719ab65d0a1fbe1430bf19
SSDeep:
12:qHzleyDiu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:qHReMiBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\$WINRE_BACKUP_PARTITION.MARKER
|
MD5:
02667d9180741551789377e6e23d1560
SHA1:
f2117f81010bb86b6a561f8e5016ef17c8d10842
SHA256:
16138b9927acfbc6a5c555ebc292bc4f7f9665e22e627e5559b5c5168a3bb769
SSDeep:
12:tuZiu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:tuZiBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1025\LocalizedData.xml
|
MD5:
6f42f561d161e3892fd1ca28d3e1bc5d
SHA1:
331f02509032e5108db77168833ec4bfff823be5
SHA256:
2be5aac48b839f26f258ae5306118bbbdc213a8bc40d8c931206b0e28d16dfa5
SSDeep:
1536:xC6lmxLcCekUchf8Fv6xNq2NIZsCQbrLKl6spEz/W2WWg6WNGeTJUX1:xCumqxtch6yvqs6sCQby1WjWHL6
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1025\eula.rtf
|
MD5:
ca90584dc2fde7f7ac5fa9c9c0714ef0
SHA1:
5a181ca2c34ccae707eafc743771925cbe58e3b7
SHA256:
b1faf65c39c0a9c775c8f275b726b183fc46511c025de74a5b43dfc5222c9f6d
SSDeep:
192:x4XaZD/IrF4qxg9oE1AznLUOV6oZKGmigeinQtxOBfwN:YaZuFR4T1AzLlV6GQiglKxMoN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1028\LocalizedData.xml
|
MD5:
862c4e1bccee1a1d8bdab15b3c57e88a
SHA1:
483e45a2eca025c7066a1006944c6020115ba6d7
SHA256:
f1d85f56c97c2eded23618f24645c397d705178e0edcd7915d6f7a8ef8ca65e6
SSDeep:
1536:bugRZ9749q3e+rRQmuT2cVNGJ/fGaQvheNIgz5pyP+qZyBjZ0lqlClh+o:bugBkke+rRQmuScVNa/fOFdZy2ykX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1029\eula.rtf
|
MD5:
79ed58592a1ad03da6ebab549e87a942
SHA1:
ae52d0a44d2eb1d6b6d784e67c9379fb36c76b57
SHA256:
a4b9fd9544f410facba637385b0ced8200ff06a9da916801c7435a8dd9512bb0
SSDeep:
96:Thyucc6VqDZljSpg41xrdCMVuCQfw8ydFWhTCPgneAVwOgAfGjN:dybl7gQxr8IufydFWdCInrwOBfwN
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1030\LocalizedData.xml
|
MD5:
64035150faf842e2969c9533598c2d45
SHA1:
f99d0b55317757106a40093012c29f712f9b88ea
SHA256:
25d7a9e582f256d66ad73e2986e2f001af2000b74ea375f3d29507d487f605b1
SSDeep:
1536:ktOVa8NJprwtDIDK1U/WrKP1TTrDycMVhmPJJeZcyot6H3ZmbZZrqFBsV/Pb:HXitDIDRQKPBT3gXmPJMZ46piz+QPb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1031\LocalizedData.xml
|
MD5:
1af32131404ee76c6b30feb5944383d5
SHA1:
ee1ed60191ba0a47ae8f3188ee65d7ed1ba9e543
SHA256:
9f2c4660cfb9d8cbb4dce89ceb66e965a1515271e5123364647362f3aa327e3d
SSDeep:
1536:cl/C4AtrmexEfTf0AtcZAPRiGNymoj0DVzFLrE4GXO3xdeb:rRtT2fL0kcOPRdAmRDVhYe36
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1031\eula.rtf
|
MD5:
ac2216b0bbfa3c27f98abe4ab31bd374
SHA1:
ae02c24d270410b79347ab6bd8a7e2603e3bcaa7
SHA256:
0b39b11426e1db36c1bf7f330a7372d536967f6d3ece85b9c0f133b6f5572449
SSDeep:
96:7UGYm4qFiUgw2s7yYcnj9rpdWj8F6IzItIpzLcuHzFKD66U2siOgAfGjN:QodFiUgZn9pdWjW6SF2u5K+6siOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1032\eula.rtf
|
MD5:
56184ae2e541de315ef04afde0be6de3
SHA1:
13f5d4b2c88b79e7af6ac0b85fe5b80bc4a1f455
SHA256:
a57c3f3d6b9338744860c1eb39927037574f7a376a48e4bade67af401698563f
SSDeep:
192:ua803Cykpk558kXMmaq523fYxcQWFD/L6RoFEiFtfsg9JRZpOBfwN:jkOCEHaX3faHWFPsoFfF1HRLMoN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1033\LocalizedData.xml
|
MD5:
bca0488a7f41e5e8a665c12a67832dbf
SHA1:
1b0a88dcf318dcbf2b9cc1a8f2cccab0cb03c31e
SHA256:
2e18bfc5ce1ebf603c24510dd7458c4d8e7caeaae22f48985510b6778426dfa0
SSDeep:
1536:hthQIM4kwkgNOeEHuw93T/C2+sMhsBVbC3VXeRMMZtM3:rqz4kwk+Oe+zCxqBV4VXgJo3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1033\eula.rtf
|
MD5:
5e823751863c112c2b389d4f20b4d05b
SHA1:
7e6206a6fb115aee9bb5fb8444b061fef2895aff
SHA256:
a062c891d2eeac94717fd3b0f86ef552c9dd7faa7420d12ae94d1142b3d05b97
SSDeep:
96:9CWpjYxEw5QeqcQHdDyzlPP5fZSpVYtpBOgAfGjN:9CbjFgklPBfZSpVWBOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1035\LocalizedData.xml
|
MD5:
ecedc00af23c6041748ab10b7cf7e29d
SHA1:
9e7b41fb3b0fa37d354c8f89c3dc6cbb8dc325cb
SHA256:
e9b8520cc7dd3942002f0b5aaafd72165f953b7b13f2d081ae7070014817db0e
SSDeep:
1536:LIFPggNK2zz6qsNxFDCDuUdS6EuopKW0da/1byxe6XbN4DFKoh+jXr0:LIFlqqsNxNCDuCSAopKW0O10eI7ohq70
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1035\eula.rtf
|
MD5:
753dd769c5e243db2a195e8a2c29253d
SHA1:
9824a51fcb30610b33589465fddac75bc5c1c2a1
SHA256:
15f64a76da9df0696e6bd3ec61529c06947897900748e09e9901c50164656641
SSDeep:
96:ifD6Fk/71wJDgGjTDpV2sL7LmYWLqA2xKYkut/FaCCRgOgAfGjN:ifWWJebJV2kmY04PRragOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1036\LocalizedData.xml
|
MD5:
ed9229837f0f977453864beeda00a14e
SHA1:
09f6592d4d0f18869d972059606fe3b03119757a
SHA256:
b60be1c8726b63f52c85a835740935fa7e821564cfb8cf8cfc78b34f4ad4cd73
SSDeep:
1536:eb6tT7V6r4ypg3KI12UC7LmH/IbYBcbRVNRDZa61l4/6tt1ZX0ye9D+n:2+TJ6Ti3C+IsSdRTl4/67E7DO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1038\LocalizedData.xml
|
MD5:
83ba329a47439c1db0bbffe81b71b33a
SHA1:
217304880f06ea4d52a61886d0abdac864df5fa7
SHA256:
5a28ea4f24579d4e8358765d4b3e76cae1866c173e4861257659256fb00013d9
SSDeep:
1536:w/5Lzl41+bEVYisfEE7dfko8yjUaW5eBjuoEUQHowfV46xx7BQElWWZGWpfG:wVp41+bECtE8df8yjvW5eFcRIS4gpv0l
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1040\eula.rtf
|
MD5:
0db3e45476a988fbcc2a8c134eb503dc
SHA1:
f41565b722c39bcb6ef04e15853c613ee8328ffc
SHA256:
a75993cfa87219db5873e9751e2016029e7b512dd7f94f4951158c971925227b
SSDeep:
96:kJ2GkeMk/XfyBKqqSRBhYGLDRwPZq91eDh5lfOgAfGjN:Qfkehfy4SCGX2ZLhPfOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1041\eula.rtf
|
MD5:
a2e32d8d3b3d5c45a5c9f3614912838e
SHA1:
8a87c6145efac8f53eab6bc17decc60669721aae
SHA256:
5ce35fd5e0ae0339bece83e80bd780d820f880a76839362f76149af3be861a63
SSDeep:
192:RaPN9IRZeOis2RdrdjeQrrc5reoDP08eGhr5yMCtj/1iyzUv3hBHjUOBfwN:RaPgKOiRR5djeoI4oP/hrU59sxBQMoN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1042\LocalizedData.xml
|
MD5:
77103481e33371432b63ba9f6f4a7e95
SHA1:
e99f70466a1015c981aeb40e8edad4aed9712ff1
SHA256:
d9bff61cb52b98d750c857c42ac350f15c4736c9f1a3435bf8663255fbb6eb6a
SSDeep:
1536:Pt9gUaZNjIKTMQxRsnxI1gr8Hj1fgwyDMo:PQUavUKTjmCgIxgwyDMo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1042\eula.rtf
|
MD5:
2c28a1448583aea4c6e3d8299bca7479
SHA1:
7c4d792956a50ff84d1fb476331362dff685788e
SHA256:
b3fe6bee6d57b91a2b474e65d6d121838bde14366374c722bbbc6335bf4e2c09
SSDeep:
384:f/C9cmOqQLeoXfZZI+d+m6Ach+mnSo/MoN:yCOQLeuV4Mro9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1043\LocalizedData.xml
|
MD5:
694b67040b3b3d25b2c1d376307a5672
SHA1:
3614349de83d25350621c175849298158b47041a
SHA256:
31606d427b2c829e6f846626fd83f20deb6050abc39278f967114f8e9fe77f96
SSDeep:
1536:CndYx7zw+Ut1YudNLmeuZZTtL2FlXMwZxRkwo9j76cBmcFlhhoHCN5JNfkg:CnKxc+UjlLmFXSFlD+9j79BphoWjh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1043\eula.rtf
|
MD5:
611b9dd756eebf9ee8394d120094e2bf
SHA1:
f98c32310521b46797d22f727540e382cc5b5dc7
SHA256:
e3ab0daaec1b88bcabf199350d29df9c6a8dd8c664ed2430d55aac3739518452
SSDeep:
96:3x+VBOVoXCBJtH1i38ix3ko1Xo8xBHCmJ5FtCQJv3gjOgAfGjN:3kVB7XCB7H1i3R5Xo8xVCGFkQJqOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1044\LocalizedData.xml
|
MD5:
f99a277f12c6b1d43bc2f0ddf718ef46
SHA1:
d9168c996fec835c8bd57dd452b3536f52889d5e
SHA256:
c6021abc76f73a321d7dc2eb390b35349b89cecf69b7880c94ae1c29d3bd48a7
SSDeep:
1536:t5ZCicCWLL1ta6sxEVxvk0QZ1NyvngGW1p397ylmurOb2yGqEvWDyTntlu+TZ:l7Wn11sxEk7NnGWz1YabVG1G2bZd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1044\eula.rtf
|
MD5:
39769555e03c7bbfd106c357a8a09b21
SHA1:
093d005c3daf2fd2d7f01860f25e43dd62f99f8b
SHA256:
00f239d1332fb23ee0bba7e024feac2eb96198624a9ce3cc148963970b9038e0
SSDeep:
96:PzfgKeFKY2bJUmD2XHEExHNdH5zqaYfJq/OtQoyDPSH6cAvf2OgAfGjN:bfg5Ff8DoHEmNXz9y1QoyDPSH6cG+OB6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1045\LocalizedData.xml
|
MD5:
7de5e2d52bf7550c49df9b988b88392b
SHA1:
2bb8f6879fa2fc390b2230bd7f6c4fef200582e2
SHA256:
7a64a239249cbbe54d71f85ae7c9fed6dd55523db0a23cf96d755bc6a693f4ca
SSDeep:
1536:tnZTsp9rbSzr89WV9KvT8nmM5ZjvOsiDB0kn/XAWdb7JcRjaOad9rPjJgS9TGf:dO7Kg9WaoBD7CXQWpJejaOsHH9Q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1046\LocalizedData.xml
|
MD5:
1c3b0ca4285e06aa991c6043fb33947d
SHA1:
8166e192ebdee845855ad2952b54ec8dd4a8f335
SHA256:
0a27e2390d72ee15e7b3f45e981daa475b264810abcad3ac92bd6c2050d5fea7
SSDeep:
1536:T8aPjAZvlj2BgK4JByUA/DWV9S0PcMQCBvN1V8Afkly3FenJXK91o:TdLAZvB2BgK4JAD0NPZPBvNr8SkQF8JX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1046\eula.rtf
|
MD5:
44d04cbe5c3f03cf6f1f33add5866395
SHA1:
9fb6fa228e419fd6177f1f1a1ff0a89f9294b89a
SHA256:
9791e171bdf36a58fd4308ab48dd4929af928779f8cbc26d8effc73d5a3fa368
SSDeep:
96:3Kmv3+lNNky6f/6MWtOvoc5mkFL1CqwfUvw3L/8B/Lcf5OhOgAfGjN:TGvNky0jWiowzsbQw7/81YQhOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1049\LocalizedData.xml
|
MD5:
991cade2852a611e8d9ae4659f810fb7
SHA1:
7d70cdf153cacf9ad6bdc961d36229ec78ec709d
SHA256:
9e64c2a2cbd93a1c3b821ad187890c48c451abdaedbe3c7965ca4a7a9123802f
SSDeep:
1536:E+GKlMpezWfzPLN4/rgQHHEPKW8tvQnsE4MBGU0BaeLqEHO5HW8Q:E+GKlmLPLCjZHBQcy7T4q4kHW8Q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1049\eula.rtf
|
MD5:
d8de44ab2109e0c7b073a7104cd717d9
SHA1:
d08fbd90649afc0e5cfcfa9da9ff1013ede544c8
SHA256:
06cfb7c844ba7d9a254873712a721bf953e622634113b68218f8395b83103723
SSDeep:
768:l/X9In0W22GXsh6x8D0Fj8ZGI8KbIg2KqVMmbyJ11Rd5lx7nHGe+duTeDrnHMy6g:lPoXOoDqAGB/FVMnJ1RtHf+dlDTAV8T3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1053\LocalizedData.xml
|
MD5:
0f44e652700b69c60970914b77afa410
SHA1:
927bd600bf9eae0d844fc52c961814d5f6c7df01
SHA256:
06fecd5d37fe8f4856d23182e6fa3db637a2f7579d24e7e7e9b203a7159b17af
SSDeep:
1536:VytbRX7gT6GNTT37hAMkq22utz/blrGmezSOZ36NrhiLlMFjw/DPjbJ9:VoRX4dT7hAdfjszSOZKDi5Au7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1053\eula.rtf
|
MD5:
7e022ad799b681a694d843f407003da7
SHA1:
6a9586c710e5489625c5fc0e91749776b4e92932
SHA256:
366190aff61c0824d3f99cbc4622627c99adf1b7eb50574e847dd748f08d2a25
SSDeep:
96:0GX4Oq6p75h+FOnn+fFm9QzlM+kmL61PYle/mQwSyOgAfGjN:hXZVp7Htnt9Qznk31PywmQwfOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1055\LocalizedData.xml
|
MD5:
8c3ed797c45b118e74b848c18c75b06c
SHA1:
20e7deac4b8637c489964aa3d60851ff9a874161
SHA256:
f94c2d69e120ffa7b7464b4b714e714d51834a0317dc8701d2e5eea6269c8377
SSDeep:
1536:5oQlCnS1Fq7RA+6qjTb/kPMEahOXhZlrB6IhA/g8EwetfMyFv8GLVTTmA/:nCS1Fq7RA+/UBahEXFBA2FZBm2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1055\eula.rtf
|
MD5:
21694733eb17d1098867b369a8c278f2
SHA1:
11b711d762a3bdb6cf861959129773a0f8703c62
SHA256:
1e71d20a34d0432a79836bc162e997c2bdc5496b5a36c8e3099d6f355eefd3ad
SSDeep:
96:80HpIoM3D+XqjYM7Cg9SUxXoZeG9gAinTtKdvsTgELNUQFx1OgAfGjN:XHpIoM3KajhGg9fyMqgAikdvsTgEeK1l
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\2052\LocalizedData.xml
|
MD5:
2a27721f60dd7d8a5e996e35b0af519c
SHA1:
1e34e12e97bac5897422fe908d56d861d85f65e6
SHA256:
58d5de5113637b68d5d899c24fe1d64f86dfd162d3179cac0f5d4584bbc38ad0
SSDeep:
1536:ySyG34LJn4fSTVWGgWtmcMbTrZZ0fa7eZwOoy6sk0VSwC:iG4GcMbTr0a74o1sk0IwC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\2052\eula.rtf
|
MD5:
fce35b457de3282145e365c748ce1344
SHA1:
5b0f41f3e13cdf81b0ba0298d2f916f73ee6588d
SHA256:
283d6b529089305160f0546b66a78ef6d36c725a1fda940de448d0b980a1bc47
SSDeep:
96:rODghDsrb6PYCjSwmuW8LtboWiJ9tJrIrbESDl3bU5y3+BMHJ9DnkM5P+OgAfGjN:rODR3YSvBExM6rNl3pHXnzsOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\2070\LocalizedData.xml
|
MD5:
6694e47439cb1c7d69bd868ba1409e3a
SHA1:
aa2af3e8e4428bb9d06b928519baa86071fe273d
SHA256:
e4bbbaac724a13d285b238cb179271f2fc33db35b639b1079dd1512c2ff94ede
SSDeep:
1536:yUmTGFZyT2+IJlYibCPPd++Mcb7X4xPVjnstZCIi5kouFNOc0WZGzxYUZf/yA47:yUmqzNKXN0V7USuouFNODzjZO
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\2070\eula.rtf
|
MD5:
e0ee4b1eb4a228135e3d77426405a8af
SHA1:
bdb60f6ef83a0bd709385517e0e7b19b8644f55d
SHA256:
f4d49fddc60a538acf641e4ecaa2e6ad8df215acb4855038a239dcbdf415e6e9
SSDeep:
96:HLIKiALiN1F0egIZa5bcIZ81/AdXnwJOgAfGjN:r7DLiNvM7cVJOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\3076\LocalizedData.xml
|
MD5:
b07779b280223b1e47b116311238c7ef
SHA1:
6a55114036bac126dd95117831357a5169992e80
SHA256:
d6dbf7e002d994ded66d2df71765ad0495fb6eb2b715a748ccc4996981011275
SSDeep:
1536:IDo13r1LTI6zkN9zOZO8n3p9dhQHImKOZq5S7WrYM9WbKBtmY:eohr146zAzKR59daoLOTHMBgY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\3076\eula.rtf
|
MD5:
b92c5227785dfe0becc2b6cae2932d9f
SHA1:
57e99adf2328cf047e01276df014160a6647deb1
SHA256:
6ce6dd32cfb002b54cae68d044201cc38b97429edc7a3c0390dbe021b8bad9f8
SSDeep:
192:FCToNVAUcWaMhhWzOV7PaYrwPkK7yHTuRIauEwOBfwN:FCErZr7hhWaV7iYMPkmyHTuCtMoN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\3082\LocalizedData.xml
|
MD5:
de060d2366034b3f193a5498ef99d787
SHA1:
caf75fc30ff28afaa9699581c8d105c22b189a8b
SHA256:
ba22ce21fd4649009d10a4470f5bd9d09efc14fa384526fdd765e9831020a6d3
SSDeep:
1536:Ss0dpHeC0f69tvYBP+v5mGHogAF1xs7b0oBvfw3c0SKlupCBpZRt2NwwaFn:SzdpHeCDro+xmGHogyToNN03/ftnFn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\3082\eula.rtf
|
MD5:
76b133a5486b4efc18b9ee718144bd04
SHA1:
9c25f71a71d65961b11d431e717bea41ac1d921c
SHA256:
ee4bbf857aaa3bb1744b67e49d610d7465fc9d421d0e30bd492b2bfb7718825e
SSDeep:
96:eaLkZILBQSnHN3J8iwYeGNBFsQ8p/OgAfGjN:tAZIdbt3TNYQW/OBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml
|
MD5:
4af5e491b7e36ea9c26b8396a12b1f12
SHA1:
a16152d30fde40adb73a906e52ef756c490920c6
SHA256:
77342f04571919f7ff4fc586b2f8375ec6486e5ce34968f8efd2ed64436dfdaa
SSDeep:
3072:6GvwtGWZxcbFAV3o2ojmztXAgdGvEu0kgilNzELDb2dPMIP:6OEnm2poitXAjvlCiEidPL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\DHtmlHeader.html
|
MD5:
dced6cf08456bf60d2670e4eae14bfa1
SHA1:
9b255c9013d2731fecb53fd014c754c59baf0a5c
SHA256:
d9db17e24de8305706f7f285452b799bd4786a2b7be413367a710a2b538cbabf
SSDeep:
384:v2bSwC274N3APBSWmleHOUeDfvhn8sbRoGHodWGzEmclQFFDMoN:v2X763gmtRntbRo22TEmvh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml
|
MD5:
b45633b9a45a8aa2e35a369c236822f8
SHA1:
86511c56a233c6c71a0993754a58a11a5a55d59a
SHA256:
b9ea8fb8e1c99ac728d1d1f0a30e08d9db47d54ab2b128da2a39fe10433ab035
SSDeep:
1536:eCJ78S6bgLHh4MZSUn+ae5mlL5Sm6BzyjEkQ5/EKjEC+Q8d1cZkJRcnDqNfiMlc:VJYchtVhAkL5SdF11dERZS0zNnc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Print.ico
|
MD5:
12ff3be22a8112c7fe51ee49092052ea
SHA1:
88c83a0ca64ae65056bad8ae97d79d0b8cd95a5f
SHA256:
f9fcaea66a00b3347abbae39e34cd50a93e60cd0ebc71e85b9f2732ccc17c678
SSDeep:
24:e82v+dDF2jjF0PwdwoheNWwOxRd6idV644HxO5X6XcVBziBJrl4gXwYLIGjEA3Qm:ew2ndwo0WwO/kidgROfrGHR4gAfGjEKD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico
|
MD5:
b5b173500d2fd789234b4a0a7b72aeb3
SHA1:
bdc18385d53a2ff4de56f215bb1957540a694af6
SHA256:
a5b8f3258aab8e40f5f4caa06e274587e5c5c4539694a2f73553ba835e09eb73
SSDeep:
24:vKHk+5jqSQL3ATcyiW51i5npI+hsvzIEL6CiBJrl4gXwYLIGjEA3Qm:vKjXQL3mcLi1ilpI5+1HR4gAfGjEKD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico
|
MD5:
0b3bfe3ba6a236c83729c9602ffebc1c
SHA1:
4162373826001b831b1802c307f455bc3f55a0fb
SHA256:
baa2f66f5a520e64540184911ee364f94cfb0f75ad05b105a8cd0d2bb10b2a38
SSDeep:
24:tgyRNH6BcWB2mmFfPfGg8Ag6JTyqgjITtFHwxAppgDiBJrl4gXwYLIGjEA3Qm:t99WdDPfMTCePp3HR4gAfGjEKD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico
|
MD5:
c202b2887de85a64141ed5f9b791c8ce
SHA1:
ca1e6c46fa5e3fe836213f51ee272bd69a52f9e6
SHA256:
4e419f7b5ec4c96f7a925ab4bd08f9509be03be93897b7c2d9a6981a2e281ddf
SSDeep:
24:w3Iny12jqN1mgRnupqiexGF4keafDG48FnqIkRyWFhLT8SM2CA/iBJrl4gXwYLIS:wYU2jSogRnuTp4kBfDG48FqIkRyWFhTG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico
|
MD5:
b44a30e98a76db7709477f45838e1c94
SHA1:
e06f1a38b4bf135d99428a5fdddd4441c01c2439
SHA256:
09f1ef5222f05c55fa89b6dcb2ebcd6884c8fa32fd2f8030f94de3756b767232
SSDeep:
24:QrW7d/SvNoHFvgJOwSDgegF0gCta4bA0jiBJrl4gXwYLIGjEA3Qm:dpSvVFygegF0Nta4bA0WHR4gAfGjEKD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico
|
MD5:
14752dab7d692eff6325852628bd5860
SHA1:
309774990d8af301de47f65247614db04b5c58d3
SHA256:
9ffde8e0724281077a82106aca0839be9d90c214efde61784d8e2b4f2b2575d5
SSDeep:
24:j38LaiDKu1x86ecqzqcbWnkjZ3JRKZizs4DmlH44l0iBJrl4gXwYLIGjEA3Qm:jMLaiDKu1y6lrcNjZZRKN4KlzlfHR4gh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico
|
MD5:
023b46253f95318b3bfb2cf58df9bcaf
SHA1:
61a457552ffe25e58b5d94f109911d8526dbb497
SHA256:
e20525bb31769d45bb55e075932b5bb01fd0181dcfcdb7b301dc928c406c7002
SSDeep:
24:n4JcOGuy1tvTtNXU06uvhmAPCYWsrZIV7fAiBJrl4gXwYLIGjEA3Qm:4JcuKj1zfeRHR4gAfGjEKD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Setup.ico
|
MD5:
e7d3c1029d8f1de5ad33bb10101a85ee
SHA1:
57e37ce079e8abcf318f68af62e4729c828a0813
SHA256:
405c914ba547b1365c18887c6b8ba79ce4b45d2736d638f3da8ff61749400543
SSDeep:
768:Ak0zuqmckRECOy2364TkmscCLyf/Pu9uXponSni2VwGsGXb:M5mfLSTLs3LaPyuXponSnhOGhb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico
|
MD5:
3e9beb7e7d6a03383a852911f0cecff7
SHA1:
ba12fbbaf5072675f2530c3a8526f4da0dbeb72e
SHA256:
390ec50e001eb2e6d4e1fb47e6aeb612e478f88b37fa9b5116f2fa63e8c0f77f
SSDeep:
48:v8nLZcQG7zf64ITFiTqj/i0PPZArLijHR4gAfGjEKD:v8Lmhi4cQTqdPPZAXsOgAfGjN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Graphics\stop.ico
|
MD5:
ef357766d867038e163e11d9c6103a7d
SHA1:
629013377e51f799d964db7e78aab7697901e031
SHA256:
9f53993dbd0c4295fbe5c79ceca1985b609e0b227476a79dced6ab30c0da2803
SSDeep:
192:Fzw+0MC8iltT139FwcRKnMYl1nTwNeeKX6QekOBfwN:hdIPT1PwcRQl1MNCX6QpMoN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Graphics\warn.ico
|
MD5:
33df0f9c0e9083b98d5b2590fabd7e97
SHA1:
89c3c9e29c3426c6dd6d9bc0d5ad84b175397d7c
SHA256:
4a88f7eb5801c548026df299dd44f10570b92566f492caaaf78af14effecb1e3
SSDeep:
192:Sr7hIX+/cdBaI1SdpIw3Bz50qZF0yXmtL+mq/c28KDgxy67GOBfwN:eSX+/cCI1SfIgBz6mFIh+nc28KExyAGl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi
|
MD5:
6f202e04a796cdafd601e5b17d81b76d
SHA1:
45fb6f9b571ad6be96f797f3591bf3723bebd326
SHA256:
c61f731d3ef5b31f53adf4d085b16cab43f50ff039afe25a222860d4a4b6f6af
SSDeep:
3072:s0sAq5wRj8WB6WVzznyvI8bk4O8BqC4usjUVQzB7m09g47aEqPNWZKq5uXp0N:w5wVf6WVzzR2mhuE99gVEqiB5cS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Setup.exe
|
MD5:
01d0f2e0144ea11cb61df55984c9cfe8
SHA1:
3a380dc16283af1506b6b8b4be6433b89370f05c
SHA256:
5d31cac905c38319b2546d3ae5355ecb426660411cfaa8e65d44542b8e156bf2
SSDeep:
1536:zYCGumqOjedukPs5kNE3X+ImdixwC/SngqRUi9NUtFIABF580SqGCQ:zn/u/SNE+ldixwsSgqRfNUtFIABXSxCQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\SetupUtility.exe
|
MD5:
ac3855816862849c15e00a20571f1f8f
SHA1:
d395932c59c6a7e1c2348af8629e6d18f0914cb9
SHA256:
e8e2be50daa7e3f1ee08337ae81d0c28a411c142e3dd2482f08edb058b6a64c7
SSDeep:
1536:5dA+S2rYUTo6L1jpWqwo0WEtEsRLOrxndjfNfYMN5zRRFaN5uSEas68ZX2:59SrUk6LPWqvnETLOrxndjfNgWf7RG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\UiInfo.xml
|
MD5:
0e043e5f2411d1bdc0dbbe0227a0257b
SHA1:
8d5a38602943794489bd0b02f2c63a44fb64e52d
SHA256:
465fc70e00c180d7668db91b3b4c2b2ae89df4ea70917bad701317f200b8401e
SSDeep:
768:QCilEC57knOsn396zbp+fgEdrynZkSdCAfJywlsfd6jxhetI4KrpgHQS:QCiqoon0FdvRsi4dwS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu
|
MD5:
5b40cdfdf05fdd19b0a3d334d113eabc
SHA1:
4568d98e751fe554b20b31ed4c67745ecc41c7a5
SHA256:
2ee92805496363e95d08c4a1b9dd201c5c98f153929ee50e55a1330b6d2027b3
SSDeep:
98304:6uEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhle:K3ZBkOK2Knq45mY4H5OMKkKzle
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu
|
MD5:
c55b26ec5d9f493c6ce79ed9b6f6ef43
SHA1:
f0d6c579ebc2d6c621e67b88cd6c3e5cd068f4aa
SHA256:
9ff24fc09e5f69db94431d0512b09e2e68022b8b4e16ec97cf96d2230c52e2b7
SSDeep:
49152:VF6y7Tb7T6YV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0e3:+qV4YakTo1PAdXZzKUYxs3pKZnKxfe3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu
|
MD5:
660159304d501e561b17336c17d67cb9
SHA1:
15c7086cc41ed2aefb8d1014b5bae078bb65b032
SHA256:
85bc708bb1491b130abf63e1e8cafb6f522f0eddc667df4c567c03b7aa373a91
SSDeep:
98304:gQf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCK:V7BBHTK8KXZ4UuY1kB1iKFKmp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu
|
MD5:
f912582080e601b24f6aa3cd06f6f0a8
SHA1:
cbeaf69fa8b48290af75c59da787395d8d9fa4b5
SHA256:
dc30baac98c6e14ece596aa5f337a645eec0134af635c9e6d57f20df5fc7c7a3
SSDeep:
49152:5MaP4UJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNr:5MaP4UJneDGnRau84KUYcs31KfFKzdNr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\netfx_Core.mzz
|
MD5:
432b4cdbbe7a2d0728eafcf4cd612f6a
SHA1:
468169a0fb2f214941af813bdf8156c24cba71f0
SHA256:
d57dab1ef24f734b7e6a530b6b4b4742a16face1ccef5408f6bfa5f5f820a82b
SSDeep:
196608:QV04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:54Y7qZ3CwFISoT46ooP8Zyz+hm6Mp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\netfx_Core_x86.msi
|
MD5:
72b6ed6a29bcf2be4c5f7422838d94b7
SHA1:
e383d72188548a5b17d6debbd77da5d2df3d1a77
SHA256:
006273d58aee4e851eda52d8a69481d53b8634428fee304178293a0d076662f4
SSDeep:
24576:I75RkMO6dsNbQXcUwabPx9bswH/fd6pxro:CRkp6d+QXcWDsK1/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\netfx_Extended.mzz
|
MD5:
5dfba4b81f267a9e9ef9b3d284621bad
SHA1:
719ffdaed0f5fe110a94a99b9a14c0e6217514b7
SHA256:
e5d717133cfaead66655bb9332081c6408fe570d98dc24aeb57078cdc729f4de
SSDeep:
49152:bxpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwTse9Qo:ftZKH2mALErq2nt7rvfI+vZpfQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi
|
MD5:
e43d2d9c334997f5c2576e0fa8833656
SHA1:
5125e7906ab3890ef1c1255e7ab77b48b5ab772c
SHA256:
73739c4b867fc253bc5b4880cec42b325cb295775c6d89eb32d72d41bb211078
SSDeep:
24576:UCoFG96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SVW:UCo86dKQlc4Fc216XmSI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi
|
MD5:
128eaef958e4971b2e8b16e9b651a249
SHA1:
3139bc57b1a70cbd1ce7e2b6e3ffc457e2f74e3d
SHA256:
b9afe75deccefa4d2916c6cf35a0ffca22d04deefba72720e3c8d33f8aca05da
SSDeep:
6144:lSKOY1Ce1wx8+2Pbeh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBQ0sx:6e1Y52jeX6sEsNz7QXcFxZ+VhjEr6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\watermark.bmp
|
MD5:
9c86c3276d6d02f4bb97d3027adf8d83
SHA1:
bcc8a73feb59812113600db133428f22ba934a3c
SHA256:
e8b3acb52167645599171ebe41f3fd82e55d6e76039a75038ddce8a87c1ac1f9
SSDeep:
1536:252LSQHYYISe6ZEOM6x/cMWw6sINdE3Tc97Cq3lLFLxYWhNRa2TYC45ktZxTeITX:jpHYxWSOhxEMWwuuh+vdYcNZakfr1Id8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Boot\BCD.LOG1
|
MD5:
adbfe786f24345c6d2622cb5a0fbc1fb
SHA1:
b2771110a26b3dd9d3a7e56bc39aa0f71902285e
SHA256:
2d66a588a31b2befec741cfb3e7546b44e364ccbe54849c73883d41f4000e5c2
SSDeep:
12:P8XJkiu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:UXOiBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Boot\BCD.LOG2
|
MD5:
4850924c55bf31ccc915864df26bf6d4
SHA1:
c27dcfa6a31500a98f30151542f5dc15252e6d8d
SHA256:
6f7051419e8500a82ab2a60a2093d4a7216f85dbc53691cb566a1c552ca5ef31
SSDeep:
12:d2iu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:MiBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Boot\BOOTSTAT.DAT
|
MD5:
6d5333a84eb65b8bf9481dd649132c1d
SHA1:
1cf431294b2903a1181cce4273767a365183935e
SHA256:
e09c61e701666fa7533331d2520a7ddc6fd4775fdcbf7d4746e12b83c3fc9433
SSDeep:
1536:UIKOUBd/UjvEBS1MjwHrmrhNKtsKsX9tyvEwMLje:sOUn/IEM1MWqNXX6EBO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Application.evtx
|
MD5:
7704c9e196a6b08739cfb4e6590cda8c
SHA1:
30ad3026eb28a20518b44a0b9858098af8a580de
SHA256:
d83d90f5683d554652fa6ca2ff1b350487b5a03b2fddfe238b8c5a889109ef48
SSDeep:
1536:pMECsypB6AvoqaIQMAslcQWb9XFkZo2Pu3MvFY27p13Lu:OETyp5vo7MH2QWb9Xwo2m3MvFV+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\HardwareEvents.evtx
|
MD5:
9598d7c850e0d790e06b4464b40fde96
SHA1:
5cfceb435c25d278832ab2d633d338f69c4680cd
SHA256:
e995344240c069d517cb22755b84959c63944ea0378ae9a44715a9caa433588a
SSDeep:
1536:8/K/W1/6MQ5PPuiUNBK6nSsWpODoq1JBrOh6u4L9CLgf+gbGDatDdTlXetcXl:EKY/VqPPaqcYpOkq17ry6u45CLgGvuPx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Internet Explorer.evtx
|
MD5:
3ccb82692354471dcc516ace6a921009
SHA1:
303750b3e06c821bfa707befb182c1061486c7cf
SHA256:
cfee755a92f37a9c551250034469d76f69dc058aa2c1fc5f502f21afaee6f5d0
SSDeep:
1536:UXgSdaAdX/pLPpALpgpCAejBSFknwjyp06FEMhscAEdEmyxL9b:NS3VpPedkxF0w002hsSdEnb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Key Management Service.evtx
|
MD5:
30f1bc35039a0b371540a1782dc37c21
SHA1:
2269a13b07776dc11e7136bef08d67e473e149c3
SHA256:
476c8f1f9f7cd54bc4ac6971288667433896cb6aba5277c12fcf1e6e946e991a
SSDeep:
1536:+wXDkMNawq5NHC+CpBpxBCVq1xtb86a5hF:+wNawqKpBpxBCqJ86ah
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx
|
MD5:
f8b7d4316c75d2b5786f86b7feaf476a
SHA1:
bd738322e49bd04d7dbcbe0bbe322ff3f89d1947
SHA256:
4ae75c879ccd3ddc95ebca0daf4209557052f6ba4efe0b066d8589fad08266f6
SSDeep:
1536:xow2+b2UuixSurRSibujcYvOrw/zzQB1tpri6:ebCoa+OrIQHri6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx
|
MD5:
ea8d2f8058e013e6db27e7f679bb4252
SHA1:
fbafc9a9f179d9fde6e1c75335674517b7bf8dd4
SHA256:
1fe6622d49fd1504a15b24f6f3269267b515ecfbed4e19e0011a209110146260
SSDeep:
1536:VaoDIhQyM+68qA4Gw6zjbdRg3I11Z4kBVVhyr64Y+CyHpx+SnM:UoDCpFqTGTzjbLgMNVhyW4FC0pRM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx
|
MD5:
ff413259a2ddddd5916da8df030149f8
SHA1:
33ff49d80c8e23ae4d9d8073710e8ef5e00e48ae
SHA256:
4a3d819928c0175cfda2f814af828a8ecdfdfdf0dd2bf32cf1d0ef65195600b0
SSDeep:
1536:Gr0WnfOzIlO17cPYZO/TyfiXn9MAk3yID6ahRJ68g56vBi/nVYkh:wfOzI01oPYZNiXn9yyta/0yBi/Kk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx
|
MD5:
4a4d4bbe8e37e9bbca5bfa3f68999795
SHA1:
4e7621ce19252618db807f6d340eb21ec8c39579
SHA256:
39e899c09f7bdadce442f78b8090f723ff43f99c0df5e152dd91272a21e592f1
SSDeep:
1536:OPQat+1/GEKEeBdu38KNgWr7f6JwUiqXTEJXFusp/DDseAH8dY9UXhW:xl/2Eey3Vge7f6J5iqwpFusRecdQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx
|
MD5:
0644ca32e6e6d874c11e608f32578773
SHA1:
74017d4dcdb781319570fec23951456a17e13250
SHA256:
c9ed1bf58712a79fc301422281c68b8339a440a408aa1f4bd9ad05c9e0ef0915
SSDeep:
3072:UZigySlghKagnT2ZwlQtKfzIA/dgXIP3TIsLZn0yivBDSf/zHm/:UZkcd2WlQtKfzOYEsL+ezHm/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx
|
MD5:
5d811482aad80fad7fcc8d7674bbd4e9
SHA1:
caed63635d5d9fbaa68b73946e74d44d0c3f022d
SHA256:
7e7a20897c3774b1c877a355df820c918fc41c43a062229c3fad8fd75882646a
SSDeep:
3072:LN3jLbHFDfQFx425VogS5OYPLcsMPOOuzJCANS7ebOKXQbwkqBYxbJ1OAzLU5vQd:LJjLrFDQF7ag1owhm7cPTD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx
|
MD5:
f7375da8b065a4ba89c446bf9b30d015
SHA1:
b673d2bda3b50a34bf9f8ac57e44d55709b6f919
SHA256:
7cfb18d15d635d2a358f925685a17a0eb0bbc008b0313da82fb800d9b4cbee9a
SSDeep:
1536:GPGd1YyOrbj5Y/vDKt4pugf/cmU1PnuQ7eNT3Q8huVplYpx0PNO4Ja+EmNU5vAT1:ldaJNm7KtOugkfe93QSilkx0PrJCRe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
|
MD5:
73cc6170e11b2f29af7b3adeefa1b1cf
SHA1:
e0dca48124e24654ca25646ed37327a07fdf9d91
SHA256:
8cbcf8b86dbb2b44b24a61629604712e49e390a7e5f0003d717626a25d7c3c2e
SSDeep:
1536:VCn0WgjyG6uTX1jnOzf0NxIJySsVA2FO/bexv5EfNlABF+4Rhh:w0WgeG6eXdOzfhySsXFO/JfNlABF+qh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx
|
MD5:
752a35ee693caa32d657618ab676f731
SHA1:
49f2f481cb4397678e272a2ab740034bef50bba4
SHA256:
5268ce96deca6026d6e486dc5eded5be2dae24989a5c48f4903b3e5571833f3c
SSDeep:
3072:NKqu31HvWCeLrkSTY2LAKFXZvpTZKPJ5r+5CJn/X3dlvwrTzt5AXqtclb7vF1ruq:NK51vWfkSTphXZd5GH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx
|
MD5:
25b2bb17162bcecb7dd68458d3e79b11
SHA1:
f40cb506efa2bc5c4e097891ab8393ee893e95b4
SHA256:
cef4278c29b29d389499f65d0f9af7f766eecfdec5fb7a364a1aabcefe2e719e
SSDeep:
1536:xmFS3LFLWO4aeiYUxlWU4Oom6XtpddFmwQ3kF2p6CXN8qhiau:kFS3LN48x7WUDom6X5/12LN8eju
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
|
MD5:
415a07f1e139883eb36daf2ba96d1645
SHA1:
6d13157d8a49d59d85018c18fcdcc27e53b2c492
SHA256:
8a614005014ee6321f57b831ae7533308d52e67c833b4db440d966c74914c4b8
SSDeep:
1536:vwHEY0gpzv9MW/JKExH4mORm8uJvb7wRz795HcJOe2Bo/3XyK:vsELuF9/YExH4XRm8+v3wb1ffBo/3iK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
|
MD5:
6a659e83f1328d415deeef8e2cc39408
SHA1:
7a1fc2afe9c16b6c3b993db5b2859c8e471b0d83
SHA256:
ed874d1dded3b6154632bc6b85fe9e148d64fffcab2903af253c09fe74fb02b4
SSDeep:
1536:l1rOtT516kwA3m6QTEslu38DCORTKrMLBGFXlCEUJYD:l1rs5EAWlxus1Kr8YzUJYD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx
|
MD5:
a6b3bb8bd9be30519f9110b244d6f3b2
SHA1:
e739abe0b128791bc37a6495781f63c1666a1569
SHA256:
c43a77c57aa1e5db15e059e4b5c7875667d5d9b8ce484c96ace14186e520ecc5
SSDeep:
1536:6G0opPj94G4v5jz6TqKUe5mj/VlXvnNUhYKoSfMbrXcUm:6G0i7p4v2Wes5lXvNKYKsfX2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx
|
MD5:
9307094cc7a700b5819c7892a16cf662
SHA1:
86df87c765119cfefaca981059b6a8ffac5aa419
SHA256:
1834992c41a6e13ab11d2e66d5b2be85474d7cb5345b0071859d82f5017f624c
SSDeep:
1536:YAZFIBFZhXOuInZeiIYJ0Px+bTcFiHHwWXpnNw5KnrQpCkp+h:YAfIrZhXweiIecFiHQ8pyAQphA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx
|
MD5:
28cf37d6b3f55d8800ae788fdf5b3b22
SHA1:
4f81948b2f58829da0cac6a3b75e35eef7e290fc
SHA256:
62c90afa02f3eddd76bc7f149737322764fcc7d74f8e64abecac07f0826dfa38
SSDeep:
1536:CJ/dFZcA9yDQ0cJTGEy4aixySq6GdB5gCKTDVuI4o2pn+:g/pcitJGEy5kdiO++
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx
|
MD5:
12856b2a7717d38fc33031cfbbda9821
SHA1:
4219b31d194710a72cba76ecbeffbb6ed8ed477f
SHA256:
11c12fc9eb73230e6f0743f07e356a3e32201aecba0c757d08e23f13ab359ac1
SSDeep:
1536:Flql3R/6gN0cu5ELAQnPiSoI2mw15MubKv934bu9RMK3rsuYYONt8ZAmGC9TEMe:Lql3sgNVKELOqwsuGN4b2MYsIOcS7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx
|
MD5:
e640fcd8cc59e413f0f39fdd9a119533
SHA1:
807dae662a9b794be7b4b36023882846eff9cb39
SHA256:
d38f277ad9df71c68eb9eb8a682e1c9f6ebcbbc5c80fe630caec029a80e3b678
SSDeep:
1536:Nwi98n7qU8nEWBXM1r0YkK4PKEriKrbi38oLRd6OrmLerU:di7qPEWtM1YXFiEr3q38oLR5KeU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
|
MD5:
cb439a4ece10ff8eff601590bd55f3d8
SHA1:
f7a162c70a81572ec44242565ae073a20f56508c
SHA256:
5baaa5d7e0cbe99e26ebc44e74007c72c961225e0cc923653e9782b3527b61fb
SSDeep:
1536:hqe9WHTU7Pe7YRkc7AlSx48b6YRTKOcOgAUmwKOOfk:hF9Rjugku/RRH3RAsk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
|
MD5:
c6118b1457bdcb27717ce70eb77fd369
SHA1:
c5f661f1f42038bd95313e5b4d9f2f69a121a481
SHA256:
afeca38d4949215fb0293a6e9328e204aae8114ad8cb30a391dc53288596e6c0
SSDeep:
1536:8Y2VZvwcxT2cF3DbZZMXVuj9AQV/CAmIRsVcacD7mbfslrD:f2A6qSPZuQj9B/LXvasabyrD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
|
MD5:
fddefb41d1ded41ee5bd21ff69c3e46f
SHA1:
2b096baecd1d4204c4527ba0c22f5a0b16ecb19b
SHA256:
ed1801415a70cc497018fb4f4800d16e19b5bd10e10e51ae7e9c0b8b8dad6346
SSDeep:
1536:9k1ZCwXxV2Jqfa9/o66KDiiy1Mxp0hoY6T/LYY:97wXxhy9/oXIiiy1MD7TYY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
|
MD5:
23bf340eaafe7e9e425e7f4a6430bf89
SHA1:
38621cb346b4e8717460aaa94fda260878b1d9ff
SHA256:
366f308f8079f3c4136c291eb4c26931f22c01efa36c6116eec7644b95f1ca97
SSDeep:
1536:V7ABBXlylousEpeof1viMJErmGuFZPfAvX7/rZxuydmJjz+ajefSgu5j:SBXIdszoNvn9Gu/P4vXb9kMmL6bu5j
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx
|
MD5:
1b35a888729961c164b80946ebdfaf82
SHA1:
955baa840709d6db7ba0a92b797cbdda68fb7852
SHA256:
145be9a1c9082e206384042b84763be1ccb011d70b506cf8f6ef40d285132c38
SSDeep:
1536:4ZEecFIKf4wtldfRheD+WXW+KuX333E6pEGaHnC/6G/EWAKzIRsCu+1IApstqC3S:4ZEAKgIRkDPGG3U5GaHCHMWAGIXxL9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx
|
MD5:
3b92cd455c159bae0859899ae1b1706b
SHA1:
89f116128d44e108be3c49d58fc45b892e7d4097
SHA256:
f2328888986c670f32d363eb2e80a57fa767008d334d1089d897b15fdd699061
SSDeep:
1536:b2KpzbOUdk92eThM+vZ9b5nDflbfsqbKvO2AE1pOgoS:KK9yUA2edMuJTJfqG2AW5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx
|
MD5:
6ab7af2b8a442c98700fffa74b7cacb6
SHA1:
9540cd27c90a1cfc9742c0126916575b890ff3c7
SHA256:
3cccaed6f87312e1ee7a5c00aa71611e577cfc6d40e787452cd287a9c1a2427b
SSDeep:
1536:6PkJinztKCHu++NC0DiYU1dfGu3wpqYRtTtKGnqcUyjB:+Ei1Hn0DiYU/feLRtTtKGqcJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx
|
MD5:
85c8c0c1550ff18ce031e25734d4cf30
SHA1:
9f34c83fd45e8990c1873d3a4d14f1f1faf84622
SHA256:
475814a9d0c28eeac42a159e766869d246349ab67b88261a92faea750088ebe8
SSDeep:
3072:UXzWS84VJE+k5IXaoYtMLKJhjqUfmBR0esIOPmSk:+zWS8KJE+qt8OkZlP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
|
MD5:
e0317592542b37c1e24c3264201c9aac
SHA1:
8429434c3ed6615841e46c665380ada369ccf403
SHA256:
a99f1df4f71358272416474417dc41196e56f6de18ce0e2fc83b527649fce292
SSDeep:
1536:f4dISUDdX1CeEtc0Ov9QBh6swPolqtpuvjEN/GQlaMtzp5ZrGep8:f4mblExO1QrU/uv45GlM1Zr1p8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
|
MD5:
a4cf426825f90d106f2f367766ec3b16
SHA1:
6f280040e5041d5b6f78f6f970c9abf494a6edeb
SHA256:
72ad31e1c8928e00e9bbc811161031691209500ac171d5269307eda293d3f4b0
SSDeep:
1536:D/fqUDZ4bpry5MI8dFyEqYjzGl4E8r48a8PFtnB494bTHo/Bej68KAsp4Iey:7ffEty52yEqYE4Xa8PFQ4/4ddfey
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
|
MD5:
7e32a8ff1ae7ec103f2d76a5790c1b83
SHA1:
1e02f8a7e312761edb1fbfb9aba2ea78be08d09f
SHA256:
f28391cb9aca1db487f843ef32867d28fbf77c7237430b1a5a17b49a26ae7ec6
SSDeep:
1536:vadC5yYH5K55iu0SJFTI1hNkR2rKZPRX6bjouxssXyRUVhUEe:yOu0IFcnNkbPt6gsYshUEe
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx
|
MD5:
b7deca115c3b627a2581d14338b19387
SHA1:
df3c80df1bb0f28b7f3aa0f5d11cbe24f5017208
SHA256:
662813a0bc1f0b84156ad0ba9a7854aabd19cf21681392b11b8f82d40dfd7a23
SSDeep:
1536:T7hy4OSgSFhonWCWEubCxgf9zWu+jevkS1ZxSJIpA:TU4OSh28HCCzOCvp1ZIJIpA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx
|
MD5:
48e71fc9f58a754b3e3cd7a35b8cc9dd
SHA1:
210ace18e310c9026e72e54e870a543b9f29d744
SHA256:
a7ddd3e2f6ea2ad7cf395bf6bf175ec0793a710f7c3fa10b12853135c7b7426a
SSDeep:
1536:8+XQDshZStn004pe9cHszd33RzNVc/SGKsvpZXJitKDpoFbz1B:NX1hZd04KYspNNm/SGKOX40u5T
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx
|
MD5:
9a730e4b2a4c837f285062cc9ebc8592
SHA1:
7673a76cbc1f09f3c310a9367f1ff6a94dd3735e
SHA256:
4a38b9944e01736a3e74b9597a604bb980c03aa950d1ab7a4e58b8f101020672
SSDeep:
1536:BUc1n9U/SzGGZdP+o16LPa0/Ogj2M6jjWTojyqNIYn:BgDGTPz6LP3Dj2HjjWTojyTYn
ImpHash:
-
|
Access, Create, Delete, Read
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx
|
MD5:
5401b768b5da6170e4ddfb3b5642d781
SHA1:
141d22c2f02f0e4eb1a603ca76273abaa1abf0c0
SHA256:
6118fc5caf0ce758a349bd19d680771cd072234e69bbab94cd9ceca8aae80f86
SSDeep:
1536:kd+fiKKrASPkXrnTJyrQHEYftfW73XvWzr8/MxwA6QVwA8Bj:kd+zKcXrEM71fo32wT48x
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
|
MD5:
41f0ba04a86319a9f07cf3526af661a2
SHA1:
3bf139cac19e8ec5d5b1874e96bdf30aaa3c2a37
SHA256:
709d2f24aa0394225df30098712b46690c0d59fba370ec27b802b0fbc504c8ef
SSDeep:
1536:D7tDWh+D4aFL2vNvmHo8D3/9VkodAipKWJt+WoqhsfRJbw8a5vFFh0OaP:D7tDW8MaFLINvm33VVkodoWrtsfRqBFy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx
|
MD5:
0b1fd633e2a51cf33fa231c48e00716b
SHA1:
cde8acbf18c7a99f1533413d6858ec2650589369
SHA256:
0f4c825264e7d3134a50ced189041b6384f31060aea69834605e27def2c56d48
SSDeep:
1536:8OGGaSa0QF80nuhdnei7odrKs/CGP9Z6nrZ0NVYC:8VBSa0QKoEnesErKoCGPKruLJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx
|
MD5:
bd335cfee567f4222ff4e3aea83d1c63
SHA1:
54b09a939b628126a95ea66cd4caf4fd4d46ec39
SHA256:
c7e57cfd29c5800dbe1fce955d4d6de21b4f670b3bd30e5bfb68005a70af382e
SSDeep:
1536:M1MUwNk+ZQCa9i2jU8JYBPdMU++U2OfzGiph+WIjRjKSzg0y:TTuw2jXGB7Ujxh+1jFKT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx
|
MD5:
b0bcef555cfb89560210e216846e6d44
SHA1:
7b5b236f8d580d233d392ae9db618604041cd6ea
SHA256:
afc8594e951f848be5c7906385472d3b033b34c8b6e566671c1a7fd6595d5f7f
SSDeep:
1536:+jfBzbQQ7j689ALunGLCiOxNBDuiR91TiCO+1X0WqxiPXrRDn:+jfhbQq6qgunmuLCA9fO+1X0W51Dn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
|
MD5:
41a472456cd4491851ae6ffa1509f5bd
SHA1:
6d1a795dbbd864da12f1f696ae9f9ed963637e78
SHA256:
3847539b1f9f15da7261705b30abcecb7471d40323ec5a68752fe11594450687
SSDeep:
1536:Z+fUDx2xomCYenA4HZKx/6TGsT8SdMCwa26Vk/3qaxkt:Z3s1gnAiZKAT8JCwvbk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
|
MD5:
bdd26d53800183cc97ec5e24f5bd5b70
SHA1:
e8620d51c3ec618fe2fe417f77372eda84126fa7
SHA256:
cc229892ca2be7c368922eb4c7639f56600ced2673bce60bfa5d85c435b5bb48
SSDeep:
1536:RO0YMW4FCyoYsNyGdPTWhEjzldpbltXqQ9Bx7pe75SpaurF:y4FCy2QGdiGdpeQPx7pe7Epaq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx
|
MD5:
98234d097ba33072104175443410659c
SHA1:
c327e636c574c7e8355ae90a0f32486d9c20700d
SHA256:
a12e713e56d0cd8fb4d82cb00b1959b4abb2bfdc043affcd12072f88e2ffbb6e
SSDeep:
1536:TpIIO/62q+/3+d4b8lsGT/RMow6BG+30uurrpl8FQp3WN:TpIIE6jN4b85MXkkPXlhWN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx
|
MD5:
91133c906b181a57dbc7321d2be8cc64
SHA1:
090de3a6b043bf677c2fecf693013b5e522b0a67
SHA256:
d60e58e22f811f17f36f19871402dd78072c2ec6d09bc21f8ef360133f4899c8
SSDeep:
1536:paRpe4UTdCGSwMFawb1UzJyit4BAdVfiTquKBcDbj7Qa+/pytj++FC3Fg:pgA4MCGSwMFJ1UzE8MAdVfiTzKuDR3FV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx
|
MD5:
28ddce5f73e3c295cfc761433ae8124b
SHA1:
d69d747eb52c4974306a4b9dab1d1256fb131e92
SHA256:
b6a171f847aba06b3f385d17424f84cb83909be9d48112ac0faa413d4ea7f781
SSDeep:
1536:NRdA+K2nYBmGsWXDRMRf4uPv2GWpAdRADIKh6f6yN4wXF0czuukrYvP:NRdRK2nOsWXlMZ4Av2GJdzKh6SyWwV0I
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx
|
MD5:
023e7739c33b451c6656d7c8cf6e2887
SHA1:
06a2fb94295bd92a6b39228196e8431beba12aef
SHA256:
e5aac77bedc8af36617b2b6c0183f924844cb502774ef779df292b0f0a6d2062
SSDeep:
1536:4bDJTib7DbafrJ0r85lXIpCTszTjQjjasgNYb5rfeJypopdzb5a5GGb:GDgvDbw0cBXynQjOJJJz4Gc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx
|
MD5:
3099b68dfdf93fa95c9808f98d79ea5b
SHA1:
925af13784cbdfc96a2e709d932d19912e346788
SHA256:
fd5b5d80ff521405d2d9db68c916b5e3d2784f2776c7e19c8e321ea6cd78dd53
SSDeep:
1536:seB9Ol/L7GDiD7JAFhJXMz47faKo9kmX/pxjma8ACQMVSrJK4n:sK9Ol/4KAGufNcpxjpkYJK4n
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx
|
MD5:
1ed7cba5bea8e2e6d709a6d7c0d92fa0
SHA1:
47b2b294d46f34ca86b021db2a7b17b327407baf
SHA256:
abc224a321087da4a905fed9ceb255105e3d4582e188d495b0fbf4f68863fdd7
SSDeep:
1536:UbFY58dHXx/NzfMDzXw9FbPeNQDNhmbnewtAbNjH+zG2H:IFY5aHXLzfMDwVaQDN0NUr2H
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx
|
MD5:
3252127c18a5c17b8af2e2dbb751386b
SHA1:
b564f350f9746971704466fae401cc54b275149c
SHA256:
392336f84048d5ad2de8eb5f81be9b3c2398cea763e09d7eb938746a4de1b993
SSDeep:
1536:H1hWd69WSPx9bI85AA4k7Nx1Hw5Rd3U6CGDeQH6+d37LbYb:H1c815zL1Q5ngq6sPbYb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx
|
MD5:
a7989d368495546dab683b401c087967
SHA1:
3fe2743372cc3b5812d8d1b050fa418b5b0b4a00
SHA256:
0c4ee8517c76ff2d2617f27ea109e4fa64282ec09051ae4f3883a31ec72d1c06
SSDeep:
1536:+ChPYDzpZZuPO4x4WZB9R/BdgA08iSaj+1fIOMU1JNkmHnor3v:thPYDzp+PV+UBP/PgAy+JIOMGsmIr3v
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
|
MD5:
1efa650c02efe121acdeae95425c0013
SHA1:
c7dd6923d6af001c2331f2dfe82d68d96757b08a
SHA256:
54a7a95674bb1d792225e9189dd6c5b10074c1afe46d07247c9953bc15616600
SSDeep:
1536:Mx9Z2X+9A2NX3LX+bcDXaPJ0TTjr+22f5Np/J4dLaxav:MZ2X+9DNX3LX+bczah0TXrDg5Np/edLb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
|
MD5:
b5f83cb1ba16b1fbdc9480fe006bcd65
SHA1:
ce8f9336ddc63d009aa3d752367d3a821bff5a31
SHA256:
912be61b77f2ff2ab5c8894ac6d65c45d8dd4d913080d4a76d40ad31e5bc5003
SSDeep:
1536:y488ZkF/NqQYegQk7x2slv3vItJTZiu7ipWj2rEseUq9dKPxBH:y488LuTAfq8JwvfdexZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
|
MD5:
c545a2771911b7ea07fa74e22d0d76c6
SHA1:
59d038a0c7a4a4d75c7ec10960e0b6d4ef14837b
SHA256:
49e1b7445fc8d5f44d5f6dbe05734ecf3caf7e97e2d3b8a20fe5d407a7bc75aa
SSDeep:
1536:B6abPYFmbqOYClyn9p2vEVKevGiP3FqMFkv+Bq/3DP7:B62Dtd9zupVqckm03
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
|
MD5:
6e4e81c5bf97a62efd77ea56b3118dce
SHA1:
7faade20986ced47ffc13286ac3b2daa7e2c25f5
SHA256:
c66ff3879128e95bd422c5671bbd5047a9b74994481f35cda8d991ac08845446
SSDeep:
1536:eqnn5TbzNSO/Q9XpD1A0hqxYOOmIKHFmCnMLK/WAdvN0LH:TnRpSVXpDW0+Oz0m5LE9G
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx
|
MD5:
a0eda7d7cb1bae5d74281912ac7bf9bb
SHA1:
5f2649631653b71b2042ad59ca235d3949bcb7af
SHA256:
3cd63fa47ccc09a1c75218abaf4086c6d7969608a86c04813494d9f378cd4d2e
SSDeep:
1536:0MxZ1ajsvJfD8tUtG4pvCDjtEF1dDnmmlUOA2l6s3U6:0yIsFG4pKvtIbmmlpA7sE6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx
|
MD5:
9d8966b146189a9789a6500f88061eb7
SHA1:
31b0ca4667bebbeda2ecddac6f79ce23b8abfde8
SHA256:
c481e01b0620c2650b1ec62b385aca7637bfb4319d33919e68289fe2041c59fe
SSDeep:
1536:LsKXuvJBxjnhAh39Wws9Rl8Z+dsRWRgpV4wy+ostIitaHrDE8b:LTevNgFsDlpR2na8Ii2Z
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx
|
MD5:
ffea9a61f3e014e76be43fbbab981f25
SHA1:
24c5b975784c20e6445fd7ea416d0562a38e37d3
SHA256:
68f999ffd73febdfa70a9a84eb9eb56fe2a5ccd8585f37bec06b6f29d285636a
SSDeep:
3072:JJAYJFkUolknp7SmIRprWwCgXioP0zgkHlI7m/DDhVSg2:JJ5JmUom2RBPFXn0zVHlI7MDDB2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx
|
MD5:
1a7823e90541ac185bcb28eeaf86914a
SHA1:
b0a5f24915f95648109ab5ec890e87505865ada6
SHA256:
707fcf1895b79a805d080c8205e0d57b7ac1f0cfde736d045d6f5dc491de8a74
SSDeep:
1536:czhqJUEqWFlcc3vTlpLG1ceg8mXB41/mqgG5JDEKO8N92sHdV+KdX:cz0nqW7LrrG+eLmW1/mK1Q82ezPt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
|
MD5:
35980f90450fcd3eac896e579965219e
SHA1:
1895ade30c50e59a63a9da674c6e366b685ba99d
SHA256:
ce28b002dd4f0e78448c263989987edf23d6285bdbc97e795ef6fc98a5dff12e
SSDeep:
1536:rsnlz2LOM/vhUhQOWzSLOXHw5Dj8gzsW6u/ByuU7LR0:rsnlyrzSiHi/d4hu/ByuUHR0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
|
MD5:
c32411730d51cdacf0c914022f5b536b
SHA1:
8c2004adb132337ba11d8f6c389407146f5415db
SHA256:
73e3f59200c1f7807948f69d930e675a21dfbb7ce28db55b623d9de3f948227f
SSDeep:
1536:s9tApnhylocnFTyg8LLpjzOWft5IPfjxK+XbF:sbWhBc98LMmwjxK+LF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
|
MD5:
bb706721f51a51ea04c344b683736bb1
SHA1:
5e5c9011743f78c2b44c505f17d5f441f18e0ef1
SHA256:
4b4a8c8d585e56a63155da8c0b6088d7593cdd8e2e982cc2ace95725ca852d93
SSDeep:
1536:3jM3hyQWBPMn15OUXYyT1eYLbSDnNi9nmSu+Kk:3g3hWxM15JLZeYHSDnNmX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
|
MD5:
a63c81462bc9efdcba55ed9e8d5a3720
SHA1:
ceccc55510810352f74f4e4a4307671e4f9d74f2
SHA256:
01834039e8674fdde4ea4d89cb1c3e0f5d5d6ff8aa0562582d9fce92d6c6f0c1
SSDeep:
1536:Hk0JQE3jKzST5vjQ3oHR/Zx1VE9ZxMgTeY1yKK+A6i+A3F/PkeBGVQI+ysfqf:fQc6ST5vjuUhsZxMMVAF+A3FnkBQlqf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Security.evtx
|
MD5:
d2e961483573da7376a90148758b4a3e
SHA1:
5a3fd4e6bb5c9308a9149703c8cd53ae564aa612
SHA256:
60e7f3ab3c0ccca1cbcc53e7cd9a6c081c72868f8d8802c1a2fc8dd8c3d319e7
SSDeep:
3072:ZI9TFH4f9h734oED08Bjpxhh9OP9zCEvj+fAnsxfZ1mpc3Q5w:SYlV3jo5o1mv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Setup.evtx
|
MD5:
13b19bbf03d9279c570928ef2ee709f6
SHA1:
01ce7c5684c39693642205ab464d0a67a2cfdb24
SHA256:
4558f2b979e8a5ef6c657ef9eae81b212301fcd78e6d9ba701071b8e985068dd
SSDeep:
1536:XJ5b+73gMWWmUhkYBurlHdXx9MAN4uI5QE:Zx8gXNDYcl1jHNn8b
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\System.evtx
|
MD5:
02c8ece24c2299a3b06ff673caa16970
SHA1:
0950435727d0f86725349699d99bbf947058c616
SHA256:
5e3b1ef73d5e4cbb42b624019a0197c076d01fd395cd4cc4f3357784015f1154
SSDeep:
3072:Nr5oT2BzAQgHxX71XHDfOh6aqybFDzTYAnJ+rc:NeT1txfraqGJzTPnJp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB
|
MD5:
7fa01460f1bdcd6411b40b6d8e626936
SHA1:
a34a06a6c46e66c9d58555f2be4d25b4f9c380f1
SHA256:
4e7ff190c56fe8ffa98b9241903a7778569e25ff41e315f5f6d90cf05e8ac021
SSDeep:
384:wscjl27i2EOFQmAn6IfY3qhgXglLtcVPhqJX9rmBdMoN:XcBZ2E2Qmw1fYagXgnc1MSR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
|
MD5:
e5305d93e35af5d67c5b0762b628f574
SHA1:
b1323115a939686205f2181f629a9ff7f1536f0d
SHA256:
8037e03ed50bf7eb49e7148a84313d01562a94e95ee72406876f419ddfe5f038
SSDeep:
12288:rEVjM7SKT3l/q62klTf4quXJlG3+gAvDh5EUeDSR4/RY1:I1Meu3lCqlTyBDh5EU8SB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
|
MD5:
239057150174b1ab630a8833549ab940
SHA1:
8360127d77ad60776e7ba6fff578d09061867154
SHA256:
0eba6fa8bf8340765cd8d7361539d57719ff13c777e76f101f98a898ccd095c9
SSDeep:
6144:mDwHKlVBUCMNGRgUUCmmt0fSoD78FA1X5:4l7Uo1UDmt0LDQ2X5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
|
MD5:
8bc3bc0eeb44c312afc1feeeab047dd6
SHA1:
e9302d6f8b59982a38187a489c5ec464606a0f2d
SHA256:
28f2b8ed62ac94844c66cffe186ad3a763eaf63d408b99fcd8bd78f2944fe69d
SSDeep:
24576:z5CW4fmChKMRBc9b6xjOkUgs8Rvi6w3y8W:zgGySbDkUJy8W
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml
|
MD5:
17d91434ad34d3633003754f777a7eb2
SHA1:
988035587090e7834fd5a5246aa05d2264705120
SHA256:
672cfec3ff486d2ddee8c60aa3a9632c737a2b0415973a7992d17dfa57fc68af
SSDeep:
96:e1K+VjNNllH9YZXQo6FLOBUuOrPLCw7AgQl/pKO7QIrPjHo4OgAfGjN:sjNEXKLej+r7Aq2s4OBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml
|
MD5:
5615f1f316069c81196521eab978eb6e
SHA1:
41cfc2ce2f283292cdd886fe07f6734fcd9d0c23
SHA256:
e9e698e99ed83d9c463284df02719e623c02a15177230d789e2e8268fee146d6
SSDeep:
96:v2wv+M/h5KI6xCtjs+spf/ks4Hi7yHHp0O0F2+YtYtGsduFUYnflNOgAfGjN:Ou55Kt4E/ks4FJT0YxsdmTnf/OBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
|
MD5:
4b18840e18ea8a59d589c67dfad02dba
SHA1:
e40709172a1ccc296f6e38d1e760ae4bdc756014
SHA256:
9876cc217919a2c56d6acfafaa200bbd2378ed5f91820c00056d994321f6506b
SSDeep:
24576:5judt0BrMz2az24uRh4AF7vfjOGayiuBBa/MDexVUA8t831+f:VKt0B5aoOAFjDfiia/fxVz8tRf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash
|
MD5:
c2d873671612e28932869a1546db614b
SHA1:
860f71daf0998c76db1ca68ec139061285cdc7fa
SHA256:
ecce506cf860c68338d5a282b1e470c0f482a6857992f2f0debbfbeda7fcaf4b
SSDeep:
12:4bFaCwP1t8diu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:N3tUiBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash
|
MD5:
bde0451362f866ed24eb91bdb873ca59
SHA1:
b8d4546f266e78bfe4a63f9a63bcc241b3ee4d99
SHA256:
8da5425f98fffad368ebc4f59cf14610d9bd088cc03d8565dffd0a6acb58e591
SSDeep:
12:7CYz6+k3wRaqKkiu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:7CYz6+k3IKkiBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\FD1HVy\Desktop\readme.txt
|
MD5:
9b750472ab045d9876c73ddea84fa394
SHA1:
f5b6fe1a78a805726bbfb559b128998aeaec2e38
SHA256:
9efd57531b64d4c17ec0cd1d1c3a0937aa43e68b3da59c1be107bc751e1a0679
SSDeep:
12:EjJ/6m70ldLMWsisPPB+1dGsb+0Zv+A4Ko4sluwa:Ejsh/sPpo9+Av+/Xluwa
ImpHash:
-
|
Access, Create, Read, Write
|
Dropped File
|
|
\\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini
|
MD5:
83fa403437abf154984b49d4458e865b
SHA1:
b8398693e98e411b03ac50c75c98897bd650c966
SHA256:
ab4218cd1af039471f4477a9d5bbbe65f96edc0e049693bf149d62716600c2a3
SSDeep:
12:zRFkC8kmsULDiu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:zrZ84UfiBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1028\eula.rtf
|
MD5:
2189b02ae8e9524ea9fe4932f1e2e60a
SHA1:
e623120520c10d3ddec7f53a5e0a8e3c88cc2dd9
SHA256:
c6187874a375e8e3549dd7fdb787f69657a91135b53c5fc38f71aaef84e23827
SSDeep:
192:YOj9wgGImRzVt/0tQ1hUbFaZV+S2thEMcIOBfwN:tj9wfV9IImb2ethfMoN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1029\LocalizedData.xml
|
MD5:
34e5ee0ec068cc4e2e2ac1abf20ef608
SHA1:
c1b6d7cf44f709d8375c3ca4aeca1cb8d5fbd220
SHA256:
0df6374d7288d9852cb55da1c275b6571f17a21e51b8c4d03fc6eb45ed46d1c0
SSDeep:
1536:AA/F8iqlOEhLVvIUBst4O/z1Q+nQuHvcUfusEPGoH2J3u8R3gqlyX8ZiDNe3N:Aqmiqljn/ytnzhQMc/+oWJ2q0riN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1030\eula.rtf
|
MD5:
d57db753b677f1bfbbe5c4b7d54a769d
SHA1:
de64c8be4d5fb1faf46b10c69e43b733ed789477
SHA256:
a9655d9e840498407949676ff8632d620f7d716d15627d693f385d562ef9be79
SSDeep:
96:nAT52N3GAIRrQsWaLG4F1txGccCCrfaVCOpI26XeOgAfGjN:nW5SGbHG4F1txnsuVPpI2/OBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1032\LocalizedData.xml
|
MD5:
28ed320463bbbc4b0bfdce83f893cc8a
SHA1:
33dabb2534ce4fe48684d9231b0bd1c7bc95b5e7
SHA256:
0eb50c0b57708e82625bc1cf0f2bcad35f1184a47c0edaed27c43d88be7bc359
SSDeep:
1536:dlqQnAkXaWJfRJt3dmAIXpkOHWjMvwYB4CbQSO4SXXjIbN0At5w3CO:dMQNXnpz3nIXp+IwWlQfXjQN0AHwr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1036\eula.rtf
|
MD5:
28b0748c8d2279952a106e06dcebe2c3
SHA1:
6b94b2f7c260ab89e6ee27c5601576b43b371d86
SHA256:
789f45df0afe89f8a66ab201c56782da4816d6e8bd1d77751d0b6200e141f5f0
SSDeep:
96:4JfoMwQ2DG05CUisLHEnqE+LDe2N1JMCpeg4OgAfGjN:BMwQ2DG+VtLSsTN1iC0fOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1037\LocalizedData.xml
|
MD5:
ba3f8389785bb41389a29a92672085fd
SHA1:
cf50bdb53afc2c7e17f87e109d39e402ea2cc8f5
SHA256:
22112915790eb3d8df236a09f2e3c6078775174d25c7c101e9196da48da864d0
SSDeep:
1536:rBgfcDsQDeI82oVp7L6t342Tybs26iXlEQ5s/vYCN2YxC1EA:rmkDsQ828L61rCt6hQ5sYCXq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1037\eula.rtf
|
MD5:
042b4b6020b70f7923b0914fb41efd53
SHA1:
9ae7f6601f9d20ee395ca42ad1b8bcb6fbc7e19e
SHA256:
3df8e50658f0def50194a3e82cd0904166ddbbf9dbdf86284b13d4ffaea91dcf
SSDeep:
192:6vrv34mVA8OaXG5H4PkLKCq3uQz2UpknDAbq4PzExtDkYOBfwN:6v74mCIALLDqeQzQDa5PzEHIYMoN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1038\eula.rtf
|
MD5:
ba44d0d3733d44ddf5d0000ffd79b6df
SHA1:
f6e18045ba376501f36e487a8bdc1e2678c939b4
SHA256:
0fda531ae9dfb295911a98cb58e6045f81bfa8ab4723bae0c0b5653dfb0c8d70
SSDeep:
96:Vu7LE5QiYCSbohS4w3J6jDEX9JGdGl1JhiLqvXKTgzsIOgAfGjN:Anni43cP+GgzTjlzdOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1040\LocalizedData.xml
|
MD5:
433c6b6b659a98fa1fe35b308159864a
SHA1:
f0e2111611ac0913fc37b88f0ef39114bd8c4a23
SHA256:
ffb3b36bd5a9b35aa66eb2baa06db3e6667fb590d04a8d8ce309ac8390035824
SSDeep:
1536:Se522VbL+CUAkV9PO0PsKPtKU3bFT2AyjfKlmZHC4JX:SERbZDkV94KPoAFT2BjfLZHC4JX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\1041\LocalizedData.xml
|
MD5:
b07dff2af97004abe43ba15202cf66f8
SHA1:
146222af5a0fee3fc4de17cc526737c31ec711e8
SHA256:
71ee30fc3e71181104707756153c070bdcfa3b7e72beb42b3c5de90a3407edc3
SSDeep:
1536:Ohoees/CAJxyiXLnMIpbfAAQw48+h9uWJk3eRo9oaXJ2Rv:eo2pxVrMIpfnQweuAk3eWbXs5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\1045\eula.rtf
|
MD5:
d091209e2036e7f3f62ba59532256a37
SHA1:
8b507a6bef748299b83b87ca1b5057011997d2ac
SHA256:
d0fe1cdb6eafe3f8fa0d03cda0a1b554a1788cc6a347eae504f363dabd77bfb2
SSDeep:
96:6cXWuLT1VAVC9/9Oyn7+SGX9IrH70jlqtMN2cMXaH9L4OgAfGjN:pmkT12VC9VOi7+hKylqOIc90OBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Client\UiInfo.xml
|
MD5:
e69affb2c73de4252217806e7e1aedcf
SHA1:
e2245d36b71b000bdbc74c6c8152591d43f191ad
SHA256:
3425b8d53132183af5ee10d94b2481fe2ffea0fd6d163483cc9e3a91fdc0e3ac
SSDeep:
768:KVZPYSeaAsApNwejyac5zVGDT9oyaZC0JPuXb8EcoXq+xg:KPPYSekXwYV09BaZDZhEDXw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\DisplayIcon.ico
|
MD5:
2616b99f641710a7004991ede70c66ae
SHA1:
f375f41fa9f0ea1d0fa4e3f44841797de570e0bc
SHA256:
b5f4a34359e8618e5740449802a9c1bc7a6e60d7b696e1127c2e8fe63ea802bf
SSDeep:
1536:/Ea8AFH8lEBUFj3bL8ACfY7CiTDULAFrd8nmilptMz4hc2Yp39T77:/lH8tEs7Cq8mkptaj7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Extended\UiInfo.xml
|
MD5:
c82f407a873ffc97c80794667a01d245
SHA1:
4d815c53bee423f6e324e7edd22ce99a785737d3
SHA256:
2de1599d5e658c0a3bb7df12122467565439caaf84694d4d37974dbb182bbc1e
SSDeep:
768:0jvlO3uaDS3CVFIYI719d5kyqO52VzZ+Hdimr6yNEX816:0blC1O3GCr71TuyqAdi5gEP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico
|
MD5:
a29438c0d028dc5956fc488061755d18
SHA1:
54a473e3356c1123a2fb20556aa0a987d01bf09e
SHA256:
374f2ac3848d86e41ef15b66dc2f6d055d56e87003c62cb8841617317d4afe6f
SSDeep:
24:qHTpOi/I7qll4E8a6cqATIG/WBANZE9yfXe9HXiBJrl4gXwYLIGjEA3Qm:AzSYv/qmxOBANkyfCyHR4gAfGjEKD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico
|
MD5:
59173096712782443aa1a139efca79d9
SHA1:
4349ea183642fcb78ebe1e5174d011d44f670963
SHA256:
ae1e000bb5786172cb5ffcb7821fec4d3a001b527f4d1817580a05cdb8e0f903
SSDeep:
24:LeN2ps7051vXcylvUjMjhg6feoLslj7Qu+SQ+40kiBJrl4gXwYLIGjEA3Qm:LW2ps7i10yZJhDWoQlYJS5HR4gAfGjE0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Graphics\Save.ico
|
MD5:
f787f0e793939e4913f269fbddb54c14
SHA1:
a626f7b9054287693d882bb06cea398ccec77a23
SHA256:
4345c93f54b3c4872e6014e42bd1fd0e5dd13c934b75f7266bf4c11fe6cd1851
SSDeep:
48:HH4fJf3clKJJbwO5YT+zWsZ1R8ko6crBx0HR4gAfGjEKD:nytr+T+zW41G6EBxiOgAfGjN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico
|
MD5:
bc0da27f4caa84292771dd8b688ce50e
SHA1:
075fe8ce14e734d8430c1eec59bdc4f05325159e
SHA256:
eddf1599da48595e4bb753ebd9bb4de9bfda28b306d2036014a7cafcdeffec7b
SSDeep:
48:/SY3z+mFBR6j7AZ80L3FzXoW/0i2HR4gAfGjEKD:KYzFuj7yZdnQOgAfGjN
ImpHash:
-
|
Access, Create, Delete, Read
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\ParameterInfo.xml
|
MD5:
7b337732d3daa1955cc9729d53accb79
SHA1:
2ba2742c742da8994d23474055f79717913a2dbc
SHA256:
4dc4811e9b2147e32b0c26c641a23efd8f142f359f1e03d6d23b0a0382abbfff
SSDeep:
3072:Q7Y2rs1GdijXwrkxt2TEQruuAkNCC9YBdhaZIw:Q7hpddknCrukNCC9adha7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi
|
MD5:
f175587fe2a7cfce70f89840f993b22c
SHA1:
0ff91efba2bb9b95d4efff1978ba8332249c473f
SHA256:
49e5536f79fdb5cc49fbde5fe6c908fcdc6a182817c51a89a2296e9317006607
SSDeep:
1536:ZEtbVxSH81l7Ki8sxMVsfR9oxSG6tfJjWUbFpVcaL0ljzAB8x4YcdsM7A+r:qtRxS27N8sxnZaMGMJPjgjzABHl57A+r
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\SetupUi.xsd
|
MD5:
3f62f3a0d98122e52cbb6421e8d509f9
SHA1:
34f58b8a7289ec52d2482378191ab8f03e50dc03
SHA256:
b7937ca171c890a210791078c7afc3a8138fe319b1a2eab3db07a81aa21ab5f9
SSDeep:
768:kx4O6FxSr4a8+bPtlmEcRVfij0roylD7eUHMp5n:IGw01lRVfoPKD7HMnn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\SplashScreen.bmp
|
MD5:
a13eaac1909986c69fc7cb7a94e41a20
SHA1:
f46f4412d77ed165a0e70c96fb8f1f22870060f7
SHA256:
2e4da936ad7359829a247dc00674f67f64c0a72b043b19706d6a185aecf82a4a
SSDeep:
768:tHwcpfLcyuDo8zxeKa/zZRgHPjPrvO7vCAZoq4ehzu8FlmnjcjL/:tQcZLGDo8zILILjvOrRZoq4k/nmnjcj7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\Strings.xml
|
MD5:
f2e8caa48317b3fa4f768ead16e6590d
SHA1:
c265d383202aae12037adc3e56035c0c8c68ed12
SHA256:
516f8934ce59f4272bd681f1bdf191280ff6730b4f23f00cae2c80536fcfb21b
SSDeep:
384:RV6NfGn00JGvXXheq24SNZzbW5IU48vO+pcgf06jSi9u/80MoN:RINfcU/8q24SNZzIQJ6jSiw/R
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\588bce7c90097ed212\header.bmp
|
MD5:
9cb6797e8dd3ded01d3ed2cfcdfc0015
SHA1:
7cd7869c8871c1d0cea0d15d7d7c33c5901836dd
SHA256:
2963327d82c98725bb38ac25a982d1f2047d45d37c9f6e2b84bc9ba018ccf632
SSDeep:
96:G702HS4GjqAQEd0l+bHcGMnTY3rLl3bGG38OIIMgTr4/3OgAfGjN:/KQQESl+bHXMnTY/l3bGjwM2C3OBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\588bce7c90097ed212\netfx_Core_x64.msi
|
MD5:
7e3c3d904db58091adfc3133a56dcf7d
SHA1:
78c9a9d400e08e6d1fcb57723da18de197b79554
SHA256:
498f26688946ed8f59d3bba941a632a065352381bc785c4cd1ae7b33d1dd4ad3
SSDeep:
24576:7anMXe6QTZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw08:7m2eTV6tuQpcxisfQf2M6FGoMLf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\BOOTNXT
|
MD5:
c50b64006dfa0ea6562d8b61efe8c0fe
SHA1:
7fa879ead1eb152fd96500bd47612183a48ed948
SHA256:
dcb18973032c7fc0ca488b949ee0f9e1ae3617c2914cfeb6341133846863209d
SSDeep:
12:QND5kiu6BmqJll4g8i4dYLfaiARGaEtucky3Qh8Gc:8kiBJrl4gXwYLIGjEA3Qm
ImpHash:
-
|
Access, Create, Delete, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
|
MD5:
64683ec38c318a6ddcb9738f48e1d0c2
SHA1:
5d947e2c8da5a0b8e51822ebca0fd2687b6a6cde
SHA256:
4eb9147806f21ec85fc6d457dcc48916786169fa9382d2745cadc660d7b8a6cd
SSDeep:
1536:+SgOF2NuENlrwN2oamWM0yHI01Q5t02PX9DNwCOFTl:+SgzgENlG2/mW+X1QHbNDNwJFTl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx
|
MD5:
e4d96aae3d4c124102c6a401b7ba4146
SHA1:
3ed664420b45594c50dffc88114064004ed31f9d
SHA256:
a9408d5944e53e4c6d6a2d39f08f2b30b06bc1f0faad02ae657570f03985abfd
SSDeep:
1536:UxJqPw4nRlUZZNJCXDiH7Zg44oIyVAiw18l03tHIW:UxUznR2ZZNJZbZg44oj22G1IW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx
|
MD5:
e8346e8dc92f84761f2d27dd07b6c9f5
SHA1:
8d011fd94c4590bfafb09f7e18a55e352c2f6cb1
SHA256:
563ee1c9a41a92230539943ce74fbd7cbf14dca792e007c5ef00e5fef9ee4f5c
SSDeep:
1536:XZIkGWKQFM6CrBn86sOVxFpff4vJxAUyItIgs3TbFuFPki:pIkGW9Mjnj9fff+3ykBsjbEPl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx
|
MD5:
62a69a68aadd5ec87b265b1b934eda18
SHA1:
76939a80ac1598fb317e1c3a4df7b46db7d7468c
SHA256:
fccbfa65dac3f8e2ebbc3b57d12e334aba12c51b2fe3fc511ba4efee7faf7758
SSDeep:
1536:oh6aCuXlqxfk3Uxx1JWQG5ab7LFNgmm06i3BcF7RcCQKTh:w6/uVqa32x1JZG5aXLFNg06i6E4h
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx
|
MD5:
0df8929ea5cce50002df76c1dd46f81f
SHA1:
4d911bd3619005e9bfb44ce8f4db1e73ab2e3667
SHA256:
38f3d7bec37dce8e121cb0bd7fbf13f10170fca2b25e495aac7c33c21c310fd7
SSDeep:
1536:8oo5JgKfx7zmaUc3za3VdWfdp1b2sTt6oWpwXYI:sjBfh63VMfR2OFWpLI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx
|
MD5:
c70c2a22fbce8a60cf6324e81781265b
SHA1:
de5844db51dd1b1068e4514aeb9b3b2f19f7357a
SHA256:
f31d00a44092c249d675fdb8b4b89cc1fee7e40836b6b36a61ecf6aa8c6e2058
SSDeep:
3072:QjRVMmHDk7OJDiM5bI3V/aHopEa+QanxDScCBK1LC:YVFK4ZIFs8cQanxmcCoRC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
|
MD5:
ba7d497947ffccee9152b950f759fd51
SHA1:
fb15cfe4a03c070409b437ddde4c11a61a4944df
SHA256:
cc97cc18e68086552c3c9e04bd0c59ec192762b120d29a4268280dedb46de7d0
SSDeep:
1536:sOtFfrHYM8RGX81sB1EDCn8mKRCYZqqRdJEP2sA00cS:f7n8waUGD9zRCkf3WusAH1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx
|
MD5:
aa7d3b30bb5171ce1d1a76329934aeab
SHA1:
24d28367f95536cc24e76ee2d2b5fc8caac35cdb
SHA256:
e77dfebbf1e4f00067cbb450f433240bc655d54adcee41cab378e75b08faee2c
SSDeep:
1536:UOt5TV7a+Cd33gko26dCWe1KnqV0IUqBKfUqW3gH:UoBa3n6gWOKkz0MXS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
|
MD5:
4a6035c078893872295e09d1344b5dde
SHA1:
1bb3da912ff4871a9ba2dc539044b25ed8edeee1
SHA256:
e9fb7fe512ec1862e5ed9193938b67b1361fa3dfb189dcc41764915f7a29c9d2
SSDeep:
1536:gXVgiHgR3HHraqEtMT+4qdp7cyvd3gIrc7ncsm2EpoYA6S:uaiHgZn+qE2xoHa7ncsspS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx
|
MD5:
fbf49e3a4f6a75be8351887afe2d2cf8
SHA1:
ea32e671e667eca24f4e88bd89560615c6dcb89d
SHA256:
e3d82fbb26dcec4d22d56d7a7bb380405d0b99b0084510497153aa5413ac0e89
SSDeep:
1536:b0tZ9L6MWdQDlOjeVvU+YyZSBOoMJctLn46CgEim6YY58k:QtZ9WMWdwIfl0ZJ62k
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
|
MD5:
c1015fa28ed716fd23f8cde18c7fd810
SHA1:
e4871c28980145915b9b51d8aa14cec0087b3607
SHA256:
b58735c559fa0921eadfd67f0c3c125a7b175da495a17cc120342f33b6eec457
SSDeep:
1536:IPmwR2WjMUVAeyBJ7+K4FBqjqMuWFo5Nb6qE8fdal49x:IxUqMUV037+zDqjPuWWb60h/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx
|
MD5:
dad72fa8fc86c5d38c4ea32e9b8705c4
SHA1:
5228cf0425fc29246060c858ea2dc7b3a2088112
SHA256:
ec626c2bddebd8332cb896787042798f853b9a0730fffbe43913b98dcd4ccf6e
SSDeep:
1536:DDgoMWqELyaZy2ZHkE3NEsnj9EnsjERk5G6vESQ:ngoMDgxZdH735j9EsgRAG6Md
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx
|
MD5:
be14316e93ee41019e79d0ebb1d0f2b6
SHA1:
45c606d10a3f0c3e7fb6896c195f29f67b1fe35c
SHA256:
d0edcda72c22cf1f6d076b78c2861d1e986f9da354f246ef0cb7fdb328bbd071
SSDeep:
1536:TZQN3F+uPju3A6MQydofm5w4ukD+Brg41hkV9p8jR7DgMXn7:G3F+Ci3nFyjGi2ra9Od7DX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx
|
MD5:
877ff560caa6a4acf4a61b6af4877761
SHA1:
003e09342f157f518e29e753ba203a9a955a819a
SHA256:
25d6c8b7671085267e039a92f5ce45bdb6e272b1a60f36e9b004093ee5c8aa8a
SSDeep:
1536:aGvSrnMkAKmjkk0S67kc8B8ioJyjJPjf/PY0LP0i:aqNAS67kFB3NT9L
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx
|
MD5:
e53572e1fd32233fc78aa7be013777ba
SHA1:
6b5b2cac2affe4f66053935ddfaabf5db3a81170
SHA256:
aa770d5e3103140f563d5d959d644f64050e6fbbc786477010f5fe04014063fd
SSDeep:
1536:g+FwaQ1s4Vlq7uB+AN8E8dcMyu3/RmSIfv/Fz9G8eAXb:6f+4GuB18E8dcMy2/RmSIfnfXb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx
|
MD5:
f996765a432623a3b311e1904f64bb02
SHA1:
c3da95fde28d4c4b2781355825ad0253982def24
SHA256:
86454389d7aa79a3db63bc468e2b5104b0285c8bc8c1d6d1c22b402c2d839e57
SSDeep:
1536:xR/eM/w+KXzQtQ6tM7w6xsB8/EDBFi3Ign6nzBCR/f4Ro7ENJ:z/CXCQ6tew6xI8/EBFjGaz8Y9NJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx
|
MD5:
fae7488a229b06ed5cf3bb3594d36962
SHA1:
ed3381fc7f234fdab598fe495f69ee465596781e
SHA256:
e8dac1424916b923a1a027b1de1d723339859564b559d1d1838bfa30335e9345
SSDeep:
1536:opVpMCIkUER/PGJB6uvsgztXCSSvUgBMB8lqhx+rcQ:o1KkVRXGbvs62UgLlOKcQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx
|
MD5:
f6d32532b5e122c8e7399fa368e5d998
SHA1:
c63c4d873dcfdd6e662f06bfad736d564579762b
SHA256:
40e15fda42abfa1d30a0ca0dee9793a09e937cd6239bba9ed32924207e1fb103
SSDeep:
1536:5flfuUal9+fgpWO65kVP+5pCoI822uEmKdWechQli629:5fMt9kYWJ5kVPIfL2JEmKdFwYi629
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
|
MD5:
45695d8149809bda7611bff583c9c5b7
SHA1:
7bab5f06616448d5b97ce82da370b4c2452231d6
SHA256:
126b70d7e1bfdbda63f5dcc1b07e65860c2fbfe60a2a5b3f0dac2c91bc44155a
SSDeep:
1536:KWNfOvYmXn9lZw+xPdysu24yRkXT6ti7ZRrAxTS4:KW4Qm3n2+J1u24yRE02zrA5S4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx
|
MD5:
b6aa7e8b37e6be70fc3d094a03edcc50
SHA1:
f4dc8962564459464338697e33b8e57c59933bf3
SHA256:
6f9e6e2f805edd2786eabcdaffff1fbfadae0c4c3986ddbbe228653e7eaaef88
SSDeep:
1536:bn3OdxfUrWSX08J7KpYrq3Xk58yhwMPxKWsa7kdWGxzz1:bnCxfiBL1KOqNI0WsaQdWOzp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx
|
MD5:
67122083492480c22466ce97c091e34b
SHA1:
95aea268f9d6c0eff5b8a6837ec12930daaa9251
SHA256:
73c3efd2c6d528dc811b110f45827f43a16ef0c7eb4eb819906e4c29a0daf3b0
SSDeep:
1536:v+3e5xBwq6nUaLS7tv2kg8qgoq/zVRBonZT9E14pFwG:v+3kBOTcrg8fzOZhccwG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
|
MD5:
286d8b8e63c519eb9a4e61090f18711f
SHA1:
123836d6e067c34929fb570f60cc6a9625ba5acf
SHA256:
9842fa3e8a00341a5d455a3111751f9c084cbc6c6185b3c6f74f51776d914373
SSDeep:
1536:wAOM65IWDC6zFbaAHhfzQhr3e/s02MkL3:wAKVDHhfzQB3j9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
\\?\C:\Logs\Windows PowerShell.evtx
|
MD5:
85fa452dadb20bb62d575a1831b6f729
SHA1:
b0352690f63e6b00750e06a592b1d2deab2c533c
SHA256:
85f9851de611ac829d711d22e02c330376ccfb1b8687bb9cacee581f03797c9e
SSDeep:
1536:S66WJdYX2CsEhn5SVfTMlSwbmumR7XQ3QqVXrjrGWGOwpf:S2KXhsan508SWmuM7SQI/rCOwZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
|
MD5:
8169e645b87e4c667262539f9d4be904
SHA1:
bf508a0926cbdb6172bb90ba03d31fa12b10d0d8
SHA256:
f7c68fdaa631390a9b8218170e96f15c4c1825e83917438a14f5246832d191cd
SSDeep:
6144:cxOgW7lCXgGGZj1F3QKz74HNNU6ITLTkVd4QOhgUE67u:abW706bF7UNUbTvSUx6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml
|
MD5:
bbe9352c4e0c6dd60f23fc4d9c720c29
SHA1:
7b35c47422e37d151eb2cf1c41536666b75c41d2
SHA256:
a846dfc6688103c7698fa9a6084369d888f049f85abfcd7330b49e4c07cb1494
SSDeep:
96:+mQ2pKsEW9+tzuQUJD2XNNvM59b69gOqgPuRHOgAfGjN:+kpKyuzCqNZMfG6KiOBfwN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
\\?\C:\$GetCurrent\.
|
-
|
Access
|
|
|
\\?\C:\$GetCurrent\..
|
-
|
Access
|
|
|
\\?\C:\$Recycle.Bin\.
|
-
|
Access
|
|
|
\\?\C:\$Recycle.Bin\S-1-5-18\.
|
-
|
Access
|
|
|
\\?\C:\$Recycle.Bin\S-1-5-18\..
|
-
|
Access
|
|
|
\\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\.
|
-
|
Access
|
|
|
\\?\C:\BOOTSECT.BAK
|
-
|
Access
|
|
|
\\?\C:\Boot\.
|
-
|
Access
|
|
|
\\?\C:\Boot\BCD
|
-
|
Access
|
|
|
\\?\C:\Boot\BCD.LOG
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\chs_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\cht_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\jpn_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\kor_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\malgun_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\malgunn_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\meiryo_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\meiryon_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\msjh_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\msjhn_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\msyh_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\msyhn_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\segmono_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\segoe_slboot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\segoen_slboot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Fonts\wgl4_boot.ttf
|
-
|
Access
|
|
|
\\?\C:\Boot\Resources\en-US\bootres.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\bg-BG\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\cs-CZ\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\cs-CZ\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\da-DK\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\da-DK\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\de-DE\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\de-DE\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\el-GR\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\el-GR\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\en-GB\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\en-US\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\en-US\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\es-ES\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\es-ES\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\es-MX\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\et-EE\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\fi-FI\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\fi-FI\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\fr-CA\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\fr-FR\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\fr-FR\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\hr-HR\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\hu-HU\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\hu-HU\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\it-IT\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\it-IT\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\ja-JP\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\ja-JP\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\ko-KR\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\ko-KR\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\lt-LT\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\lv-LV\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\memtest.exe
|
-
|
Access
|
|
|
\\?\C:\Boot\nb-NO\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\nb-NO\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\nl-NL\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\nl-NL\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\pl-PL\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\pl-PL\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\pt-BR\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\pt-BR\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\pt-PT\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\pt-PT\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\qps-ploc\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\qps-ploc\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\ro-RO\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\ru-RU\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\ru-RU\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\sk-SK\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\sl-SI\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\sr-Latn-CS\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\sv-SE\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\sv-SE\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\tr-TR\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\tr-TR\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\uk-UA\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\updaterevokesipolicy.p7b
|
-
|
Access
|
|
|
\\?\C:\Boot\zh-CN\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\zh-CN\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\zh-HK\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\zh-HK\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\zh-TW\bootmgr.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Boot\zh-TW\memtest.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\.
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\DESIGNER\.
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\DESIGNER\..
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\Services\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\Services\verisign.bmp
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\readme.txt
|
-
|
Access, Create, Read, Write
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\adojavas.inc
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\adovbs.inc
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado20.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado21.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado25.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado26.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado27.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado28.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado60.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msador28.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msadox28.tlb
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\ado\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\System\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\edcsvr.exe
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\.
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
|
-
|
Access, Delete, Read, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.encrypted
|
-
|
Access, Create
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\.
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\..
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms
|
-
|
Access, Delete, Read, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.encrypted
|
-
|
Access, Create
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
|
-
|
Access, Delete, Read, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.encrypted
|
-
|
Access, Create
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Source Engine\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini
|
-
|
Access, Delete, Read, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.encrypted
|
-
|
Access, Create
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\TextConv\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\TextConv\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Triedit\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Triedit\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VC\.
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VC\..
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VC\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VGX\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
|
-
|
Access, Delete
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.encrypted
|
-
|
Access, Create
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.encrypted
|
-
|
Access, Create
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.encrypted
|
-
|
Access, Create
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\Content.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\FlickLearningWizard.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\he-IL\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\hr-HR\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\hu-HU\readme.txt
|
-
|
Access, Create, Write
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml
|
-
|
Access
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml
|
-
|
Access
|
|
|
For performance reasons, the remaining 2539 entries are omitted.
The remaining entries can be found in
ioc_export.txt
or
ioc_export.json
.
|