Filename
|
Hash
|
Operations
|
Category
|
Severity
|
C:\BOOTNXT
|
MD5:
99e4bc3395b43af78d776c288fd37b8f
SHA1:
9a38dae380ac8de597b72d507a56cab4afc0a316
SHA256:
b5caeb05f54b06df388f9f302c6deb812d7fb94702df81b3512d4f3cdd1528cf
SSDeep:
12:RxWjJQW8URAuqBlZbzhuMLcjaynwTnGsCGH1YegBF3TG8UBdzcHAe:vW2KA3lZbo/IehTZUbR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\FD1HVy\Desktop\FxJJWcekKpUCZ6Rw.exe
|
MD5:
811c6de9ce787c8d540a09795a5673c1
SHA1:
604eb2e2d9573143730210fd57bda01c59447080
SHA256:
73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3
SSDeep:
3072:w4NWVF5XV9ljnnuY3pn2MNSxGnoaw2bAg/YwgcTzLlpgSaNid4:WzDb351KOAgrgIz+id4
ImpHash:
b56418276e489348c412346b4085c959
|
Access
|
Sample File
|
|
C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log
|
MD5:
40f5056ff0a3baa209119aa6bf4bfd1f
SHA1:
fca5d2850e0afaee2c77302dd09a0c0a0d6b0bc1
SHA256:
78fcdeb34307ed16fa7a879e7eaa510a11122bc51b12e9db56f7d339baf57351
SSDeep:
12:wZpgkFYQ9IEJgp5RqGPwV0xx/i8b9ryWdFujq/lpId/uru:wXIODWHhYVw79HvyW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log
|
MD5:
44ee445960b12f9a9ad4c0798e014b23
SHA1:
916239aaedee088eab7ca82ea6fbc754f543ab44
SHA256:
cf69a25c4e3d51c67f61fbbbe92a48f6784f49462c73536e309888e060862f19
SSDeep:
192:PczSrvGuZbWrwSylisSsQxkxDfbd+QfOu:dvA8SwWs3bLmu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd
|
MD5:
da46084ccf043187a817b65d13df5fc8
SHA1:
cfaa599e11cc4063d7f04c525249b70a099e6ea6
SHA256:
cb099a79d399753675655c31d98f6f027867e17867d889feabfddbdad0ddfde5
SSDeep:
24:uR1TCMGQN1Imq8+1IA5+AsJG6ZviT/LWBHr+0e0FzE:uTTCMVgmqRidAsFZviTzWBHCAI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\$GetCurrent\SafeOS\preoobe.cmd
|
MD5:
690ee16eff64fbc2a8e94a4ce66658c4
SHA1:
9a3e2401b60619e1c7b89caa9f53cf3a21f21b60
SHA256:
367d51de9fa3fb751a170d49f6df16799baa30101cf7f48603c7ea0a4667a77f
SSDeep:
12:kYAuT+wxBf0blu9YMRyGgCR//3hbENHGxzuytyWPmQtNLKSr:DT+wgbKYQy3qn3mZJ5QtJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1025\LocalizedData.xml
|
MD5:
12eb2e207d8a55223b094d16d63ec660
SHA1:
94e73d1a6581d5f20ce9184b6d2138203da4ebbb
SHA256:
4f0967105e738fabc592b11e1683f9e13d4ad723e7cd6c3aa0d88cfb132d2609
SSDeep:
1536:X2R9Gs4d6gMDnqeRbfXCdBrFM62Kla6c1x4VB8fw6McTu:X2R9GlwgMDvRbfWri6e6Lbyu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1028\eula.rtf
|
MD5:
43a8a83193f6b0a66125427255bfed3b
SHA1:
7a945b6695c6e9a208b056675b9f4d26ba83855c
SHA256:
b17514dd6336cfab9759a82bd0994d5004e51378340a4e3fd4a24a0379ae16e2
SSDeep:
192:IJMDGDwtWY98crs2wsL9t3lfMM7xH2htGwmr:IJaiw7trs2wi1d7GIj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1030\eula.rtf
|
MD5:
54a35fa5bf5f191acc83328cd500d7f3
SHA1:
7a7d38edca059eebd5ad3f866a2d318d52c51864
SHA256:
d87fc6eb76b12694b24651041104b453a801b86bc53f9db666931d0ab2e8f428
SSDeep:
96:cXEPdqBsEo4wAscGxAFx4V1XvZ5nt1jT/WiVAiWKaVwh:cX12EMctx4V1Xjt1jT/Kp7VW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1031\eula.rtf
|
MD5:
7f1ce8c8104de570f0b4e23057c670d5
SHA1:
106e79b565e443401824ea5fb00f697b05a1d4df
SHA256:
5ec6cc7d8533513546a98b41efb5de9db0ec8fb88502158adfb4969d52d9a90e
SSDeep:
96:vQ4zSCFaWRJgMyKWLUr6IonR5fWpjsrUPE0:vQCHRyxQr6dneZc0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1032\LocalizedData.xml
|
MD5:
d3d918367d2a89d818140e5e6dae1652
SHA1:
65374271a3615dddb1523448489cd6ce868a0345
SHA256:
97d52c2425b3ebdd90df4dc3d5c9de2ee323bd3e2875dc17e28802ed7f0e79ee
SSDeep:
1536:RkaKxUxsJFROjvjewnQz8C5whB/s5Hfl9MDCIkXns:jWFRMeGOCB/s5H99y8ns
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1033\LocalizedData.xml
|
MD5:
65dbbe0141e376967d19ce5592e9700f
SHA1:
699ace3b583ac695ca432ef56ddaab9caec96e0b
SHA256:
944297520f8239f4100f68e6f2a054c66a6f328d6c05b1d11ad1ad2a933340dd
SSDeep:
1536:9z73257I4MNHd/BQXSgS1bNAjiCIbDY/yJIL4gBpe3B:9zq501LQXJKijdQDeyJSgB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1033\eula.rtf
|
MD5:
1890487bba2bd89c787f4ca85db0935f
SHA1:
d159b4e5357a802fd139f4a861b9cc3b9b52528d
SHA256:
080958e562cc5bd8eb6079761324fac41b6c53fcd2ac9883a0b241f017324b03
SSDeep:
96:MLeCz/4bi1kMpj47RRCqPWPT6xYDfOWWyU6hAFBzylNS:2+i1jj47zPUWxYzhWyUAuzES
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1035\LocalizedData.xml
|
MD5:
661ea12f5fe60cada8eef18577b972fa
SHA1:
7c493a5c90a7b06c83bef83c7a44eb8aaa46f5af
SHA256:
58f4fea01d5e6e75d5cb15e4719861e0dbdf59251826f186ee4feda550b52446
SSDeep:
1536:FDDPer9RhljpkQKBwYDE9O44XaHGU9EtW2uxE5++OaQ46n2L6:FDDsvX1kQyV+GiEtIG8aQJ2L6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1035\eula.rtf
|
MD5:
726139098c653ebb949b9f6453a406dd
SHA1:
4a7880d86f7509a398826658a8ea46d893bc6c16
SHA256:
a56ba288a7368c3d357c517243931987948216837165fe896b18f2ccbcda7dc1
SSDeep:
96:wDcdO8ckMXGGmO4UghOsq/G7udJEmXuAqWXsZvn+TY:wD2O8c9AYsYfMguMXhTY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1036\LocalizedData.xml
|
MD5:
69b4b3a2b93f909a442e92f51298f71f
SHA1:
7ca168f4fc026bc9d1a460edd1a440179d1e73a3
SHA256:
f995edb3c0afb6541f32758df719912326385b10552ed83b8e82ed333e990c9a
SSDeep:
1536:BUwFkF35QWZqYerpw+mgwJq7nw+NwIljR6/NnRi2A2yMhk7aYcbjddosQRJ4R:BUw+6WZqcZq7wLIVR6vywdYqjHoV4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1037\LocalizedData.xml
|
MD5:
6b1666b936d786257f9d0f191f113649
SHA1:
a8fe4dd1048fe8a42508f54358fe8d17d7f47060
SHA256:
9cb507fe253ba5332bd7f03c1e88ad6449eac450fa6a9b8d3389a6cc7c2d5a73
SSDeep:
1536:g7W5WiY49/L2lfebl/iI5bEf6sK+otxTk/6zjYKY9h8:Koqlf8vof6l+otxASz/YA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1037\eula.rtf
|
MD5:
80f9fa3324435aea9b9a9629dd6b3761
SHA1:
885991352f4be39193547ae8baf4da597886c936
SHA256:
9a9a805431b907e529759371cfeae646f58a5828d7339b42f5acc9f143034565
SSDeep:
192:aYjdpi5U2yzfLnLvwIVTlTOrbPWWJ6dzfUjwZA:aYRI8zfLEMpTOrbPWBdojwZA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1040\LocalizedData.xml
|
MD5:
67ce0f3797d9a90bd7e2211dbb2f53b4
SHA1:
d04b865b4786647dcdc5ae038de5db74fadb8231
SHA256:
f7b716bd22c9b5c3c8e17ecb1a0448d7b398e61ff11a5c390da92f98b330017c
SSDeep:
1536:kM1cUqxl1DfYiHo272M9OxLUYuH36V02TFDh2oUkT/Wr5Idk0LvKNAaGHrHKtsY:31C7dHo278xLUFHKV0ckfC4g9LqtZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1041\LocalizedData.xml
|
MD5:
075ea75eda355b263bf333e25b5ff94c
SHA1:
f48f1a7eee4a85eddac23b6bd04b814f173603ca
SHA256:
3ced2554ec5426fed78eae5ca7c90450109cfd4553533bc16c630296ffd757b5
SSDeep:
1536:RZHZDLz+qFoCdiCreGOg7zUjq7QJO6bcXnMCqXks4T4K0jeE2J:RZ5PXFL8CngjFM6o3G0RT4K0Kv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1042\eula.rtf
|
MD5:
4dc510185e53c38416dc0f37183bc117
SHA1:
efdc841629790c875a6b7849e982e2299560c291
SHA256:
77ec3fe5d265c5fef2225648221f63d5967ff45c284ab7fd9a97ee773dfc877a
SSDeep:
192:4epQHYROn9eqset9+hUOp+JoF87qbweN1I33m8hSMrXWAe/3yfrP2ii2OiUB1GAs:vpQHYROn9eqseCVLF8GweFuF/Li2ON18
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1043\LocalizedData.xml
|
MD5:
52dc3d0943bb5392199d16d9f7c121b4
SHA1:
8d1495508ae4a0dcf271c4c4b48ab109cbb4797c
SHA256:
eb9698a285cb27afe6b85841cba36bbcfce519a1deb2cca86df250aa9f6adb32
SSDeep:
1536:uv3RucDxN3Ha+52cT7Htz3cH1i7EsLdCpL8Bc:u39v36g2cTLmVIdE8y
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1043\eula.rtf
|
MD5:
d3a6bb4dc4a8bebdabe80b6878c2766e
SHA1:
7777fcae34c536c585a94d21c39d03dec30e7035
SHA256:
8672bcba11435e34a106960d3bdc053ab73fc97c878b50765ad9d89d1ccc8201
SSDeep:
96:+E2l8NRfoyM+QdQ0134qiCdFyHlEAyWiZuVpUudeIAjAIk3:+r6ufdQKtdOlEAZvaudz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1044\eula.rtf
|
MD5:
6615d67f77df133ce65610fe9d623022
SHA1:
01d6dec6ddf86db332e2992ffb07bf31fc71c6f1
SHA256:
af3648d6c436e02fef3e59de9ea10a891add5a3e0efee3f05de1e6c1e6ca853a
SSDeep:
96:9myY3ahs3+SHgV09bE/FkPqn4AUsRoVvtWm:gNaDSb9bECO4D8u
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1045\eula.rtf
|
MD5:
b21be8c1fb16cce09db16d7251a3d1e6
SHA1:
a6c71e450409dee74b3643ff2e79fe9426bde3a1
SHA256:
0c2d20c162a5b71648183e7e3fa844c70bcd9be9a9395ab299d717847bb4c0d8
SSDeep:
96:63e7JYx//a81Ge2w4/BQ641dd2dxni0oppHzze9fAUWkfaUTZVZsup73w:63e7upy81Ge2j/S1dIdxnilphzzmvDZg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1046\eula.rtf
|
MD5:
8b59efc96dda4c064413ee810d045abb
SHA1:
90019f173238b70cdcc41a04bc5fe4c3ed73bf24
SHA256:
628b9c9f72fa4aef641f004dae1c70416dd3025969959b65dbe34faa361f7225
SSDeep:
96:gGouSiGeL1BOE3FMmrk6VIlacZIy7e/u2/fjKt1RR7fwNfZ+lswdCa4ghr4:gGPS7eL1zMUXVI4M77UfjK3H7fwNoJk9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1049\eula.rtf
|
MD5:
f57bc103d969de279e585c524152c6b4
SHA1:
1aeedd66e3639c3d11c340fb10f588e3593a02a9
SHA256:
26d366e58d9f28e3e2c61262b36802bf837f443976bc47c21241fabb4f0e2b3e
SSDeep:
768:1wUZBrwH6nHsebv9nFRrIDRju3VVtBmO+I3ciBl+8xGiTyLI3Ob8rK2xJCrcYII/:1wUBrw0Hzpgju377mO+I3LgG3c2PC0I/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1053\eula.rtf
|
MD5:
f8a79fc9a1c5afd39146894730a00a67
SHA1:
5816ec0535dee2d015b2941427f344911d6d0153
SHA256:
21513df187d12875951745cb82b368a28a555fbf181f4a0ce57fab282f1d8de8
SSDeep:
96:J19hTKQ0McUvT5u8W4yRzA3+YLFDFFWP/qyGMA+HyI:z9JKxdsK4y5A3+YLsP/qSA+SI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1055\LocalizedData.xml
|
MD5:
7b16b96374c1a0b9f43f3bbeebf31455
SHA1:
9b33dde67680520e42d0874f02d351710a644e9c
SHA256:
3c73dae58823b025a3ef2e38de3e9dd262622d4221c34b854a25d96c2c58be2a
SSDeep:
1536:qvTjgWEVc+MMTwqTX6uKR8cbX40Cyrge0elT1ZW6kSgAzIanI0cDOr2t4Du:q/FYwqLHKRfIET1ZCSvXcir2t4u
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1055\eula.rtf
|
MD5:
0cb89e0a1c0d6e34dfd9133fdd32a70b
SHA1:
93e8b91229f0f03854d326b248aa587d8a1893f8
SHA256:
763068a0eb80c9ec6be0d6f3645f04674ce49b84b7f25d70dbc6c38cc217c64e
SSDeep:
96:2WkmL8ui0eI7zWdZ8fndQzEl9qB3hPwoPphlKkVpnqH0XJt:38uiI7idZ8fd/b0nphlbBqH0Xj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\2052\eula.rtf
|
MD5:
867f40c950b8181e162d3961844a6b1a
SHA1:
ff0a37a85e78de61bda581edc5ef733932a231fb
SHA256:
d6686d5ce4ec9923cf47860b696b904ee311636f6626a66cecb88a4b47b55cfe
SSDeep:
96:62WcJzUkzaqqK7MjM/99oobgkiA699oM+UCysIjxACHnzOQYYL+BULuyaGPiClak:Jzzn77J6ob/699gCj/HnrLSUlZhaPs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\2070\LocalizedData.xml
|
MD5:
4ec60f0ce6436bd80df4f9fc75ae1201
SHA1:
298a027bdfa36a0770e809858b3bf5cf43e7dfe8
SHA256:
87786357107a6be391d483fee79da85521944fdf0dfaf3fe90e17a57f52eb4cb
SSDeep:
1536:E+JmXLUbgZoF4GJlnBtl6aEptrmfiOUKy/UKztfFH+C1VL+/8PR6B:E+oWgYBXBtgfPmKOUz/UKhdH+P/856B
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\2070\eula.rtf
|
MD5:
25c427292ea69bb385cbeb08892f6d5b
SHA1:
0b2dce4cb65690ca0b6d41547546578ae5a85afa
SHA256:
c29fdce1cfc54f752000d6cc0d71eb1036049d006c747a3b5a44ac8bec956976
SSDeep:
96:Mhv5RXXN7N+BeZa6UMva2xKX/hCKaQuznct88n0Dz6JpryoiU5eqViXrmI:8HjudMvaWnq880n6nryoiseyw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\3076\LocalizedData.xml
|
MD5:
29088011c7e415a70c29bffd99f9ff59
SHA1:
a13f56e15dfe0c26807f87dd0d1fe0767af56d12
SHA256:
a08bf3ea0d058b6b1dcd55e791a5f19971f5618fcd9d42ac78d71596d79e3a64
SSDeep:
1536:hY7g4CFuqmdy36ZjH+7zQxyNyhemfSzJ00l:hsA0lZLE8Gyh7fS6C
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\3076\eula.rtf
|
MD5:
e99dd6f90bb937b8f51225ebc229c4b4
SHA1:
c1590210b71358e629aff38c258f2679679ecf9c
SHA256:
a26bb8267e204f3ee74b51d81407224c71b98bc28a4e27cf720c4df52182cfb4
SSDeep:
96:6vhFhAUafTqF0rREU+JBCxBXXrRqf659K08KzzB2i6o39tU473iD1YUhql3ih2G6:6poXtNYCxBUe0kBmoNtR3iX+i54/8O3P
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\3082\LocalizedData.xml
|
MD5:
d9e2b367e1eff252245ac69e9fcdc0f8
SHA1:
2ba8bd7c5f95e991812c20eca2ef26f1eef7207e
SHA256:
b163497102adb4224cbac18a7a036fdb54fca52badab17cc851c47d0278c882b
SSDeep:
1536:4M3Yz2lm5313OpoQVYEj7AL6kKX6wv7MUGvQF5wZCqUa:ezXr3+NVYEoL6j6wNGIjwZCha
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\3082\eula.rtf
|
MD5:
e1ff0b8492a3b5884881415e8fe3cf5b
SHA1:
bf2c23c18ce3abe36cf7c59f2ecdaed4979b0cd9
SHA256:
5419e0df95bd5c046d42e90cd0084bfe58da15601d7114184db598683f994d06
SSDeep:
96:Nz1QavnQLbNtp/COWKc5KMzYcB0AUiT8KTyeanb6TVmNLZx:Nz1wpQKIL/hU+ub6TVmPx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Client\UiInfo.xml
|
MD5:
f0fb4d868214b02ca783e50df01e9bd6
SHA1:
cd59a88d31fbbcdffaaafeab0b48dead48e0ebea
SHA256:
16414f741e50aa3652a3bb3cbb3c1917f34915330123f6fa73ebb63ebfe0a4d0
SSDeep:
768:6wD/Xmr0yPeN6uUDM0jDx6641KdbsdZD60xxycJA0e3l6AEX1ymSg:6GXmoymN633KcNQZ21p0WEzlyi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\DHtmlHeader.html
|
MD5:
6d0a882c98afa92e43b277a604baab80
SHA1:
d7597bcdcc7ee77653abffe141d61951a06d6650
SHA256:
73688ea961eb0cce039a6ae356060e5e720721efd46b32bb5c9397ef324bbfb0
SSDeep:
384:vZ1vAi/eU6loFXiIVuv3t4o5GrujJPzAzbMwgK:bvAi/D6KBWv94o5GK5sgK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\DisplayIcon.ico
|
MD5:
58957cb7a587faae8c4247487dce47b5
SHA1:
c638f729ebafb11d62e7b8a9764b392d253d8cb5
SHA256:
bb687c464fed09b5a12930695c10a37603c54a9685ff03d71666809878650a9b
SSDeep:
1536:5dOh+Eu4NLBTRRBygoDVfOUjXXAdG+WCT+iM7kpqsM6/0wFJY5e:vTErNBR6Jx2U7kG+XSi4kpT0wFy5e
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Extended\Parameterinfo.xml
|
MD5:
46f074cae6f4e1dde6c6f41a928bf7f5
SHA1:
e8e4ad00305cabf6181d4aee1c50a95cbffe8715
SHA256:
16e15025d4a3adaeb9f690a7e6009ac416cf04ee263347abd1dcca3b65963c09
SSDeep:
1536:gDjaKwDpB/rtPWuHu2vXBAYjopbtJ4KFyMTe3Xv/2s6f3Nc4orrkvYRfg7:IepBjtuau2VoxtJ5yjWs6f9cxkwxg7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Extended\UiInfo.xml
|
MD5:
c75f92d47490491c223fd18459b8ce6c
SHA1:
5fefa2e642db4f183a5f195e9f13f07a20a078ab
SHA256:
b61ddfee8e4fa475c93b4b7e27aae5491db2d20cee8614904505e7f08c1ffd80
SSDeep:
768:DSCfI5rseq2TzhgKlqAL8L8XGR+Wjn62Q4kBejDK72nF0YhBeCz9n9Y:DTeseq2TzRqvGGR+Wjc4yeirYLeCzPY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Print.ico
|
MD5:
cb02da9c55587b2cec1a561206109ca1
SHA1:
5b251944502ba472726e374b8fa810e16f525b73
SHA256:
63c37746fca09b60ffb9ee9972f6583cda064bedc9f4d4b1fc4e0928b9c1999c
SSDeep:
48:mKe0joDkHUHmB1JeBpPht5ynTFcvhR08JXM:mDAHXB1JkpPht5wZCiOM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Rotate1.ico
|
MD5:
cc53f68fcec7a9e6217984aa2f9b6864
SHA1:
156da458def9a9bdc04e9a75802056225c92e529
SHA256:
e740270e2b96a86335929f7cf5f565db293709cbee000ebe31129f78ce195a27
SSDeep:
24:vBXqDO/HVVhOrfKnmEcl5/0X18mOdkwkeKg/5D2+keiJFWcm0IgIpOc9w08IBiQR:vJqK/HpCfKmNpUFOVcJ+keiJFWLwI4cb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Rotate2.ico
|
MD5:
9b3929882388017b53dd5fdf9d1d2e55
SHA1:
4211bf201966c4fee951da709c4005f3f91e333a
SHA256:
6bf8d0c0acff658ff2b395be11088590ce2e19bca204007ec351af48a46ee7fb
SSDeep:
24:i1e4OWNyWFpy9KsNF/tEVLXjs0U5Jdn6thZ40bSxpOCyunxfp8M:i1aWNyWIKsNiHs086y0GxppYM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Rotate3.ico
|
MD5:
9583db3b6e799e8e748ecb03a925a3d7
SHA1:
9f581b07beebb95a696eceac230df7b53ea46886
SHA256:
4ceaea75bbee661862f3da74f2cd70ff48bd1891f8ff4fee0c231a5e172a5144
SSDeep:
24:VFEEcxYuLU6uwuhTfnWqeDwBJmsnaTuxA2LKOYXIZ2xFAXAwNr+8TnJ0wC:VFi1LJuNLnlesBJ0Tui2LJYXj7AXbvTo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Rotate5.ico
|
MD5:
413a7a8c192d67ad89e87951fce4029a
SHA1:
e67b3fe1f687a9f4a9081be91b359ff431f22533
SHA256:
9f2aa3ba0e87129bc5ace7d0448e2af27d6143321d31e2842ee241b0b94e17b6
SSDeep:
24:EEy+9rY6nnHEXIL0OdCE5SwZY+DJ6icLo2ksabwQDXdtGnmV5aw:EEy+9DnnH9D3m+Mil2krb7DXdeup
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Rotate6.ico
|
MD5:
241e5b311312f7243dca9f90faf6b9bc
SHA1:
3500afd97888309d8a4a56ed04020a4d1ebfcd98
SHA256:
ce019c23fa7407d26b6e086cfc80ec32535ea006a18d08051510351d41212a0e
SSDeep:
24:pY+ASsySt/ReQGvWlqFf03jt3soTaT08fqJnZEVVsOrfmbWVzT4:pYBy4QQGOsFMzt3V+g7nZEVim+KVz8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Rotate7.ico
|
MD5:
ba6aa0c1a0b8f49a81335ee3dd184fb6
SHA1:
14090a372419c000b71376ae3ab3c39e8953cee1
SHA256:
f6523ec27ec691c58f5fb21d7d1d2bc4b29b6ed93a1fec1c408e6a8f09ddccee
SSDeep:
24:Cn3qQbpjbtBOJPiqtgJ54tIw9xSC9cB6UNrmRHahHfz+140gkR2IZyUGdpqN2J:cN/BOcqtg74B93SBjO6lz+14ZkR20yUe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico
|
MD5:
bb00baa79fdaaad56a4e70ba349bd661
SHA1:
74b241ddeb39bb3365d1480673d40a84ad4f3f2e
SHA256:
99b231de38bf31e985bffa0f8bd752dce214132af6e38d2873a794b9d63c60cb
SSDeep:
48:1xxilqyiPzSA0T9yvAukd9eN0k04pu73UMH4iEeA4:1xxihaN0T9cAyWmuzl4iEex
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\warn.ico
|
MD5:
c1f9ddccdbfe592aeb8550d5b912efee
SHA1:
6cc0beebc47e5ffb3f0a333900cbf1721f6246ab
SHA256:
dc886b539cf8e63448d52588795aff48bdaa0bae7f18b726a8f8ef136e99e059
SSDeep:
192:F/lOPAUbBA2R12i7dVTjrNPX45X2oB34LF3YcQGx3hEl3hm:bOP7u2R9z3RPXjlLlI2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\ParameterInfo.xml
|
MD5:
a1a7ded7c82f6bebf59a37c951f9c99b
SHA1:
040a9580d58ae84c8f18a4c3d8e713cbc2d15ea9
SHA256:
5e9915321bd10c8e3526ba7d5fa6b370874106477305c3ec7407add4d44905af
SSDeep:
6144:VIZXimGgbdSGjj8eHuHQsZ3YlAviSgoU7bzikQQk7v5S730Z:VIZXHGK0GjjxHenUAmLika7v560Z
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\SetupUi.xsd
|
MD5:
74d183842439ab24a222d26b0f9a7018
SHA1:
4ea44b662d476dde2c065b536dbf55e33bd7e041
SHA256:
a9f184eeb41333d8e05166d0735261e79be5d04ae39e0a660bb2964972028789
SSDeep:
768:7Y6z2eLo/GUleUXTSULcJwFqrhfvtgTX7L:0teMOUJWUYJoq1f1QL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Strings.xml
|
MD5:
9c2456f14d664f29ab21bb07b6153f67
SHA1:
03258a67d0004abeb780282765c7534b0dc5298f
SHA256:
07f0f77317cd5e8765012334e196de4e25a489a9c6f3d5d74b37ee44b87f022d
SSDeep:
384:Y3zlrRBpU8fAemrbdU/scoG1YquEEcIkbvpa7Occ3V:szFhUUqHw1YRv9UvccF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\UiInfo.xml
|
MD5:
ec49a83673dac9a1832b117d2d51ad42
SHA1:
0f7cc59af49cab6a89b8ffe110cc0608ee62b916
SHA256:
457353bbb3661dd9b6ac13749a51fc629fa3449ccdbf317d34967eabdad8a121
SSDeep:
768:nYzul46/pF/Otmq4v47qqfHc4I/umUHEGoSawRta:nYKl/OPVuq/cFeHZozwRta
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu
|
MD5:
4fef6fefb5dd60f46db68aa375023e67
SHA1:
e56c04e9ca37257327f46dc090b4ee49be9ba5b3
SHA256:
e8c16650ab3591628199670c74af180fe817071d8ede45504fb5d2fc8e5db775
SSDeep:
98304:617RLNU6ugUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlS:gLNU6UZBkOK2Knq45mY4H5OMKkKzlS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu
|
MD5:
ecf4a8890e940b2d19fba654ebb827bd
SHA1:
47f97352ceffd9ab930f6b0a61b3e8bf8d4dc0b6
SHA256:
08428a3eaef42e260fad39667044766796759edc3d455a4394dc4124282e8700
SSDeep:
49152:AiFUVMl4F1WPTODfXYSzpgg6b+9WJ0DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWhy:AimVMlfTOE2+0l1PAdXZzKUYxs3pKZnM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu
|
MD5:
929e3ee8b7f2c295664daefb9af93332
SHA1:
2ec3333b402b57502fe8e63d59cfd17274e16aa5
SHA256:
62fe41198663f9308ae7dcaa8f6316fa86a2d38b707c88ba92fb75f7b5375c22
SSDeep:
98304:GArGcfsRfvq0UVKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCH:brGnBUMBBHTK8KXZ4UuY1kB1iKFKm8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu
|
MD5:
aa6a11e09afffa2a95ca366248336bf0
SHA1:
ce08c945d617be865d91a72c0d2e9aebc504ae1d
SHA256:
78af5fd7ab32494b5a146990db2ce5b0fc7daf093f959f3aa6e04a8066af9b04
SSDeep:
49152:jyd31mUI/5dN9WX/wtlGRSDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNE:+u/fN9WvwtlG1GnRau84KUYcs31KfFKE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\header.bmp
|
MD5:
79c70f754da29ab7b07a2d8e24b75075
SHA1:
6a4197bae8e45a0bdda233dbbc043dc865d7d107
SHA256:
0902002cee48853ebca766f1f98bff290969c3a4d12b925dc93b719df7a8ce41
SSDeep:
96:lmwYCocY8O2bRdvshd+R+FWq+ZejDXMG63UCU8eRQ7:lm1Coci8Yd+R+ygsf3Uh8wQ7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\netfx_Core.mzz
|
MD5:
0c78685d20688317c472e5c1f86c875b
SHA1:
bf9dce8759248c94357a04580e3d42df33480a85
SHA256:
415701b2d4e3357829bc58124f8506bd6a87e9fa3c4f65687e3610d83595c291
SSDeep:
196608:RsxqWWModvV887W7ag4KkVSpCPPnE8Lqfy6mbFg3DTFqH6E/xSJJqZ:qu9vV8a4aglkVSpCPs8LkEBg3E6EygZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\netfx_Extended.mzz
|
MD5:
5438341f52e5d5a65817c4c0951b9e15
SHA1:
91acd65af74e811de4910b5fd2cff04939d7a904
SHA256:
1a3540a619beaa39e89b97decf90d2369e46c9b2e96ef01de1156597d49644e9
SSDeep:
196608:hpxM+bqdpdaIP7S2S2k2AlL2q6NTwgZmLR5MgRIb:fbQKIPI2k2AlL2q6NTwgZ4RSz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\watermark.bmp
|
MD5:
0af95b6cbf061f47e1613f5b47cc8fb5
SHA1:
7d8c2b3da26bde65a1e6bbd0d6326472d1724773
SHA256:
e2deaf7bc13465eadb965b4fc71999d4d1a5b0be7f17008044254ac80d8507c8
SSDeep:
3072:XvBJWlhiK/HK0WoyvHqG116yK4/vBgyJJYVZIord:ZMlhiK/GoynR3SyzYVZ7J
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\BOOTSECT.BAK
|
MD5:
020b693b9e3424270dd9cc3a57d9884b
SHA1:
1408b40d724ee14ef71bfbd14b17b398b8edd8fb
SHA256:
331dc968817fd3f16c433c7a39d718f3a68f7ab4513c7761810f13854150d93a
SSDeep:
192:PMSMuCcj028I7ikb5gL8jRfbz3EPZ3BUXsKRYbux05R6:PMLkjw/8dzz3MRbzC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Application.evtx
|
MD5:
94f5932e1c90cf1bff2615ff4c1e94e9
SHA1:
495f43637a4a555fd93652c83aea701b53de6b3e
SHA256:
a960739b1c7d3b972075470826bbe334810896a7447c9754ab17185022ed63f2
SSDeep:
1536:5ybrKnqZckQC510Z2k50S++A8goXAxQ5RFdJPdDrYPfIjVH:ZcD510l0n+bXB5RFdltkPfKH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\HardwareEvents.evtx
|
MD5:
6539211775a9e4ae64357cb411db4580
SHA1:
c51aaac79a95149851b7913e41c63a917d01230d
SHA256:
ae010d123aa287008528f571ce50dcf0876f571cad3184cf72c544e99f830c07
SSDeep:
1536:NpfyRSDEPmABkIdoKblsSw07rQL20TgHfAtHhJzP5+aI:dEPPueeAU20Afst+aI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Internet Explorer.evtx
|
MD5:
608d1b71ee6a8638c65acd2322be5a06
SHA1:
dde417b52df92a9addc291ac5adb45fa3c9cc882
SHA256:
a2ff8ccc7194e91fd436d0b7907984f40cc0d464c8ebcb65c66f931a56b2f04d
SSDeep:
1536:elq9wosFspjuxQJcH2mKnzCNdtEwgm4tjd8vM8Y/rW2:e2wfK/JU2rnWNdtEwX4tjmv+l
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Key Management Service.evtx
|
MD5:
2506f55d44532268524048cc3f7119bb
SHA1:
32cc9d9c8978b51a851ddeca75392b11dc27f780
SHA256:
4b770cc619ae630d630a866bc35e5b9979e0606ffc53f5baf69459aceadc13f9
SSDeep:
1536:crrDWb6bmDuuaTO9EkPWGSVOZVPLQExza6gNqgLcUN+QlkB7OnoN/Lu4:qXe3ITfhAZ5IfNWB7yoNzu4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
|
MD5:
04395cdc9ecb538f92dbcfe8d01d624d
SHA1:
25f2f25b8b0da1611d0d95e4be059a9375e44535
SHA256:
77e795e9a472075cae5759eb3fc78380eafc1910dcc017c9c1e92364848b8b1d
SSDeep:
1536:+mZaaIcq/2ZO9ZWzF/Tbov5i0rGpriRpXSJIDHgEZ:HZBSbnWzJvAig1SJIr7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx
|
MD5:
367785c21dadaa535a7898b70a9a6c03
SHA1:
079affbf9faa5b1ebffa16e7af6f358bf9ce6876
SHA256:
f0e57cead28d1054a1ec5d80dd84965dc36e83b0440f4a42278678710ef694b0
SSDeep:
1536:4UhPkUBJyeRr++03BVaTTNeFWMHKh+qgMaAYvfq5AvBUbq:nhDzyUr+PBVaTTNe4h+rmKq5Av+q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx
|
MD5:
584ae54bb98690fe204a163313caafcc
SHA1:
ea7ccbb2cd750625eb754edf4a8354ceb8a2228f
SHA256:
87cafbf50c83948b9b79039fc8ae5ab595b6be68ac17842e98507457750a1acb
SSDeep:
1536:TTbLIcPhUGLjJVandguOB3M6KDNmIzufTaUbg3oF7C3SjeyeF6:PLVsn6uOB86KDNmkGBgY7CCjeyd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx
|
MD5:
daf3039bb3d2b39bc7a4ec2dff6cb030
SHA1:
c7aedd67e4968edbb6e4b65fc524d81fe1151d93
SHA256:
1dedd2908339150f1e682716944f3f4c4e5ad354fff0624d87ddce7284f5d685
SSDeep:
1536:0D/ODHFjfXqElXA+59p2+uzrdR9JQX+U8jzWUvY+7WKfLyoxw9i9LMu:0TOD5XJ5f2+09u831973TyoLJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx
|
MD5:
d5158abfc76ff662bd45b6fc8f6bd83e
SHA1:
375d4e3481dcc69b4930fffcf13adce20cc9626a
SHA256:
afb5d539f8f76c84dc7be0aa497bd2eae2f2b97eae2b404204f0085354ed8ca8
SSDeep:
1536:GK7+Qeq0X1tMxpSzIxkKMNRrPk0mHvzQg7ImehbLX4K8w:JReBQpSzVKIxPkrv9ej98w
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx
|
MD5:
36093b5088985c095290080194a354f6
SHA1:
082fd80cca338e20e699b00305124a5125f0d85f
SHA256:
ebeb275136270eec5ca9cf127362edab57d8065dffe260e3f34453976dbec1cc
SSDeep:
1536:WgY/c8Q+pQFLrHbvRay5mz3O3zPEXnRfKQc04GYUb:WgT8DQxr7vAy5mze3z8XnJKU4Ab
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
|
MD5:
5c81f8bf64e302c5c180a97680cff1ba
SHA1:
50cdf3be4d03411c441e02f91685507a106cd2a8
SHA256:
27cc1148883a7be7afb4057b7b0b43b3caab12b4f9b685d57a6cac6d033dccda
SSDeep:
1536:6ZbDJsRARKUV0ZnHfgSyBZaP3CmXHDEnk59s/YXIM1p89c:6RJsRUzMnH4SWZUCmXQnk59s/e/Cc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx
|
MD5:
1864d2e99c940dc18226728715cf86c5
SHA1:
93ea2445f802e4dc6ed692e3c8e7f3267ee317fd
SHA256:
0d0d73b417c511cfe7fe61fc4d1291dd02ef5a7687a97036ea3c60a5faab5e72
SSDeep:
24576:wRTzWiLkyEczyt0hu1RzToMIuBbFZYpqVQ9BOvTgjrsIisM:gfpLkyEczyaUfHoOypqVIBcgrsIin
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx
|
MD5:
f9b288a1cbfeda8f0e0b94ca74d6b719
SHA1:
80879786c74edd4fe169595f6b5b857236ccedf4
SHA256:
2e91ca519d52530329fe90513b23ed327b783fa085e4ebeb2d83707ba01b6f25
SSDeep:
1536:GWvFQ16k/3vRCXtyYRVpYluSIrZwkM1RMhep8vhzqzOZseWROBZbKKzHyL:GW+AQIXRVpYUGkoMep8vRoOaeWYRLuL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx
|
MD5:
572e0d61f061861c00bae66e761ef9c7
SHA1:
2c8596cbdfaa0f546a7039d0d39f8e4a4f1727c6
SHA256:
6342a8f2201481f589b56e1059c583225c97c0f53868186ef1c0aba8264935d4
SSDeep:
1536:lke0y/qYAgfYJ/MEJZkPmb38OEsaHePRJh6xxyc+Dfre3:lke04FRk/VK+oODaHiRJhQxyrK3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
|
MD5:
ae9c9be5d6b517296f293eb8fcc18bef
SHA1:
e1dc3e5aaab2a46d62580947a20a5e849d610bcf
SHA256:
e48f110d3ca41d691e735352eadb87b94e0cc744859cc305b17a2862057bf6f7
SSDeep:
1536:GM/kRThUM/F5cS2+9R3nge7SmLczMRmaxb6lwx:jGThx5cSRVgemeMMR/xWlwx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
|
MD5:
404aef34b751916bd356966dae2471f1
SHA1:
a7666947386525e9d48296450d788a1f3d7f9347
SHA256:
6daebdb3da5fd91ef6120db3adde62eb48a5eafefac9d2d53b425f2c511c4985
SSDeep:
1536:Hfji93RSQyfGUPU53jRBDbYxNO7puuwLx4ldb0EHApHRucGVJa7:H83R0PcN9BDsxNOkzLx4ldfHWHRucmw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx
|
MD5:
8c73dbf71dad36c46d86f3287651f489
SHA1:
12c9b60231f478e2b5b5e9ff207cef5f656a506e
SHA256:
56f40000c614a3aeb58ad2b1df1e2386e9abafbb2fa1d96a93a46760d05790a2
SSDeep:
1536:LvzBnMfRJFq9jhJGaXo3qqCbBwnGxB3z9xdT1Mvp6FGmix:pnM3MLG+OzuKS3z9n1MvpzmG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx
|
MD5:
8e71a4a6798911dac0e1508060d7fd6f
SHA1:
62a601a9ead7e1822959136ed3434d9d4700e143
SHA256:
4c3b200e99d5e6f701febba46cd024f0452e39985695795c9f1933b2c0c3215e
SSDeep:
1536:zDPHP61cWVssyZmiIhI2MjGrubXIsqT8UaCqMUyLYEoqCOm:PPC1cws9RICFGCEhYUacsEo9X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx
|
MD5:
c6a03a0a249401db6c2e488d1e1ce87c
SHA1:
e376318a983c131de677fafe82fe839734c25724
SHA256:
044378f97a0fb4ee0f94dec481f280481ab3ead6c7debb30c6c485e73629ed60
SSDeep:
1536:WcojoHXa/yG18ndrza4bb1zaG3tPf7RHKSMv8e9KYQI9:Wcmv18xZbb13iSMQM9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx
|
MD5:
b1afcb73b7c05e6f5ceb71ae68a9ed58
SHA1:
c9fc45fdccd545336fd24335df1506fcb8deb55e
SHA256:
ce3100c09509ccbbb8fecaecaa88e5e1cce899655d28fa0e077b524ba432b627
SSDeep:
1536:/zQ1BEXeGmRtrsy6n1d4A43UbfC7T/uGi58wf9z5mkST:/z2ZnhS47EG7zcmEz5mvT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
|
MD5:
cc6374c952b6664d0fa2ddc143fdd42c
SHA1:
bae19273aff2d2802aa1a53506c48198592e6c0e
SHA256:
759c6e1cd9787f80f794d159e61cb0eba590c85f4d1dcb7b1a626b1be7da152a
SSDeep:
1536:Jo6643qBPi/4L5jmSO88RV4J3msVSGuibUrQe0p08bJttUb6XzkTAU3j:JdQi/4tjmPvRV41XPpbh1gTAUz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
|
MD5:
f37e2a2843023929a97255a47c084ced
SHA1:
6539ba62776640a691fa738936ce9f225f1f00b0
SHA256:
392586a62effdb6cd0f722160c770aece456fdb658e9768d328106396a9f0064
SSDeep:
1536:5qd+NX3WiUN8eajKoMW/QZegaFbsKVtA/gOKAbr6+4PW:Ad+pGR56KoSZeDFBVO/gXAbrp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
|
MD5:
a424353b3a8a9bdc3cbe1b75198853ff
SHA1:
ab50351035d82e2334e847a23fff8697a293b598
SHA256:
14ca24f018b90f3d16de99152fc57f317695714ad56ddd6b800580ab951b8c87
SSDeep:
1536:/IcKhwXQutBazbHMufyM7hIBAh3Q9Jfz1olYMavgWpvt:/IUQutUH3lfh3Q9JhoVav5p1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-International%4Operational.evtx
|
MD5:
06bbb831cffec013732100ccaf9cf4ac
SHA1:
1d85f88fd1f8476f879ca41ec1d5640f0fbabcf1
SHA256:
acd574b5ab8d435312c106af657969bd7ba5f208aa54c72ceb9a4c52d20c71db
SSDeep:
1536:1EkzUWCTqfeM6epBpgcJyPI0JzwLXXxom/29m8se1icG74Fzzg3slQzMearCy5Ud:1vUWCTqf8Iflwmpe1hs4FzzyzPauEUhT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx
|
MD5:
06117b9720da28a28c0bc4e7996d0b22
SHA1:
1913b88e80d72adaef45934ef1d484b44aceac2b
SHA256:
bdccbe7891509e9176a87dbb3de7404fceb595b10a8f6c4cfd1acdff049df243
SSDeep:
1536:IcsouCCmwmKITpFFZD5uy4U07uMD6BPVSJyHema4spRrTs3edmFG3LiQi/JyU1:IcWoKeZD74UaOJV6yvIRvsPF8uB3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx
|
MD5:
76b12e80bb034b504127c5a9389b8ed4
SHA1:
f3fdb39a6d530aeac009d7a5fbc8788b37d032d1
SHA256:
8e449e7e06bf7d29cda069a09f5dafe7daeac1dfa81d1dc7c5896d49295e0e15
SSDeep:
24576:vkeayGjulK8X1POPcbvIy3Gx5JNlIccMHRmDdfnr+LXJd+d:v9Ia71POPq3OlITdPrmM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
|
MD5:
54465a8587e06b4e458ddf61537412e1
SHA1:
3c659332ee49417499da3f62fcfbcd43647d3394
SHA256:
a0e6ff4135c7a22427cfa9ffc667a76c71ef934daf1ed9755ac103d305c14925
SSDeep:
1536:BTENiik1+tMBkyXNKI13Ap0j1uYK0FEkxoEgc6BvSsm4:BTLiCBxXkIKp0cYLXipSE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx
|
MD5:
4c459fa65d250691df6f734571c6f4db
SHA1:
0fde205f35bcd0c14dc2fdd11e6f3e920a2d48c9
SHA256:
de41c8c1f521b719204f580b750dd8e6b68ff4024f1f75e25da5d46d8afabc7d
SSDeep:
1536:rheGjJJMOCZWi83QP56buajdis/a3C1qVtGqYqPnSgXA:r4Yw9ZWiIUsy3EcMq/SV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
|
MD5:
f10727560694e4ebe91aa75570ccac7f
SHA1:
9809a936bc11582405e67278fe698e7f1ef36be3
SHA256:
b654eccefda8a88db9a9887480ff5e340c25d4490bbf8caeb554cdaba9427353
SSDeep:
1536:L9f0gCnfA2JxPlC6V0D1SDAuUlxZ0lmZOk8IXW/uDADXZ:LpQfPPU44lx/OknW/qup
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
|
MD5:
bbfeba62b3043c564214b7af37d00fc2
SHA1:
40f8350ae4946a65f68f1e59ffa5d9291f8405da
SHA256:
73cbb16fce16ff6b1d7d4e4630a05e5586eb60637dab41dbc1db56a14d845a8c
SSDeep:
1536:5T9gISxKmZ4rTbALKqHEw5PSmzxwGbgLsC4Gv6TkiHqi+:5T9gISBZ4bAHLP5L+zX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Known Folders API Service.evtx
|
MD5:
575ce20064854c73cb06d138da1f9f09
SHA1:
96c3c5a4e6cd5e64cd36fb9a076378043d667c62
SHA256:
72a0d1a0a1c5f8531bd088ce8c20c56f958899cc63063beae77cf3c265f91f92
SSDeep:
1536:o1UkrvY89h07yJRgu46nhM3bf7AxHASS6PEJG8WII+WGdcke:o1LvYi/RB4YEbfExAR68JG5+Hdcke
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx
|
MD5:
54b2d6874159c41cdac5487f9fe80469
SHA1:
c6e6bf23e6450d539f4cf5fa68589f02f205914a
SHA256:
abbdbcbf0d56812405a6c4eef5cc2b05f8e1ac8b2ef9348e88e59384c65f9583
SSDeep:
1536:NlYQn/R8I8e0h7ZhH2btRc1shorRxQqeCiiFqqRh/be:rYQ/JT0hHH+RmrR+/iFqKla
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-MUI%4Operational.evtx
|
MD5:
bf504b54f6b7a096eb6bf41c68f9c25b
SHA1:
9334360c79ba7cf63b16829941a54b2b9f86ab51
SHA256:
40a39551ef63a557f2ba8ac11b049240828b948ca06b4ff32f0599b8f7d3be54
SSDeep:
1536:WYSvpEfaV7kOsJa5ZEvA/l2+eyJxDigYbzXoM3GqHcEggpT8A7E:cWfSy6N/neyJxkYMr/jAP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx
|
MD5:
6d34d4c1cfae4cd1cbf95f34f2b75858
SHA1:
e8da83d7037a3b8712d33c0a6f070dd1e879f862
SHA256:
7db53ebe95a72976bb67d7fa6cc1cef0270b6b55c392cfa8736944534ee6fb74
SSDeep:
1536:26vH6uyV09mDC6jHyqvNGJc2T9+qC+ePVD9FA4ucGM+l6JS:2uHyK9wC6rNvcS2J+qC+6D9mvNaJS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx
|
MD5:
5398ea0b1f01ea9a25fb6022e40a4f08
SHA1:
dcbf141040aa468b1583ad91b1c9bc53ba95878b
SHA256:
4d9c98cf51325984c8866d065ba327d7bce14f653b2ce38004d5ff5736195c2f
SSDeep:
1536:QdQ6oXX4FBqIlZvwISW8fBcI/RmIKt/F3GcvIvglXj8wEY4:QdQ6qIbFD8ZcUgBGwlXj8Xr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx
|
MD5:
f0fc7bf83c9dc8b73b4800e13867b080
SHA1:
255e41b1e5251836936ec258482ac0ca1e98eec8
SHA256:
af2b681e4fded68023dadfacd14905773ae6b3c0f5b83f6348ce54f1b58b24d1
SSDeep:
1536:meioeNHxtibDfUB/92htfr15Rn/4Hmf/1x1EC+xuWg5G:mXHebDMB6fr1vL11+xuWg5G
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
|
MD5:
250e292bc40d0e365a11d1f910184df4
SHA1:
280da84a2837cd815be3609d0e4eb72d224ee367
SHA256:
329c79e92a5c6dcce71c3817785418b5038cf2cd20f5d216d54941ca8861d5fd
SSDeep:
1536:rRkP5+761Yj1ovPliUh92qcx+h2GuR9Add8b5kiuBU8FNHl6V+:rRkBzYJovPlpAqcI2n9qel8fzHl0+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
|
MD5:
168916c9cc30718613bb6b1773dc87e5
SHA1:
1c8e320c20af990fd4b8243e162e06ed124d35ce
SHA256:
f0fed6628125274466e26ac6430cc183c2aed2fc948d2e87885164814990c0e1
SSDeep:
1536:OzNeTy/3bk5FEd2f+7gNe+D4Jg5ahpKv9dQuq3ICy68CX2c:Le3Y7KiuIDTmQ943978u
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx
|
MD5:
72dcc2ad71b146f58918b0e2d5d1fa67
SHA1:
5b98d13b2e57156d22fa7e9e8dcfa1e2f7cc5520
SHA256:
257cdff51f2acc2f7d35944f290ca5112780a1fa1dc83897c70c130c20655e89
SSDeep:
1536:RzlYa0GVckNE1zMgDElJzqXANGirs5qQy1fScN:RSvS49ElEXBieqQcP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx
|
MD5:
44757901ab5e0ebadade5c81b16b9026
SHA1:
eaf8f296715cd6382ae57bef01e2cd727d3c8c2a
SHA256:
17ca77cdf25876737770d8dd062b4231f727df4f96a96cdf6f5b8f2569a42acd
SSDeep:
1536:T7YoKwWDlmpC72qcCBMY/QS8jWkf8n02Mm8gqd9s0qqXUuG6+SP0gWy41ycP/:/SDlGC6qcOM2ln0skXqmUuG6NPPUH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx
|
MD5:
9686f6f64b28714fa803ef38331742d6
SHA1:
06f1084d622122e72913a6309a30e5b582e65c84
SHA256:
c8f7af829caa55fca79f9383defda69b6a21fd6840b3925a86b61e9b847b568e
SSDeep:
1536:Por1kjNPs/HhmwWsTlZ2r2u5rchkCiUpPA3VYO6F8OZw:5j8QtsTaaurchk1SZw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx
|
MD5:
f43f2b70b008324e3aed215e239d9dc0
SHA1:
7b9507072e2d4ca838da0e541682779975fec2be
SHA256:
e14bde6970d6cf5069b288a70feb5ea37857c44a66af29c6b50ed05cdd5a293b
SSDeep:
1536:XqCsjg8qGe9kCN/5gPgXolOLoh1FHnvZxgn+1o0BMVL+o0sea:Ogwe9kCN/5gQyRnvTq+i0BMh+o0sea
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx
|
MD5:
6dbde9b30575261294f5d924b0e0ef6f
SHA1:
91f3252414faedb1c733a01d97f9ae0e65698e27
SHA256:
1b2f3939fcfd9aa6689e442d5c1032ca491198d757c3c9f0dad148f60b823713
SSDeep:
1536:1Ftfb2bqwxw8c10zpadoV6LGW3sQ0bhRla/J6eUsYONow5BIZc:/Nb2ayd9YGxnblNUYONoCqc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx
|
MD5:
ebb98a04a4831c1b4c135d4adf19a6f0
SHA1:
37cfd22d377bddc74eaad4c4661ac3ef3e1becc8
SHA256:
7f46b7864ef827c19b62893680522a2c8b599638f347bb2c924bb479a15eb87a
SSDeep:
1536:YYhreetlPwk4B8FSa97gh58Z+cxkB7eZ3VT/XMQ:5egWHSih2ZX6B7eJFx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx
|
MD5:
18357804432e6b3076ed087d2dbc5207
SHA1:
cea71881ff618723974f09476cc56fd69e0e9bd7
SHA256:
1262a56fbb59e1fee0837cc3698f5500c0e8245e813c4696b21f67ab42b17944
SSDeep:
1536:kE+E3f9FsmhaPQ40e5Sj72kt99ju6VVPFwfIhfqgzinvE+W6KD0z5X:kE+Evz4Q40e5Sn5LVafIhlivE6KgzZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx
|
MD5:
ecd5e8f1803a666341ea96d1320677a7
SHA1:
81e41f4cda2cfbfbcd55ccf679c618125e8067b6
SHA256:
bfcc964eb810daf758f69788b8bca92a3697ef3679a64d1f8938ccad05ecec36
SSDeep:
1536:nhpQuZEBQZ6gWnp+aAN/tjev0O/I8LWLPDpl0aDd4lKHX+Kp:hm0EGliBAlt98LWLbpl0aDCXKp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Store%4Operational.evtx
|
MD5:
d39be689bc1fd8eab4af43d1d28089a8
SHA1:
0a9c82394b6a810b331f84d506dbc6d2561bc9b3
SHA256:
2e77e98b43313bde02f0bf8615e02549dcb5446f4387a60cba48573f2bd3d1a0
SSDeep:
1536:4jddp97PyUP9kxi8hwPMrIB/PIAqyJKyFdMt31P9dCKDwtf4NRO:wdJPyUVuiPwIB/ZFsFP9bIf4Ns
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx
|
MD5:
b9062b448c0b9949bf01c6c13417dfeb
SHA1:
36b6e2c2d9d1c0aefab978825d74452e0ef37797
SHA256:
4ce988bff74b855ec06217a4f19847b17983e35d0dfe432fdbd88e75c09f1348
SSDeep:
1536:phILYZu4fNtW6+GtCGE00i7GNRc0WkSq2ODQSCPI3t:/I0ZuSW6+GtCGEkKc07SaDcw9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx
|
MD5:
166ff22ace3759b520fe6211388317ed
SHA1:
a5f99c65724a3f7f50d02d2ac38bbb4766eb43b1
SHA256:
98fe89ba2625a3f2c2eb0bc012fb350be5d1849e3096dbe1a0166911943b792e
SSDeep:
1536:AQImkhUv1UM/LqsgeieIb3tWFyPzh//QuePn191Yf+LD2tSpnuSW4:dImmy9LsWIp6y7d4F/Xg+Launub4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
|
MD5:
1da5853a58c18f9c0bf1151eb2e97805
SHA1:
d29c04259d37e936b04c8363fea95b0811c7bbd7
SHA256:
f31467ef9504204341d8655a2c35ef1358c6cb4745516b83891e89e03c8f5e0d
SSDeep:
1536:iG8CuIiLRQ4X0Ixf/bKSrFK/8ZMWgQYUaSt8WX/p:i1DIiL64E6LKSNZsKh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
|
MD5:
5451089b77daa7d0511973d06899c260
SHA1:
295af5a44ad1f1de1aaada835bf9daa099483ecb
SHA256:
07c28368eb33fd6da187d4053ae2bb0acb4aa91f2b2a6decc77f4cb502db491e
SSDeep:
1536:zQekB1c66C2zM1urdNFLBemKCfPNPP3zozYXZtk:Ee73CEM1ON1LPN0UXZm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
|
MD5:
7f3e5c72223513bf851e19772a87c11e
SHA1:
21b2eb8c923640b90ba06246f7f392bde625d9b7
SHA256:
ef836b4aeac25d485f92ba15cccc9da3e3ca3e6422d5d09adb8228a64a7b13af
SSDeep:
1536:4jC3+3qqtWYELzX7Vmoyy7hKHmb3qhQoEuIVAqR+JA9W+iM:4LxE/XENJmzt6/qR+Jah
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
|
MD5:
d1c7ece75479e48488204308f135ddef
SHA1:
aabab6704bdbef8cd06c11b4c6f31736c6b913d4
SHA256:
f44948146c1f980ecd34184b7a4e33933ceb6bdcd973f9cc835b271c5d56919a
SSDeep:
1536:UWCKGwbrC+HgQfqE5EHIqLTaIgLKsGUzHSU0iVszdY8qzH:UoGj+HyPT0hGUzHN0ss+hzH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx
|
MD5:
ab7826ddad360e6c38ce8ab036eae8a0
SHA1:
f4604b7e62343c1ac7216abb680d3a64ecca2f64
SHA256:
0a111eec31773965e0d3aba1145f505de99ddccf2b04c5c0eb6e8622f884234b
SSDeep:
1536:MK46VfMPEgLFYVUbOT1yAMIoDNFgZiqc8mhKInEU4McAjg8boK:MK46xMPsWOT1yAu0ZcJhvEU5c86K
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx
|
MD5:
c276f4e5d1f58f111cc377f11ef0cadf
SHA1:
6b8600e80c60f5198ebf0316f7807c5baf0d0516
SHA256:
2caf1b23b86c6085f76f8ff897ca42593a441c7de0ed8a653dc01131f2bf8845
SSDeep:
1536:ZFmqzKrs87PIwCuE2SuwHxpNxkRU+w7KGjSyomYxRRznVS:OJsM1AxpNxSw2GAmyro
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx
|
MD5:
2cbd2680db9110860d6f5720b3a38f62
SHA1:
6c733e63e29697df0a6b98414c59db33664a5b64
SHA256:
bda86d5198990387c9c00a244e1c920a741a3ed1ccb2c09a0a7c135f43d88a9b
SSDeep:
1536:TgaEYQ5w4byBBWfjuraEHEhX50PaG0+lzXizCQKVFK:TVgw4uBBf2/hXq70+JMT6K
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
|
MD5:
638f0d7b41fd763e4db33412e220b482
SHA1:
f061190cf9516a43569b48eb0d32c11cf8057d4b
SHA256:
1c415520cdb2514cca26b38c3c9b8c4343760ff131df2369626702a538d0decc
SSDeep:
1536:+ebUxWKbiFY6Lz/JnCinKbIZXDwaUEaNhOhJL9CeeHo:+eCQtH/dCSuEhJBCG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
|
MD5:
1448f36c77f3a6e4fe1db12b3be7116a
SHA1:
a58d3ce83a763415229cec84c5644e651da7f9ef
SHA256:
ff58f9d3acf0367cb7dfc8a8a833a9e44a79721df787e6146d4a889302d9cfe6
SSDeep:
1536:X7wBiaUbmL5+LTVn6/QUhlsPwzFGOr+07Hq8Y0+hotWZ:X7w4ksp6/Q50GOS0jLYxhNZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Security.evtx
|
MD5:
15728d0bbed245ac3b5f9d6ff1e6ff85
SHA1:
07256987fa984a030f760e424060a719cd3f746e
SHA256:
8a2256d0d971f435287914abac11656f692f207b23f54177cbe057a9c141dd04
SSDeep:
24576:udfJ/jkIIUAdL7cc7YiSe6vMyVzfoqU0mY/XIx:u9JNccc8iP6kyVz7XIx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\System.evtx
|
MD5:
42278f95f7ab3447deed2b7123955105
SHA1:
a15fa51b6a71122c0b70bc16dc5ace381b599056
SHA256:
42ca58fe1d1f07ee9f7f9717b0f1a92a090e652ba114763b160bbe94d9cbb67f
SSDeep:
24576:JwecdK5Y+V4zHEx2eAgFHqXWTGNhx5uYL0RjWBWLl:JwecdKau4gx2e8hxMLjW8Ll
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Windows PowerShell.evtx
|
MD5:
4736fb5716b404d124fcb4211ea47759
SHA1:
8327a6efe33100e75ec8e8a557e9d67f86e223dd
SHA256:
0dc606c76dbacc88597e6fd9b630d80e684786bbe3361933f2c65e4ae8980516
SSDeep:
1536:0y4axl9v+OF+w+gXLkIL2zqprAid+8IBUPz58IuLcYdVyhj:Plxbv+OFy8L9B5n1Pz58pdVyj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini
|
MD5:
f53f7aa0d7296f9916969808f903f2fb
SHA1:
4d352dc82b304aa300e51ddfb7589e1edba5e06e
SHA256:
54801fa0e74796e7c06debcfab2066988a5a3d3e59d7372e27efd3cf94410882
SSDeep:
48:GnYUiOKU5r9aAG2HyXDgEoToTUVdbQyPOsE:GnYUiBqnSXDgHToTWlxPOsE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files (x86)\desktop.ini
|
MD5:
fd263650e1acb0024e7e995feff33ea8
SHA1:
e9364ec316ccd153473a0c47168d2d0eb1e58399
SHA256:
b364ecf33d9d4597c22cb54bce5c2009ccfac0192cbe7ef3144dca58e75f8501
SSDeep:
12:JpwmDJAtB4T4EaeSDOaQC4tFxWhIxpjfOXg51Bmv0PWIb97xMJFAsbJ6:XFJuBnjOazsFvxhOXg7WE96IsU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Microsoft Office\AppXManifest.xml
|
MD5:
65a422c3029d1493e8f6a7a40d65a304
SHA1:
5cb1864208dea188052f69eac910d1ffeafaf255
SHA256:
aac885fea24a294e4bcca646ea32336901594bc3fc8e9c5371c39bbc32216b9e
SSDeep:
98304:N62vXy+FfEHVq989IR/LUjOyxNrQZ+Hn4cU57O:jq+uHVq98Xiyxv4cOO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Microsoft Office\FileSystemMetadata.xml
|
MD5:
d14260150386fd65f2204933c2581338
SHA1:
88075cdd7e9caec3969805255a3e81546490f26a
SHA256:
60193c21df16e3a786462fde51ccf77715fc370d965000d448bf10d9e24699d6
SSDeep:
24:2nlhmBM4F5fPzj2ZEL0toFgEX4WH//JkFTflgyqvX:8mBXfbj2Z4OEIo//eFBdqvX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\Accessible.tlb
|
MD5:
df7e3eb0c0f12c466c00933606555437
SHA1:
e999f767cbbe4b92eb127bb5b86c00949f5e4605
SHA256:
248847a31363cfa924dbbf0497d404191a7c5b8d4aeb6454eb6e2449263bbb1e
SSDeep:
96:ArYdCg4lk3OMLbuADDgSizQx3ZiIpPsiuwoAEjFt:AM13fLbuADHxBpKwoAEBt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\application.ini
|
MD5:
d07865f30c9ea4a05ad81018788b70db
SHA1:
13f0e763d294b265fedf69802af632c99025a746
SHA256:
c0cc4c9f757d9a1c175c4bcbfcac1e63b2c8459c6eab58808d37f0b982cffc5e
SSDeep:
24:o2e+NRN5jgEUKPLe9FvOEx9KuQHCTdsOd5RpuZ/2yE5gd:o5KRPjgEV69lPx9KPiBZ5puZ/2LGd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\crashreporter.ini
|
MD5:
d06bc38e85d771935da0b760782772d0
SHA1:
c00358f92b213abe78693d4fae982651112e88c8
SHA256:
9450ea60a44a9ee0abab997dbd953c96c26c4afdd7b94a465e9fec77e46044b5
SSDeep:
96:70FiSOsqcwlTQ3M3OWRCDFcS+idQYUmJkqPoPbMPf1GkY3UCNlct:7AdqcwlTQ3M3OMCDFyid5UmJpkQPMe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\freebl3.chk
|
MD5:
0f2027d09c9130e245603a53f9f68667
SHA1:
9517465d87dba716a35458509a1225bdf79537f3
SHA256:
01e3284c850202f63a45d45ff615ed7183571b1a5043f6b72bdf822e2156a55e
SSDeep:
24:SBqXBTgt/pat6D/DNAJXqy0LqC7wFFljEYP9jpTvTrsM6+Wgpa2v0z4ygQ50e1ad:SgXBTg126D7NAJayyd7wFFea9jpTQM/j
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\install.log
|
MD5:
f251b3a506b3a2b3491881394b3ff33c
SHA1:
e14fae20f9828596c2b8b44e8185811ddb982688
SHA256:
5ba7fff7ac1c0886987d6f7581629454bb07ad8e5eaa50b6add47f8a2350b4c4
SSDeep:
384:aksnWLdddFPLfo8MvXOHai6sLsACwW5LGMPJLx9/Y2sHm2Bj6NpPICQCF0J5OR:aZK5FVDbNnwJPfsHmq0VIZCFsQR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\nssdbm3.chk
|
MD5:
4682b2b6510d3ef56f040780d868719d
SHA1:
fd017552fb7dd0e8cfdfc831d844f029f40ae59f
SHA256:
03d50e8c3187fb36abcdcfc8f77dfa60f86c89c75cdf636ce385db34a5161500
SSDeep:
24:LAwFjV8ECqU/THMWMuzEMqWg8B/D/IjyTcMPLKTYdXOAzxRsWT925IfXe21m1:LdFjVRBYMhV8d/IjacYXOgxRsOw721y
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\omni.ja
|
MD5:
2267d1f18e3565802d680ae96d7fa459
SHA1:
dc924d024a25c42038f1aa0aac053d30e311ff19
SHA256:
1a95940432f7b96be8902df05c48f0429724e80bec111e2e7dbef3b9ce9b3898
SSDeep:
196608:FCzybHOU94w8Gp/zK23CyMUHu+f2KATtdQQcCOf2V:FC2bOU9vLRzZSyMgvQcCOf2V
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\precomplete
|
MD5:
a26be2d1ce567222f149dcd9e1ffc6f7
SHA1:
3f469268a5c9a0deb3eb07bf445e1f54b6cbdcd9
SHA256:
fb9bf69f7045bb328d1173ea284417e78b17c53aec6b912f950747ce32d2d492
SSDeep:
96:ztuP6LdDM0JR+zmcIUbBgoP5tdZUH+8SS1:ztBSzmcIUVgytdZUHL1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\removed-files
|
MD5:
52709bed8c0e7f5ff7825ade8a12d34e
SHA1:
6c2b05faf5f421fff03e4f706a85d5c95112259c
SHA256:
2eeb4c798fc28def17832552bf731d2ecb63fc37b1a323453f8dd72f676de948
SSDeep:
24:pGxYX9cakXE5nqd0U6znrN8osMm+ptgiyThNk9ds4PEz+gHEB5pFzq5lh9:pGxUFkXERqdF6T+osVi0hf2aXHEB5pg/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\softokn3.chk
|
MD5:
07dc077e2350747cbc23c99024662441
SHA1:
52157f8baaf12ea6db04ea2b577d09d183722790
SHA256:
f837374eff5168c5f7a4e621c95b4c62d84d59c3c101eca685c916acf6e2b8bd
SSDeep:
24:ie9TSit9ciQk5lPptSvzBuxx4c7YI2ptUo5sF8B48r336KD2+sUmD42zq2kVQrnu:5TSOWiQoPnSUj4cf45TB46H6KydD42Gr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\updater.ini
|
MD5:
56c4db0a75400f4d38ae823463435972
SHA1:
178c6b91234dd2a7f9a713a9284003eb7a67a6d6
SHA256:
6762ba7045e5147580e73e7be6f617680ce9d774f0028bd422b6e37d178abd96
SSDeep:
48:nQOVTYc3xykA9+4sHxYQ9aKTDWr+uN0+m:nQeTYEWsXMKTVumn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\UNP\Task.xml
|
MD5:
7ca2366dc360b6816e8ac01496f98305
SHA1:
67dab435511a44495c74c8987192dae4327cb400
SHA256:
a62f85c717f965468008e214d197cb7350a51a94e5bbe1932d5932c646c30552
SSDeep:
96:yjDqZH023uV8ocvb41GfxLIqOt/RdGub7zFiSAC/EWxq:yjDqZ9uVltKxLmhHb/FiSxEWxq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\rempl\Unlock.xml
|
MD5:
6c51f401c8fe6bfe774950d26b675f1c
SHA1:
dd747b6274825bc3f1d95d6e73c64d3ceebd8907
SHA256:
f20b953f99abe245142e4a61890147011a1385a51e9837fcd2b1488ba79cc8c1
SSDeep:
48:ci1JHaUFMDRwPOOfpzRfPXc/2rsK9GiAv1LciFWnVQDwRvTz9nUC:J18D+fpZPnrhGiAv5c7AEz9nUC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag
|
MD5:
5e248123989971070a9364a1b4e118f8
SHA1:
777f69a64499a3dbad56c32f61f32deb32373534
SHA256:
f172792eb12e458a9d0218dfc61629bb232b2c61a116471618216beda49c3729
SSDeep:
48:WlqiB7/3+xO1kGCCcNwvDlDaNHhROMFoYcZ:Mv+TD0S/oYcZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag
|
MD5:
726010131f1f377ae630a19a745ab292
SHA1:
e47b41d2e584b0e142d0ee7594822591ef75a08b
SHA256:
95492a1cf90da7b74aea92452edcd5edecf9bed0d8de110580774554b13bf7cb
SSDeep:
24:A38q17U9Q83rLtqOOzmmIo3CKtjTlfPcXFAfEhSxvqw5o2Whcz2EDT9CgrkkRM:M8a7U2jO66ERwFAfEhSxiJkpH0kW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
|
MD5:
61277908d6db76b1f6e24df17255f4eb
SHA1:
57fb6afae3f24ad681957750f32bcf07afa5b5b5
SHA256:
733aa2ff1031c47a7c0c362baf60be87bf306d9affafae945e16edbe8d25b39d
SSDeep:
24:bnXjIWkbOKRQJCCWhFu0uACeAMpw5wtFuxoJwBz6hvw9WbfjmD7hdOvC7cKEqp:TjIW4bK+FumCQtGoJdffSPPOvC7xEqp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Recovery\ReAgentOld.xml
|
MD5:
bbf4929f5df03383c9c1242b0b8259e6
SHA1:
d31579acddb62506760e3f212969e96eef9fc46c
SHA256:
b6e626a3f63377e310b4bec00b8dc4a8bf39a3a99f69f1755ae22673efa36a37
SSDeep:
24:LlOsCb3Oc10IHKwBHz+yuGomSCnx02Dl0OegJUnpx5eqt9Kd/5uBE5dt:55oO+frt+y3oju2ShFJgHvt9udt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT.LOG1
|
MD5:
aefc9c0c109c3d7fdc015fa803b822e3
SHA1:
34d20681360a14848a1c5af807da230b428d5f0c
SHA256:
400785419ea5f0a9892a8b6cedca942748ebc84bb778794082b6a0568923645e
SSDeep:
768:y4enGQOElmvQUzADe2rDjzM7LSQTJdC/RQPsOp:HenleMiQ3QLSQ1dCeEe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf
|
MD5:
680014cb1fd181958154595a021b4551
SHA1:
e75870bcad903de4b4f4f639746722cee91b6460
SHA256:
3ea752c5785009b4eb4ea23b53c3affff4fa614ac40333eb94e5d9196d73545d
SSDeep:
1536:d0FLHG9EgbkzG+CZ3qvyzPgtLh789aqTgC:dELm9EggzGF1Pghh7m1t
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms
|
MD5:
75f41c5cf78c0589481764b0f29aff60
SHA1:
df5e146cba76ff753d48211fcac0c7af115a3adb
SHA256:
8c7824de1f12a3d8d86213e7613fabf9ff894a776e9a03cd6392ad454a6236bd
SSDeep:
12288:Ujf/NVVV9bYcjZ2b0sxq+4C/zZxd5Pdxhjs+yEd21JN:UjhD2ZqpC/bGHEd2B
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms
|
MD5:
304af35b422d78a2803ac489a96382b0
SHA1:
7fae03cbcd256fd5a4295bddde4d7488d37ca908
SHA256:
6b8f942f262e4d9fdb2364392a64309a35d0b5cc6866a64b307735c88c38bc13
SSDeep:
12288:6qZVC1b6zW5yphU12FJjFWh4Cx9wB8oQ+d73eEzQ0MIG44S5Dmu+Qe:dZ8b6znphlvFWh4fdQwOEzrRiYquA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms
|
MD5:
04d347f11674b3b7d20d6c895eb210ef
SHA1:
2ddca71bbeac5e6d21f894203301377dec71e7b2
SHA256:
7dc3f85239624f8691e07c60ffe069beffd04a69e6b996e7137c23a671b2690c
SSDeep:
12288:82maTkKPyQHjfzXOCCi8TBQgjfUEsyzqULllly:8ZKK2jfzexipfEROf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\readme.txt
|
MD5:
23a71a9d7bfb57f5329c07711ef07fd8
SHA1:
c0fb4d16c1a3a146286660158910b131a835c444
SHA256:
1d85f5dad1691b0a2ec04f9d55d08efb82401a5c5f6c4ddcee56946078eee0a3
SSDeep:
24:pSC1rBD0P/p//8lMmTRNQxKNNCCIKqWRrEX+1SpJAqLUG:pS2rBD6/R/PmRNQxKjCCIKqWeOMoqLUG
ImpHash:
-
|
Access, Create, Write
|
Dropped File
|
|
C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log
|
MD5:
fdf1216508135fa7a8a6dddad422de26
SHA1:
104f7f907425949392f4093ce5589f381b46508b
SHA256:
a81462866e444cb802054a8a7f4335e76e6cc5beeb2cb29dcc7a2b6cfef46ed2
SSDeep:
768:dVhsAYgFG5T9TZfG8NJTBQmwHWUa1EV/jf5c28l3B7bMQ/cdG5Ga3bg1XWSTlp:dVuAYgI5BFfGOTBneWUyohZ8l3B7Tdgl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\$GetCurrent\SafeOS\GetCurrentRollback.ini
|
MD5:
a2a00616919bda8a5e37257ed84ed0e1
SHA1:
be498ab2d1e8b052ff11b7439046efed5bfd9233
SHA256:
cccb692409570ff8c9ad7d2560bca48030a450ed88fd33f995cbe4b9b96996d6
SSDeep:
12:x6CMudXrhWFw+NAqi2ce5GywE4+S8/veCG1Gsq1L+pOAILO4No6vqL24fY98V:x6j8XVNQPi2vYyw5OWCG1GsvpES4Noo0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\$GetCurrent\SafeOS\SetupComplete.cmd
|
MD5:
0ca1443f88c018b46065fae1d4bb526d
SHA1:
491a0c003c1ca15d24b06aa443433a198a3319a7
SHA256:
f7606596b60cb93a0a1549fc358d9680319c42fa80dc0f1b7e1297e203e5a32d
SSDeep:
12:MdrKWNQYuDW65VDBD4WhMSLgJnZzmv//j6a6ZDcTRxvwlELVhxmifMCskdkUX:MKLDW6xD3MaoZyvnj6aSclmyV5UqxX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1025\eula.rtf
|
MD5:
6eae56fed8d217a92b02f99ef78f1de1
SHA1:
a73f41f910b4b7fbacf55531267a11c2f34ae923
SHA256:
7efcd7b42856764c5cba415220489b7eb6525017d8e98a0c46e895277afda2be
SSDeep:
192:/C0KYDSTJ2R8n0eZ7CvPEtr7cTAsKqXqXW4+1mycS+nRO:/C0KmAX7mPwgxqfbnI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1028\LocalizedData.xml
|
MD5:
212cdce677c7802a0a431fb887015138
SHA1:
3013e4c20e6ff9c61caf30caf48d485a0b96ad85
SHA256:
19c0089887deff1e1276978d407478ce45a99692846456c95669c1e9e23c8f99
SSDeep:
768:CeepWy31ix4TZfdtCQbsUtqEiitOWEPN6oSpaGRlKAxCMIUpc114JkdZo3HebQX3:CegWEBTbLsZLhPorvRlKglddn9h
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1029\LocalizedData.xml
|
MD5:
5a0b363fda52831342f31fc49da8d395
SHA1:
6b47702f844c638e7c86c13e6c35b2d0bb348eb3
SHA256:
57949bdb107e68a20f3e525ce80315b97985ae585d695d970beba679c08ddd46
SSDeep:
1536:JGXQwGq+OallqBdNfePFX1QrV2jRXjWq7C2xmEuAvyHx9LmUVtHLz:cXQwHQnydGX1eV2lX62CHERvyR0UDHn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1029\eula.rtf
|
MD5:
b002fb9c0c082deec0b6c0fb094b303b
SHA1:
32efacba2592cfed4931c97845af570967f6d06a
SHA256:
9ad0e56431d2abde1f1d1ab5e0dc17a873aa114c23a000a4c0d24e4fd2201662
SSDeep:
96:LyCFVSYfqNAwaeE1fvEZ7ytw+3NdqK0+K/PrrDXaUfOFDzyVAB:LyCYywhNWT3NvMDnmRWW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1030\LocalizedData.xml
|
MD5:
90450403faa2e627264f9f8cf75d6072
SHA1:
fadb5d07bd279e1448f36517e98b7b9bf66ba6e1
SHA256:
397abb9c21ff3cebff97b2d2b494986735fe61ae0f394bd69ca79159b1407e50
SSDeep:
1536:/6skXnfTayir6/ipaP5PwOH4YCVjL2fvf/Qct50CcYdQ/j/3Dtf:/6sUfBir6/kGPFHDgjmNjWc4zTd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1031\LocalizedData.xml
|
MD5:
4560c363fc029def0e38f918b85b0b95
SHA1:
aa5051e3c60ad0662100ad862806a687f9da8cc6
SHA256:
eadc4685051129173016e974d098cc42d1dc5fbc9590b39a18152d152fd3d3db
SSDeep:
1536:9MryaeXjkQxdk/c8EFY7iHG34U1gp0KTghawTZWiu+EBXRnPECZ:9Mrzgx4cFu8VUwIZtrElRPfZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1032\eula.rtf
|
MD5:
3abf0ae08506a1589b6f41ec6c6a12a5
SHA1:
faec5e84812e5860a77edc1563b6b2008921e0ca
SHA256:
d7b2d089627711630413c1d8b3124cb0cd698e387ba2b886d4df87115862d4cc
SSDeep:
192:puZ84M9A4k6DXITRspPcy17KK1R3CVyEeBk5yJtly4lmmM:p4kASXITDy17KkRyVyEeBk5Ew4q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1036\eula.rtf
|
MD5:
98b7d9d5bbe9a1f49cb9a18fc350e686
SHA1:
3003a6333a0e4862d94d0771c18d7400d70286ab
SHA256:
1aa6702048b1222ea623698111ed78a07bdca54b054e676bbbccbe313b6d933f
SSDeep:
96:k0DxvNZmG4CAH5PXFaS6K/+NZGXPnWyQt0y14zy0:k8ZmGw4dl7GXPzQt0y+zy0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1038\LocalizedData.xml
|
MD5:
e57d3dcb88060b7ffa2c0a3cab8186be
SHA1:
3030748d5e32ab6d125bb9205805447c284067bd
SHA256:
7c8028419f5d525494489ac24dadb53c2a22a42b9c1038dc3a8e1994fb7c4c41
SSDeep:
1536:R/3/RlA7AkMZNBVazZj5caGS4lrCgh9GVSVIEXzYhn0A+fx8cQsi:N3/nAMkMXTac/MgvGVhEXzYhn0BCL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1038\eula.rtf
|
MD5:
8356ce18247add9cb91f9eb2916e4ffc
SHA1:
6394e9ebaee8abbd82be05a746c90d2d35c40035
SHA256:
52dfe82a7c26475a7d573136cf39049b8799de291a8d242d7f3ede039d54d991
SSDeep:
96:wR/roI97exkJtabk/uA2dsw8h4fWchgMJ3wduoWiQ6DC4r:wVro2exkJtaoFM/DfWcdJ3wdTDTeO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1040\eula.rtf
|
MD5:
d150827ae39f545628c434398e45dca4
SHA1:
6f36b572b6b1882a423d8af5a16432f52653b446
SHA256:
6cc48497b7e3467bc55c19b214fbd939354c9e8e3f548e2a3815deb5745aac1d
SSDeep:
96:qw3rcrFLaApuUO/p09w55R4MC7Uld0b9b4D:/I5GA6/pGEcH7Uld84D
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1041\eula.rtf
|
MD5:
6df359eb495cb9c9dab043bb2d9f0345
SHA1:
9d439c07b65c5244065bbfb61519c3c06fb0103c
SHA256:
484c3ae0b4962a3a91feb8b50182d577d4b8949b541e5f5a25c42e42173768c6
SSDeep:
192:oo2tDX3O4d/iR91HqtLu8nmDp+99wzkH86KYAKcQ1mY/6P68VEeoWbOlTR3td:n2tT/S9yy8m+9qG8BxKcqf6SDsbOlt9d
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1042\LocalizedData.xml
|
MD5:
d11fe8b62792dde6c27a46607d7eff7b
SHA1:
dfceb0ace0de48c591927cab0fd4d46e444ea919
SHA256:
4ee06f4ddeba1c43f610b05afb52c3353641dcc2b9c6ccc1730f19ffda4ce936
SSDeep:
1536:lQSsnwftCsygL7OSeEEvrMAG0JgmaTe5v7y79mmtyuoGt:6LWwwHeEM7baS5v7ysC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1044\LocalizedData.xml
|
MD5:
fed2051a110c3a2d50b10954db391766
SHA1:
07bc42b1218fed0cb99bbfadaa1ce2ee11fae480
SHA256:
c5fec38cb0866945e1cfbe1838c7be71e4ba4097828be27d9b8e907ee95b96eb
SSDeep:
1536:PgLns0mi0yqJFjxfCN3Hj/qEspah3ibmR364ffuRTcCGDT5gXj:PcmJFg3D/qkh3e0364G9GDKXj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1045\LocalizedData.xml
|
MD5:
7b8e65d824ac1fd2db430bd776ed569f
SHA1:
c6566e8ec3d6238d398be9ce97658f6ef909ce2c
SHA256:
d749a68cae55b7d2f86e590e86e3342d05a1b9d4999913da5ece5955e4b71b18
SSDeep:
1536:UsBmG4yurCKBNvSVSh4Ii2jBCaJdX5dX4AcsSnCH+K4iLs8:XB/kCkSVSSL2jBCajX5dXBDdeKjs8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1046\LocalizedData.xml
|
MD5:
f2edb51352dde512668dd2f425935283
SHA1:
146a53329eb9002f06863f5c6e672a54b7f81807
SHA256:
a576914ddb1e4527077ceba2b7d62224da553f46f072c0c07412f14c3eeb74c7
SSDeep:
1536:peBUlKgl8NKo31Lx2i46KVnM681Boi1AG+M2BnJUUH/eQUzR+Qn6Zln/I8y5R8pd:pCiKglo93Jx2ibcL2o7jMu7l7w8TpE2D
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1049\LocalizedData.xml
|
MD5:
5391b0aa938f9bc57bafd4ed90192409
SHA1:
70e57f2a64cad114daec09f16915e69e3523c8ae
SHA256:
20467c1e82f10d64b0d0c5e71efae87cf8574d87739d1becbdaf14974a62c666
SSDeep:
1536:bnqQ3ESevsThF4icqJkOvWAZ3VBE4haSYWqUOO9Lp8Igk/DakeGVkB:0IlGO9vh3V+ZWV9N8I3/WXGVkB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1053\LocalizedData.xml
|
MD5:
b7d451069b48e929c2bc734c4d83384c
SHA1:
1912afa5696968708232c8546d6bffdeb5d0acc4
SHA256:
3e1a048c195b7c40d309d42eea139717caf420a643bc4c86e1c71edc5730e224
SSDeep:
1536:rT9i5eKaksn/n2hEMBSNPUvlEIF349oQ31Cac5WJf7N1:rRvKrsn+rINPqlEspc1hZN1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\2052\LocalizedData.xml
|
MD5:
991fac955088cb1d00e4d9a81769e74c
SHA1:
e9278e8fb54bfe4db41a9998efac8a5e1cbbbd85
SHA256:
c88447825405d0516b1a4562d3e93694ec8cbc5df2fd61b7487d620b5cf5524f
SSDeep:
1536:O75mODc28lBAjWP+WpRyGHKdl0uVZqZQ1LmKqjUL0W:U3DR7oPyGjguQxQ8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Client\Parameterinfo.xml
|
MD5:
fd26b74a02786b82a4dd923ea267b0e4
SHA1:
6162d9a76a3cc055acbeb5e7fec41158af9af70e
SHA256:
9660476f0da32c5a61d7c3c085e3382f4d709b183db7ba2b51f260c459ef18a8
SSDeep:
3072:4cfNz0CZ1oaEoKzRRdg2HgJoMFXW8ySgSKP+H5brbjKK9UZAcBKVBHamg0n3bTdr:4cfNxZ1oaR4e2HgikHZIZAcBELg0Lh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Rotate4.ico
|
MD5:
eab2d5c93e10b2f75a6cda7ac44cd8f5
SHA1:
d5fcb7dd83beb0da259864d0f128274565838a34
SHA256:
4d848e149bd85891dc309c32e93162a10b5dcf960ea75eaf2c58ede7133b150b
SSDeep:
24:r3DlHhJueYqYuPnYalS/5Cx3YB+5JUy+bTsiX8jpYQhhlYlYwveX:jDlHhAeYPuPYalS/5CxI05JUVAiX8Fms
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Rotate8.ico
|
MD5:
aa7f3894162936c841ac4d0cd9201d5a
SHA1:
ae470e40274ba924b129fcf81bb4037e154e1127
SHA256:
a6342964d6f94ec32fc2fbfd4656d79fa67f166f8b5e65ad184fd60079004f19
SSDeep:
24:ye96HRte58YI1fu16fJuqZBGv4rc6hN44Ndz4Mbb8WsXCmWcc1VVasV5ZUkmwXNm:UxGI1N9B7rc6hN44LX38WlmWccBa3nw0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Save.ico
|
MD5:
15f59b762d6c9560cdad02d64e29752e
SHA1:
b2ca2a1e320d4128a72fb5a3fa7003ee4e9b071e
SHA256:
110a64ae48581cf2bcd10536c53407db36e062f31876e591e3b95f9b23154cd1
SSDeep:
24:XkZe5UnCXohKfFcTHqYQyclNvkmI2iUeM0WG69xgs1oa1QhPdM50hBy7H/iLhDtc:B53fFKKYQRlfI2e6DgKoYQj5hyqtDtc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Setup.ico
|
MD5:
a89befbee6873d3b98495989b3287cfd
SHA1:
b306d2b4d2971ecb39387241786c5cf551d25a17
SHA256:
2d782d48b0787f8304e21da1ef4cdce73f50c4997074fea2da581ed076ba6a3c
SSDeep:
768:GYnMcBVYHAFC3j9ezcxANHDk6wPdbef0RRGeVU:GIhsH+ej9fxANu0A/VU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\SysReqMet.ico
|
MD5:
43bcb75ac36c063f8c73622ec6b68df9
SHA1:
0ae8806daaec5eef90d3c6641e6938d7cbd7dc73
SHA256:
571b65f1f06f69732d45a35fd0e97b675155d1d1ad312435507428bf385914f1
SSDeep:
48:IaSCOlSLXOtVHrXGz6FrGrdBUFj2v5qU60VxPn7qJ:GGLKVLprOB4xUhDqJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\stop.ico
|
MD5:
7cebae80fc390ac59600b165afc89da6
SHA1:
2ce228096b097d69f6890e3dafcdd2da4a868054
SHA256:
e3bcbb5b69d1800ee7530b448c0ff88c2e0cdc4b37c7894a3342c8b5ae28a6f8
SSDeep:
192:CWlaur9JJ6yn8SnL+vStN9sXY+jjI7sW/2URw8xfxpqLn3mt+:C6NRGuTNOjjsRbfxpqLnWt+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\SplashScreen.bmp
|
MD5:
29e1cff50df627bd7b724664d36afdad
SHA1:
529c838224e03de9ceaa25a024e5ffde0f9ed951
SHA256:
26ae32e221255c715b00ed1dac547fd2cba0f99411b5ee5038f7e49477a08a36
SSDeep:
768:Iun0PLjLd/DMTW+9JcSIO4L1CfhuX9CAO/TCRtH1rgc9PipsB0n:5n0z1/wnJRITW9Aw+vrgc9Pipsyn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx
|
MD5:
91feb82dd282cfc6460af2288a66ea3c
SHA1:
a220d9cc972f797eebd69f3ee4539eb381f3c5b5
SHA256:
8eedddd969769d675e87348b701c6ad69c91c3335af7a849288e046fac9a52cd
SSDeep:
1536:/VfCrCONK/LO8oUIAKHI+QQUKp/N8GIYNoeUm8BV5YN/rZGQb:GN/mINI+QdKpAqgBV5YNZGQb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx
|
MD5:
647c48d74c34ecb14a644d0e5b07259e
SHA1:
988cf9f0dba6d2225a78b8e13322231137990a15
SHA256:
84b9b7025636b21f4dcec44b82d94e6d23d4bb59ffc6d132873e159d1385648e
SSDeep:
1536:UkxecGcMm1ogxcwmUPod/t/M2Tns5AWr+9Bq01TuRg6+J:nVXfHPoI2Q5cBZCCF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx
|
MD5:
8d2844a9e531745219a466e94980299c
SHA1:
6e8d37d83b947f44c00447d5a7a03f0674a3cc4b
SHA256:
dd0ee605d7aec10c7479786b34f1703398abc4456e4467b76b75e9bf26bd0cc7
SSDeep:
1536:eTKAAs8R5Zv6rO+5HRDh9CAK2Q4HUUvm+Y:eThAs06i+5HRDZK2rUUvc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx
|
MD5:
36200f13c82e54673f46025600f2491b
SHA1:
e2502c7740cbb934b8a05ec27361b616565fba56
SHA256:
f1fcb7bce8e6ed096b42f2b9b9241aa75daccca358aa369d5f7a6f9115787969
SSDeep:
24576:J99GszfPyZod/0gnniu2au1yLrsPVYb+z+F3RVz:j9GszfA6sg72akyrAib+zo3Rd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx
|
MD5:
383a663c152bc813bed64680850bd948
SHA1:
aee2fc3a41e0086c2e76b4ebaae53f33750877a9
SHA256:
32bce3a43e0f83b8179b1ef0c10eb41fc206722e257dd8a2e0b3e0a836413733
SSDeep:
24576:IoXxpbHCUatrVa4D0QsO3zEq/KtNeMu4OxBSYKgfCLv6XrUvzv:Ioh1CUatrVa4VshqENSpNfCu7Uvzv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx
|
MD5:
7e74d709f923bb413453dee65c56e767
SHA1:
0d43a34fc09cf5177e62c0adb8e9733638f71b74
SHA256:
ede38f8e0b85cdac37890661f044c3826c55908eca70547817b4646c2bb4c0d3
SSDeep:
1536:NQYyQHNit15f7ntqsKicRJaWP//Ey3Vj3U0lTqrBgly67Fy:WYyP5JM0kEy3RUyWGlHFy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx
|
MD5:
f7ae4f8a790e3733b29d631679b66bd1
SHA1:
2d3aa5f4e63910d8631980dc3c2c1eac6735c4b2
SHA256:
06f2903b2633dcbc6f7e6a0628f1373dc3a83497fd38ef7d53b6b5e00b7e32f1
SSDeep:
24576:zqDAW0+Mt/1TIsgoUXNa9674ROAGjJQsbvJyj5:AAWJ+/BIs0N6e4IjbbByj5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
|
MD5:
ab96ce5c1bbed3ba8f3f03d3d63d3a78
SHA1:
a53376fae4064743bcf0b2c79d56bfed14cbc532
SHA256:
efebdcd820a995ed11da2cd809d6285d2f76eddf676ec5475abc298a5548fe1a
SSDeep:
1536:+kjFhCLxmG+ofNeI1SXHmHFrC94L7llhNXSa0sd:+YTCFmU8IUXuPL7vhGsd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
|
MD5:
43ffcbcd65e533ae4af21459e4fc1412
SHA1:
9382024a533cc90f148b3fc7eea3d1e7c2853627
SHA256:
d293fafb06de8951afb20d3ec89c26085df0066a85a8bfa1e4a80b8ac3fa8002
SSDeep:
1536:IpYDlzVTOXwY1Y+is7aIHVInKXzz2+Y6+B/2HV3t3rbv93SZ9Upg/eP9:IyBBWY+H4nKX/IpB/cV3tvhSZS2/2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx
|
MD5:
18f8e862c9450c86a625f16d03082547
SHA1:
e5044030d1f7f89c24a42e9e1b91f74f9a1bf067
SHA256:
7bf90e341c02109ebcba7224dde8fa52b28788a017f7786d394cdf7dd0f8fd19
SSDeep:
1536:F5PF9eXVBVyH9aYpTF9BKNKIPxt9g0Mj6Sh0Zs9W05FhvqK:Fr9eXzQSNKIZt+0pqJJFhqK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx
|
MD5:
7de33017a640321f4d173642382aca79
SHA1:
c187de52018217b9156eb521839a6d1dde8d18d0
SHA256:
915e0b701adb41182fbd9f6a4aad67c5d80b633ccaee17f872f41f0b46d5d677
SSDeep:
1536:AOx7Jdy7coOr+5DhPpILuvsxiqVVO5+83KIAL/wT+WNczbeWccbx9:fKMkRILumVO5+JRLUNcIcbz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
|
MD5:
6c318304cb3ec744cbe0596b5e03c79c
SHA1:
0dd7725180b159ee64f63326bea18eac15dbe548
SHA256:
3f6a99d412088b717f1c5ee4a294e9b65fefc27722d457b0305441ef59e3edd2
SSDeep:
1536:5s3d4tMkF8kX8TwxTkGRh4AnVbVC/uRFvnI6U5h8dSLZor5QCEUPm:G3dEFT8TenHbVC/uRub+QyQCre
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
|
MD5:
3a80958d795653a0b5e582a3497d81b8
SHA1:
2cda37af5df9fea0be615be32d5f6a8ad8e9c5dc
SHA256:
75ab1394e6fbd18c7f9cde1f033529c68a3273da53795063c4908a29008fe57d
SSDeep:
1536:TLh1WlQhrWSyIPxeTKYwoslG2OtWVuz11F8o+WSVgmOi:TtpxyI5eTKzG2OKuZf9jHi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-MUI%4Admin.evtx
|
MD5:
7d9eb4af074334f51689a972f6dd8f26
SHA1:
6e0adc34f01d86228dde191207a3e9b5d5429936
SHA256:
c97aa9840e7e640243e10a3c2eb64a2108171177137954b8ef35f5f85b292540
SSDeep:
1536:3k73f/5JjrbV2GYGdpiK0pdy7+WkFqjzK53EBluRrD:errkGYuptmc7jxjHlGv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
|
MD5:
f88573119b5dc3fdab49a5642c409c76
SHA1:
b457d8897360251a01a5119af9205909c2981f2d
SHA256:
5c01e4046032bd372a67584afe5a271da8072238773d423c70127576ef2cfe5a
SSDeep:
1536:xb/Zyx2YCoPCViNIggpaf9mHBaRtO2z5dxSCyDtuWbJRwn5oF:xIRLPvIggpHMy29HSZPbJRwn4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx
|
MD5:
28c7223e77058f03441d9286e6fdc0e4
SHA1:
b71326e553fda9a14c43cce3b6582b874409ecae
SHA256:
c8a24a29cecdfbfb7091399093bdb195bb5b1c8eb1061b5c67c74d6e937158d4
SSDeep:
1536:QUm/Xq+g2Bk3XKHc5yJq8XtDy1pF4Bf3LBNvXRmFun1ChUBT:krCXKsyJq8XtKpFODB511fBT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx
|
MD5:
5f231dd4d619069310624986473da14f
SHA1:
382edf7f4e04ccbe433424e9682269213cd32470
SHA256:
dfd4e584289b26d59fc67d2e144994252cde4807f3c4f7054650d4108dbf262c
SSDeep:
1536:8c98ybG6m+yp8vEfp26iIY8UV9F8ynjYKRpy9t/YH:8zyb4KO/ixJV9Kwzv6I
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx
|
MD5:
5880fffc12ca55a951594515300278f9
SHA1:
91d4135e0b6664506005db11fe627d59617b3d14
SHA256:
e9635fff7ba21032b18388c06a19a070285c8b1f21f6791d100999f278c66d09
SSDeep:
24576:wrmytW2m5pNPI6j3FcvDXM/dcbPI8uES77DI5NS:wZc9pPI67FcL8FpBTUS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx
|
MD5:
442221f0c14d306b674e8dbd76ba7c1a
SHA1:
2e56e51709610d7ed3f15509f86274a986a27bbb
SHA256:
b34ba60d904081f7fc02da945cb05758f2eb79f5e287ce009104296641f7b38d
SSDeep:
1536:uW8A/C0VDUIyMIDHoDBTJPcTzPtj+XyswtGguq:QA/fy3DHktPcHRsdgZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
|
MD5:
55399bfbfb51fd6ae26f01bd97b885a7
SHA1:
05bc5504e0b099507b667921709d57fcd863a4eb
SHA256:
34b37ce090e0a7fb22f267c479406c0794b3f0e5009e730bc0bc122a155d1cf1
SSDeep:
1536:XxlXputvDbOlcuZ5UIjXdFlsbxHqBBmzLO2expTNSKmaxMcAg1F:Bl+vDbOlFDUgFebxcgzLLe3NSKRX9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx
|
MD5:
b98436d4b123a7c9b6dc1b74191785bb
SHA1:
597bede4c7ef40b2be600fc251909b7f7effcd93
SHA256:
cedcbb3f5e81169c944dce9e78ab42064d52ea93a6cd57d2345d69e1832130bc
SSDeep:
1536:A/Qbt9h3HoHvMaDcMjN4sDMVfCfH5sKKfdTAIhr9yhE:oQR9xIP1r+YMUPxgE09
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx
|
MD5:
853388e621990c6df0d05a55e120e36d
SHA1:
8508cda94c202abe9af1fc694fdf6a7a5b5e27e1
SHA256:
ace41696cde4cf76e8fc8fcfc7f648e0bc4029c47dd4705d97023fa83c3c00a0
SSDeep:
24576:lgXuAtpU81IVgtmlxQo8MS6osi0sasRpTpdLayZ+oQI1hzlZT:HA7t1TtC9HjoQOzLa01hBZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx
|
MD5:
d3234f3997d379e0dff8acfa8f227c92
SHA1:
f8237005dc1b3a73d8b7e17fa7e1325de10e7ec4
SHA256:
1f6a894ba4738d56f3551a42c56f44acfe4a25b36f7b70e78371c641cbf6453a
SSDeep:
1536:Ed+gTzLrJTYpBqoLSKnDjh/B2jOSELZyI:EpTzLrBORLBnR/4jO1YI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
|
MD5:
e217087b52f5da8640ce0a504754b349
SHA1:
670497a14595b57b4746733562774a135d1a9b0e
SHA256:
7d0df4bd4158bf670f90cf4ccc014d49589e4e6de856b1a9147bd91cc7b3fd28
SSDeep:
1536:gddOMx1Ju8PZaJmvHFeMQd0Qs0MtJOMWaje+tpolIg6U7QcZw1t8Lu3q:gCcnu8PZAmN5QdcqieQJUsawj6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
|
MD5:
e5f27f6da2588c15dd15938db92c5db5
SHA1:
59aa6d220b1bb024c8f0bca6c74527a10d34ed6c
SHA256:
3bcf248d9add477141fd7269fe7c2876ea4250757573d22883118a11908b27dd
SSDeep:
1536:8YzW8BCfJeCn8dfreq+rXWudBbwmS1O+tr5OpTjEsNIGbZiSM2:FBmeC22zBYg1Tvi8Q8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
|
MD5:
f8e5e6a1a4df3cdee4b98e8f7870a71a
SHA1:
aefa71613dc8185bf0672ccda62336a3c2c2c5dd
SHA256:
2074554be14d1656777ce36b379faf8904e64c6f6c8120a3d18446fb108c1689
SSDeep:
24576:zwBdWykOdstSWFphNCDN0euAfuk8XuWmJ9IRN:wLTstthNCirAWZXuWmgN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Setup.evtx
|
MD5:
01968ad060716434a29663528d7f6f3f
SHA1:
21919ec839e8c69590d9bf9429bbd96a5593a098
SHA256:
cdd6a13cd8ae8bd78a830913970574e562e26aa53f5bd3bfb52d78a9a59324d0
SSDeep:
1536:vJuLcdGDkuq/feyCCizbv3kX+MX76j4mAri2YZZylGeHAeCJRqOOEZST:hd2kuq/fmz4uML62xYZ0lSebtEZST
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\dependentlibs.list
|
MD5:
dd779d72109aa177389b27160e3d3e70
SHA1:
14a7eea31dd72028202b04b6453a8c402f546772
SHA256:
b7ccb1538d9f17d27093a4010ae773273ce8ac627b21161f62a8b1b9a1a96bde
SSDeep:
24:k4qYHNoYhIG3IQjcSFga+c6vIU1RxbgzBVQO:knONZhIGzQqgaR6wU1R2B1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml
|
MD5:
b8594f9318fefc7c9ce19f00a79130a4
SHA1:
ee143658287446444cd128741d1ae8a35b3d774f
SHA256:
4863928fe9a1a6e8ca943367e55aa4234d291d12c290f3e0ecf531c5f8504a41
SSDeep:
24:q5hREhBY+Unau8b1Cs78tojRTreIpkn72tbQNHj:wAhBY+UnN8bb7NBreIpsSaD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\platform.ini
|
MD5:
85c1905445b7b1ded0fa090fd0b7a31d
SHA1:
7c995fafc2224b1a61025d04e983ee0c9b93e155
SHA256:
721ee55b3a68db4ee786b7ffe52d46c39f4bf00bbd584513400b6a972e8cd865
SSDeep:
12:lzZn9lqMosH2tlMIMgs6weg2qfzc55BotGULjZVP2fm64Cn9XTF+hZJzcz82oiBs:hN9boEAKeg2qfHZLtJcm639OZJzcz8ad
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\update-settings.ini
|
MD5:
8be36915f9bd4d61e92293efae6f1dab
SHA1:
97def624b204a55a281f1ab3e8287ca71b531dd3
SHA256:
be0d22b46eed09ab977d4aa46836c790b8edef4af1b3db412b6d054215d69639
SSDeep:
12:4P4PL5JwPgMWOUhyaBVTi3KZjRoCcF4sMYwPtUdQZ2wzjw/t+2a:Lz5jOfoZJZ2fw5tUdHw/G
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\desktop.ini
|
MD5:
142aaf0622c6acb623ba868e43887203
SHA1:
e95c44cf4d372547d0873f973eeccbde15ba97c0
SHA256:
2d4f3eff10c47afe04f30be2c667ff816b1a11f33b8d539c4491037e64e6b7ec
SSDeep:
12:fdBl/HXw6WbM9RfoYpmcYjl62n5su6QPHLsdaHyfyCMIHLM6WeDq/8jqBYD6:fdBlI6O2tJmcYzvxDyfy/IHL/WJ/8eBV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\rempl\rempl.xml
|
MD5:
46e1206283d07048dcda4c2109e56262
SHA1:
b96c47eb60cc28de2dec46c0fd72c9cdd97c7a5e
SHA256:
3794f1f7986c958ff7cf20e77c90e2b999c78f94c58fffdcd4a5e6eee5fd97e0
SSDeep:
96:5B8oW238TnInODCtFB6zAM2TtsYHee+haX61pHPDPAOeJ91G8W:5bWIanIODOFLVm0Hy8Op7A/9Qx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag
|
MD5:
be77a5864f410e1db6762206d6d5b615
SHA1:
7d17e5672b167cbb090f19cac6c54e5884b532db
SHA256:
995667746df41b4918ec0f790ebb169a0ea96ff77f10f96400afaa0fce61b54a
SSDeep:
24:gHNbAIiE8uUUlpUbN+tlLYv6Gqpshmuw2CvxPNoL83hEtQRrJiiOr2MqGAVlrCrz:gHNQE8uRk8U65x2eOL4EtAiR2MqGNZ5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT
|
MD5:
00a5aec27ce4d366ab6cb55a2abb802a
SHA1:
8093cdb1ef54fcb22de668173045eda6ae4cb2ff
SHA256:
516fcbcaa2146401c94f8ee3306345c5cd0f8e95eb56ba9bbd1565a14db6581a
SSDeep:
6144:P+HuCOJVucLG/N0lhtfNZ3al1D9djmlpwHm5IbYpg4aNufrwd4bdB:yd21sN0lfNZWklRm2JaNwT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\Default\NTUSER.DAT.LOG2
|
MD5:
06a9d6af4c11535f5da2308dc5a6ab6f
SHA1:
8afb8e7fef50ae01af031ea8c6327102cf7486ff
SHA256:
4928f31e8905599102d0d0580420bc668e788ec5e024219c5621654a6d615343
SSDeep:
384:MOm01UbBT0I9bc2au0VnMWVKwcNXpqb2SDvwzJFdi4C40jW4x7BiIru:P1k0I9w2jWVKlNXsBDvwz3diHjZBxy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms
|
MD5:
f0d8d48ad14c46a59024e4499d6d9647
SHA1:
935ed871e08f8690dc667a650b53f06c73a22623
SHA256:
b97db7501ee8769bcf91ce5573aa8186e7602dbf8e946cb7c4f3a7761d24d860
SSDeep:
12288:h098nvTtZoLdUiDYQ5cviX/bH2oaCpzTDlHAyfbZp6Q:jTtSVivqW6pvD6OiQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf
|
MD5:
c9955b9c70e3866cd4150e6432466358
SHA1:
57b46e9e898a7e788345d5596ab71d62d9076743
SHA256:
bec3a02ea1d62097d052d4d2484768e395829052052d34071d7cc17340a92b96
SSDeep:
1536:MGuni4TxiGXWcIW7qhcCHLPNZL4Oy8fuYM53JhR5i5jrtCHSTa:PV4liGjIW7zQLPfsOXo53rRo5jrHW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\desktop.ini
|
MD5:
bf0700e8ee01898db0f4f1ec90c97bd1
SHA1:
eeea063cb00ead7eff82b397cb4e2a7c3f383006
SHA256:
1ec07ae3c9d143a3e9e2d2bad087f147d289b5c96f942b03a67d3ec3ea04503a
SSDeep:
12:Sxdci9Rx1O7fPgZf1FYltywNtBuBM+qpYxPw0cFwF02T2dbeeOpATtmRc3zW6U:li9FOrPgZf18yZBM+2YxPw0cFwF0zBeb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\$Recycle.Bin
|
-
|
Access
|
|
|
C:\$WINRE_BACKUP_PARTITION.MARKER
|
-
|
Access
|
|
|
C:\Boot
|
-
|
Access
|
|
|
C:\PerfLogs
|
-
|
Access
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates
|
-
|
Access
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Adobe\Acrobat\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Adobe\Reader\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Adobe\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Java\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Garden.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Garden.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Hand Prints.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\HandPrints.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Orange Circles.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Peacock.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Peacock.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Roses.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Roses.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Soft Blue.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Stars.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Stars.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VC\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee90.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Services\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Services\verisign.bmp
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\oledbjvs.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.rll
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\adojavas.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\adovbs.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado20.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado21.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado25.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado26.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado27.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado28.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado60.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msadomd28.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msador28.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msadox28.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\System\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\msadc\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\System\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.VisualElementsManifest.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.VisualElementsManifest.xml.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\master_preferences
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\master_preferences.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Chrome\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\CrashReports\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Update2\1.3.33.5\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Update2\Download\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Update2\Install\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Update2\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Internet Explorer\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Internet Explorer\images\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation
|
-
|
Access
|
|
|
C:\Program Files (x86)\MSBuild\Microsoft\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml
|
-
|
Access
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml
|
-
|
Access
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\logs\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Reference Assemblies\Microsoft\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Windows Defender
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Mail
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Media Player
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Multimedia Platform
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows NT
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Photo Viewer
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Portable Devices
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Sidebar
|
-
|
Access
|
|
|
C:\Program Files (x86)\WindowsPowerShell
|
-
|
Access
|
|
|
C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\DESIGNER\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\Services\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\Services\verisign.bmp
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\Ole DB\sqloledb.rll
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\adojavas.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\adovbs.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\ado\msado20.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado21.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado25.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado26.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado27.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado28.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado60.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msadomd28.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msador28.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msadox28.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\msadc\adcjavas.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\msadc\adcvbs.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\msadc\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\msadc\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\MSInfo\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\OFFICE16\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Source Engine\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\TextConv\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Triedit\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VC\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VGX\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.SYTCO
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\Content.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\da-DK\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\de-DE\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\el-GR\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-GB\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\es-ES\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\es-MX\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\et-EE\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\he-IL\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\readme.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml
|
-
|
Access
|
|
|
For performance reasons, the remaining 3511 entries are omitted.
The remaining entries can be found in
ioc_export.txt
or
ioc_export.json
.
|