|
Filename
|
Hash
|
Operations
|
Category
|
Severity
|
|
C:\BOOTNXT
|
MD5:
393a3cce79d0274729d851a8d69b327a
SHA1:
09fdd358bd0178274b1b1917f8246cedb3a8bc0f
SHA256:
6f22f1fd208cca03d9ce2178be9186bcb0930f66a291146a51daacfb28bd3001
SSDeep:
12:bNnMfd2Q3VWkop8rB3g/iyYinzj5Jdqo3VadFgxTo4e:bNnMfYQ3V6p8F3g/zTPdqoFWqxk4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Users\FD1HVy\Desktop\oxnvub.dll
|
MD5:
8e952d2186e946cfa1122595c17f4c7d
SHA1:
6f42c15c43497b79ce5e0ebb61bb68a8649d9bd7
SHA256:
a5751a46768149c5ddf318fd75afc66b3db28a5b76254ee0d6ae27b21712e266
SSDeep:
3072:oiyQ0uz/c8p7Ua3ZstuiSNFYD7RMf+HgrIqra5FqTbK+WRivbrwi:mQ0uzz3OAiSNFYvRXHjTFj+TEi
ImpHash:
bef752859e3faeb3590ad643f6ed8e9c
|
|
Sample File
|
|
|
C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log
|
MD5:
1b22eea0f9fdb8e89c3163aa7d3343f6
SHA1:
22d5735ffd88846f420c96451e6f386ab86e19c9
SHA256:
58350a5d9e78cf6ac47426730b50ea67059ab92dac1889ab25e951bcffdfcf32
SSDeep:
768:cGkizED61hE7pVktFHKpxp0aarHnpS1nM33IE0TnfJ3DrtJZk6RMV:cPtGbE7pVkHHFaarHpS1W3f8rtJvMV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log
|
MD5:
12fd38191281cb9d788875ed803d7daf
SHA1:
43c025384baf3cb8301ab27ffc897d1e3aac7463
SHA256:
34285bb09562e6c6068a1687de77afd4c49475cdc7584e903b31c4768d7e27ac
SSDeep:
192:aFUte4YriLgwrhhT8z6Min6Tz/wWduTzaMW:aaRZLgwrHlM06TzCTzK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd
|
MD5:
8d5efd882c7d85abb6463dc0c14bf640
SHA1:
469c042d4517f066a22dd1033e2a3610da597d56
SHA256:
cbc88178380c46ebb6684ec9c16d48e8b4c654ebd6585329e474736357f49310
SSDeep:
24:N3ARjGeaHieKzuMw+cE5mk8WQfh3MLPp4FORyMt5wx5X:NjbQ68U7MLPpEQti5X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\$GetCurrent\SafeOS\SetupComplete.cmd
|
MD5:
0e723ae4b0cbf8f36542fa41f341513c
SHA1:
71e4bd31fc52d5cbb0f92ee2d020bcc42cc4aafc
SHA256:
8c56db271c13e5727d14fe96e50118928ab1724cfc50b198a7950ad5961d5033
SSDeep:
24:V8Ie2C7UqPt3IyHiCte+D2poEdX1wCXysKTkT6K5:U7n3J3tebdXdgkT62
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\$GetCurrent\SafeOS\preoobe.cmd
|
MD5:
263180f8a751f2a55afe5f581bd002d7
SHA1:
cb28a43e37b9853260e0abf6c610f0a4d27ed7cc
SHA256:
b6bbcfbc86257e1006d211bc3d50eee1e18657653e75b261159472b0a16573f5
SSDeep:
12:i4FGCebOZ6BXPZWYSZOGu0SD9Dd2P1U5VCL4F8jx:iUxebOYfqOQSJZ2P1UzJo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1025\eula.rtf
|
MD5:
3dac65dddb10462e95ae838be500155a
SHA1:
fd9d04894f27c80d61341721a0e9b30afd838be9
SHA256:
fb9af1036c8a6832694a1cca0d0dec72ff6101b112d84825b3c16765b4fb2297
SSDeep:
192:FUwbaI/gut6neTiz28twyvMSVddN7ilhk2i9Pbf+CrMvnzwA6TS0da:7baI/8emz28CyvDhEXkR9Pb2C4rme
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1028\LocalizedData.xml
|
MD5:
857b383e369dec6b1be039dac72e1409
SHA1:
7eedb9fd0bca8497cc9849051f2fb88290e5e1e4
SHA256:
143df8a96534f0c3ec3f7692844b55694b96f8fb4cc5d536c591fbb89a3a0b15
SSDeep:
1536:/0IzTYYDI0XrCg+SDY6Hjrg6ojcMExfiFEf6ZuZwp4zzqBK:jYYDZ0S06Hjrg6oAMEFiifsuZ3zzt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1029\LocalizedData.xml
|
MD5:
92c039cde968bf6cb344c5e3d6f6d52b
SHA1:
e9311fb078a124d4caa0bcd6386a8f85a64094bf
SHA256:
4eb5a8f5ef9fe6f005bdcd610f247f9d916a18118e84714d4f413e0844f884ba
SSDeep:
1536:Wa8J2iyRfUzuk0yToZKnIo+xNQkwOZVu65+dAab:lYfmtk07waVb+dLb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1029\eula.rtf
|
MD5:
b92cd0810256ce273205296f9763846e
SHA1:
28ca931c67d0312b6754b79f70475759827aecf7
SHA256:
ede056711762a5f5aad36f5315c7fa873f452b7ad3c70a7abe63bae33757ef7a
SSDeep:
96:kpjNlJ5YjR9aFRg/oGNLxhOmfTt+jQet9zTqQt7c6i0fbdC3U9C:u4KRg/m6tCQ49zTq7yov
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1030\LocalizedData.xml
|
MD5:
104bbb1d138e92d032f3fe97d4c371dd
SHA1:
63832d48d0f084d17396b3ccb7b41c1162e45348
SHA256:
b6102bc40e0331e01fd7c4aee5cd864671e23120cdcebb0214d7263eea80e2ca
SSDeep:
1536:jWuYdbQTKr6oULvZnXcQbIfsIEmCI5NUeGIriiEO5qPaSm4:qlOer6oknyR5NUkROE4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1030\eula.rtf
|
MD5:
98c24929970334e4dfa0025b483a9ec1
SHA1:
1f1eacf4f992c01696001461f14cf1c59c1350e7
SHA256:
ec2f1128476e9d29481a1071bd17731fcab866b3918bdaae7e2bd1abab8b7b55
SSDeep:
96:cZUKamv/wyK6NVkImkijpr+nLLA/dxSU9ElLWPQm:GDg3/rWY/d7om
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1031\LocalizedData.xml
|
MD5:
449a9942f9d0bb9edca0eff39946d7d1
SHA1:
e74145a51dcf63cad9dbbf538d248c363d83e545
SHA256:
203579036425ceeb335c6ccc99c79a4f0a98e05c19320a350e6f293213b62398
SSDeep:
1536:okcd7ljB3lZ0NK3qXxkuI7wz0YkITbi36br9kKBkY9WIk29Vaqf3XQ3z+8gQbH:okcd7ljB1Z0NK3qkc0Ybbi36br9kHY9U
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1031\eula.rtf
|
MD5:
88a66378b260e44f14c85e428e074ec6
SHA1:
b2e66cd4a2a48fca0f5d2ecfb5478a64307664b9
SHA256:
394670102bd4667f4e4531979aa5de143e041931540b74f77744e463ac043945
SSDeep:
96:/BJr7kr/pKgpBsyLR2VbJ2YGKN6Av/2P9glq3PjP/T2lan:pJr7gxKgpBHIh2jlPjDRn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1032\LocalizedData.xml
|
MD5:
7353feefaa35bbd16aeccb0d0325ead7
SHA1:
2df0177a18e21f32969897e6b44177bb6a51e533
SHA256:
487fe29cd63acd6c826b5eb040fee2fc8ad220382fa0e7c2a8c73878825eb634
SSDeep:
1536:QG4b4YHzoj4Le/tojHj6qBZvrLIzTc2g8ZwbwsoTjLZx1ub:QG4bTzoN/SjHj1qTZ8wsmjXg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1032\eula.rtf
|
MD5:
7e80bb4c3dd9f053c15837ed9119023b
SHA1:
7578d87054f6a372e9c84701621f92a0795e7d20
SHA256:
28e58932a2a2670b974167fe3f9503d476f3c11a12134533b7c563f73b05b7b2
SSDeep:
192:xcFhdirWXzZWp7+s0HseCW7y9YQVpLyMRoBDbRQrOx45W4fr77Ar9W:uTdiiDZQ73eCWMHZyMWZbE5W40W
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1033\eula.rtf
|
MD5:
1138d04b6f322f7de6f632665c81d848
SHA1:
05e8547a4b3faea2a14180533a3d4484d1f59f55
SHA256:
2a71f1acd999dee66479c4458fb6b746ccc45440b8426d8cf176bb4702b48794
SSDeep:
96:c577JgvtNdwA17nPGYTDSgYMEEeDsq1NqIqxOf8pZqVFG:c577SvyAZFEE0D10IqxOf8t
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1035\LocalizedData.xml
|
MD5:
f368c67ce5c4f9056f0b7b364e2dc3ed
SHA1:
f7ff24563e2c2d23d425cdcf1d5deba55a342989
SHA256:
b24bca86d1ab347264a0f0f40feefd782232c9b0f9907d223957dec197b0a85f
SSDeep:
1536:RCO8TablObDa1L8wpI+Xpou6iLp7mM7KgNpuS/2+ghwgEOzfC2m+NTj:RIIObDa1L8wa0ZJ7LkKoEOzfCD+NP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1035\eula.rtf
|
MD5:
5109432dcdb2cf21f32cdfa7cf0c51c4
SHA1:
9adabd823c5a5aa46c7ef3be3759e5340a6912d9
SHA256:
b6ab14010cec52f99f0ba55c560767b856522996729c784fff8a82126e8f8eab
SSDeep:
96:mtnQXSOqhuDZqg+enB67guLXJ7jiKS7wE:mNQtqhucg+YGDdn2sE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1036\LocalizedData.xml
|
MD5:
bd6d24d3e088a9742a1d3b6ac6ef7982
SHA1:
27e3450652f4ee909fe9330613aeeefd50eb3e23
SHA256:
768505ecf1534f296bb055a235c0080d6b7f44c9f3cb86d424c8f9b1ee9bd575
SSDeep:
1536:veibCO3SI0oXP25HBru0qcC4U6OM5xGFRLpBQriWVB6DIPSWBo1yFuOOCtoe0eu+:WibCIJjP25hi0qubOdJPQrNdo4FuSoe5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1036\eula.rtf
|
MD5:
ddca05d00ad75ab960da221097034732
SHA1:
e8691120fce5af8e6040748f7d2bac15dba317ec
SHA256:
341875b1a36e036d91c5cd45949c960bb092a585d6c08e1292deb59570671972
SSDeep:
96:dx2T0Gz/2DUQoDeWEVf/4jYDY9eOnejGAg2lwic:d9GugQo6WEVH4kOnew2lO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1037\LocalizedData.xml
|
MD5:
d3183f2ac10337401845100f991b1be8
SHA1:
a6bc8d070e896d8852cbb7ee3ccaa37da31278e9
SHA256:
e5e9ad94a759b3bcc2723bb6fcc4a8363f890d7772fcd7ac6fc49ae98d959d93
SSDeep:
1536:Up4/37TxarBDl39UuMhrMnF+9LBOAbltM9vatqnI2ZYX:E27darP8KnY9sAbfgRZe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1037\eula.rtf
|
MD5:
b8b7c7a32c9922f1722c8e595a4c4f88
SHA1:
b5bab2bd3efef7cc5939090a88c27038b2bd14e7
SHA256:
e0b774d33c821284463843d506bbfa45f50ae01d3ec6e5c669fcd3e52f793539
SSDeep:
192:W2pmiztZ6mzazli356+sAER23ZXBc47wjmVe:W2pXJszxi3k+sA82pXBc47DM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1038\LocalizedData.xml
|
MD5:
5bdeb1bfa3adc8f7b337d57017f5698a
SHA1:
7018518b032f25b2962e6391c8d6c8419c694574
SHA256:
354aa979c7facb889646e5ea7fb45e1c3bc0dbb8678e4fc37fd2a8a7d0dcb300
SSDeep:
1536:E6+nj3KKNuxFrocsWxzhj9B8tPjz12cMLcpzM0/9164XmdsLWffPfP0aE2s:ELrKYuxRTsWx19+ryL3c/65duEHNS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1038\eula.rtf
|
MD5:
52f697df44dc3de0deaff3d513d616dd
SHA1:
d8fde4912041e6c606639ef775bf33fa272468d6
SHA256:
1d9029ae16a7d59199ca7828869619b3910e63dc5e34388ad7e4ee402f1188fb
SSDeep:
96:i+7iUbyb7a2OtJDxhmaWUyx1FcgW+E+bSxrIBAL/MRAVO82uOVM:h7i+U7dOH7m9UK1NJXb3kERATJT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1040\LocalizedData.xml
|
MD5:
1d3c7cb7cc2ad9f5ced817d4b6edbea9
SHA1:
fad6c828404d8b395e7e1095a54b5c98057a413f
SHA256:
02625c8609d44f0a407a023b2e8e5c393ebd793e0f23492cbcb611b6de7deba9
SSDeep:
1536:PWS4UbyFB2wxxONQdekyYL0gkffmu0qC4d/zvIuAsnPfRtcWK7hTE:PTH5wxxuQAk90lECvbcWK5E
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1040\eula.rtf
|
MD5:
4ce0685f1b5623004febd3fd46e86f4f
SHA1:
ed7b87f5cfda990149a852f3480d86a01fc2f467
SHA256:
1903e4ce4c50a288180d6aef4c429347a57f04e590755c64bb81daa6ad163c39
SSDeep:
96:ulrMmXNmF2ozPsHPELiMkEpjAFo9hIoBK3A4qWJJ3I:u5PAMo7sHPECEJAForIQKz6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1041\LocalizedData.xml
|
MD5:
961c45ea22fee29c918a94e47360ec51
SHA1:
5d3b657732347cf8bcb1820d0d3aea91d3d13f0b
SHA256:
51540e7467ee554b866e2e793b6bb900fc1452dee4687477bd73675c0d445fce
SSDeep:
1536:Vj5yxUCHkM/HlAUP2WfKjW5BSBtVfLdudZp2ClETUZgfpe1iXxwUFs:VQxvPlwW7yvufp2VTUgjhwUG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1041\eula.rtf
|
MD5:
69d5092a9ebd61a5f90fbbea5b25bf47
SHA1:
e1e42eed3558caa2ef7f789a6f13cb6bc9e8a3b2
SHA256:
1460f61fc08cbfae609efcee4933bbf469bab8d7be84271bcaa77f34be1e4892
SSDeep:
192:SX8Np7bc/d4oujRhNJkryiAfdaIfTryJt9eIDEDggpKwqS6G+7d9JHSDEHrP:q8Np7bk4h7ZFJr2+NsgOS6/xlP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1042\LocalizedData.xml
|
MD5:
c895573f5b9868e3d12ee4a5250e490d
SHA1:
ab1bc55756900694256090c761cca8b14e025771
SHA256:
8573e4762369fc89dba90fda4adf52a0cf70a7db90984ea35d803b29301d8a7a
SSDeep:
1536:MpOPEiwbaY5dY5YjWoQ3d7F6zH6h/tSpwl6WMET3ojN:u4wbj56YjWoOB6jo/YpE6WMuojN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1042\eula.rtf
|
MD5:
9bfd8a5d5218cd2e032e51f21b619ca3
SHA1:
88e7ce1dfa67c988548fb7a6a03f49ccb9067ac1
SHA256:
413ae21d1b7108f7f09f1d318474fcd4312c42badba4d9f790b0499658f2814e
SSDeep:
384:umVLwtIxYWZjff4e+FcfPjHIYz0wEi8N0qRuRXfu:JIk35Qe+6XDt0wcuqRuRvu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1043\LocalizedData.xml
|
MD5:
c03025a8cb699718468fc03d27897d65
SHA1:
d51e8bf5a918c2f4754b96e510f350930e9bae41
SHA256:
f3c8a1efddb10858dfb6f696f138c3ad34e11d40cd482548368b5cab8e882ee0
SSDeep:
1536:95zQIDsh2894yOTR3RzKTROjdBqET1WyiGBwtdNwbsCkQeu4N:9qIDmB9BOTRhzFqEJNytdNwbsWbo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1043\eula.rtf
|
MD5:
223cc2cdbfe751faa19f53d618317840
SHA1:
05f0f14b7dc9ae652ee4a65bc12603f6d73f0783
SHA256:
c3561352e4704b83b7a3d2410743652cf0d6905225a0377f8eeb5f494829ddd0
SSDeep:
96:kvnyhm3+dELI2fW/KqLsS7OFjg5wJkdITiTKNv6ZsRW04:yR3+qzfWyqLstFjWTa96ZO4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1044\LocalizedData.xml
|
MD5:
61948e1648a9755c6d8e25307f2c9617
SHA1:
db70c74d5133399eaed07d77922708f4e03d48b5
SHA256:
b44a38516265d8413a9b25a00105da712414a99680e3582dca150ef737d04a21
SSDeep:
1536:BqcSsfRMYqpXnk66yrSHESgyRtZf4ClY+C2xSO1agfhobeyQs8wP6gAB:McSsZP+Xnkws3gyFtlSOjf6SVsXPFQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1044\eula.rtf
|
MD5:
f5f1e3804fa80778fcf85776d1d9b38e
SHA1:
f514d469ecdd37e3d7d2f34bf0b95d415e169062
SHA256:
82304d1dc8e93a85259d027103529193e94f8f79c527886a988478a76ffbdf9a
SSDeep:
96:+33P2JQG3zsDcMDkinPGdclXq28x/PTfjO:+3fDJIitRiRO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1046\LocalizedData.xml
|
MD5:
24d0f5f46bb8370655f458e573b8c993
SHA1:
fc3f46f44ee4a1a93603f2a3adf3982eb113899e
SHA256:
6cc1cd555b1a14b735e89309b1145887113d6956538d0b610f80c925611fd724
SSDeep:
1536:8hJfdfwuvbWh8RM+SSVLcj5cIQuYL9yYJyo20mAvKwJM75YPOPkzQxpEipVf:aJfvvb95VLcC/X2kYj4QxpVVf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1046\eula.rtf
|
MD5:
c94fb8cf796669607a4a0a248c3b34eb
SHA1:
95ce749d20853ae681ed11b4479c4a9a9943b1b5
SHA256:
51f9eff551166ca62c15e59aa08ac7692835c6495248d6bd720d49868ed249b4
SSDeep:
96:veuIGBXyIZulYMzR8Vkiuc/BUflDbn5CwyoL+WHTX:6+CIxVkiucZ0P5CXBm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1049\LocalizedData.xml
|
MD5:
07df531ab99645181422fd2cfdd1cd05
SHA1:
58ca9009d002f3ed64970e62c6adf16a12073c2f
SHA256:
b1e24f3969188ee2c9a8e3b210407c70f36a95d81a616e0a6b0615382d194a5b
SSDeep:
1536:UxrfWme2M+9g/OX25uaPqvPgqxjlifrwaaKBaUbxf/F7UbCaZ+94:0J5MdAWLyv42pi0aLdXF7Ub9M4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1053\LocalizedData.xml
|
MD5:
6f95316d3c2d8f938614b26ce1abb5aa
SHA1:
fb74d637bc7a1981f2d451508f987521c1acf726
SHA256:
0166ebad5a5d86b00ef4eface71a615a483fb62141df461ba0c8047535070626
SSDeep:
1536:brLKCQKiJlZsT6VhalsSvkGw1mOsugaEBHLmFoJWRqVLnwUrzC4nQWn:brLKyAsTKOyGwCtHCFogRmnLjnV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1053\eula.rtf
|
MD5:
25284f2cb1d4df9a552559b052b5b9a8
SHA1:
b4968211084ea21827b3bf07df435100a7f07925
SHA256:
9ec8586ebec36c2f88197333eee10941760a3cc116c2b49be6a0b920f8ea25f7
SSDeep:
96:E8AlJ3Twxg7YdoiRuGWID2VYEgTHgBiMfiNNj2rdEa4:E5lkfdZR8ID2VYtUhrdEa4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1055\eula.rtf
|
MD5:
0d252a2019cd6ecd64a8b584294ed138
SHA1:
e8933e50f2c65f6b591f756d0071e99ce2a29ac5
SHA256:
40d4b558ec4a77afc8b0960a61273f3e1a8adcca84c4b706186ebb45d1b4b952
SSDeep:
96:YGFezwiSvc76a133YzJ+bIGSVJ0YOnBunWjaWAUoWeurSnr7t:nF6/ccY9+biqYOszWVoWeeSnl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\2052\LocalizedData.xml
|
MD5:
b093565ceb022ea5b168a86f70b21139
SHA1:
33dfdacc7c5634ed00f1d4c7a4020c243a52d93d
SHA256:
3430a01af03712ca55e8e04b99db3e71301e3c18978eefe445aac17d56d63e62
SSDeep:
1536:Sa4+Z6zdIeUg2dd9EAOenTeOgIn/54XeI1:rKR+hOenK4hmJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\2052\eula.rtf
|
MD5:
f5cafbca25ebb686539bad20baa4d6c0
SHA1:
d5caee6058348f418f6ca1c829dbf2278a0e44a6
SHA256:
297a4403402607b4bfb55f1cdf857ab7d7a201bcc76fee6332b885f57da9cc74
SSDeep:
96:WgoO7oLcb19FMCrsHOfu2unOqZWS+HEQMxZ8vo0aRfhByz9/qyxqqNxWZJKG:ZoIp96CffEn1ZWSdt8pYGC7uWaG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\2070\LocalizedData.xml
|
MD5:
160f53fdcda52a80b4ef0000bf29972a
SHA1:
46921fad7428dd46dbd00755c2bdd4b135812e65
SHA256:
1ee2db403095aec51d03e968df8d54589c2a6587b8469328316793c1b75f2cfc
SSDeep:
1536:iP0UPLQjiM0c6ETL2p+oeZWV/yi/VADeVy/EaW5XN/PFoMQd9pPKcRVe:K0UjQOMcEVo0WpyPCs/ElXlVQdPZa
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\2070\eula.rtf
|
MD5:
08d5c904d57d8f9f2414fc0ae1d18cff
SHA1:
d9004a04117efe0c986b541a02cc577eb9e6f172
SHA256:
de9444c256d8b221e4a93b2f604ded2c33441468b1fa1214d6b3b3723dadc2e6
SSDeep:
96:vv4Sg+PeQf82kPLJZfLoTn/muVoFtC2WbG0gq4eQJBBOZ:vvHnPeQf8bPL7jW/mJtC2f24eibOZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\3076\eula.rtf
|
MD5:
8006463f07c8fd5e1371ca51a024ddea
SHA1:
81b08af5da248e38a6f3cf4613287edbe869eab0
SHA256:
0a3933baf76931e353b93d02e18d3a1dc0b8f53c61dd75346c565d307685057f
SSDeep:
192:AnLsmRjPqH31keAYlCs7zVhncQPJUPjq5:aLsAj631hAYrxhn5sjc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\3082\eula.rtf
|
MD5:
f2dce7932e4065b0953388962652eae6
SHA1:
8c839ca71e489a21a24ea3366c3b6b4a8a73a9c5
SHA256:
4d665baa42bcbe3ce2ee9721bb631f4759379349dbfd5f87afe6002989839e5a
SSDeep:
96:2yW/aXY4JO19UEfZPAUyRbJ2Ep9HWvcF3jvvU:NAGnMNfZIU0gE6vUvU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Client\Parameterinfo.xml
|
MD5:
aee3e8c0c1b1d095a84ba934024c456f
SHA1:
6a60ee0d0e9d2a24db4721fda27554f1bddbd9df
SHA256:
4652c1504d7da7b931eb40289a60253d5336e62b51150911c4dbfbd865522d54
SSDeep:
6144:XPKKiToL1bzL1J90DETNJbxJ+SWjK/1aY+kBp00dFMe3:XyJo5zxJODEpcSoiYY+Ap00d/3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\DHtmlHeader.html
|
MD5:
9b1a7b013e37021f398f9da692d2b698
SHA1:
ecf40de57bffacdfa9d7ae5a1033e3808f7a49b8
SHA256:
e164301d091f46c514a93ba68ec0bdf91de0c19f12dc29447ed872a5abdc7a3a
SSDeep:
384:5PTkDtHBOsMe1ezBfJlEbDrjTj4DH20VmwhXNHBvxzvhOwVi1:5Pu5BOsMNVfJlE7/jg20V5XN5NcwVi1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\DisplayIcon.ico
|
MD5:
1a8bda2a7bb63ee2897344a2913657d8
SHA1:
af5cd65f8db5fb4455d42f72a9971d27dc65c483
SHA256:
1a0b509c41736de0e299edb942ca44623f64c45800c08bde56fef332c80fe936
SSDeep:
1536:DfQCsWgpVF33bnrGwweaOrv/SCmkGl2WIHsUtR8Hycc/S34QRxG:LQVWgpTrH2MvOIMWdQnG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\Extended\UiInfo.xml
|
MD5:
dc7b1b6b965d8d08abfcce96ede865fe
SHA1:
5fb27f63762645ae4fa039460678b69c42556731
SHA256:
b6d221de08213844176e152fc88b9cbce29f0fb030d6c2558cc770c0f81c62a5
SSDeep:
768:xMxInVezR9Y3DsYTDa4eKrXZb8iWS8KX4UPzADC4C:WwO9Y3IOteUXZ1PfI2sDC4C
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\Graphics\Print.ico
|
MD5:
ec35fcf95d3b024510cceb2dd13dd1e4
SHA1:
78f87fd32d546bb34132b8e83289db341d115786
SHA256:
3d8151d2233b4eda8ddaa9526cd435d07a058943ba6db692b148e8782518f273
SSDeep:
48:e1MBckz+EK6sARJAmJLmWskDw1Z2vCDcQxWwM:UZkz+EK6lcWLmFDZ2+M
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\Rotate7.ico
|
MD5:
93e5fda70031f66da7cf32ac16422eae
SHA1:
71ab63a0c9ba697f8114b2003d487cb523b19d15
SHA256:
b300ccdd7e92eee8ceb22f65ac545c5872592cfa70cb7afe34db54d69b7d8072
SSDeep:
24:Mvciq8yg6QX3t5oycNcwDzuEuCHsB9HPCvKoDlAmNYn8DRJte3pmaHaK:Mvof/K5EcizuCMB1PCvXDlNw8dJ4nHaK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\Save.ico
|
MD5:
54d8b7039b2317a3b34aa08d6e5a1a08
SHA1:
23047207e20db67b95aaa69aac1c920bddf6f02d
SHA256:
e9eddad7f1a330dd9e32f632d416217fb2fe62f376a9d639b31c882f2433d761
SSDeep:
48:R4aJ04/Ee1qVccmVpj6CPSoI41sYRNm1zg316:tJp/JqOVyjG16
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\Graphics\Setup.ico
|
MD5:
704eb8f42623945455a6460e08841d2a
SHA1:
7f7da597b1a120b5c49e6770ba98c169b4881585
SHA256:
758f682d1eae558e15812a0bc49fe47681f0305bbeee045b89c0a69c6acb79a5
SSDeep:
768:YnmropF1npe3kM9oEGWEC9/pYw+b5q+lyDgB/1XymEfv5yKlwgoH35Th/ynlif:YiopF1npe3kM9GTw+bo3M+f8KSgopTXf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico
|
MD5:
6f7f5b39640317dbd48ce0f957793986
SHA1:
f787935c6d151a296e9d4efde3b4fad177149e60
SHA256:
0a6b8c72569288020d5e4961923aabcf4393b54dcf1ab34062cb71f2f9f4a668
SSDeep:
48:tiSVXpB/JXIgdR3KY0p8dHppjcT4Uv5IWDf:kStpB/JX5napmHPjcT4URd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\stop.ico
|
MD5:
5e31499366d1c946ed30ff489e8e4894
SHA1:
14d9870b53400af9814cbb9f3811a119364484f0
SHA256:
22eec7f3f40d5df8f232404db5c7d1fdc2cc29491e58f7d76c341f02aa3e20a7
SSDeep:
192:ZI/eT/XxHtP1YStcIygiNeDhshWXOzsWzsOTVlqbr+Bg2BwPg55efhnzNqDoeLRA:ZIE6StcJpNeCsWzr3qbr+BJBE+5Uhz75
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\warn.ico
|
MD5:
cfa758c6cdcabcfa96b0a146a746083d
SHA1:
0d38b1a695915e04cb646a4aadd807ac436f1abb
SHA256:
3dd9a6cb17aeca108569178bc47bfd3cd19430199d37a89667c0b626173783b5
SSDeep:
192:opzJeqxEBVE5OFnsI3PsfBehkBDUZd1pUGXQR6jpDkmwMa6WUBVzudmx6kVe4sxr:opzJeqxEBV5nsIUfBe6URUGVjxk2WUBq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\ParameterInfo.xml
|
MD5:
ca699233671d5b051adff936d75d190c
SHA1:
fb49f3c03d28c12c0f9a9fe093f6616ba0d7c078
SHA256:
c7bba4f7931e7abba72395656540122948d145303d83ee4c972052eee50958d2
SSDeep:
3072:+JLr9NrSg4vZf0un0+OK8HM9d5zDKCGXXWiRRl58lLCWUWTXm4aZx0Tl6hMGqjXq:+xr9N2pnQK8yriDl54uxZx0q3qrZ7c
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\SetupUi.xsd
|
MD5:
511b373bb8e3cbdce504bfa85895a6fc
SHA1:
2438b3136d2b6134f0ffa4b542596e8362ce9d1b
SHA256:
eba512774b2223d36f8bfb9fa3d1940940e98ee2379dc273ce6ac519ba4f56aa
SSDeep:
768:lcN6jiaeG5e26pTnZoR8SvB7vPNim+qk7o05BlHgWAAqj4G9iE0vj1c:lcQj5xc+jBLbCciCWDocvK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\SplashScreen.bmp
|
MD5:
0caadb9929a766fa9cdb1fb7d57a70dd
SHA1:
c9de832dcb96fafe576cdc879aba021afad0185b
SHA256:
b70ec1be7a9743f3b776006e7baa2c368ce84a02b155b7b3b63e4c1601937ffd
SSDeep:
768:w20Rb0qnKIaGw/u++VZ5j8wrMRiNjBM0EwUsoBJoHOVsw9NyTYtucfJ1IeJkBB1q:F06PIar/ud5j8YVM7GonmGvvuYtJyiXl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\Strings.xml
|
MD5:
552c293fb383b0d393f6645a800e648b
SHA1:
0e12d2960779cbb2597a4760b31569e2c40945db
SHA256:
8da360afbc0ab175c4b0f897f2192ba0443927d17ffa1f890369acade94abe12
SSDeep:
384:wmCeGlanxs5Bcn4mtXJItLuNlJ+qF4Um+lfwM63:TxGwx8c4mtXJItqbJ+qFndRd63
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu
|
MD5:
744661ffdb965ca11f8b228b57c4e075
SHA1:
9b436830f625297d534d78f974dbdc8cbb11a15a
SHA256:
2b5f1c3cab93abfe0a0a81f9f201b42185fe508377168f2b74309a0de27dae4b
SSDeep:
98304:qbY89oGUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlM:UHwZBkOK2Knq45mY4H5OMKkKzlM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu
|
MD5:
128d82ecd9ab8b813483907b7d007ed1
SHA1:
4f62a78e802ff708c207e50136bdf88ebd2dede8
SHA256:
d699efd26fa5580b6b51382bcb08c3e7b2b5d21a472f58f9757fb78ea7170c9b
SSDeep:
98304:p+UqEx0uji6JI4Ky/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCT:IUqE6v2IZBBHTK8KXZ4UuY1kB1iKFKm8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu
|
MD5:
84ccdcc67b26d51f9bd9a9c854d99880
SHA1:
5a45f566b0c23a10ca00f5af77c1dcf76879eca2
SHA256:
69a423d5c3f431af8925aeca4ab2b1f01728670a53fd353012e29aa7bcc7bdd4
SSDeep:
49152:mcWXSEO0rbubDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNI:mcZ0WkGnRau84KUYcs31KfFKzdNI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\header.bmp
|
MD5:
4b80d980721ca3c243d5ed55c5e69fea
SHA1:
c3ee589deb0cbf97c7f673f7fd9794076e3fa1c5
SHA256:
3ec42bc0ea9f8bf6010efb6af1f74904f9cb36d26a09a656a851cc901f531670
SSDeep:
96:uws0KlJnFZ4LISHtfmm/RYJkTLSL/Zc/n2M48T1uU:gdJ4ISNfmbgLrW8X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\netfx_Core.mzz
|
MD5:
7fa390dee7f9751e867a9d8dd93b86f3
SHA1:
b55df44191f406fea9826ec8176c445217913c71
SHA256:
77de85db135b703bebfb1c5285d1b082d98cfff380d138bbee17a484d02e00ee
SSDeep:
196608:thnJeUjI2RCGb/xex4W1WHuOxPR8Zx/yz3s1xiisOfVr/ImhcQh3Slmt4dVOKgBV:TZjImCV4WUZWOz3sESF/dBLt4DBMb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\netfx_Extended.mzz
|
MD5:
161982e4d7af6e7813d146a89f1ce9ee
SHA1:
5f42f9b0936ebd53149ddaeb8dce36188650450f
SHA256:
43693eb587e293f6724ac104bbeb91c0ef09f87556d7f1f9b155a8db09891df2
SSDeep:
196608:FrCZu1yp9PpvAotIjkef7NVl5GqWL2q6NTwgZkGfkmj2BWxoK:FrCxA9jkeB5aL2q6NTwgZkGfkmj2BWx/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\watermark.bmp
|
MD5:
a3548a09c6bd03f507608c9c162bc546
SHA1:
09dbf1693b7680d005233c46232b572e5ac7004d
SHA256:
1d34a3d0a57e3647a0a70496ab2c17a08011647f9980b640c52f5c6561bcca9a
SSDeep:
3072:cuFq1itsxFIAkrfTea2oFQaC9wxBtS4jTNWHGhl:cuqyPAkr/QVST3TNll
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\BOOTSECT.BAK
|
MD5:
a29bc38cad9d5775137cc371cefdd6a6
SHA1:
ac5ed4e4eb902e0412074b33cb441573e641daab
SHA256:
b2b9dccfe8ac45462ea730855d9b45771cafd88e2424bd2612c75c35e616c828
SSDeep:
192:BpTkW1UVcUcSPVRreLlL7S9uL051PvxJ4hcHDS4nU6tdh:BpXec0VYZhQPP742jdU63h
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Application.evtx
|
MD5:
0d83d2fc3c41f5fc4cebc4f97a3e2c9c
SHA1:
0fbe374919193c294b49da205f2a0f5171b85339
SHA256:
72f104ae2419dfe48e803cb8d2fd0558e2d5c4b3573d6e50f3714f08c8ac1618
SSDeep:
1536:PzjSG4b22qGi3QUjESd4A8sAGrJUEhRqMUP7CqciZym:7jF/91ksAGrJLIJP7CqciT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Internet Explorer.evtx
|
MD5:
2f3d514dbc2ca1ac0b292787163180b5
SHA1:
5a967d931f24355c7cd4f146534e74246b395a93
SHA256:
198442e81a8432076bd2d2bb59486705980690ef79f5e12ad34659c084aaeb05
SSDeep:
1536:Z/aOp3lFq+8oYD2PmLWdj7hxlAdF4ApOOHtEgxoDUgUmXw+u:Z/aUFj8oY6jhA4gOeoDUgU8u
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
|
MD5:
3d25491f5f09f6e0e50423d5f2a42f7f
SHA1:
a3feefd11139925e335a54252e15522d875f7f60
SHA256:
4f4f6de0d28433257bebfa0cb332432200dc1eb36bc259321378bc02449bbd02
SSDeep:
1536:rPqDa93e6rZu3UZFdj47/wJk+8ilIhRVE+Zf/Tl8h:uke6rZ/JULwp8ilMHx8h
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx
|
MD5:
728e447b315d5f31b10a965ef7782642
SHA1:
bad0b2fc2f163f94e474d27990e7e1c362037b5a
SHA256:
fc73add708a748cefdc96740145ea504dbbe1afb9f2abcfcec4494f9c5a7005b
SSDeep:
1536:Aewo2boSJwK8wZOhtfQJuyGi6YPZcXQ7RSJ07oJUpb2JP4HLSvIeFL:3owsGQ4yS2cXcSwoJgbauOIeFL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx
|
MD5:
150f53f37164b0648fbb5b32f9c2faab
SHA1:
656af4f1ed2f8a4de2a135f0bc62c0c75d0c2bd7
SHA256:
d343276ab41f65003bc78f8b4eea5be154318de4d77522765b37f88ae84e8e5f
SSDeep:
1536:nXWI4PKTCHUSw02/WQlF1QIdNY8Hq5fVEY:GoTCHUSwH/PnQIdNty3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx
|
MD5:
f17d78c8a2f889d2e591a9f4ba35702f
SHA1:
04e514d6d85fb6a11e28eb6777b4d4a703776928
SHA256:
799467582a7cc0385f85ec8ca0fa3d6851e19195852694e4fdcd3d510f567781
SSDeep:
24576:jJv38NyBQff0sEOVjV74gNddAbWd5CtTeNbZ05k3VfO:jaxn1wWd5CtTesy3VfO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx
|
MD5:
3ddbb2a50def1dec555e5324ca2ff437
SHA1:
c67c058998c13467e3eb00ac57ecce968ecbff67
SHA256:
bdff6a279f41d68894a6fac9931fd9bea329e41a17ae488dd8b4e3b2f7e7d3a5
SSDeep:
1536:nNdMc0kDTfq8UdZ5anYv3MSIk03w4Ol2UXUHzQfeA4Zld6XKuVRu8GW8zw9r:njMOyFOnmgxw4OYVHz4eA4ZlkXDVw8HT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx
|
MD5:
d251b8dc78a0477cf4e831b41863c910
SHA1:
4ae673c5b1bf58b996d7ed383bae003788cbe81d
SHA256:
ec6806aa3db9bb96a392f7df07a522a89e2391d6e739865cc21fd45281a24430
SSDeep:
1536:5YJMl9riEwYlQF4F4zlgRW7Om96AdOnRMl7veFtSn:6M7GHYsGcsWvknnml7uu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
|
MD5:
c68842201652e840d62a746e0f90cc86
SHA1:
1f9d6fa0a4468c67632b1b3d6fcd6809e252ce18
SHA256:
8304a2889c8ddbe5a9b6d12b771f0e841e4f74abd9ab2e1540b4e11b31263c4f
SSDeep:
1536:LYzNPwOqY56HTg1N5k2m6R/vdIQe5TzLHYdaYJIaU/bJj:gNbRmTgid6R/vdINbFYqhjJj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx
|
MD5:
5caca4a778c1e4d3ef0b647e2dc648f5
SHA1:
206bbd28af6b5db16b6da87c884580a95a002d63
SHA256:
e051b4d22c17882a00910978402b1a89e63a299528446fc7c07d4ad0c999120c
SSDeep:
24576:VBEdTOkOf1ulqPU7bcJ08OJumq7uRnzd/0pN7QDFX:rsTsf1EqPU7bcO8oumdRzNQ7QN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx
|
MD5:
47e4d04d15fe7ebf0ce3bcca86522e0e
SHA1:
f4f7d3a0b8aff54663a64282fa878cecf93c4c9f
SHA256:
1a7bf55959df81bd5ed243bc5a1ca6d9ac6937fce9c76ea35d0cde9867e7a3a1
SSDeep:
1536:PcMg6Q/pPg5MbFghGBUy7RIDsoYPQuQUDQH1oO8/qaJ2:0MlQ5laZy7BoJuNDQHB8i22
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
|
MD5:
edcc422b11030c4855f2e05bf3f68597
SHA1:
01c48f672dde5f62eea75e75be60b09f08bb62a8
SHA256:
7b12855d94b42e8fea97d7611bf41dce460a11fc5a8c820860eeeeb94041a98c
SSDeep:
1536:1FMzxoybl6MBoktQjio8qfze8SLYXNpIPe/+CoA8iJrT4qBCpSD:1FMFoglFoktQOdqMLYqe/0ViJrUmac
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx
|
MD5:
6a117984af8aa4c45e2b15b490082bb3
SHA1:
2af0dfec235e47ae50eee73549da0fcbc12cdbe3
SHA256:
1cbdd4bee9d977bb3202fa25ef6e6b2fd18bdb5984ba5d5695b313b8362b8380
SSDeep:
1536:xrL8RScoG76tP7vcP+Sy9dwRLkMvt5CknQrgIU6nWnBxu:xH8n6tPja6TWflqrgF6Yxu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx
|
MD5:
414bca6fd8b1435e33c4ac9885a98167
SHA1:
42730c24c0b5a3a4dd2eaa35380301d5e0e7569f
SHA256:
3574562de935d27cd4b883b0ef1f92e4f2a55c136e76c638f8c8edfbbee70906
SSDeep:
24576:kuwb9CIuMkXBFxky/QyFIcJK+GmlJ1K+TTLcdnBCk1Vn1:rwb9C/BFHQ7L9mYSk/BT1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx
|
MD5:
9a2dbb048e8d88a7e4826e5e161aa5f1
SHA1:
af935bf85e866166e7d7e15a37c5f582ca12a6ef
SHA256:
a00fcb108516c41974ec3e8b4b7f480201558b4449d81c63cce2b59f5c026f2d
SSDeep:
1536:JeBC4jPOE+lSvg5VLgTTfXsU8HyP7XbgnZtlKZWuEfaIBzMb:UBjjQoIHsd94Zt03jIBzMb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx
|
MD5:
91a3ac4c9871830117d3740d6c60147e
SHA1:
f29c32fce1347a4f4853ff10896b31047f17929f
SHA256:
b5f285f3314dd6327ab0c6ac654d609c10b0d7f4ea0099e4ab9c79a9eeb5b6e6
SSDeep:
1536:W9nyNOdqyq4kPQGb8XcR4CG3N9N8agll3SRRwGqArhE65WB:QnyoExb8Szegb+wGtVEdB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
|
MD5:
999c92dd4534ca5b6458b290b850bd04
SHA1:
242c39b1412b76b90a42061fe4a42fc38a1605d9
SHA256:
2dff7df2369d4531b76caa66aa65bf7f2c868422d3b84bc33c7ff98751d89452
SSDeep:
1536:0Dh1V3tJBiZx4m3fIChfHWAjh8nl9SAeiPevELunNHm8f/:L4AfIqHx2OFsQmc/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
|
MD5:
1fa266a6485aec98760896a5a9ce0947
SHA1:
1c4aa93300e52003a7e0833cc5d1b5ae59f07dee
SHA256:
0c89d6bfb93d50b66e2de5d0692b789403847c72fa0059179793ff7d9d3cd5dc
SSDeep:
1536:x9+Rmvkh3LNWeGE3GsxNTyN6AZyrJXTAl1ZLAbyWMgdxvvvu2:3WLNvvGyQ6AS6Z8XBm2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
|
MD5:
7fde1fe9d71ebd1f6e8a04ae750e665f
SHA1:
da5f3d0fdcf9e55898883962b1a83c2e194625ec
SHA256:
5749186f85bd79afecc6e5f183615b4b14ae42c9a0f891e0e82340e62f02e12e
SSDeep:
1536:ZvvDQMHLHkk4QdndTRPUlyjmjZiUqqmDE7SaQaGdLCOE32:ZvLpH94QZlRw62ZiUqqSaQG52
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
|
MD5:
8abb93be45f7f6e5c20d70625b11361c
SHA1:
adf54ff58e9e6b5f1b7d23f36400dc19edc20910
SHA256:
1f00246f04deeb127d7a2d1f9fe1b9a2fa7f698d0226b6ba1cb627b2f053114c
SSDeep:
1536:OmxOOkePnOgDb4ZUaLMyppqwrOFtNSVyJ6SSmage:VnOgDbhajp1yoyQv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx
|
MD5:
b76623706ac28f125d613b366c39b4aa
SHA1:
a662e18ab19acbbc0d62d0f8e3f8885f10c7129c
SHA256:
fa80b069809f5bc325c443d5fddb35f5444283af6262f34437cf7117da56fa44
SSDeep:
1536:MjOTxxAb57mkww4BNh/s0KD61HO+O/Lmt1+VUyMgQLuqJ3:R7Acoehw+OT8LXJ3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx
|
MD5:
1ac7002cf88812ef136d6f89ca4fef3e
SHA1:
5f34a16d5d28259acacccd030ef507413e69d542
SHA256:
2ce61533b695d78400d29dfcd76ccf3bd180d123724b3bd3f7569a67ff7cd90b
SSDeep:
24576:I4KSHA2styOpwf6WZxrcDuhdLwhQG2JrEZ+e1CA+xh93xZ83:zAhNwf6oWedLwWGT+e0As83
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx
|
MD5:
ddd7a0074fac91f894a296faf099b8a4
SHA1:
0063e2221e61d8ebef5dd0667d9d54e4dba003ec
SHA256:
6cf43f03231c4e0287dca6e215e15560d59ac14696c5fab2d2032eb407731fdc
SSDeep:
1536:HeIP00tSXzJtahFjyZKuHC7mLqN/epcWqdXbLgg55kmWeL:HeIP0tHahFjyom+N2LAgg/weL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
|
MD5:
a8d6d6cd0b5fc4d46563a4a0eba2df47
SHA1:
6bc5d13e735acf7dffc1b59d11512015eaf94351
SHA256:
98521fca157eb58a1546a645aed7c69326211a18586e76bc0d212178cd2cb357
SSDeep:
1536:LiOO+y6HDRLoAhHQwK4JDhYj1rXeuyivros7bBHEwQf4hpDh:LiOxy6HqAhFKGDheFros7bxEwQf4Dh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Known Folders API Service.evtx
|
MD5:
1c8d1f11622409c4eb777706946f29aa
SHA1:
c6efec16ca484c05a274da5dad8a5eaa6382952a
SHA256:
9c8bec876d83dad176837e267b1111b219f69691a9046ff8c4d049fe0b5ace27
SSDeep:
1536:ivMtOEX5gciYTZr4XgYYWVyN0CQpPEQyDjym8Nf:iBEX5gciSQgYYWVyN0p3yDWmA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx
|
MD5:
f90e2db2eacf1aebc7e789677936b7f5
SHA1:
1a23a3bd050be434ea01843ea96a49e592a73f60
SHA256:
48a0deca51ae24bbb674ef53132652ab10369a9ed4729a9bd8d2ddbe5eb825d0
SSDeep:
1536:DEOo/tEMXJ7tlLUzGEBiRHm1nmyx+jyUv+I4m6NcyuVWT9t42r:DEj/BXJ7tlLUyIiHg5czv+I4mo5pt4w
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-MUI%4Operational.evtx
|
MD5:
70c8cf4ca3d5b9cd9d3321eb789fa67f
SHA1:
16ee575cdfbaee024aa02c8dd7336ab61179fa5a
SHA256:
7fbed1f0fc03cf1ddfec795fd993e4ca0146779f1a1444d11b988fb1dba7dad7
SSDeep:
1536:IyV4IXtXFVEyJScc05H6cPP4Sl6iDVpJzu9JWmtT/Pe07V:IO4IiyccnhZlrJ6HWorfV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx
|
MD5:
b53b6a1f9dfd957dc48e75bf3818b3c7
SHA1:
656ad1820d85ce73d76ee7e8b652597ebd52b8e1
SHA256:
0c521282dc12cabc6f4868710fef4f6a2e1408a8d7dfe21b4c2f950345491332
SSDeep:
1536:ysbv6+ZRXGoK2wBwPjbRQKRIDCuJA8O5zfx0+zgxd5ILdmcWbf40rYr7F:DhSDmPHRtRI5S8ONfx037IJmcY40rYt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx
|
MD5:
335cb92f5d7f614257d526bb3ce36f8b
SHA1:
08da9dd1da4a19fcc8e5709059a8a5250a15a845
SHA256:
f7bdacaf198743286d63bba5c365cfacc20dce096f282e3bf3798e90fbb50917
SSDeep:
1536:KbvPWRh3chzDy85hud50FxjvRJZOsJET+kfGe3sv68Qu83:IXWRW5y8wSFxjvRJxn68hW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx
|
MD5:
6178339e125be330b22ca538bf50b362
SHA1:
69484ac6e384dca7b72157a3c8136ccd81fd92e4
SHA256:
69da9a6aa8458b41a501bd26aba7969c17d56903b12aa4f3989974f8b6d71b3c
SSDeep:
1536:sdQoJCt7xkhVBL6eazaPhLTY0t4EgViWCw/WAj6yvk4zji/toZQM:gB8yvBlQiLlStiWCT4c5qV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx
|
MD5:
673567bc82f19020c0be7a79b4836863
SHA1:
5c930238cf9c9fad8745b1193fc42b4e64ae0cb2
SHA256:
559a25124813a935a3e862f368b3b2ef2fa842d5d3dc7633a4a4b7275b4e23b8
SSDeep:
1536:wVODB/CbuFVS4R9Tfub72ZvWVQif1uJvB/:woB/SuNR9TfU7UWyif1u1B/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
|
MD5:
0ac248a7b74daeaedd9ecec91825a7cc
SHA1:
e0acf81637aac36412a5338b0a3bab661d4ede73
SHA256:
6e7505ab596ebb7b5e3e58517ca20591f6cdfe975887a56276bc5198d323e2a8
SSDeep:
1536:4lNxsz5/ySYhnwE6Qt0DVnR5HPDqT9NPLzQVsn9N7NooMlvnjtoZ:4sR5qwE6QCHdPD6X9NBVMlvhoZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
|
MD5:
334a2bfee6e31b6e06eb07fa176d3d77
SHA1:
9d9658353ac29e17ccd2d81f274dc640393fbe3f
SHA256:
cef35096d100ef8b91d4c7e95453f326a4b1314710e516581c70a67c6ff38098
SSDeep:
1536:tmex76R7/u6HTVUhhjby3TZsvSgOzExKZ6DDNnL3:fSu6zghjby3TZsvQzEDDDNL3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx
|
MD5:
868e44a362c6f4a5cfa16168f4e5ff40
SHA1:
950e84c9845e642c077a7a4000241c8ab6a36e0a
SHA256:
51d935f44870d20ebe475c14efefff6a7a7c6ad71ff39f235f9eeb50be1b8a8b
SSDeep:
1536:50/bSzpXl1APQt3fpsw7v9ReYpWcmxt2KMXL0uJYYVwZvP2M2zH:5gI1+2vp1lReYp+O4kY/BP2MAH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx
|
MD5:
d7ca66269c9d34887a2c6e8721b1bcfe
SHA1:
2022f800b9d6a8f45d5a8df75814deb754e62754
SHA256:
6bdf720bc485bd8da87cea3debddce1ba93be8c0629fed47a4787aabedd2c6b2
SSDeep:
1536:6l1RvPw+oo9T5PobQKQJJIGm6MHmIMeb57A4ruMIoQn03zWnLa24NnJ/Z:6l1JibQtnKlMg57A4aWQ0CLa24hf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx
|
MD5:
b6f9896d13dc31a5a4e74a42d3dce2db
SHA1:
6b6495b9ed05228ea765f021c3a69a09cf67d681
SHA256:
969c5169817c5737ea35c1403db5f5d6ad24cf77c2e220a2dcce731b36e0a9f5
SSDeep:
24576:lb3BFmbAtxhNWT+4v9ndP3/X7bJRMYNB9974xwQ5n:5xIbAtxCDB3/LbIYN7mxtB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx
|
MD5:
3fc5bfc863523133ce15b4e3a04f6c42
SHA1:
060ab7762db7af74d73a871ba4855a4616b0f4a3
SHA256:
391fbb1ddafaba2c76d7df4910970e8c553d730959ac6d8afed9e1885129779e
SSDeep:
1536:TM6hd3jBrKYHE0WQKerAVOBSgpzXS6GaDsk63YBIVbaInkNI04YU4gFOK:TM6L3j1KYHEVherjZNGnVbaGNYlK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx
|
MD5:
2257fe165e6ed6e5b421e9fa35cbd508
SHA1:
cb652bb3fb438322f25a2cf72f6b2d4bb4dc2901
SHA256:
41209ac23e0dc6e5426f2a102c7b9485a7fb96bb544092b375b3bed50c0015a0
SSDeep:
1536:371dxnKYAc9pkytcSd2fc6mHKNdxPh6h850tQT8iXPoBt:7xnKYD/2M2fjd840tQTvXKt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx
|
MD5:
5bd51e1e3d908eb5987e3a1a9e69fd4f
SHA1:
55230b55340860c05ba8291577c929dcd40733fc
SHA256:
69504f0b847163cde4fbd71d26d0bad4beb9568981bc59e3420c3ba230b6c6b8
SSDeep:
1536:odsni/3oassS5RSmU0HRpQ7JVQ3zdqZHDVQzfX1T:OKUoH36J0HRyU3zcBDCzfX1T
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx
|
MD5:
766cf48af90ced45802ec4467a7d487a
SHA1:
5c4d2338660381ab67603c87cad27335f0963311
SHA256:
c77d0510a968c1e0f009558c31444fa562c38559327468e36da9c5cae66dedd4
SSDeep:
1536:IzCfxGIQG+m7VfUf7HboW7EDEUM5nLBQKhsiHzglQ:IgGIQDm7VGbb/7TU2mKhsiHGQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx
|
MD5:
155ce3e291080a0693d7cf4a6f990ca6
SHA1:
15a7d04eed6ef72c16d177f15d1e7022c7ef5969
SHA256:
00e368742dee72aa934b7f5c0430e1311beb71aea03ca5425a17eeaf3870cd9a
SSDeep:
1536:cbJToiCjazB81SX9mppXX2/heVrmC8t9rrLXVIv0R9uXjgQ14nS/jTivNSmm:cujazBt9mppW/vC8ttndLUN4S/jTivoP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
|
MD5:
3da1ac3c516c2ad847523604b252517c
SHA1:
1abe7d7a5638bcde5a865660caedc8d0d0a8d09c
SHA256:
fdf2abac7d865d9ab3bacf8367145320ee1e40f9208cc94b8b7b0321cddf84a1
SSDeep:
1536:PhYFk3YOlqrFN8MkhHxPAcQR5mWr1k3brpA7sR5D52++:2Fk3YOaFN8rRPALR5HSbrW7sR5E++
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
|
MD5:
3da6cd4bf8a9cdc791414952c8ca89a8
SHA1:
e9c11161ad00ec51c7119c2c2fd929c7a01a10da
SHA256:
5a2d9d23fb09c822236c73836930819aed113c6c1f090a185168970bd0e604f5
SSDeep:
1536:Xb5iTE+ctblnfP9t7oevy0K98tuMxvG6TRN7MeFVSA7Z4uZI:o4+Sblfr8enwMjz7lFwA7ZXi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx
|
MD5:
b07bfa5fc10af9c9431aa2017ce93a15
SHA1:
5c64cbb6771534355957e1b931152064e33dc722
SHA256:
e394e085caff50b6c8bacce9265267b1cd37131a3fd49e0890ba2c2962dbae07
SSDeep:
1536:QOZM5/jxWAe+MrcL7Zp/R5tQlEabdzNSjG4TG7ySKHr25cM85q:QOm5bxTe+b7HKlEabdzNMDayq5ch4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx
|
MD5:
e209bfe613ae1d2873273bddd8fbd2ab
SHA1:
ae87f081f7eaa9e5f1db0941026787271c64d48a
SHA256:
b0f29a9481db403b899ef637b494fa2c4ea93da87c90c20254b9951f2e959427
SSDeep:
24576:3f8GGN5S6dW07XFTWdK82mQmxod32L2ZsJoBz9W4r90Pp3cjO:3e5S6d8dTQmxod32L2ZBk4o
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx
|
MD5:
3db4f024688e248e65b8de19ca353ea1
SHA1:
33f973150c3ff1beefcb04402a8c5898c2527770
SHA256:
05dad89ed2ca5cc68d36e9e74a58322fdef2070a1addd93dec97ab4df0f2c9c1
SSDeep:
1536:Kq/WoGMJ7WRMBtn0/R4DCx0DQugAl7vrqSNAqqf++WlR2Pe6ujg:r1GMJ7WRMBp0J4DCqDt7jqcAH++WR2mC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx
|
MD5:
0e98a0bce6d9a5d55793d54cb92f5c52
SHA1:
5ac58002be4c66408d0ec3d2d53e4cb233ca4430
SHA256:
d1d540f066b2b6b048727365607b9d6741023f7e757d66aaed78385734a3a92f
SSDeep:
1536:LisKcB3WAAG7lbX0u79gG4NXzD/xqVE+QKlZEHqHifA:LisK8GAvNk+2NjDwsq+A
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
|
MD5:
b077ab58a182ad7db8385d26c9e7f85f
SHA1:
6039a1113a6f033241f9b4f9f366c8d6096d4403
SHA256:
9386a8ee29f2b341acc488383c184a893689d2b027fbdd7fcf791ecdcbaeee8d
SSDeep:
1536:49cA/rzRH00owA3qSePOZQycFDC0b9SZYTVyd42Ji443:4ZVU0s//ZMFWYSZYTEer
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
|
MD5:
bea158badbd7d0d60efa4b219908ee78
SHA1:
c06265ab2d0fe1dcc802e5cc579c701535261a3a
SHA256:
036e4ae335d59cc3556fc548d020ceb4df3baba18b1d54285a45962c67d7b623
SSDeep:
1536:cZZC4BpWG6uL7MisDSyeMLrP4T5I/PzFZM+m/cjlef:cZZl6G3GerA7SGbFZ/m/cpA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
|
MD5:
925fbc60cf88806e15f957f808360c31
SHA1:
5a7efae99699e46c7c6f83a755ee2921a0913660
SHA256:
fc02f994f8c2d9378d81a838c413141f7de0fed151e5dd96b3d8467b8e644301
SSDeep:
24576:GonrMDZ3gZ8Dlt8dV52OUjaWoWKPz52iJF3JKBCxJtE:/t7UeMYQWxYL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Security.evtx
|
MD5:
a8df225cce675054646588f0a9a57da7
SHA1:
daf54a99d1721cc043e3556b773375e1d6abdb27
SHA256:
116de6badf8beefcbc549be2c30fe040f3b2ed2bd220c28c430fae2f77e2ce4c
SSDeep:
24576:ChkmGoaYNLlg2kJcJn3uwGXnVdsNisGduBp08fEEVj8Y18s:QkmX9NLDelXVduisWuBtMEeYV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Setup.evtx
|
MD5:
febe1e3ffaed6b149011c87b13aabfc0
SHA1:
8169f17a3c4f8c6a7d9b61b43956d33dec0eecd1
SHA256:
66adfe0b408fada9d5fb84163eadbb4fa78bb71ae63b104118e971c1f564014d
SSDeep:
1536:kkMeVxiBFqIQjsOgY/JNvFTbtZDg8/B+zVFurC+dK5Vl:94qPjN/NvFvtBg85+zVF93t
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\System.evtx
|
MD5:
f7a3987f6288b05bb71d9bdd50af9878
SHA1:
bad491f4174e26115cb743d52492be483619d1bd
SHA256:
0001ce375238ee69d9edf03769859ccd413df64165eec52b79b40937d2645e23
SSDeep:
24576:ENemMD7ot+ejOsodayMxKxdg7ttSrTCXwN7iliJjrAJV:ENoneGda5xKWSlpi0XAj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Windows PowerShell.evtx
|
MD5:
08a752a73cbfe555369e53ff9ad3d94e
SHA1:
2a55d5193b8448103f86ddb8520ebfdc91f30d77
SHA256:
187d36f2f49ddf0e1b5979ec2231254b297546789add660431c4dcb6456693ed
SSDeep:
1536:uvJ3jWL6ve0ryaMF68wkLXw4YdviycCzAv9VoCYK83OllPCa9102h:uv1WO2naMNwwSqycCzAvO53APCanh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini
|
MD5:
4ae95f4f0d5e5a0ffad12527660c4dc5
SHA1:
3f8635b02adf535da23249ba418864d8565f1e92
SHA256:
9c319ece53616e18418d3ff86c96714da31e7beb3342d0a319dc0800f946ffe6
SSDeep:
48:BuM2iwlKhhjDgF18P0d9nF4jLK9v5m0oGddks:BdTzD61XOHKXRoGdn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Program Files (x86)\desktop.ini
|
MD5:
d73c315a4dedbdd798a0a89b577d5a0e
SHA1:
fc8eb690984c121270624d42dcae758824a40078
SHA256:
6e8e2561822b30531d80b7592be7f174815ec1b70c2448b3b6706b4bb0e4c277
SSDeep:
12:Suij1dX3d7kT70voPMQrVqn+zBKuRSvhgF53tlv11zQbqX+tufGP1Xyd3INrPDfV:S/j19p99QrVqmKH5C53zv1KeX+t11XQV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Program Files\Microsoft Office\AppXManifest.xml
|
MD5:
0a9381ed1d30782d38c5c87b6b0da403
SHA1:
813d7c4aae011d50adff130d15cbff204c552840
SHA256:
4a4e37795ca5a9feb22c42c66a374b43cc8b47c9bf5bc1f6c1d8b84d0e6327ec
SSDeep:
49152:hrnGMdgq7S3Vd2GC6z+c7TskKBhplv4UHShd+96oSVhg3NICgFk+xZIS6JGfI:hrnGMdgqad2Gpl7T6hp6UMTHhJhxEGQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\application.ini
|
MD5:
535fb31a6eed13a42c17b703db3ab587
SHA1:
2a2fe54e8ec9a0512c62f0876e2a68be61257e32
SHA256:
4cc5df993b0a43ce4017fdcce6a74e98d17e0e74ea28cf9415a546a91195536a
SSDeep:
24:hjzQM4YG7pJxZ/k7Yf0JUf+hCfAsF3YwNmQvuGGwBki:Z74TpJxZ/k79QAC1oQ2Hi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\crashreporter.ini
|
MD5:
fda9b5d5409d30ca3e95655aa099f016
SHA1:
a55e898f5252dbf227b3e451e7314133793b6122
SHA256:
efb8760242a7c0a5f225c745b2e704948e63deeecde11cde3f2472b081b81d09
SSDeep:
96:I1j7jezXx+m6osbQfpbNafW61KuKboU4t/1cXRN02cuX/MZVct:meDx+m6ofhBKW61KF4tNa470
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\dependentlibs.list
|
MD5:
1e1663c77b98f1884b512080557efcc2
SHA1:
0b37f4e059d89cb6c382cd42a949b508e231eb26
SHA256:
81633a9cccabbb4bc8d4a2e5a8efeb5770fb9731407454e7aaadd0f93fd067b8
SSDeep:
24:QihUz1vOZSklKsWir45iscdwXLr3ttZruNDZSa7xn6K/cjoq:Qi2z1WEsKTir4Qpdwr3xuNVH7xn6Kw5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml
|
MD5:
9eb3872b53d30ae0736372696d2c177c
SHA1:
cd50b41ecda01184efde1d2dc52f55238f24cd07
SHA256:
ecf591af6f5c1595a99cf10fcc76d6398d33436bca32ddec93f357005bdf6cd5
SSDeep:
12:QmrNDr8c+U+dl4iDuhRymO6Jk2gexXjsI46D6Abrwu7cnH1yQU1Pb:zrpNyl76zymFJBf5jsYvdcnVyQUp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\nssdbm3.chk
|
MD5:
ad7202285d93dc97656115185f1db974
SHA1:
d92e012f7cee812af7fac1194832e4d638430e1c
SHA256:
ab6531fa0e8b7c5fb33b55b1b853db5e5cfd8d0423b44e1a8fbb3906f4a0908b
SSDeep:
24:MXnHOKjajrsEdaBCeRf8VvHfw45mNII4ExWv5mbr7842VEUhuNLiadB4RcxS1:CnHp23sJCeWVhqI/ButYMWMB4RT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Program Files\Mozilla Firefox\omni.ja
|
MD5:
17a4730ff4d6461185da9c583b1708e6
SHA1:
b31b56b706729dea4a7f719d1839809328ff7cfa
SHA256:
f9a18bbd05f85fea0756e0e8d89b50af315bf3828726b581647e401a62eef79f
SSDeep:
196608:zFERSSG0ml0eOHj6ifUMHqA6E1aDugcCOf2V:xcSPl05Hj6iMMHqqfgcCOf2V
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\precomplete
|
MD5:
4b84679a0d802bf1aaca246f0899fd9f
SHA1:
cc17d69688fa0564e10d118475a5c06ed1b9df6d
SHA256:
229607bd1c57523f2d07b34aeba0552a81a5f0f243bf4798c774eed824d2a318
SSDeep:
96:z1Jgz76Te1P8GqR8y+Fpykg+s4w/8m9mr/a3u6fWRDjCA4CyLO3CGyLGM:RJY51P8GqR6FtrsF/8+Ru6fgCfCMOwJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Program Files\Mozilla Firefox\removed-files
|
MD5:
e28311e3a9d218dc4ed6528a465c92cf
SHA1:
1ac8f132e543ddc6cba74c1964d23413fc876c2b
SHA256:
93cc4a985696ed1f17a073915f8eef530315c8f04640d09883e972fbd5e69217
SSDeep:
24:Lp2dASsk7CkfWiC5Ux5IRg29lcRO7rYsj2/TKPOMtVp26:v5uCeInMk7rYH/OtDv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Program Files\Mozilla Firefox\softokn3.chk
|
MD5:
6a91db2ec091d3038a7686c81b79848f
SHA1:
48ddaf80bf02255daf64ecca199dba592a4bd02c
SHA256:
36a2f73417068a311eeb2a250bb1ac43a786b77dd7f809b7a3fc34817b166f69
SSDeep:
24:FyQfd6UXlSSEjB0N41UP1Ily+vW9KKexSg7gqltJXEwcZk1:FyQfVluBsc+y/vaKKexSg7p4Zs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\update-settings.ini
|
MD5:
600ffa0003d7e60df89ad886321e7381
SHA1:
a459e445006ffe4dec464b8a6bb5d5486846dda1
SHA256:
16a419822830cb16a7cd2167c8f56bac7335c0688e11222e87435b7cc4650d2b
SSDeep:
12:wgoYi1QATHC/KYmF6voffaBw1SZVAGWHwqpxq/QmrQSw3f4nAMwg:w5NQATHVF5fCBwkaHwyxqhQSw3fhZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\updater.ini
|
MD5:
de627ee3d5cb9f504ac13b42f5f620bd
SHA1:
7c5c5c23e16fe9a99bb720f3d61aabe1cffd9232
SHA256:
b80e1817dac38dc2f24854f1a741f81d246fb8a9d65a0d8cc2fd97738454389d
SSDeep:
24:h6AE9OVy6qV4EQ7n16DKdhPdzdbFfU5XGETi2cSFm0hFYx9Tvl/Smipt7xy/:ktJ6qKEqn16DKD1zFUXG0UTv1ipJ4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Program Files\UNP\Task.xml
|
MD5:
c9ceed6868c9f3a9c5e7126e5f95e9aa
SHA1:
cd5517ca5b6cce5f90a4ddb22f696c6f563ea515
SHA256:
e2850be180d1938bfeddb7e42cba7ba4563c082063ca67a9af994b325c967715
SSDeep:
96:nHDQTnuxc+id+yjOKiU7guNmW5FHGn8HuT7o6r/qF0PyDbBxVm:HDQfdFSKiJiHEbqoyDbhm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\desktop.ini
|
MD5:
4196439fa9f3ff2e949f964624708dd1
SHA1:
464803873f0811add3c2849c1e76f41bea122bdb
SHA256:
7d06ac7dab5e3369b906f2d32653693dcd26c7157ed27a87249675ac634fb025
SSDeep:
12:MbsHknscShYjd8FpF9pacHeF4PhXb/G9oZP1pF4Ruyyn8F/wxax44CFlt:MqknslYqrFLneFGQ9oZP10ROIul
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\rempl\Unlock.xml
|
MD5:
3cd0a705dbc0701c44fa56075fa6f392
SHA1:
a843525ab728d5835948d702717e83aa29a79c74
SHA256:
818d75963c8beefd84aadca526febe64e0e50b1be581520c75e85bcc98845098
SSDeep:
48:3k2uP9hGWDgvTHf4kXMBzFk4LokbFoImrrd0tOHKBbWQNq:FkYb/ppco0mrrd0tbByl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\rempl\rempl.xml
|
MD5:
4ac7b6bb959250639455940c2d185132
SHA1:
ab059be56a8e477958fb5b24a2aa848e1f0c37b3
SHA256:
ecfd292ee1ee59132a75d70c3a35b421f479ddd5e9532d41d1d1c119c79815b4
SSDeep:
96:dX0bb5+DJv60S3R7LmMQSpU0+bONQuiQ6kmd7FkzVxqCnWxjNrPjBo6tY:dXwbR7LmMQfxbOme6kU7FkzHojxB5tY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag
|
MD5:
b9b7e63f8dbc9c817018d25cb3b89ef4
SHA1:
b36390d24f3fbaa84ae38a2f471169390b3d745e
SHA256:
caf5c80b238c1148c219d2a37eca69a9db0223165f5c18477b3a5fa8b7460e0c
SSDeep:
48:OfGx6mew8tNzSVSGkqRrpqXTmh70GuWBwi2UZF:/A/ztIaTcuWBwiz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag
|
MD5:
1d46a33911f3f0d70af11c0a587ec336
SHA1:
9c4233e97d8fc47b7cda85e1b4c0f25e6cc0b6e9
SHA256:
c98a20988eea2424f4462bdef5afbafde6001c7ae0cdf42dd11d2d9f61db4592
SSDeep:
48:8EGv2CJV9Smzv/PLYBwEahKstU+ZsS21o:8EVCImzv/PLowEaE+OS21o
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
|
MD5:
5c1aa3975e9803b88bdeb02b42340d13
SHA1:
3c169f7974b5a6c91f3e8a3f895e35c761dc65aa
SHA256:
3cd65c6f0ccf3dc43f8b1ecd194f085fe24bc2cb5c27d9dd62b6fa1bcc2feba0
SSDeep:
24:kHLUspbdBkT6NcC1/uVptkj9hnGZzhCjkcKi+CvI/WM2vsBB9MzT4EHY2H:kQsfumNc2/u4xMZQwcKpCxJvsVMzT4wH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Users\Default\NTUSER.DAT
|
MD5:
9e97c73b6102616d052e8d625c837eb8
SHA1:
425c7424b3755cb2afb63e7483029c1b9a02e96b
SHA256:
39a569c65240c80dde368eab37472ebb5043909428c7e6ac0b3ba6a70df1f0da
SSDeep:
6144:SjIPhXEF8TI9nmNgxmcboR+1H4mdTvC6h0zaOdtH:QIPhXPTI9mNncbU+1H4ShTItH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Users\Default\NTUSER.DAT.LOG1
|
MD5:
a2617c531205318671f60785210c9f5b
SHA1:
3b833542e37eb3cb7ac91eaac826c208852feb83
SHA256:
959d4f9a0a6b7b3bba9ee1fe8dfcb49e7f39c7d613be52bd6b585d829241bc26
SSDeep:
768:RVbopq45RiVQucsZifhYHSYFTHUuWX4OgOR:RVG7imucQIuJHUuWBHR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Users\Default\NTUSER.DAT.LOG2
|
MD5:
19b4f735d92e317865cc7d84f9eb3c87
SHA1:
55676deec00ce0bef8d5a2738b095a1a7951ccde
SHA256:
8437361cedf0ea3f9404a3eef431b902743493a1e1471ec4f60b2dd4afe05917
SSDeep:
384:0o38s15QBQb6cv2BzeJPiniM/Uw4c0SfWIEIf8M7wI4l4I+Zaa:0o76B0gSJXVwL0SfEIo4I+f
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf
|
MD5:
573140408911239ec1832dc35b5d9028
SHA1:
d83f2edfac38586dcd52eae40b3c2d3faf1c1be5
SHA256:
3c2b68b4e8f9851a516aea8e49affffbda30ccc25a62c060361251cde81e5dfd
SSDeep:
1536:QBDC3e5X9/JQjN49oK2CWD3K2fdOPuAE7yLabW4Qw:0Dw2N/J6GX2/aYAE73/Qw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms
|
MD5:
86c4c1f7ee67b23273672b442c56b505
SHA1:
7eee8be73bda2e54b7bf81060b517d64fc3a5fa3
SHA256:
b093ed94d2d33017c3b3d8acd432c4a47d7fd119fb2e309f744d00740d25f0e5
SSDeep:
12288:vRvHHi4xGltyVbnP/+IGkdIFT34O7jASt2ikd3YV6YWwy9Trd+vlV:w4GyVbP2/N3rdUJ32xNy9TrOv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Users\Default\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf
|
MD5:
60597473c5fd7b234323d2732804becf
SHA1:
1308059bb5b413f4a308bd84fd15a347369fd54e
SHA256:
56cd4f645e02c879670a5bceadec035dcfde8498de169f8207d0ef4421f17c10
SSDeep:
1536:sEH82LkTWvOe+oIT8rSfKfm7lTKRulrFd5fDzP:sE5LknLjgbmBmRunP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\readme.txt
|
MD5:
f4a87ddad44083e27007e968b48ac3c0
SHA1:
5c06e217e1749c1a94fd9b5551ed6247bebcb236
SHA256:
0f2ac426052e2a1d07de50ae1334a83c8e93a8c54a94b59d0597636aa4559acc
SSDeep:
24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
ImpHash:
-
|
Access, Create, Write
|
Dropped File
|
|
|
C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log
|
MD5:
e1781a87ced556542045987f1b7becc1
SHA1:
d20924c153142b3afaa419e8aac5a89bcb859e62
SHA256:
cc51dc14aed7b0c1ee3924a83c1c6ce3be243c384e0962966b9f60a39447c9ac
SSDeep:
12:toftUZp8xkgXrYXaE/A2DwHJwTB6Vw5izY9QyQq:8UPfgXsXa92DwHJwMVw50Y9nQq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\$GetCurrent\SafeOS\GetCurrentRollback.ini
|
MD5:
fe7bb2021cd6612b628fb01cff43508e
SHA1:
8368ba47ce480ad87368c97bf9b01c2f77a75958
SHA256:
20afe621f4ab4bb070ee16e3a2a7ca01307573819391dee05bd8347b8ac89b01
SSDeep:
12:nxV0AiwGDRvHNUuGLCB4lJ3+X/QpHB1fPp2JyKnSEm3N:QAxgtUVR3QEHfHp2nSE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1025\LocalizedData.xml
|
MD5:
1607a95fe0e00ac54a5bcb4d138c1a8c
SHA1:
cd1326704083ce31fa204c1ebc914b7158dbbf5f
SHA256:
d82a149c1369f2d685bc6dbdaeb9b623787aad5e9b445c9e791ec46739142b9d
SSDeep:
1536:3QuQYF/pEX9wR4E6vqL5Gak8BFvYu8uroGdl6D9sbSNr2Ed:gVYDEX6Rmq9Ga7YWbY9suMk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1028\eula.rtf
|
MD5:
46e8b9b7df9097c721bbdc12cc91d462
SHA1:
1c7153306ee39fac96f79957470fd847570e9e8c
SHA256:
0c1bd57e13896aa5b49549cef592d5e146c2d1d21a6f6bd9ed56c17d88e3a5d1
SSDeep:
192:z812kQZffVGuUS650WyvroolAzgRVSMX9W5p:Iv0fdheOWyvrJAzgRVSqW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1033\LocalizedData.xml
|
MD5:
a385f0b3feb7b5db5eb8ea765fee018f
SHA1:
530b211e74f3aaff9894cd9af644e2e51afc6578
SHA256:
478891371279d6a8919ca8215d9362d9c5d1576c5179dcc7e3a19040af13fb09
SSDeep:
1536:3HwBZCY7vRrgXSQqAMTpGO0Xg1xhRqbtB4kKbOnDKpMfG7H4:3Kj7RrdT4Z2xKboJ2DDF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1045\LocalizedData.xml
|
MD5:
3f2a83d3ff79db62a191c8350d1153f5
SHA1:
588486394bc565835850596f332777f2c4e1dc3e
SHA256:
ce4726ba764bea29f1428a1f53b0d0a5c77694be535b13623b632d279e73724a
SSDeep:
1536:xVJF7UGYxVRNQYEs4Ef6F3Rzd2lltoXq0AtK3WQKCQKyG6/Ni/4dUH9C8ZoahuAV:xFUxV3QYAEqRBQAAtKGvClyGsNtUH9m2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1045\eula.rtf
|
MD5:
e8954df6fe1258282f12c66b1ed34d0b
SHA1:
3e30a3112a1d856810eb09bd423299bdaabb115b
SHA256:
e54978766538cd98bbdbbe8a57f1db4a6d3c715c5239af52763b943ef9426d70
SSDeep:
96:1HeomHW1D9Tj6JFM5dnBjuN/himUMSpJXANDTSBOZrgawmG:lmGx67M3lOhZ2J2E/mG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\1049\eula.rtf
|
MD5:
27a0572b571a9b0ca4ab47c4d806491f
SHA1:
d6a23634d6395e5aac8859573f671bc7c95f47a6
SHA256:
0bad0824779a40bd144ec146708b80c718896d821efbc4df887b98b90013a766
SSDeep:
1536:I9d5+l8tlRDr/3DbWZb9URX96Idekii/Mo:4dOoDL3Kb9Tszi4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\1055\LocalizedData.xml
|
MD5:
aff2f5fb4130408672cbd8156f2b4097
SHA1:
6f49b915ef9ae994b0e0daeb1ec47fb8e4d05675
SHA256:
383f6d73c60dd95a10835d87b9de028a3f795ff1c8844c880112e7aa62f02322
SSDeep:
1536:9MLCQV44zpte1VE3oHU0aAhRleweFNTFtvjfA/lz6McSL73VH66:9Vypcg3oICm3FNpt8cMrL7b
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\3076\LocalizedData.xml
|
MD5:
2439f0f4dc22b528eeb4f679148f47c4
SHA1:
04128477880cfffef8c749120c5e143408aea5fd
SHA256:
2e0a07d1476cef1e84f81c31e5b7154a0d78800d4d60c542318e324cfe302dac
SSDeep:
1536:uJhe/bKW1XPGku/FjFLEwKLsbUndSb+l8CvUW9SNZK:uwrJGku/FjFLEwRbUmebsW9SDK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\3082\LocalizedData.xml
|
MD5:
0894dfc06cc97278dec43afa990f0e73
SHA1:
71a4e03ec0a9cc4ae034a09ae18be96ba0fe004d
SHA256:
0cea55a0b66891a7e74b03e33fafb8eb72e441bf5764bbf11f2388dc5cfd0d24
SSDeep:
1536:UV2aZmAbgMcyBLdUJRZY8PoNj0VMoOAjI5PyQZPncyUuKgcIfNFBtJDBUK:UV2EmAb6nfPoNIOoOomZ5UuKAntr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Client\UiInfo.xml
|
MD5:
e2a88116166c189bf20cd5b74bbeb83d
SHA1:
d823d27f9557a1e8161c73bd730be1dbdd95e762
SHA256:
daa7ae1c98087dc90129c5a0f05c059390bd1ff62b7528acd4f559a071bfa11a
SSDeep:
768:gJ3sTBw+NpDPptrWQkG/7tq/3fHsdSvOHq+zSjfVcis7iGZc:e8TN9PptrF/JqffMoGHxzSRcjib
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Extended\Parameterinfo.xml
|
MD5:
c83b551b0f2ce60a0e2a652e13de26b8
SHA1:
c9575f5dde85992eff0729010f6b55433ef1844c
SHA256:
5f0dd5e08165498074f1f4c2d20392b7e250f01b2bcfd7cffdc7fc482e2da96e
SSDeep:
1536:R6kBD2z3EQNT4PhjW8Osn4Ttzvs0ukEZ8X4KXU/3Ucq1l5JcTGHsIEf:R1D2z3tKPh6egzU0uh/wUPkxJfH9G
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\Rotate1.ico
|
MD5:
32cdf5179c347280e21c69024a2fb21f
SHA1:
ef30ee12830772d99edfb1af378c956b486fe895
SHA256:
c63257b4a6228516ac2086ad3c72a61ce384df446b13fa73f8b89133ca350767
SSDeep:
24:Hf0epiKsMuMlekOYZ3BnInjn7aykhfa9EbP2giyft/JMoM6w86dyCh:/0onlBHZ3Qz7a3Vzb2gZ5uVdyW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\Rotate2.ico
|
MD5:
87e3b4317ad1143d9c9fef3439575838
SHA1:
9b4b58ad152810bac3301fa5d57da591f8b628fd
SHA256:
5370b13f92304d2357793e8626f4b585a8dfd3cc7b874ffdfab0658de6e764f8
SSDeep:
24:1TkL+t7x6yL5ip7fy6rRiz3yWzXb9bmeOFahWQ6rbGEYIOoP55ZXU49B4dFazpm:5kLAkyVipDlizikXUbFaY7CEYIOoh3X2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\Rotate3.ico
|
MD5:
d8244d42abe6e3cdff143868c99b7e1a
SHA1:
4fb7e97583d1a42af077032e949dcafe4dc8c699
SHA256:
c9be7199b9a831cfcb0abfa4c049eeafc885f444e9523f0f51cc0fff3327db38
SSDeep:
24:byBiZ3AlVUxsTOihjtaidhkOcp0YMG0id+7kcrUgax7O5h1gicSVBv2pcba3FV0m:byBiGlVUxsK8j3dup3k4qEx7eMj4vyce
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\Rotate4.ico
|
MD5:
26f8eb0db434813287ea5489f6eb63d3
SHA1:
534088dc99e59c42d05172139288fbf4b9a3a59e
SHA256:
73a2b68f76c4803448e4c464271a534ef5cde38720da517c3e7bd0b811134255
SSDeep:
24:MUCw/LHFCNAGQ4CM//YruXXcMAA3Yix2yJUq8DB+wL7XIlO7jorkvU5ss612:MUzppGQ473YrYcMwix28TwfXIyjorkvo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\Rotate5.ico
|
MD5:
2093eddbef6c054c22c6be4a3068e3aa
SHA1:
7b7f44cff6efbccae4d9f8070abd4685e5059a15
SHA256:
0a8c1a2b7af05a8eca7891d85c99b7b2c937fa919b2066aad5834a2146377275
SSDeep:
24:IL+Y9Om1wwf/lLQC21jYFNWlLV5xzE0YC3UDrdH7IJ9zMiG7TWuoAaq:49dniCBKVnxTADpH7I7z9y6i
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\Graphics\Rotate6.ico
|
MD5:
01610931b8316a702509b6094110d77c
SHA1:
4a290e4cb94962bc4b59f11d0932edcc83fb6c3b
SHA256:
6e0c219a3ccfb9bc4511e8c6ebd63f152640025b1899505501905a353ef5c3f9
SSDeep:
24:4YM3yXbFz442VCAv8HPtt23BUAf+T9d1RAr3MKI3kTclbFNY2f3ibctSZYUnk9tR:4YAyXC46St23Jf+Rd3afTcZFe2vS6tsg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\588bce7c90097ed212\Graphics\Rotate8.ico
|
MD5:
d8a13f254681bf586c0a4fe2bd96daf1
SHA1:
03026255d607e01f698e15850717ec054814aec9
SHA256:
2dc4dc3e7a6dc0dac4c7df79293a009f14c624614c8709e91bce8345a4b7ca6f
SSDeep:
24:Q2hMfQbUEbRV5/XYnAG+ay0BFN2AEVkrvmARX0cBixAfZH5OofI/nexyNfgVb+f:L3vY1+aAe7mi0/Unf9yNI9+f
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Graphics\SysReqMet.ico
|
MD5:
cdeca474d8485d0df88155c41b89f0bc
SHA1:
dd2e43531603f6176ab5c29bfc20ac38d9bf645a
SHA256:
73cfac5cae2f32b0b4a608c97dc41b9086062428cce343f9e00bc712bb04fd65
SSDeep:
24:ik7JJgFpbSh5dvfnKHPqUVPpYhBybiaWt/e4GIsWgsjtOIaWfvnX1sigl8+o3kRE:j2GgHxKIbEFYAxaCvX1sBno3YE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\UiInfo.xml
|
MD5:
d9646afcb68c579ed0de45ded5259032
SHA1:
9315ff3977e22bf813408c61b5b649b9221830db
SHA256:
e8944beee7bb013a462a9224e8f89d8ab2f0e015ff8b4a529cdb0d0c69048be0
SSDeep:
768:z47JJF5AsVDucddGhUYxooum5CRPHAMtZMq5iRfyIckSBsWTabb+45RurvY1:SJtzV36UYxoouWCFHAyX52fyFkDsevrR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu
|
MD5:
89bc52a0d7cc9ce70750698d319bca58
SHA1:
996b09ee3d0e05f58b5b2b17baa46831cdfe3382
SHA256:
a0dedb46606494569d718e7a31287c571e824941338f9f0b4e70258a49a9ce3e
SSDeep:
49152:4p7cSM+mDjPNqwfA4210Du83NDumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0eh:4NcSM+mfZfAYu8t1PAdXZzKUYxs3pKZv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\HardwareEvents.evtx
|
MD5:
bc7f13539b73a495f18dc75f94907c99
SHA1:
2558c26f8569fb20739c4231d0029b6cd209bfb6
SHA256:
2b389d60caab476ee3051a44da279f16d164f2142131f6f8ceaf673679cbcfb5
SSDeep:
1536:R0TXjHSRcwbkwvhbxRv3qv/hTVPV/DGUPcaiiwpE+b0cY61pgGEoNyN:R0TiGshtIRTNV7ZviigNlD95m
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Key Management Service.evtx
|
MD5:
8921e0cc9ea68c8e2c63a962112ca7ea
SHA1:
408291947a2adfecb27837d319b8597aef0b90c9
SHA256:
ed02183b2dcabe2b43db1e98d718962591cfe2fd0a0e71ffdff5f1399fc7263e
SSDeep:
1536:QPFLYK1qt/Z9i2BI8kBAEu1f8Vpy18XmKSsr5G9k3BPPMl:08smLbY2kVptX7SEG9mMl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx
|
MD5:
2557f0205d1efbd7c3a22343ddf558fa
SHA1:
bb0e6e25fa54ec327e21f2cdf7c2b1a431284d89
SHA256:
74498e8ba5554126fde2382ce09c301fd5b93c7f773979acab51568ae39b425e
SSDeep:
1536:JTciqvhel5Fn9ZXVHHzP4dkBkmoUjZ8p8+MKC7Z:miqvi5F9BVnzKkKUjw+ZN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx
|
MD5:
ec010b5dabf072cce4fc2b920a879acd
SHA1:
55e43ac43e37973f04666764d9665e1c7fe5402f
SHA256:
2cc8387bbcf9d562f4dfb4fc2be57f6e7a631fa718527f067ebf201ec73121b2
SSDeep:
1536:amMCn8VjeZuPcF/mW5gnhOnTZtF/Bc0bfCwkdtQs:VMCcj4CcFa4Tp/BL7Cwkdtr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx
|
MD5:
24e5dccca807c45949dbccc6615db0e4
SHA1:
0e725ad40e4508fefaa0148a82d83cfb5dbc8e8e
SHA256:
ec3eaca9a991669243f018a5c28c6c9a9a16131bd27256d364bbb5fb35db463c
SSDeep:
1536:wy+/dFZha9xA2f8hFWkT+zO2F20wWIWJ02:3Mvra9xAxZsO2EWJ1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx
|
MD5:
6fdb2f0f81bb19f032978812f3d461f8
SHA1:
654c2c57fd639397eff04fd7f3028d65d94e8e26
SHA256:
26e904d1e3cbae7e07d9b071899d5d90cdfe840fcedad5215f2b524c532d2e94
SSDeep:
1536:yRZ/drYQaA3Kw6IS7Vyu/I5LS0caJQh9drKU:yHTaqMS+0yXpD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx
|
MD5:
90ce4f3312fbfda1625da9868d2cab30
SHA1:
a517237be7d2fce185d5230e8becb9eaf050a6a2
SHA256:
921dba49d69ceacc8836cd954d80b20de7d0e3edc00a6a37be49b6084d1b3e8a
SSDeep:
24576:Dzre6o63HLxF8WCKYISr5+PAtRHKaWnu/:HrNoaNuWCVDpwu/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx
|
MD5:
d8be553c9ab6fa6f5520cf9a622c0764
SHA1:
6a9ba78353592ebd94b4c06a671ab6c5bf4a913c
SHA256:
4a76bb2b6ae98a1fe446dfdbb5adea532cead3856f449d6809355834d2fbc98c
SSDeep:
1536:NwBX9AQuVYnb1daIm1otaVtwga4XSdCjMTkUI9b8TPHKx2wFeqnW0rRw:NEtwVYb1daId1YSdC41I98rHKL5L2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
|
MD5:
bc05971a3b18de20d0ff6f66c1a71118
SHA1:
43a5f17531cb8929c80227948f29865383b652f3
SHA256:
f08430748664e9a59759bcdaa05af8b8f8e0469e921bff9ded6d9e4ee6eb7610
SSDeep:
1536:/zjyKYRbLru+FJVaWgmYasJMiOnj+Yb3IZ:LGbu+FJVaMJsJh9YsZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx
|
MD5:
ba8af3b10d18cb4d6796bf7d3de7ad1d
SHA1:
5f896a90765302cc845e3ebf4a19d45f406d5bfa
SHA256:
64e8991fb8ea34e9c604e19346d14f1df32981677115edea072bc982a3bc99e2
SSDeep:
1536:QhioVNhlIp6lsOqqfXDZVlXPsw2ndGYsvD8MQxsPkCdc:foVqWGoTb520jvDdQWcCdc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx
|
MD5:
18ee0b8303e25dc9b8ac67ee13f8f8bb
SHA1:
ab9db510a65f56684bc3a73cbb2ca9950a569d75
SHA256:
09c89b38fd64e7b151053fbe7dd320080c273e90c54c2e1acb6b6cb6d0f87ca1
SSDeep:
1536:PdjX3HXLQbjp8MLHkp/z8wj0jzc0Ds+bk+qkICWGJ+Qcy6i:Pd77g1Hkpdkz3DhksXUji
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
|
MD5:
ec81bffc5ca81bb17fd5fd55c299e4ac
SHA1:
af1078a546c81a13a0e8e512d8aca1b8d3290753
SHA256:
312c27fede4782ff6403b7a32bece6ecf914d172cb2a04a66a99a61517564b3b
SSDeep:
1536:Die7VBHuDjVgWgSbNVXmwD4PIEzMXilwDv+4tv28uovl4ahGHvYzA:xXHuD6oNV2+4PIqCTi42+jsPiA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx
|
MD5:
b37af47921f0f0417bcaa5b59df54d56
SHA1:
409640581464b9a6058b593557724fbe693b12ff
SHA256:
6472af945b211da6983d1b8b46a2912f3468ed543f0fa6cc5037bf796e37e2c2
SSDeep:
1536:AOCMazIntYLyI9uSzoedJoqdGYWkAusWfIQI13AJUkHmhHoglnx:N+YKjBdv45kMQ8fmAIkx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx
|
MD5:
96b381894685e432ee335f6604ab658b
SHA1:
a4eb203126343673e8806e16c4af7abe244f7b44
SHA256:
90a190a73b4799dd3beb8c400241a0566658ff1ffaae6e54c3fcd4404067e341
SSDeep:
1536:xuJ7fwvWImLG+qXFzYGxAu/b6Smea6gsR/2pMhTh/rT6WvuUY3A:x87f2AKNF0HueSfng2ao6WvXmA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-International%4Operational.evtx
|
MD5:
66f91734e65742c7024f83f8493ec468
SHA1:
edd4ad2f064432c12bc97eda2a727c4a97908b39
SHA256:
811b3562f5554374a45ddadfe4dc4667e806b69f31b9fd654f8541da1450702a
SSDeep:
1536:54IwuRHgrVmkQCx4imstA2fQ7c7b/mziwnyPXj:uDuRHgrVtQCx4imsIY7rmAT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
|
MD5:
d430954dfd16adbb598b85ea93716b5a
SHA1:
e46dbbb8aa4e8e4a36abdd4903fc8eefae1cf21c
SHA256:
a28e94aecb15a4f1e8ff8817fbc7c18054c1620414411c9a22ab67650c3b3c9e
SSDeep:
1536:T85DMrQQLuZi34QZrxa/DLgt5BG7d7ORxOdqQb:T8ZMrpLuUVcLLW5Sax8qQb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
|
MD5:
a6f99f58285f44bd9027da0dadacc91b
SHA1:
2efa0332423faa35e884a308b3885e2fc35098f6
SHA256:
a4fd0ecac3d42dccf21c3e640a901bf9f6d15a6236b7a8782bc8a82dd56b736a
SSDeep:
1536:0JCh7L5fVc6tib4Cv0dCnZXPGC7eQLBl13IvWczwW83n:0J+Jza4Cnh3eQ9l1Yuc8n
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
|
MD5:
e7665257887e718069a7fac55d48263a
SHA1:
36db4d9e0752d269c40b54d6e2395df128b269f6
SHA256:
e2f6709f04979c9a53461d3408e5b638fa21883d34ce63bd320e9ffc99d7f8c8
SSDeep:
1536:+yo1amOWxKhsvAnL7TqSfl2hiiNXW7zTHKBarLMWRC:+yo1amvqswn3uTE7/Lc5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
|
MD5:
7644994989e225d7d2e1340acb3c23aa
SHA1:
01190b2f40e745c37e48e5b9682743c9d2cddd48
SHA256:
839debdf8bb6366aa9d996c998ad4ef959156b0b67fded6e70a9902c3af739b7
SSDeep:
1536:z+3nY8Z/L+bQz4vmx/43SsM21u4yW+mwGh9tPncR:MnY89L0hmx/ySsM211GmPnncR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-MUI%4Admin.evtx
|
MD5:
93d86c5d972b4d42fc5af91221a0c904
SHA1:
1a07d9c887e7568f409177fb92f04c26afda54c3
SHA256:
c1bf31e0e681bac7ff7768ddab852333af803c3731c5e616b261faf797bce5f3
SSDeep:
1536:ztdgSyF+G4p30UpvKG0Pwj7x6Cy7nRfmAgR19s1pbAJ:EBC9v4Yjc9jRlUs1+J
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
|
MD5:
04612fe1cbc6610d3b0144f166c3103e
SHA1:
dea4d90fd6fbc720391f9f7952f5c8d739854bb0
SHA256:
e4d1ba62e48cd5cc9fb58f187cd232af1c3712af0d147abdd723fa97be91ce79
SSDeep:
1536:N8y9+uWJl4MFJi+XtUql12upL1L2M0kAkEbZHlNoZrz3d0yi1t9hvHkyWo+bhj4q:NwBJpjz2aNYkAptQH3nU/RHky/+b1T
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx
|
MD5:
0c1d8a5b1c309028b7508ed7e0c638ee
SHA1:
ca2e34a255a263c5e93eceaeec04f6ee44fd81d6
SHA256:
0915352db9d9394b866f2155b436e5736478bcba72a2058283eef127ecb923b0
SSDeep:
1536:U3olV1+Eply1WryeaeOGMfuH2+4AGqk8Z7G0O5T7FSRQJQT1C:8olV/y1PyNZXGqkFN5PNB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx
|
MD5:
260f95bef9f555152c1a2a3d7ee479f3
SHA1:
033ff06959a23290e3049d865bd26ebd0bac513d
SHA256:
35ac3a5f26be09a299f3048865ac2d98f6f63100eb770b7cf78e93872e9508aa
SSDeep:
1536:hSgWUI8ZCeQ2by65Sq+Xh5DV58QlU6KKs7M2/mbOOaYZWa6gElnfq:hSPb4CPUraR5DV5HCCs7JObzaY0a6Rpq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx
|
MD5:
fcd8fa4b46dd4ac8ccc341ef448afde4
SHA1:
1f258b65ea6f4b2d2ea89b02902ef91fceb60cae
SHA256:
483f88c7e1cbcadb1ea66f305bca38cc118747ed72edfb215fbb7ba32f1b41fc
SSDeep:
1536:cxbYkOTE2Ch9pQYpxW1r2rdGIgNV+EzygHfGG6fD+U:cZO4OgWUdaNzN/GG6rl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx
|
MD5:
35a278496c1354042835345e461fa5e1
SHA1:
76cfaedf27e8f32019145bdb671d0bdf5215390e
SHA256:
7ca9e6489f344bd2f871071f21d11c61ab0f20016d9d69f52bac84f282fa4039
SSDeep:
1536:l8OzYYRBWv6Mz6P1w7Srb2SB1E52pYvp2Ng01OSbO4GlALya:l9z3RB+pSrbNi2pYh2SvSy4GOp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Store%4Operational.evtx
|
MD5:
039740456047441408a198da1e59ac1e
SHA1:
9902aa8c2616e582328ad30732482537221cbc2d
SHA256:
e948b4d3bf1cbbc9326b5d448c6d6c9323e3fe3629ab912dbf2b53583406d092
SSDeep:
1536:xnGj/DiF/KZadgxJfJLxYn5VVJcg2rBovwq:o/D3adgrfJVsvJMr9q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx
|
MD5:
e8060f8c592ddeb90e31615b55441f6e
SHA1:
469e93e229e2d694d6f0e77bcdc2584b62d2db63
SHA256:
781989a1174e1d78ac88bf6ecec653646723823257f41e0061971cc6d05fb3ea
SSDeep:
1536:d1+fsPhSN4ab6o+mOplsyixvFJQhNSIozatvhm9bYgvNIEocehE:d18N4ab6PvnidvQfeat5m9sgvyEtehE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
|
MD5:
e688621f7a7090e040d1e7833748c9d0
SHA1:
00cd88a78f57d1b3be3d5f44ec826c488ebb4f35
SHA256:
0cabdc94eeb2f56214250773bb3b3e88de435d8b14299d777bc4d19fb38defb1
SSDeep:
1536:RQUqjUPZGlbZ8a3KQS9qCRURp2NHoXQKkqSgeSU7K:RIA8BZTaj9qKUHmogXTgd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
|
MD5:
0aea8a5b87a6cd85d952ae9e66504542
SHA1:
5b3e56a04d8ce78e5a1da30803ff1bc233f96053
SHA256:
741edf36dbd018dceb4657532f4ad55a9e52977bdd2672cfd5a45d4e6b8883cc
SSDeep:
1536:e0h3YDojI3y5i6mXEW6DVc+iUgoW/KYHHo5H2QraR:FjFmT6hcJCY828aR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
|
MD5:
25d77b71a6270458e50e3c24c7901e12
SHA1:
831b14423351cbdc00bbc67c45ba784c0eb6e858
SHA256:
485971d58c8da5ef6af25936edf16be633fd71277925e433f1427076d5c77512
SSDeep:
1536:+hJV6GuVdEwecR0rWRAmnDZ0xLlRut6vQTivGjKc6qpRy:+hJVwVdgUdRAmnt0RmhT+G37Ry
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx
|
MD5:
62c9f167411dce885d9af330e73876dd
SHA1:
10a713f783187e77f617c7b26d2e5bae6d34febe
SHA256:
fadda031b5676c5b9cb8811fc405465f38c6b43339fc1a4614cd717278497f9a
SSDeep:
1536:A8YizlyTrSru2iK4IqtzeqB3ce3yH+AhzuaLGkYfTZ34D2akKsOhbxfNp3bOI:DnzkSrud+qAqB3n3Czu2Mt3sd/PfrOI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx
|
MD5:
15eb2b550fb13d2c79ce5e09b35d3bac
SHA1:
c87ecf9f51f7e14d3649c02d9f87f5b9a7897ebc
SHA256:
534f7acf08e631b7edc5e0d29b7393f9d5a33b2020ec9c6c7f62f86945aed022
SSDeep:
1536:hnB6T13AzmHDJc3hoaVnqu2uKfA/wCsxCBmM/7PIIx2zq+m:v6T13IyCZb2XmsVM/crzq+m
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
|
MD5:
d1271d95aa4b7b0254cc9ea4416e990c
SHA1:
2eb05fc773e97afef673e527b25ad5f15d2663a0
SHA256:
85480811f54d10d74578d13b19f589e08d439594da5aad2acc39da415b54a402
SSDeep:
1536:NPHiR4CWeQcpWgZL4pge2RS2Zv9Qn3vrb+b7vr7vXj1jt:NPCyCrQcU/2etP8Dzj/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
|
MD5:
891cff4cc3d6ce1237fcb037ba157407
SHA1:
69c10e2245c1d55e2ff699de2f6be222b53eee2c
SHA256:
5fdad93bf334f43ebc3535a3ccaae4ba9143b39ea02bd3ff71a5cd9efc499b07
SSDeep:
1536:xF+dr0Ki/JFqWBH3UkqlFYS9a0GtK9R92A82N11nd/:xF+CKSAQlqlFYd0r9f2AT1X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Microsoft Office\FileSystemMetadata.xml
|
MD5:
bc3cfb72b3ec73a495e45631a770770e
SHA1:
e1ace4fa70f0ea06868eb95747bce2f7a6a94545
SHA256:
8ce7583ce1978356f55aec752e50a629116559ea7a40049a569818536ecebb54
SSDeep:
24:YNylBLtIlN2ATzis4p3CCELM2VL+uMneJX:PlBLwBTz0CtHVLWmX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\Accessible.tlb
|
MD5:
484e70017681a863f8965437449e5430
SHA1:
c6a99b1a8a161957246e4b9e4035ccd2a2e490a0
SHA256:
d7160de845f6303c9869949307bbe251dbebcbe6b3810c668737a3f41208602e
SSDeep:
96:ztGPfXMOC5Z4y7EX9QD3w1rz49kM5fp9rjhVZlpt:zEPfcH7EX9QLUot5LtVRt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Program Files\Mozilla Firefox\freebl3.chk
|
MD5:
0cde298bdf7e8b1a2200de8308ba60e4
SHA1:
55b3758b0619044024c0f50adb0f453020991043
SHA256:
75cf92594056ea29daf57bc7d515a4004df98fde23f0749154457d76a6e7400c
SSDeep:
24:sRbPtzMsK6PypyVJbzP8Da+jGm1Ea8p4yJlS6sa2ApOxlu6g1Hbawvmi1:CpzbspyVVUe+jMa+bXS6sa2Agx46g9fz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\install.log
|
MD5:
115d67826b952b40a02a77facdff3ec2
SHA1:
365639976649afb1ebf471fed7d5b3900ba28a3f
SHA256:
0f96beef58a297f06343e98f4f5848f5a9081955757c89bafa169bc30dd4130c
SSDeep:
384:0mzAVQuuv8TSy2b7p9rSZhe4zbiPCFVjNmo2sft6jfk9hzvF0oT1O9w+EUoXYNEf:C9G892bFlaP139VFt49w+ZoINE4qT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Program Files\Mozilla Firefox\platform.ini
|
MD5:
777ec0cba7360083784b7b8224660d82
SHA1:
3e9453ee6ec70c0f772077dc8f308e91e6b5fdbe
SHA256:
16cb636caa44309b5e7d6dab972d4a9404ac464f19a87ebccdae2971e4388378
SSDeep:
12:IZFbJQYPnRcw5gXtNlPTLBpp/vz5nQqXb3Oolf52ZBph5NIvApb:IHfRckglBpp/vz5nQqaolf5Q5C4p
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag
|
MD5:
46674217e65915a1ccbc5305d6e0431f
SHA1:
80767f14978beec95d47577fa789608ebac42621
SHA256:
041fe7c2901052b34163ce2e848e71a8d3fdd57fc5b1aeb03f5300cd3bdda9fd
SSDeep:
24:c9u0S/uT3H/yaOUu92hhIlvaoHOMgg8ex0fG6Aa6QIQKHOzGv+V5w0axAWrY6N:c9jzLfKUuAhhM3Oxg8eqlJ5sqGO1NW3N
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Recovery\ReAgentOld.xml
|
MD5:
454ae64543eea7fa5da8554c0a0bf98d
SHA1:
9b380fd64468090baf6efdbba0a5208d770a83d7
SHA256:
bdbded4a90c736f001cb6cd88c053df056eab391e5a401acb048882dc099108f
SSDeep:
48:qVo3iv/EVWROEh0yLo3W1rcmTovL81XgJMDcP9q72CJIkt:qiivzh0uEW1rrTUAwnP9a2CJX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms
|
MD5:
a5c8bd8ecf4c229e019c4d21eb416f40
SHA1:
9fb1e7b04181b94fa336c4f4ccba5b1b77d10b88
SHA256:
387c51dc6ccb789fff7b3786be8006d1c0d46b06dc82e64aa54c60b60c6128e7
SSDeep:
12288:CTjnIUd3PrgeOC6YnhFSWXfBnnzDhaSLhRjs:ATr/roC66SWFpnhRjs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
C:\Users\Default\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms
|
MD5:
98694877687d411ce6e1e3c856e97cc0
SHA1:
d636a795d33b1cb9591c65544afa3cea0029d3b5
SHA256:
820b027b6d37397b4a41b39d3ab518fb483c26e098656fa6fbbc951d207d49c8
SSDeep:
12288:ZvyyDFvMMdGuOk4cqAD3bSq+8GxzE9WbTbKV2d86J/YqcPHMH9v:NyOFxGFk4w7+8KzPM283Yv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Users\Default\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms
|
MD5:
79aa66cdfb5a663e32b3433c2210f92f
SHA1:
695628cba87cc575c0ed1f9d49674f46a9bbdeec
SHA256:
fb4f03a81a0c70caeb8ebbbf9349211bec88c7cee9c8e0510fea4cfd1b49780d
SSDeep:
12288:Gv3NuGxL+As2vNEhRPm6Cpj15Nvk9lUz7AlZR54:kuMSA5vNEhRPm6uj1Qt4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Users\desktop.ini
|
MD5:
f4864fa12d287c0675dc386ad893825b
SHA1:
4bc846410bf42fdd3aad93c935094ba73e863e60
SHA256:
21a04eb2422809e9ce26019de669b849a17a454cbfbf0a3e20948f41f2467439
SSDeep:
12:3oFZ2u++BMYln4bkpyQznHE9s+gWDbv8D9DO3IFCgftxLh8Y7Tt:3CI5+BUbkwYnHE9swvUDeIcgfjLhl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\$Recycle.Bin
|
-
|
Access
|
|
|
|
C:\$WINRE_BACKUP_PARTITION.MARKER
|
-
|
Access
|
|
|
|
C:\Boot
|
-
|
Access
|
|
|
|
C:\PerfLogs
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Common Files\Java\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Common Files\Services\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Common Files\Services\verisign.bmp
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Common Files\System\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Google\Chrome\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Google\CrashReports\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Google\Update2\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Internet Explorer\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Internet Explorer\images\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\MSBuild\Microsoft\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\logs\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Reference Assemblies\Microsoft\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files (x86)\Windows Defender
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Windows Mail
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Windows Media Player
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Windows Multimedia Platform
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Windows NT
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Windows Photo Viewer
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Windows Portable Devices
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\Windows Sidebar
|
-
|
Access
|
|
|
|
C:\Program Files (x86)\WindowsPowerShell
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Common Files\DESIGNER\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\Services\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\Services\verisign.bmp
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\Ole DB\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\System\Ole DB\sqloledb.rll
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\adojavas.inc
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\adovbs.inc
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msado20.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msado21.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msado25.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msado26.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msado27.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msado28.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msado60.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msadomd28.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msador28.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\msadox28.tlb
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\ado\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\System\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\System\msadc\adcjavas.inc
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\msadc\adcvbs.inc
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\System\msadc\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\System\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\MSInfo\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\OFFICE16\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Source Engine\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\TextConv\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Triedit\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\VC\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\VGX\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\Content.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml
|
-
|
Access
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Common Files\microsoft shared\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Internet Explorer\SIGNUP\install.ins
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Internet Explorer\SIGNUP\install.ins.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Internet Explorer\SIGNUP\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Internet Explorer\en-US\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Internet Explorer\images\bing.ico
|
-
|
Access
|
|
|
|
C:\Program Files\Internet Explorer\images\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\COPYRIGHT
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\COPYRIGHT.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\LICENSE
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\LICENSE.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\Welcome.html
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\Welcome.html.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\bin\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\classlist
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\classlist.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\currency.data
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\currency.data.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\flavormap.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\flavormap.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.bfc
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.bfc.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.properties.src
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.properties.src.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\hijrah-config-umalqura.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\hijrah-config-umalqura.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\javafx.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\javafx.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\javaws.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\javaws.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jce.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jce.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jfr.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jfr.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jfxswt.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jfxswt.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jsse.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jsse.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\logging.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\logging.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\management-agent.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\management-agent.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\meta-index
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\meta-index.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\net.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\net.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\plugin.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\plugin.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\psfont.properties.ja
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\psfont.properties.ja.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\psfontj2d.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\psfontj2d.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\resources.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\resources.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\rt.jar
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\rt.jar.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\sound.properties
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\sound.properties.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\tzmappings
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\lib\tzmappings.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\release
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Java\jre1.8.0_144\release.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation
|
-
|
Access
|
|
|
|
C:\Program Files\MSBuild\Microsoft\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Microsoft Office 15\ClientX64\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Microsoft Office\Office16\OSPP.HTM
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\Office16\OSPP.HTM.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\Office16\OSPP.VBS
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\Office16\OSPP.VBS.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\Office16\SLERROR.XML
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\Office16\SLERROR.XML.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\Office16\readme.txt
|
-
|
Access, Create, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.ANCIF
|
-
|
Access, Create
|
|
|
For performance reasons, the remaining 1489 entries are omitted.
The remaining entries can be found in
ioc_export.txt
or
ioc_export.json
.
|
