Filename
|
Hash
|
Operations
|
Category
|
Severity
|
C:\Users\FD1HVy\Desktop\sync.bad.exe
|
MD5:
86e048d2eae96a817b272a2a7258271c
SHA1:
b2104da751de1fc8c0d46a068445b0034ec30912
SHA256:
eacbf729bb96cf2eddac62806a555309d08a705f6084dd98c7cf93503927c34f
SSDeep:
384:qX4rB/u6n7+nGKuaKnsoQEu1yzJlEP5k5L/7KVfinNTg836viGfZ+MK6jYdY:qX8BaisooUlkC7Kdqb36dpKg9
ImpHash:
8d518b60eb7941a1301aa520093a7c0f
|
|
Sample File
|
|
C:/$WINRE_BACKUP_PARTITION.MARKER
|
MD5:
777e0a9866dfc82e699ed134367564b1
SHA1:
4f58442566026f4302fd2689db2a7dbb2cb998df
SHA256:
9acc63b31055d85d91203a6067ce20826165f1141121f11ff0f216eb908e2ac4
SSDeep:
12:OCoqaRFiNpCKHj6b6IKaokCmfVrOdRJgwFnVS/p5eWY1M:h0RFAkKj6b6IKaTCmf6ww9o/pAWYO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1025\eula.rtf
|
MD5:
94a374695d537a9928467c22beb7bd76
SHA1:
dfc8949fb6de5f444595a315fd9ad7be95042224
SHA256:
8a80a7973cd36c2b5e3a1bef5b8ea4731163d674b1f6090f02c8103afc965a88
SSDeep:
192:GCoDxpuzh8cJ+uNR8wDzaIrv0L1hvARAr530mevIFxjC9LutDO0fBpXNw9:GCoDPuCytRnyAv0xHl30/v8xj3tDOkBO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1028\LocalizedData.xml
|
MD5:
32b28adef837c6197a794af3db6f9f22
SHA1:
6454b597a92f0689a16346a3f1315566c78ff2b8
SHA256:
c619a9b3f4a97e9f99974120ebaef232f7cf8eb374d73f118c9dedf94ea11576
SSDeep:
1536:aj38OnXZrZXWT+ZToSH87YNxxJbI0dgI7trYPD:q8OJrZGTerJE0dgmZYL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1028\eula.rtf
|
MD5:
5e9281308849e5c9dad771480410b900
SHA1:
ca6d3a7dc51fa7c8a0dcacda6ebcb881837c5133
SHA256:
65d7b0f5ec8e47680b7d0e2c57e7f3665d0f17c2ab78e5ed7b12a4c3ac8d8ff5
SSDeep:
192:gUOkrL/SNMfSV/zv54DdkZ7HHNHDasLxR2Xc3Y2R0u:gUmNPV/zv53LNjN1m2Rf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1029\LocalizedData.xml
|
MD5:
e84278bfba86f237a1eafc350916694e
SHA1:
3c2056ae10a57b1b3224372f7c5c33b5c2f75c02
SHA256:
e4165ad8dd25340edde1d6537325c54312d92b28eaeb145d045d572100029c17
SSDeep:
1536:gx1sw9SbB+YAwFX9mFr2WbTP4I0IV0Z5wWrz/ha2hYtsQPISzxYvxokq/lE:A+w9TYZFtmFr2MkDzH/ot5PISdCxokWi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1029\eula.rtf
|
MD5:
f9deb3466af7914ef35d97aa6640bc10
SHA1:
e650222b98dfaf4181c4b11aa7e89a98da8e0e77
SHA256:
b7f18fe81a216d90f156d9c062da20c650b0835f38f19a973e91e95fb16abd36
SSDeep:
96:WLf/JEWYtxpuiJcip+H30+zBqrcTTqCzKz0ezgFQz:eXJETxpZcK+HEM0AHqCzKzTg6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1030\eula.rtf
|
MD5:
dc6584524ad3377f2c94f7227813e92d
SHA1:
aba31ee18d668ae4bff8133ab13a0bf8b73a5611
SHA256:
8c0edbef25b7b85f4677c329d85633e866ffb759551433bb29a0fa92cd21e144
SSDeep:
96:eOIKDInvTdrYene8coZu5NY4xZ53Kn5VjI1OROMak2s1GHDG43v:qwIbdrYB8vcDY4snjj+cj1YDG43v
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1031\eula.rtf
|
MD5:
993a38777fd21824508c71511a719aa1
SHA1:
7e10dab7842de31907766541dd3aeba01b338203
SHA256:
9fef6c812aa21291300e3f92b2bd255b31bba9804c6e703d452f3427cd9339b9
SSDeep:
96:oEX/3aIwN4shU5bxiTWgbAnHXxdxP8tzswiDQ:on7FU5bxKAHlyKQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1032\LocalizedData.xml
|
MD5:
a0d6a654d8241020fe2ae966b6f31aff
SHA1:
25231a40f366877f98d9147dd3af20e1337ecb75
SHA256:
805a09df0f5b111b22af23bbfb19b6eb6c86385bc0df0c017c85d2d10c2191a5
SSDeep:
1536:QF/4At9vg5n63DeIyzpfF0+OMXjcsozNR7pYAhz3+Dq1sCyeR43l7r:iL9vgV63DeIyzE+Oj5uAhz3+DqizXr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1032\eula.rtf
|
MD5:
ee392c910f377af43d0874a17ecc2895
SHA1:
98bc8ea5b46ca216a26c05470880d39dcf46b4b6
SHA256:
706bb70be244c7f4e40aa00d69458800fd1feefcf284370c5f143d8e5690575b
SSDeep:
192:axLukI3gq6ydgpUJu9lDc+Exisg/T8gbxkDEO9dVI5WCYfyMA/:aVgdg+w9SxO/TBbxkYOLVS1X/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1033\eula.rtf
|
MD5:
cd80b2264d406589116d42921f636c4a
SHA1:
8cd23bf60002719c73c97c403f3e1f1e31927371
SHA256:
f156a820509ce0fa85273357a000a67d4863f2be408d0c982b4465239d1bd7c0
SSDeep:
96:XfJyGxi+C5rocQI4f2hw52INdJZK4O4Xczv3TUWWI:XMGY0JIa2hrKJFXcj3TSI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1035\LocalizedData.xml
|
MD5:
a4764403ce226533308187f0234ec1f4
SHA1:
a51f4e4954c2e3312d478677f6bc669dd7fed2ca
SHA256:
7882896bab707c93988bccf82082a57adb5ee8e7a8f1ede944fac24f55619fbc
SSDeep:
1536:XhBVqHZ6nVQvUh8EVyr17vsWIXN1fIcQ+9QUbgwzt85HNe:k56i8w17hIdVlQ+3cwV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1036\LocalizedData.xml
|
MD5:
262fe0584a5db7d74325d059a915e133
SHA1:
89a2dfa198d4b79943faf5961e52f002398c2acd
SHA256:
4419e3cc563a93c0e391312fe8b9b2081e1c1ce836e9f364c0058e8728d593fd
SSDeep:
1536:NbGQgQrm5T36j4I0CpDGDB5EXwZqCoIVBp5Tfl9trgPKOd+wyp:Nb7S6jtpC15EXcL/p5TtjkPKOi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1036\eula.rtf
|
MD5:
f8d737d4dbc8fce7608f2258e7afee56
SHA1:
aae8e6ca430e8c19d885e57b5618167a8271362a
SHA256:
ce05ce1331ada7a86c1619984bd635540acb0e027c3d772f7d1c42a3deaf267e
SSDeep:
96:fwf7oMJgAgh1k5nuWrFk7MIZKV7AjbcDXZmCCWfcNhzHJ:fqcsc9WpwUabzHWfcNNJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1038\LocalizedData.xml
|
MD5:
a6021140d949a771ba4587650802a439
SHA1:
a30efc994b8e6bc39c888057ae399ac0182c3c3e
SHA256:
888eb827131a9223f7cdfb47904a781cc93e6948ffe7a87ded5bb65caf07c0c1
SSDeep:
1536:Hr0i60zOzf42UfoI7nMb1oFkuR7L3UQkzd0MBLfBfStSiYh:FnzOzw2U3MoKs7LkQkzjLRStSFh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1038\eula.rtf
|
MD5:
31275e20cd6307dd97eebe341cf7c1e7
SHA1:
33dc2c3b1361dc07eae21f246301e58ffef6a27d
SHA256:
932488c7bed06a68c55ed10b2baa4721563e8cf90390ea4186d89a5c3f40ed16
SSDeep:
96:Ci3F5XIRvzgREWTZh6UbkJchkYaIq9KI1V+eaTKgMEdweY3s5ObRkc5YqXC:CqUgRtf6UbRkgmX1V+JTNr+efWmH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1040\LocalizedData.xml
|
MD5:
34ec6d4a8a9d2f6d9443f49b385ad0d9
SHA1:
969706a9b7e0c2b7d1eef16a36d0a3173b3ed37b
SHA256:
b4086cab60f113d5a6abf11d0d9c69f8549bfcee94dd124c225d7974e01b5a31
SSDeep:
1536:jJWd14uXnlO4+HvriApKifxJgdqkUvzdrg/iIZ9Mv2Oq4qQwQ:Mdx3leHvrlyABrDivQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1040\eula.rtf
|
MD5:
8e598dac606f012ef99f2fd2b0450e6a
SHA1:
8cdb3b2a5046757bed1f34b599da345665380731
SHA256:
7c78e3d8a2095d3501a2731c1058cf6b0ea78b1b1686f5a0b422806ffc0d835e
SSDeep:
48:vyTrwSBL/Ut7UyjK4HxpLTlo6xHCru4LTkz0kCcBSEX2tXUWX/rtRSLp2qkmZVjN:Y03tQ+KAnTu8r+Q0kCAOvSK8pVYsNZv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1041\eula.rtf
|
MD5:
c06746634cda170af9ee299e5d7d0dfa
SHA1:
e7d76068352f30c6aadcc429d26a7d694d177533
SHA256:
10931020b82aa6eef9fcc2756c277b8db33a1cce2b642182ba2dc4a215def335
SSDeep:
192:oFVSe6cwfIy2PX7gSvnXUyuEl632Gx1d3IsUS+ro+GVrcFgZpQv1N5+9CLQ4KS:oTbcAnLZvXUFEch1hysragDQJ+9Cko
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1042\eula.rtf
|
MD5:
88a9e1f3dcfe446d6ef72e4a39180537
SHA1:
2d5a3861885d08ef2d2f340f6f2d1267d5e74cff
SHA256:
b549ec3aaec19d29430a1c46f627421ae257521322f1bb2cdc76a01f4f58ee8c
SSDeep:
384:67MSVXqV1ZgFe62psxTiVoYLC1teLPv9Hou7V5:yMS062pstxsC1gLPv9H5L
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1043\eula.rtf
|
MD5:
c809e27d359fe8c8c95e82a7103dff52
SHA1:
931d2e0ca03c84e251d9a1edb6f748bbb4df8af9
SHA256:
4ea50d10cf3c7f3b5a7c83d386a6da84d5d71467eb7536926eb6ebe3eefb4146
SSDeep:
96:yz8Sc4s/Zy2KKELM5x54DrSrwgBWZivQrmaDQyDkzJ:yz8ltxy2KKlxsrJurafkl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1044\LocalizedData.xml
|
MD5:
a9a715d920f6d411fbabbc93da963ffd
SHA1:
80ea19966ffb063db342383fd9b5f1a3eeb81d41
SHA256:
a42a5483704ffa348d2d911d75a99b7750825ed75fec6ff6733f596cd4b269c7
SSDeep:
1536:mBANb5/Qx3+rZ9HJbwq5r57rNYSyhkO2YDsAnOe5EQmA08zgwUu/kHS5:2ANJw3M9HPFJYuO2jA72p8zsu/N
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1049\LocalizedData.xml
|
MD5:
7822a51daa193c2113625947de9de5e8
SHA1:
29975c1657670e272d76ba432b03644a6ec3baaa
SHA256:
0a27593667297f5aa7968d7cd8981c7c9fb665d5604226b98316e8e842a6cc2c
SSDeep:
1536:wUPzHvgIef673NMTWG/H1KAAuA+ojQJuUHXOEulkppLtrvOCLvSu4jAheH+st:JzHxq6bNMVEA/zJuUH+yvJLlKuSZH+E
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1053\LocalizedData.xml
|
MD5:
9421700aeb611236e265d49bea41143d
SHA1:
af3b400c7a275ab498096f4453d8c3a499ed010a
SHA256:
bbd0fd416e8d24a4440595b838ee0a31305f5e602ea405302f623feaadcb80a0
SSDeep:
1536:n/uZrcMM/nh4QnSOu+IEceb23QQHe2QaKBtrOp+N3lbQxYTEfyYfndJ:/m2fnSOTIEigHPLBtrIyb6Y3gndJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1053\eula.rtf
|
MD5:
932fb80b88e55b31c0e600a97e472e22
SHA1:
710060470468c9ee7e099938b5b4629a93757117
SHA256:
121d1e417de518d236834619f7083104e6da981de49e742d9ed08a0eee2db58d
SSDeep:
96:lT3vta/ASzMJwtRY+tI357KL2n6ETh5M46Ll4:WouNLYIQ5/Vhm+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\2052\LocalizedData.xml
|
MD5:
2c92ebfdde1ad66aea22e6a0c0cca411
SHA1:
b2bf7a8afd9c45e25166b3d605d001a5d13bd49f
SHA256:
c8fc16cd138275b7dfaac2306fa4cd11d5b1c8aa502296c5b76272278fc06259
SSDeep:
1536:b0Ni6yBlj/7v6Svyfx0OSqC38khJfqRz3l5i0c9uWduUdGBp3:b/X/7v6Sv4x0JD8khCTiMj2GBp3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\2052\eula.rtf
|
MD5:
f2c657585506e191bbb84ee2dfe49e48
SHA1:
310d19a57b968344c5b5f5caab85da7536439b41
SHA256:
4e7be1893789536a2cb7d02c977c7fc6d7c1d3f75a41aeeb34e9d5df4e47344b
SSDeep:
96:aomlB2rBejPAM5yV+5tEoKkBoJshBcrHji24Z1ciApy+RpayRGhC3RI9vxMSVXdJ:a7IwIADrBoJMmjz40i8BYyshC3qxFXdJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\2070\LocalizedData.xml
|
MD5:
833a5a6c2f3bf3a616e2e1581d111aea
SHA1:
cbc01a7f0fa048c8f4dc3f1680366ac2cf3f221a
SHA256:
c96365a458e6a8a962b02e92f93ea7a023b677bc57a9d30ea88d8994b16224cf
SSDeep:
1536:Ufsr6mPIvzMsF3/kN1b4kBhm4hHR2CbKmQk6It+tFoRRLgr:UcSvgs9o1bl7VOCbj+YRRLS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\2070\eula.rtf
|
MD5:
a5e70110a787eeb792468ed14cce96ec
SHA1:
3536977310aea9b3562a8bd88b1acb41dfb7bf9f
SHA256:
e1da0570462ddab2e11d226644750e80c09cffd2263379a6eaef09e468e93b57
SSDeep:
96:21x4phF9bPhDNpw2W4Os7Q3kj/9fLSoes0pQo:fDLVOQZjFfLRo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\3076\LocalizedData.xml
|
MD5:
1027c68f9d9843940897af903dd9be2e
SHA1:
f31e3028445a678e2f9a638ff9804e9d5d5d85b7
SHA256:
3c736d8cfa083f4f1997a678533f18ffcc9431e94c5b1eb3c7b6f7050656d55b
SSDeep:
1536:FMApdcVUNTGYIMqdzrMRgm/3N5otlcEhXX+J4autpPjyc:FMqdcVyG9dPrQjYlcAQEbb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\3076\eula.rtf
|
MD5:
c7d206fa430fa4523524f1e0bfa3abc5
SHA1:
65ced5f76221e0526dad6d34a297c0cecfd858d6
SHA256:
4a79fedffba4e36f78cd742d71bee04f43c3e6ce015218331b431dd6d9d6b7cc
SSDeep:
192:F5XGBr7qv3n4wtlLtNSpUbMY9pp+uXT5B9dWVv:nXGx7qv3nZL974chWVv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Client\Parameterinfo.xml
|
MD5:
a10856bcd9b05e5b3c0540de4d89c486
SHA1:
5b2e7a1b765b471b3bfce33b861fe290bbcc6ddb
SHA256:
df6a530a025b4b5d5fb5666c0a8f7d9d1637be72bc425e18fc231a4748de00de
SSDeep:
6144:lYPItvL5oZveJshxfymdHJBLgG804f1UHc:fBkVHfh4dUHc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Client\UiInfo.xml
|
MD5:
6ba8ec63d48d3f29b2577b584641ef70
SHA1:
248c3f55497cb7b21af0b2e99a17928aefdd7e5b
SHA256:
10c39e10f98bf02de92fb011f2b487edb20768d95ef583c278c1d93a68497430
SSDeep:
768:alxmSgBja9d1wO5Re1nLyCp3HvBmLw7BLIl28LdE/AkkzkwscfpvLp/D819:jU5E1nLyY3ZmgL22eEogwscfpvl8b
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\DHtmlHeader.html
|
MD5:
cf1b909b586183ef064443411810d37a
SHA1:
4aab8bc8e88dc056ece0e8944c0f81faa04430f4
SHA256:
cd9c9291458c7038956bdb9b252d9354a1157536fbb8ef259e29fcca178fc1a6
SSDeep:
384:mEJ9vMm8LTNo/3wlksXp/YwYCrJy+0AAG67w3bAgc7G:mu9vZ8LW3wd1w+0AAG6MnQG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Extended\UiInfo.xml
|
MD5:
a5d2c76b99f51bafcb5010f8646d25ed
SHA1:
2202adc95764b9c5106bce3e6d49038645e1785b
SHA256:
c65f8631a69d9e97cd83beca40b415140329b6deafebf869df02626b4278aee9
SSDeep:
768:fIapRkOP9XkXOgY7W0KkU+HpRqai+IbFePc4XHpgt:fIaXkX2oIp8+o34Zgt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Graphics\Rotate2.ico
|
MD5:
3e38f595486277d9db2c9a668252f899
SHA1:
efc763c6961d68b2d4293eb9fde3cb4fe19455dc
SHA256:
3d1526ff95743c25119c7a4c5940d40b7644ada7657f5663d2173eec31826e02
SSDeep:
24:STgktslFeo1s5NA7Lcl6KxhzEe9jebhHYhqjr5iH+0HZDSw+wis/NQ:Sr2lFlM+HaXee96bBtz0ukt6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Graphics\Rotate3.ico
|
MD5:
7a89b10eed2b49d479cde0faf84ef297
SHA1:
94b9b8999def9669f2454fc2a2ab8cb9f4ed5fbf
SHA256:
b8561230dc2b4a0b1b6bb2db9aca04022c3823e8c4cdd4859480eebe23e0f1a5
SSDeep:
24:aDCi0MGHv+hmGnm7NRbyTa3N+Ru4ptJAe8YG0N/SUaKrkgiMEKC8+7meNviraW47:ajGP+hxnmhRbsaBuKNd0N69giMRC1Q3S
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Graphics\Rotate4.ico
|
MD5:
cbc0e2cfb271c54607e64f115ea23c4e
SHA1:
b4b067230a2a2c70e5f50d893f5a17a82600b375
SHA256:
f5f48f1fd483aecfa6b3e8996b2d162de7e79818278b65bef861b86b531876c5
SSDeep:
24:orXPEgXl6ax0TEUSNSo/9OhKTxGHYBYIAxQJzeWof0/q68rZWkjCfFd:orPrVDSHtiNG4BCIzJo8YZWkj6/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Graphics\Rotate6.ico
|
MD5:
a506b4a8d38258d56f390a13d66a1ae8
SHA1:
4430694e5c82345c294d0554f98f4b4d69ed99cb
SHA256:
5e15670fe5ec855121eddcf7be6d8089a8caa4acc9c15335f09c3e3eeef81a6c
SSDeep:
24:rjp2LcH3r1qbiMIJ8U7UFTLfM0B9cVtgeAPS9yzF2/OSY+ULH7ebNpYUguv:rjp2LO3QTWz+Muczg4OfR+UHebN2UT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Graphics\Rotate7.ico
|
MD5:
2b323059d5ebd467a51ca9a2329cac40
SHA1:
6a2f7492b07c94bd344f52ac50112ed2d9bdb1f6
SHA256:
53d159feb87a114ee94f19cc01f6b0fe5571e687baebb91bd85b9aa8a36568c1
SSDeep:
24://+zhi4JdH/XTR++F6LEMGS39mAh5srbxOfCO9HGCyVyyB59I0EPOQZhS:+BJdH/w+FoEXcbOrA2VyyB5OFPOqS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Graphics\Save.ico
|
MD5:
e18c783d95799d64f9ca28b5381d8de9
SHA1:
6b0b88e90646f7b4f64dbac805cb5942ddfe7562
SHA256:
2962ea57296c1e95eab01876657f794ce1b5c7020e9d425629f21f5919f9f84b
SSDeep:
48:jhQwPe10dtgqfAOq9onvErGHRj3WijPoUr38BDuNCbkS:j3g4qSnvzRGiDB380NCYS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Graphics\SysReqMet.ico
|
MD5:
5500c67bf392b9946cf6b31807250264
SHA1:
8311b92ec2b99badff78f04c9ab67b83370b45e9
SHA256:
1f6f787dab1de17fc5cec25ce4b52acc521de041c75035d0853a92b366b4472a
SSDeep:
48:yHOlKHXT8H9vJRBuj9lxGfVsn8l4Y4gSaTX:y7HD8H5BQlAfKn8HSaT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Graphics\SysReqNotMet.ico
|
MD5:
d844c2bb5b22442224d3c50946730a3b
SHA1:
77bd99650d4b5e7a44a0cccd1276c721ab17ed89
SHA256:
90c2335a068e6c159a8bf3dfaa109cd0d6ef454117572f6a38f660ff1a7b6a62
SSDeep:
48:el+/+77JseBXBkOZEHwz1bEUJ5el6dWymxhoEJxgTrR:v2Zse1BZEHwz1bFJ54RymXZJxgh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Graphics\stop.ico
|
MD5:
8d5fa2e47b78193d6e88ff0c6bce172c
SHA1:
a8c85a43dd73f3f7557642a66e033b7f2c0b55bd
SHA256:
db21d91495f6291540d4c32b1f800cf8ce72fba7b352ea946c35ae3c3548405c
SSDeep:
192:itE+x/F/vJec54xhxl6HJK3tgn7EQXsZ26Atmgfk9WkzKhR:iq+x9Zec5YlgJdnNXsE73s8kOhR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Graphics\warn.ico
|
MD5:
d6304d6a580d070161d073ceb706e533
SHA1:
f249e0d63c65900c1ea7ee02810561f167d57fd9
SHA256:
ce92c78cb6ff37fb6ffa0b0b6bb468d88569247b07d439fdcec1721afb099bce
SSDeep:
192:qc6+o5jyjj3GfrM1YTl/px7Vhl0KveE9TdiYAUF2Niw2QJK9Iu4oHxMN:HzQrMiTZV2E9gYxF28jQJKK3rN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\SetupUi.xsd
|
MD5:
a9022c8df40e47bc3d60f7d13c8c0e6b
SHA1:
d0fa7fb9a7bb0b90a86d8c5f86daf642a40de0b4
SHA256:
6c83b99250e8599fe47f59daf963e17b0d8643a7f75eed4f141454a57d21ab9a
SSDeep:
768:MT63KLXlf8tLnvNXMq8lVtVHtKygZH478P:s6q1knvNcZHmNcY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\UiInfo.xml
|
MD5:
da49b4f6ccd037ffc06ec2479fa1cc1b
SHA1:
3dc5bd888207298353faf1c68a9e0a775e38ea0e
SHA256:
6bac90881d608d6b5e9d4d18fd704a95586c0e6a46c839c02fbff5461bf48954
SSDeep:
768:l0As42NHZIAj6wGpzLOlwCowuvfrRE7aDXIJu/s6mb6WlX+vd2UbG:l0AM9ZxGjR1wsfr27aDXj/3WN+vQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu
|
MD5:
d29ee4c3723a08d7eb9c1df44724e60d
SHA1:
08deccef76148bbe76560fdc7ab319a1b59fd19d
SHA256:
bbb72bb2c6c49689235485403cea47ccd3bcd4a21674a888f25a8984ab42d433
SSDeep:
98304:rvlvROwAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhl4:rvN3ZBkOK2Knq45mY4H5OMKkKzl4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu
|
MD5:
6a72d108a9ce59db46385f1f0c6a5449
SHA1:
fc0cd924cda57ffdc24bc0cde657764648426592
SHA256:
f346ec87d299536a827076a590c43d50e4449e35dca333953dde35266caf75bc
SSDeep:
49152:wYPR12P/mFLLfEeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNi:wYPj8/m2eDGnRau84KUYcs31KfFKzdNi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\header.bmp
|
MD5:
ce17e527f57ab1e7c72b50b6f7e62930
SHA1:
03c53558768da07f78f498032a83d45945f7e5d1
SHA256:
80ff03baf9198992e469a101753341f546e0b6724278952119197d4f0ba8a4c9
SSDeep:
96:Yq3PaBvFIe3SRCBOCYsWhuvmRxRQJFWj9x7NMFDEKs4i6aGb:/qORSquv/JFWjxEA4iFGb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\netfx_Core.mzz
|
MD5:
5a0d4e26a968089ecef7190535826390
SHA1:
e73471b7498396e1b2c3df99777eebbf09dd8a2c
SHA256:
222d0fba77d4afb1e7d81563f33898d829ec78355d31e031531f95940824f987
SSDeep:
196608:KnctHyoVKy4Y+9xPRBcL5t5KSUw9kdKqGgwOmJ3hefPu5:OyHUy4Y2PsLH4Fw9kY9gHu3cfPu5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\netfx_Extended.mzz
|
MD5:
6b2e9b223ee5db8d01d33257deabd665
SHA1:
5d7015fb62bda374604975b29927a9cfd3d1ffa1
SHA256:
cb04d43d3b96c864aa24cf1ae27e4d0a5a8d8b68e6da31d9c4b7a11309aefc55
SSDeep:
49152:XXM8l+Zl6aapD5XguDKCtLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EIl:nMDnyjVtZKH2mALErq2nt7rvfI+vZpfQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/BOOTNXT
|
MD5:
5fe435d43cb68fc9e891b9c454fd68d9
SHA1:
cf1b896475a372e55c4d25bdf1f8c87221fbdad3
SHA256:
e8e40d2f89965b9a629b240b853529dd8c7f0bcd701b04350556d0d6d9f3f25d
SSDeep:
6:P0pKqGU/5A604kk/p0d4w4EJxnrTjv0je0gIQnx/9RVGE10b07JAC5VPGhATbaFw:PAGUeZ4V+nrTjv0f2h9RZolYPxGjgcLC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Boot\BCD.LOG2
|
MD5:
2c42db891f37491ecf85c9253dcda551
SHA1:
fe019544b4001b340d151699ca27438af6eb100b
SHA256:
d27e5efe30b2feff37dbbccce0912ca0653ece132ac34dd74f95ce2bbca3d186
SSDeep:
12:i2+PFQv7rkaOhMLvSGwo3RuMmEi6a0SVLOhtK31:ePFAXjLASmEi6f0Ch4F
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Boot\BOOTSTAT.DAT
|
MD5:
c4b2b452e590e84791ac391aba556b1a
SHA1:
ccb48036462527946c20a487e340d3bbcbb3a1df
SHA256:
f3f807b8a27b5c94df1eae9cf5fe094cb3475c5d15838b0627288c64c9fc4f21
SSDeep:
1536:iVtGglQGrszS18+4j0EKg1cWgreXgTRyDMBQiSafMaB832rAIFwWMoeo:iVtjK8gj0EZgRTR9aXakaX3qS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Application.evtx
|
MD5:
656bb3ef3614fd27e3331cedb2c99cb6
SHA1:
73aa416b2a4931d8c60f07adf22437d0b8629ccf
SHA256:
2a0e78ebf6a6cf0a710fcd9c6e8fcf156829f2f09c58a74192dabd9e3f738c49
SSDeep:
1536:VEwy9h9NE2nsNYg82C2fAfFpcSGU3jVloXAFNGl4KYbPqe:Vq9h9NRsyg8Z2fAfsStVloXN7uPR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\HardwareEvents.evtx
|
MD5:
e91f856cbaf23976d00c4ea19c87dc51
SHA1:
f45d7fe1743e77550d2fdf5fa7376fe646f4cefd
SHA256:
996a1d834dcb480e4c829b0c00ba34009f06f3939a2964f3e2743ea60ef3472d
SSDeep:
1536:DftqsNd+B3XxoH28l3AMY6Y/82roV+3KocbNiVohZbFcLNRv6Bak55A5:9G5w28FSR/zXXOqQZKLN055A5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Key Management Service.evtx
|
MD5:
0c7a7727c6e8986c55cd7816e75f0adc
SHA1:
97ab5eed5d278024225c1595da6722849c59473d
SHA256:
c09a72d15cc7f6f736f6725db1846197089b7cc51b45a00eebfca0f2474a2a13
SSDeep:
1536:Ke6Fd5fWg5RLPldi28rFmRrrBZB4EiQ1Gumbxbr+RV9eE1C4Yl5Kn/Fl6:K57BRLh8r8hQu8ARV99C/yL6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx
|
MD5:
cc66648a9612c372244a2d7dc43c54bc
SHA1:
e5ec99af9166ef3af8254c68d1dbb877abe64c5d
SHA256:
492279345999b0d7847f99fd99edd571bf7fa1fdb10d5b2d90aebd5036232519
SSDeep:
1536:5y4UqDnsdAG/ujJWJAUwA3WD+pIHrB9WnTKpsacpliB0BV:5d2dAG/uACUwA3WaqHr/OSg00BV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
|
MD5:
eb813886e378ce6094a84d53338e4fab
SHA1:
2e9f8122b079756d449ddd6faba12bce0cc16f06
SHA256:
e3cd8fa2858972a92a8f4ac7d46b71624cf8baecefffb74d9d55cbd9c8af4e8b
SSDeep:
1536:MK4pK3tjfp1AOqqhCJ9OaQaa2/Qtfz2xOqSbF:5KgoJIaVa2/QCwqSbF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx
|
MD5:
9829eb32f125486c6726a470b801f08e
SHA1:
f7fb34ca4e42dc6acd4a5d8e19740523f884dc89
SHA256:
3dd3d3fd4c533c8a3a04a38e268c7db5674bab07d6b960bc313fd2571cbf3be6
SSDeep:
1536:Qp5G6FX6uQozKt6SCbNmgqcnucjlzWuUnbo7cPHK1poyjwtW:KH85oWASCxmolquUboAkpoyjwc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx
|
MD5:
609d8869d9eab18cd3de044403c02c4d
SHA1:
383a413c8047ecc04e9d75dc4f3414ba35754c5a
SHA256:
949149210b3da18a396fa240cb4072b60270847299e5ef4098a5ff9871735523
SSDeep:
1536:Bq4aSw0canzQRoNBZvPIom5Bxvl8XA6Luw:BqfSwazQRoNBZvPIomnxvGXRLH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-AppReadiness%4Admin.evtx
|
MD5:
80b9da1873aa766d1fe76a7b7cb18478
SHA1:
7817b94388f2b5561163bc84522790362b186455
SHA256:
81ba9d99fcd5370506ba7ff8bdd4e977033d73ca703ea12113676056e5995d05
SSDeep:
1536:Rsq6WCSkCmwN+jucUJJgyFoJzZc9cUcuEm0BaRiW3hA0cpEYe:R96vhSXFoJzcc/uEm07sRJYe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx
|
MD5:
321ce3e27bf5155d11bb07e719d21a9d
SHA1:
2bbf367ff567fc0f2c0bbfd07dd1ccf6a20a199c
SHA256:
fe16590227f0df0e7ba3e2bb85e6d10e1a87f136f4e611c802e07bbb23ae924e
SSDeep:
12288:wNY4+FpG5aBM6+fni92spDEgsmMQqRD0Yrda2M7APNntpia+:wF/IBF6ni924DWmMQqRQcdp2AU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx
|
MD5:
98552cd53c57e8d2666ba33654ee7da3
SHA1:
62b4471de19893a249f90c5c933540f5f0c68e6b
SHA256:
5a4dcb802e964413bd160d55be495171d656a8c558561acb66261c82c622d30c
SSDeep:
1536:k7cylRYJ1fjn/7vDW9utuxcfXdxU0mh9y47wgXQNxNvV8jHIZ/VEwg1+:k4ylR6fjn3B8xcfXjUhvywbgNxNvktI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx
|
MD5:
14b69cbc76d16a45981d3725a7532a7a
SHA1:
6c1389cc9bedf9173e8a6709b1d37f2ab2156460
SHA256:
fb659899ffdc8b16f2c176cd01ebbf8d0b4b589e786ccf5481187806748c5104
SSDeep:
24576:JM/1pUyIexe+wzWERBZVRqwsGJZL65OpyfqG3xqsMvq:a1aPzvLKkZm4yfqyU3q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx
|
MD5:
a8d8ba495b2c0ad1c41154dbd102c35f
SHA1:
f25b47b37050d72f98d449c7c1aefd86230006c1
SHA256:
106349b9a221a97dffab2ed2fd6c6ccdafcf3a9d5fa1a789ef5818118840d189
SSDeep:
1536:qLIxboVkttQKuRGPdD5bLS72zuxc82PPEQmKLVOWWSiQ5G5n:OIltkRGPdDRuvxr2PcQDVvWSiV5n
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
|
MD5:
46648ef726f6dd9a7129170181340fd7
SHA1:
eab7b32bfd58fa87e2c39136532dc71fe6b58a64
SHA256:
52c6b4ea09109b2fa521209bbf12b1575c68d45e627598bf9941ae8421f953c8
SSDeep:
1536:vozq9EncYJYQhIIfq9M9dwfpsbYaQvBhwaX1fDv+4FvR3dlRkhUq0uC:8zcaIIfqysYAvYaX9DGi1VT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
|
MD5:
e0d2a015bb4b0b1c5f7105965c139d6b
SHA1:
a9627c9eb5b13060e46b15c658a8b9bd02f389c7
SHA256:
041b976594a9d243a5da177c1d22a2d42e0eff7029564be7433b678c0ef9092f
SSDeep:
1536:REa/TZX3upzqROUiUjcLrHw9e/fvHl0mVe4iwM0vEB:RhNizyZiUYrQo/fvFpVe4iD0M
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx
|
MD5:
1150acab31d1c2db553e497c307503f5
SHA1:
6b58add59696b7db9775ed8babcf5c1c7d881ecd
SHA256:
e7abb97311c154b295aad190e6e87a5d4130c3be0efa34e25580906348c0bc40
SSDeep:
1536:OZCpXHYsUEZexNtmOap2hY4uCtvyMrBejUtRuP:O6Y0eHtmO42hY4Xvt6UtR0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx
|
MD5:
899b17fe88cf0c12b733a85aabcfb096
SHA1:
61fd99b5bde2b54dd80d05d28495ccdef3e04882
SHA256:
0a18326e5c380c6d9a00f66cda9b5c54003fa53b3052af02995c6f2fcdcac87a
SSDeep:
1536:Z3dQy7T1rMC6tBu5KRN7E9P0p5OHSMh/Vl7LwpACQYSNQxucoV0SjwQMwoXZL6A:RSyfR6tj1rMpXLwpA9tSx7o9TIl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx
|
MD5:
d1035f1ed8449b64cf439d0ab749004b
SHA1:
b1750cfcf822349c470e05bfcfb5fec7bf8ddcd8
SHA256:
c224864a7a58270ef0f72a17ab672a83cea96b66d16487f2bae14553905b9b6d
SSDeep:
1536:tkLUHr5DnXrhHbH5iO8CYhc2C3MF0/iPr4d/cYwNBPlIQyE:tkGr5DFQO8CYhLcpyrmP2PIQyE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx
|
MD5:
75f5bad52f31c608730deaf3a01f1d3b
SHA1:
f633f31ce27248299f5adab9b8fb66e4e0ed3df7
SHA256:
f11989c28b7dfe488eb5bb587ed5e180055df10da1d50ae9eafeb55eed58922a
SSDeep:
24576:+2NAGnjLl9Vm/HldegSowVAPhjb0y9Y/x2FVsZO/78LSN7b2+k7:+mAS9VWeg/wmPhjbHY/A/78GVb2/7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx
|
MD5:
b0c4974174db73dc28684d6d197f1eb6
SHA1:
468ed035fee20b2edad69c7baf38a8b081d95c4b
SHA256:
1d7a2780f8cfb3369432d76ae06b17b5bc1b4c1572c3f3292e9b5b0121e3d375
SSDeep:
1536:5uLUiu9Kavei+1F+AGzXCFDXQwBaYyfvenkJsF7OBrlSY3t:0pu9KrTGOJsuT7mlS2t
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
|
MD5:
cc44a32bd05cf9840c2f527cf2ed25cf
SHA1:
8a04c10a59a18936c9e24aabbfe248b4ed391e3a
SHA256:
e33ebafb25380755d1327329ead9fb297bdbc1d09ec7720886c7fa7652cfca5a
SSDeep:
1536:PhOBkZmpPYtYblGiQVYKTg6tS4rpT8ZvyAbCBci7Lca12NCyDy20E4vn:PukiP82QrvUkS6pT8ZXCB/5+2P
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
|
MD5:
585e6225a6ee628f32336b1e56b5b654
SHA1:
915e6c2aa716935ec322885d130af06448b7bc8d
SHA256:
172355e390787d9705f855a6e32e1ef0822575aafbead298541d3796362aa9fb
SSDeep:
1536:exFY4pQ7Ao5olm2annCQjnovNhLiwJv6DHZnT085BerV:efYqQC3anCQ8hLiwiverV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
|
MD5:
9bfde648555f57c276e34deaaf2561ee
SHA1:
e47774fbd54b686dd7281ad05eabcf5f944dd538
SHA256:
82075d10222c2b4ff74dca037f4101cab7a436c3d464efcbd585d6bd266aa356
SSDeep:
1536:i315+Pu6waRNC8TbDpXD0aD42oTbHfnpGMiq5SLWlZR6VZan0q5xedtMfL:GsPtDhXDbITrfnBSgz6VZaX3edKj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
|
MD5:
9349821bd3ff8b6f1bd2d666e1b28731
SHA1:
e00bbecb53a3bf538100b97ee5cc022f77b73e74
SHA256:
aad4ed0fbbc1854c78eeb22b59c4460fb46a291805ac347db12f71745211bf8f
SSDeep:
1536:NHEorbRKtyaSTDMvOM5v/xduz2TisxERE9IZRL:talSEvOo/3uz2ZQE94L
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
|
MD5:
52d1436daa8d6fb806ac6d82cc760e88
SHA1:
59411589687471ac78c32f62b5b40a302db0a4dd
SHA256:
ff8fa5e3add9d1c424111e11bac3ef81b78734c35b93e6b09a3fe55a1c2ee0c8
SSDeep:
1536:zB9OFg3+d5EeYHXysB/6RBHprpyN9BKob3LLeNdO:V9OW3+d5pgXt6npr0tdb3odO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx
|
MD5:
7fca9b0ed5f0884e88958ab2aa5799c3
SHA1:
6ddbf2f1f72ecaf5325d6ce4d60ff1464cc3ed75
SHA256:
cfe3a962fbe1dcea903cc6aa5cdaf3af3a950baa2f61403f6a4c04456f8ff927
SSDeep:
1536:3MRkbgQOJMFzWWzfubhrS0my5zFdH9pqNpMlFrHN4EEe2IYXxCw73Z/:3MUgQOCRrKhrS0mudHAWFjS/eI48p
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx
|
MD5:
c7d78cffd2f03b97597d284592ef74b0
SHA1:
933898d3954a1b5da175c48b2d5eb7441fa82003
SHA256:
b98723600bea78953c9025c58f31d3ad3c4f3a3dd886ebe716468456fcb2083f
SSDeep:
1536:7Z0C8gUEC3WP+4CnpNhztP0YOjJq74rp/D3+/QT3dP11P:OOUEtFaNhZPcjJq74rp/DOIT3dPf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx
|
MD5:
6cf8aeab277d5741d1c5d5f9df380243
SHA1:
4fd38d76ee5284ddfe54806045fb27cab13a3116
SHA256:
c75ba28ca9b434dea0a09d8fea673bf00875882d4e8b8b6e45f32bc06b282f67
SSDeep:
1536:x7Bz8YLJ93Fp/B/MQMuDll6o+D7DVZsIU4E:x7Z8YvFpJ/Mduxl6o+HZKIU/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
|
MD5:
34b37cd4fb1a879ffe51158a81ad5236
SHA1:
bd1317f0c024595b79bdd9d244ecff99c4705a8e
SHA256:
6430914d8246ea3b036b9e52ee65e9b504f4eee26f3ed8698c19145326ab42bc
SSDeep:
1536:18hJenyjMuLaBIMs8XnX1Vxee1SFznpBCA1IFQnIZYQbP:18honyYkaJpXheecnu4IOnIykP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
|
MD5:
c379200cbb952897465095d58715c12d
SHA1:
4099e1ba231ad781d5d0f2a15b1b9b6b33d52bfb
SHA256:
dbbe7a099a54eb6a902d1e9a37617d180298744953e712a990e986e2c5823d5d
SSDeep:
1536:kiU3cqSB52uvBxaOJCIJ9feehrilSgdamQyVVH+7NCT:JRXpxaO1PBOlSgFLd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-LiveId%4Operational.evtx
|
MD5:
9836b45d9f47e10e9df4cee6813aa985
SHA1:
3d8dc21ef853b0b1e51efbb0ff43394f1ede9ec6
SHA256:
7b2d6a4b1aaaae2b19f07fe97bfeb79936bff1d86894e384a3109916f8afa769
SSDeep:
1536:q24ncyzr+zabmWChk2DMqkvn0WE6byGEESQEqCG4m6iVm:qRzyzoohk3qk/262GEERbJ2iA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-MUI%4Admin.evtx
|
MD5:
816a76011510d9da0da6eb9c32b9419e
SHA1:
fefe4ae6be8c998d94b104ecdcc0dab7ef94884e
SHA256:
e2cc6b2465e4599accebbf1a5afc3501e8caaf00e92f3dc5400ebcc2aa5f5218
SSDeep:
1536:L9RKz+jqyFI7Mh+Vz1jMODrvVSSHEW6pSAnieZU9c0robt2Hj5Iz4Bs:L9EzM+7MIteZU9c4oa5K4Bs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-MUI%4Operational.evtx
|
MD5:
4ebb8424672d20cedc0ef1500689a183
SHA1:
176dd9299bb624e00d689c46f9cf636db8030d5c
SHA256:
8696bd8f935146cba07c6e3d94ef658364e1c55ad62316356e3a696874702bf9
SSDeep:
1536:a/RAa3w9X0RgsQvFqG8LURiAG3yxDiHaGN0QQ0lRBLy:UAag9X0RfARiAG7N0x0lRBLy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-NCSI%4Operational.evtx
|
MD5:
322dda45f69351093ea11b30730a41e6
SHA1:
e25530be98b823544be04f86e9e06ae3a5c3e327
SHA256:
8c40d2f95f9273e862a3d9db04d4fa707d6c2c4734dafc9b44b793e03306bafb
SSDeep:
1536:wP9NfYfceVRU4XKh44tS6lbu0kr8NBP8hVxcOnmbjsJ7y1PcPpTB:wb2ceV+4ayV65u58NShn0bjsNCPcPhB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Ntfs%4Operational.evtx
|
MD5:
f3d82584edadb022c373d46d887b52db
SHA1:
28684fb0d85f0382e58ab6c4cbee7a3765e9b497
SHA256:
d9f6fc488c807e4e2163b3d35d50e39dab5a7cd705f6e8adc572627058493a95
SSDeep:
1536:20CPIadbEBWsd5zCGSF4KaHrfew8Zar2YUC9ljTP/mnmJ4+dN3qpfNZp:9+byWsd8GSOnHh8a19lX2n/Fpffp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Ntfs%4WHC.evtx
|
MD5:
c70017e1ae5b5ea6a38251ee4e240803
SHA1:
e8d7989098866f0f66b5b24d0f93af2fb4871cf9
SHA256:
762c1dfe9f4450100aed870efe1a3e94b7dbb4eaf58cbee313c0dfe24fdf4f75
SSDeep:
1536:osQqy9ed1V2Wn9xJXlwLLmtO3gt8cyrIjKU/MsRnF:osQz9ed1TBaE84/RRF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-SMBClient%4Operational.evtx
|
MD5:
e076c01bd697be3b957554bb95cf35b7
SHA1:
08f6d7d8a266528c1d423fd0259751f2a5fa09ce
SHA256:
8d51a2857e0bcba0aa78ae29ca95e6e62a322de087abb0f6095089c0c0e193ce
SSDeep:
1536:/td9qxA+ehs5wy3jzLZfUa6tbIQXfSsnEOpv6V:/td9OA+55w2HLZsVIM6e7pCV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-SMBServer%4Audit.evtx
|
MD5:
104609dc6fd5f073e569daacad14816c
SHA1:
4818d3d25b4608d5aac746789b8979be7722a3ca
SHA256:
be7c0ba50c061e69449a98213a4f57ac98f8c1e5d55cf77b2f67a5b4e9b99fb6
SSDeep:
1536:2RvxSBeDpfsEGgHHvEsv2Hx18SRHT06bY0iaF1uhBJF8hTvHB+o5:2RpSBWpfsEP9mbZzPYeoX8BYo5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-SettingSync%4Debug.evtx
|
MD5:
e0f80b80827f713eecd82cd4439460c6
SHA1:
fc62fa0a5fececf2cd434d2deb09c8eb586daa45
SHA256:
39701220acd907678a1dd28aa591c105a616f3fd1ce3cf961e5198a902a22545
SSDeep:
24576:KFl5+yXa9u1KbsPLeQz+V3zbZzSjJ2kuX07FyJMb7c8zLYf:dEMbsjeHV3JujJ2JX07FyJ67DLe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx
|
MD5:
9bba1726278e889c9fcc9e5e629efaf5
SHA1:
cc61b305c6e7659b0b21a623bd3feeb55f2a5442
SHA256:
80f8529f38396e841a5d2f519047111aacdb1237b25b8ff3e754e2bbc6f23378
SSDeep:
1536:qXIegBaAsJJMP2Fawvjz/gxGKzRz7WBVq6IyK/tvPhnIIMCgh3B:qdgBaBJJM+XHgweeBVq6xK/tXhnLMCgD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Store%4Operational.evtx
|
MD5:
5abfe0bb69dcd2f757117fa719fc2bd5
SHA1:
6886f90b5cb4b5eb3551093937a64b6e4426dd15
SHA256:
ae45f6659c0b6c82950e0064a55b1e3278986af09c523adfd91e21ac555e6677
SSDeep:
1536:mHmkj3Qrpx+ETJOURUCuxQF5zJ67QJyaVrM7vk:Smw3QpEUUCuxQ167Rai4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
|
MD5:
0b5346bfeb8dde61111b8c76adaae5f4
SHA1:
8dd9e380fc49cba19bc40f10f867fd31211782f7
SHA256:
6a50c3f7e5d66fd814e35f45fe5cfd4e2a8cd6f8d899af75414515275531f6ec
SSDeep:
1536:gi0NovyMkHZTulIRV0QaIrgp7NEb1/weRD9rpJxXBqY:gR/d/j+IrgbEb1/vRBrqY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
|
MD5:
36a0ed2ff202e7992ca9ba341ab9cb77
SHA1:
deb516603c63019611ccb9f6d9175138438e3b17
SHA256:
25d30c500a8458f4bd7e45a725ef7f518eeb2f35567fe414592fdd88e9dd7751
SSDeep:
1536:FsItuvz1/R1UEdSNQJ8htC2NvJobvxNWGVOnkIEXI4G:FsI8bRBlJ8htjBobvvWGtG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx
|
MD5:
cdcb35bb4ba4440f5ea7449c40ed22e6
SHA1:
c7996d81e21f26534ad8369fa0b201be646d12d8
SHA256:
1f35bd8fe3acde7669b8a2a484ad2ce58cc21eddfbb7c77af8650d0d72ea2c13
SSDeep:
1536:Hnd1gCFrFpGz9E+RdLLtARzRnwljKVdIWAel2ccaeKi8WZ:H73B/kRdNARzNSjKzIWB4XKi8WZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx
|
MD5:
4e957e397cd748afc103d7f90268e4ba
SHA1:
8121837740cabfb7f976a1ef8edaf6def4f2da8c
SHA256:
4821652544a6bff1a1ec1897bb80b35d92e7eacdd026278f17643897994599ab
SSDeep:
24576:F9gtEBg7K5D4yynP8nnctbOitGd67Ieo/Y9Okd6hzsjOp0wNmt:LIB7h7UnKGc79o/AOGKI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx
|
MD5:
1d523868bea60fb9ed69d5e97eff1d00
SHA1:
cd5fa80e4db74ef7f6622ddaf04e2b9ead8b03b8
SHA256:
9ed936720d8d70902d5ff6f630c4d7809e8114b4c4cf435d9eae1476a288dd8e
SSDeep:
1536:NU7QhbP1xUKN2OrnzSxNqtJQrTIOM6geCKm3gQNj1EOmxkZ:e21ZKxgLwNLCKmdT7Z
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
|
MD5:
0648be88aeb4456870eb8633ac9f1ce9
SHA1:
aa1aeb2aab6cb95ab9be3053d1e2d8738a600e26
SHA256:
bafcf8f06ed93dfc6e75e1f5f3d3ac847f11821b8d128e85e1fbaa059b813d4a
SSDeep:
1536:QuEzNHSBFgAoGdHEWeXVCyZXJhuG9eBH5F9lZ7Fo991rYOk4s:QuEZHSYQtEWeAaXEBH5FZOj1M7J
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
|
MD5:
d82bce50b8f437a2f96d22b884b03231
SHA1:
814e6680cf2ce8c6a16129364611cbd0eb0d4bea
SHA256:
f7e7c33aeb4125aaf5ad3328dca28724662a74172ea851b08784a66d59f7bc44
SSDeep:
24576:8GucTNOQavnGC222CdZDHFEMOEg2DffAN4nMsR4Q7:BuslaOC222W5FE723AiMsR4Q7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Security.evtx
|
MD5:
f3c590c525eec4a62f600953d46d4f84
SHA1:
00981ea48a913802d3eefbfdc0051328a8ed2fd6
SHA256:
25e2edca55545e458190f0deebe8776962fc011ada18528d5ee745b5167fdf95
SSDeep:
24576:bWm0U8egS+umSr/QFpu8MsiM3F9CL/0JbbJLKLFTAG:ygaujbWRFNF9dbJKFTj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Setup.evtx
|
MD5:
c4f29ad93ff02c739e4c7838cb679928
SHA1:
0ddf9c206c1cd6282caa7b2f9b1275436640f235
SHA256:
d5f74f36c7b01dde1a3e6bd0ad23f7f51f9f73bd8164d1fe0fab7b876768de22
SSDeep:
1536:5JQpUUcPcAE/igH2yKEuxsLNK0of2Ivnm+oPEJUoMW:5JQpUUcPcoHyKTaLha1vnmnPEKo3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml.OFFWHITE
|
MD5:
153384c171bdac23244ee43f2ffa52cd
SHA1:
8ae36d04e3065b69dfeaf1c3185294fd3fdd8a77
SHA256:
f518be133f1a03de24498fca0bdc520e99871e0e57a34fc8f79ddf4d96460b2c
SSDeep:
384:i1lr+Yw4ghwpk1LrSbnhVR6o8OvKDb+gk4giJdM/h/O1vD2Fnvs7mIEiG:uFWDhwpk1L+ThqOSDKgk4gaui4vlt
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.OFFWHITE
|
MD5:
7ee5f25cf51e36945d864adf5e241507
SHA1:
05d777096cfe1178c9d96f60c8b80d36a517b357
SHA256:
c1e3104625bef6bbca97607d84bd2767f8be8b6618006e8ed4ffeb296f1967db
SSDeep:
24576:mWecAPQAvLg9LHob+N8A15YOuhTw12mSfn14ievOWDhQ/M:mpc+FzgRIin5Ju9w12r14Dv3i/M
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\s640.hash.OFFWHITE
|
MD5:
be5cf093694666c9447b5efec6346144
SHA1:
5ca1225f6ac54ef7ee3b2ab1d55f739e6dc4d8df
SHA256:
affacc88d1cf8050abafab71beff65b9b253973d9c38d6416cb937bd0ff62100
SSDeep:
12:w0FsZv10pWL+pa7S3BmeP9qdc+3ghg9hqPASMCl8sVbwC2X7PC:Xed0pk+07M9q6+3N90P//l8sxn2XTC
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.OFFWHITE
|
MD5:
fc1b4048995792b00f8df14901467d8a
SHA1:
7f8ba3ee23e71b83174b717e5818e64755729661
SHA256:
dd893cebc5c94ce42e1d40ac5e1be48907012a42539de5c7b2545cb1ef7c860e
SSDeep:
384:HlWSVi33SZgJnQuBDV00vWjPgW2CCpjpg8QJUlBNLN+Ucb7rYO9e3yvhemgt:HYSAQAQj0vWjqpy8mUobXje3Qemgt
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\s641033.hash.OFFWHITE
|
MD5:
adca332441d2558a013c2d7232af3fac
SHA1:
683aabb524c508be0f10f247556df360cb17e80c
SHA256:
3af4233dc7eb396da51f7495f5d2bc73c05798e4eaf50dfb33552e4096c97cf7
SSDeep:
12:pHr0JNR9Ks9mDMfs1/t6ajr5v/ftTOuzxCADvxWqct1:poKUs1l6ajr5XBOoC0xU
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.OFFWHITE
|
MD5:
e2e9780ca94e0d1aea39ac800e4c7810
SHA1:
b17b520205f62b2bc4022ee6b928f4bb21dcc580
SHA256:
86d3dbff42b051d328151baea5b7a0b11b04d57dbdda9ecbb867c54530e70919
SSDeep:
24576:v2sGBgGwzu2rMohIqJ3sf6yVVcQpkWt1IjE9AEW:v2s8wzu2/hjYFV1IiAEW
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.OFFWHITE
|
MD5:
57f375d13004daa4e6926766db16023c
SHA1:
d022fa3641d5d706c356fd8e967036c96e1f47ad
SHA256:
e95c4764458116b329966601d2aada4b0d3c491c6674f30551e31eb67f9ad083
SSDeep:
384:lVK4B93wJI3Ear+DtHjQF8BRIWdhm22s+9hkUGCJKo7CRGaN0/e:l04BJwJI3+xDpfvL2sg9GCD7CRGs5
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.OFFWHITE
|
MD5:
17064df616ceb7c7d8584229aa486e92
SHA1:
cf83fc0d9317da8efef2f6dec3d8dacc6cc1bdc2
SHA256:
6e302304aea312b6a4cbd4d55edfac8a925e25b2a3a703ad9d3b172bf14ffa7d
SSDeep:
24576:qy9lulOkwQ4D4Oa6B6LHCJGQkfc/kphZeZvKErxJP6gPAqHoENunUsWwk48BJTQC:flulOiM4J64mhJPjZALKLki4fy
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.OFFWHITE
|
MD5:
7bacf92e9a39c03c6215a91c800de9ed
SHA1:
36f098f030fa94506ca1d31d5c1c412ed9a58485
SHA256:
e13997eee74884a5e7d2670578f78cdb5874c485a66d8df82643f192b6f7c84a
SSDeep:
384:6nsI8E2rNSE6ziLjIckJPT0PuFhiLNHnTZzojIChRVk6PfWHYeERSUpcobaPl0MS:wcwnOIb50PuFhsRkDuOfRSUBbaPKeN4L
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\s641033.hash.OFFWHITE
|
MD5:
9dc51765c62c9b5fb30f29bafb5f6af2
SHA1:
c6f4f89823a104c938c873ae31199b5e23a3e230
SHA256:
8347b329b3b9edf8526a68e7e73debd438340a9e1c22952e4ffb7ea86542f5ac
SSDeep:
12:9IGWwb0n9e2mDgLtYfwVdNOa429AqH6mhmOtMK/XoAz1ilom4+Q:zbfEJ48OF2KqnmQ/XowYplQ
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.OFFWHITE
|
MD5:
be4f7c1a3eaa0e3873a2fb5c1d91e761
SHA1:
d5c96084cd35978b6086e0d17c7991b3339f18a5
SHA256:
f20a5787f79154b936e5f00db2e5c39935d7e9d47cf2484f83880640aafc4486
SSDeep:
384:Ya9J7uqZjMhjGNFVM+JkFgt3KZ7jbgFY1JXs3aezlqIja0Q8vsEU36HmGo/MHEA9:bBuFgFSfFglK1gF33aezlqIja0QgsEUm
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.OFFWHITE
|
MD5:
14ab47131577b77761954e2818bb5496
SHA1:
69c45b6c8809fe92ca090ed7b355813152f85c04
SHA256:
2d08fddf496d083ef0b36eb003e0f5a06e59b7b29341cece671decfb523e637c
SSDeep:
24576:aTRC8lrU/hzyDliD50fZMtlyph0e2vKErcJs69zAwhgEfUnU5W8ns4B1SJGpufr6:QRC59icV0RmlKjJsqd8i/rpwgOw
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml.OFFWHITE
|
MD5:
cacfbee1e7ab62d37a2e7700c822f347
SHA1:
08ef12dac983e391f25680d58a9cbafe7fd8cefa
SHA256:
94ef36d402f9e804b85ffce3a067b94a5cb96467eb8f572d5ca4ea08f5570ad7
SSDeep:
48:ex9KVzyJeDZhnHsJ3NVSQGm2J37JvdMAYqAIgVl7s+49UoVxvDjjv9vvJN8oJCx3:XzoeTnWzSNm2/vdMAjAtVF29UoVFDTNW
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.OFFWHITE
|
MD5:
4786676beb99a9fac5adf6dd34a89104
SHA1:
90ef7a7d46bc9be7b43dd7ffbb11ae02eb656b0a
SHA256:
3a51db529f704372b3f8d1836b3b6f279c9fc9c3b0a1181be7e613d91631d10d
SSDeep:
48:qv2j6ODFozyqjHR9QImAPEZHofXIS/CqSYPw1bfw:JjnamqjxSPZ0YS/CfYPw1bI
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.OFFWHITE
|
MD5:
de1a7a6bdf676b633c258a70da86543d
SHA1:
0e0506f9612e19c7910a8f99ad9a2a36dbdb6a3f
SHA256:
1fb7f357a87612953ba3aeaedb04e9f592e47978e1513c4e19690d5d3b047025
SSDeep:
24576:CbhodqCpId8CM33ZTKViszvAReKovzz1Y5Zj9Y6AOwaWVNWWHHzRu1k/L9chbUFd:Ihfe08jHxEBzvg/aq3NIX3NIIa8
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.OFFWHITE
|
MD5:
5867a23ffb2b74cb1e9dce25e80ee0e2
SHA1:
59fea92aec7f9380e6c50182368ccd47723db222
SHA256:
075e4198cb95e45cf6fe3c2dddd3226504f5a1ae22f0df2e8107af5fbcb3b774
SSDeep:
24:BCMU0/jLS66ZX1FAXmiars0p+9YUfC/n/IbWkC29iHI4mvZvH+F2O:BC3EL76ZlOus0028g29V3Z2oO
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.OFFWHITE
|
MD5:
5eab4b699a1fbafc5ca90c3547c433cf
SHA1:
2ccd4c8fde1e7b2846a8c0c98cce31570c997322
SHA256:
b23656b1cbfe210d01a3e0660a35d07cd4e61a427f5ac5b3281540682b956cce
SSDeep:
98304:kHvehsqkrf2YkGbeR9U5jURQCMjyjPSDZKwyI38k:kPeA
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.OFFWHITE
|
MD5:
5a16215f70483e621d5985b0993048b9
SHA1:
6ada4194fdcc5abeba558bcbbbdc368ab367bd54
SHA256:
75c666f223a6da8e38ddd778460da0b7b8fe33fc32349334ba522bb3bd17f704
SSDeep:
384:gkxT26Ovxxo1gxgBeQAIbl/qlDshFVU+J0iwr9PSilmOW5Wg4LHtMOznJ0fP76Oh:g466O7gq2lC2SiDilmXzW+fPOX/u
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml.OFFWHITE
|
MD5:
7448e80b9cc0074c4be0b2b1fad03d1b
SHA1:
977a72be4ea6f2c126ebdc3240c91cce8adc35ba
SHA256:
c8d203aa151fe318b24111537f978aace4776aa3a7b8636271f94d7d4c8b4f8e
SSDeep:
24576:wIM2rhXWToepLxHbEcMMQteCMhzyrFD0+T81:wIMmXWRx7E9whP
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.hash.OFFWHITE
|
MD5:
7f312f1495f7733e0dd3a7fc9c49119f
SHA1:
bfe21a8df3a0f123aa9410b373323d7e899d0dc7
SHA256:
58819d950b91a203db0fbaba992b2a9637402455a30739548a4b3b792f39045b
SSDeep:
12:UUqOwBTXSqt1rBAB6OX2U2BPNnuJcZyIeoS4dTOTCq2fDnaNBts8mtIJN0wT+Xa/:vqtBTiqtgZB81uaneoSXTCjfDh5ImXa/
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml.OFFWHITE
|
MD5:
0f01fee1dae019d0a7a254dfb94f66b6
SHA1:
6d5f8d8690b5f33ff6c72135bc11ee71f1815ca8
SHA256:
fe665143b3ce9663eb52f1ab8630cb372f8c7dd9cef13516765a000fd559208c
SSDeep:
49152:bukcxwKV4cVoVWUttxoEaQRE2r8sHGP8aQRKVCV8aQRx:bu5xwKv
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat.OFFWHITE
|
MD5:
932a0f73ccd563d6dca6f2d3a357f860
SHA1:
3c4d74d4c4baadc388ba487c8355bcbfe68342c5
SHA256:
e406de11c8adbd783b096c3a3eaa98a272b667f249d70dfcb01b5751a5f6ee03
SSDeep:
49152:J0ANaTz/5CI0EbgecxyulGCPniSX+GEl7f:J0jTjEN3PniSX05f
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat.OFFWHITE
|
MD5:
eb8e11a4ca8e34e8736762c52443a644
SHA1:
8ae4b316d1660a29266e6f9a4afd8cf380133887
SHA256:
c592b41be93cb4f20b4bb2efefa78f755f7952b11d7d6c0f0c8e75afd1755a22
SSDeep:
49152:ZjZUHF4ydMIvEbgecxyulGCPn2XX+IEl7w:P4/dMCNnPn2XXi5w
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.OFFWHITE
|
MD5:
0cbff96da1c4be2554f56da6a5379e22
SHA1:
02ca5e57437620c47841b77a03d9f16823847419
SHA256:
4a613a5d7dd19f415a159e0611d3b712f69e9ee9ceb0d33f1b6d6da3e92e6b78
SSDeep:
6144:OzWQNsYdgPROUx1DSMohlggu6s1paOqai1dbT7zxVr3r9XBJ4lVXGovhKT:AZAROUx12Ds1p3yV7j1BJ4GoJKT
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
0fa16dba9f40eab0f10d7cb0e023f9f7
SHA1:
91d0050eea8c4d604660f857b40a37fbc8334803
SHA256:
b654b5ecce74c837aec53c83a693475b22cdf7d57e3f281e92ccad5c3b12ea29
SSDeep:
768:OXWb96H8Xjt9nUBFjK8fFgPxoOqFo5jwb0Hu63NsgquwtYso/hYZX:600HYUBFesFGxofFAwb6F9sfM/OZX
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
fcfbefb82a0ec661157b437937bd8670
SHA1:
8a53a1f6ada19d508092bd335ae4391ad397ba4e
SHA256:
75766bc8d6ded8fafe137a42f0bd6d1f4e351c18c7c555cd205765b65e4dd482
SSDeep:
384:7CTVfuoCLF+OMa0UxzhH+XRKmd2/JJ7M2VsQceNzsCpVFE7:WZ/iX0Ux5+X2J75Vgeh/E7
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
a0d1e8a623a0375172488aa851a5b7ac
SHA1:
0d891d49a359b4086ed6ac76b355afa44105ff3f
SHA256:
48552e767a2cac95675aa9dc2f27ac708acb478140eae4dfedb766fb82264043
SSDeep:
768:1KyG1AT73RfYDldW1WNlqKmXcj8/AyGpf0R:kyKAT73hYNlWXGyd
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
c6698eaeb8d4813613195eed2f048b7f
SHA1:
4cd3eda06c4d5eaaec1ac2b2d7b6eb994a9ebc87
SHA256:
76c71e257cdd1b65d758ac00dc0adbbddb14af4740aa5927bbcf330e1e6651c2
SSDeep:
3072:q6XsBbg/dh9kQj/8PwTaTFw9F1RZTDC+i:lsa/voPKaoRZTHi
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
eb43b328a9758ff38c22d43f6fd57fe4
SHA1:
37e7d004abd7dd97229f6799c7547abdd265fcb5
SHA256:
981d0d8e36f5c82727665b9da16b49be2140e37c7f1f1b4bffcfa72c6a963db8
SSDeep:
48:GtvYgbU5feDVX8cBwBRvSXjf3JVvPAUJrDCx1ZUiZfje7SZpW8KIxCFZnbFDdzmn:YvFgOtdosj3jbDC/ZUk/rabfn7SPgzMh
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
cffec95acc3a925db4f01a7b8d350354
SHA1:
56d5796fb656cac39b9f576461f46770f3ff0d35
SHA256:
47aa5424f39e4b10c467b8a9299e70c031687fd01d194b09be357261ba3558bc
SSDeep:
1536:8e1j7Mj4+H0a1YSTL7TCnCIimjq2Ybb9RLbDVPAVK38KQzN/m0cXyQn/YX/xoUMt:8eRAk+H0a1F7TCCtqq2YDLlr38HzN/Yf
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
048dce7bedd3fe6c50e4507849b66768
SHA1:
2364d1bedabb6cfaf719c709e77f06a6ba01cdf3
SHA256:
5648e671f1893220cebcffc712d8db87ab723fdac016d252728549f49eebdc60
SSDeep:
1536:HNin1rKFOBN6LnacfSz6PudGqYLNOklqtOjy8TdMadHYyf5xwhfN41su1Bc9Huf/:HNoYLaKSm1LNjqtOjFIfNcsscJuf+xmx
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
0c19eaa9857baca973a165d6f4982b9a
SHA1:
dd64af00a94495c2fb78c04d2be47e3db9aab4e2
SHA256:
bc0d8617d78f5ad00a59183086bbb3845610ece6f134b5aabfcea9d8f744157c
SSDeep:
12288:EaLYqwzReFlYYCgAn8IUGIpJdrr9OP1sgP8vuBh93kSjQYz5O7:E5qIReFlYseolQ1sgAuBMEQQO7
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
06474bb2b2055d9e1863e87c057004d7
SHA1:
47d4b4fbca41599c54bbca96be0fa5b9c778298f
SHA256:
79abb88bdbca993f0da572fa1c116a265c839faa8bbb3b14057d697076a0d0ec
SSDeep:
768:r2lT7Aj53LIMgAvbRa4Q6L8o47Ux5vVRxekdWWPt7l:KlT7+5wAv2o8o47y5t1MWT
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.OFFWHITE
|
MD5:
e338ade41d277498e0df5a6d4a11f76a
SHA1:
a3e1cfde48c183d9b5facb127390b1ae4414b363
SHA256:
80fad8cb20e7bbacbb4232a1a083fc60546bbd7dd7d1c1022d80de13b7dbb6db
SSDeep:
768:VEvwcf0L2+Oww31Wp85grSf4A51Jy9tPF096WK5c5r9Y:I1c2+T9HrSQsTy9JF09Qc5u
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.OFFWHITE
|
MD5:
0400f3a1351de78d12d39453201abc10
SHA1:
ced66f4f297d47431454832202d73b1828ffc476
SHA256:
b6f914a204c62717aecd48b4d3fde0e233134854bd4ea49445f6c7dcc10e1abf
SSDeep:
384:qnIXxbK9WKlFREnIlbE7kh+V65KBJ7KfPCadauXFrD749B/MJS/:A913RzbEoh+VmSaYUpCU4/
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.OFFWHITE
|
MD5:
6801deca0a63badcb7f983c5c076680d
SHA1:
13be6b9fc7ce8ac49a491155bf1a3225daa94d60
SHA256:
3a9838608bd95b262f13808fb13626cd2a2baae6686daa36d240135302d4e0b4
SSDeep:
768:Fzhu+J2J3HFwJ39HroxohZ+Z2vHD8CPELhQoXyni5uV80cj4vS+DB/Dwe/7VybUK:1XJ39sw+2PPELzp5aKEvS+JLHeaj7I
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.OFFWHITE
|
MD5:
a11612f2d023ccc330af23c847b3e9b0
SHA1:
be5a781fbbb2fcfb2baf7eb0c22f0cec245dd7a2
SHA256:
61086bb5162bcc47d91bf18b750221f3221fe21990bd0c12ececde08a7d58efa
SSDeep:
48:fwG9jHMheYCaNEfmaoMfDOYhmxFGQ5NIMIOF7uPrv4Ic1FiBZxSd2OEsy1xu:fFR/a+pAxAGPIOF7ukIcHiJSd1V
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.OFFWHITE
|
MD5:
77ec68cc43d3edb9ba1aa395a4decd12
SHA1:
5562c135919a3df4a18cd5d3fbf493cff5c8ce49
SHA256:
06a71cf9ba295a340d068e0ebefca43672a356ffcf2d0ccddcee270c574be2d4
SSDeep:
192:+tZJk4MKc3YjsGGoZG4peCCLyWRCvVVSOraXCUBfuRVfmjl2XUP:+tk4MKOYnG4peRyjv3SO3JRtmx2a
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.OFFWHITE
|
MD5:
7b918654af258fcc1c4c02c14dcf8e8a
SHA1:
c913f765bcfa670d075ae31e3fc37a60b33238dc
SHA256:
f7666e66fe084787002f028ae0e85548885bb8d7df8468b31cc60e9e7c4913c4
SSDeep:
768:DJRGhwkUlIueaeBVxrzvBsbftRWm+deaTNqMeP81+u6A0isl625Xumsonbk:DJRNk+reaeBVVOfOm+UaTIq16A0is82g
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.OFFWHITE
|
MD5:
f58141f22e7b0e01bba9e393ece5256f
SHA1:
cb9720901a3151ef8d8fb7878be2e9fe6d6b4d45
SHA256:
2f077cd51d02d7c5e5ad99be11b8b7c75543bc6ca00cdd0e509850bb35e7a11c
SSDeep:
384:viMFNIRkfcleBlPzHcfTosyulMdACt2u5IX/pSj2bdNdT9CfiVcQK8eH5AXIREQ3:6uNIPgzzkTEulMdh75YlBIQK8I5AXIRf
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.OFFWHITE
|
MD5:
2bbe67d7f879a1dfbda62e72037b315d
SHA1:
d6457e3ce93ab042b5cd0d11e8a720310858e25a
SHA256:
45c820ad5ada7ddb0691cdcb32dac501ebcaa17102caf8362a28b79eaf62aff1
SSDeep:
768:BrFwA0wh/XAXttcUnR1s7tV9Gv4mQXTJq:9aQ4qqRI30
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.OFFWHITE
|
MD5:
7fde497f5136e0c153c9f3bbd0d63dd3
SHA1:
964b0ad1ce576ee46f92722cd55512a0359735aa
SHA256:
60e6c720c408480e9a9cac3b1abb5c56e46e003ddee6489d197203133835a050
SSDeep:
3072:Z2l9oK5V4uJKCKCz0K3I15rRaKcBFvowiOj+Vy:0FDnlzj3I3r4KOo51Vy
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.OFFWHITE
|
MD5:
c987129bdb5ddb3985e16c17047b0a23
SHA1:
28b1f009e8ac4316c5719b9113de3a13a35acf70
SHA256:
742a89996f5eaace5b77af6b74d7eee17dddc77009541955746ff6da5fa575eb
SSDeep:
48:t152jVjkeSereD02Vm2Im1lCdh2sR7zTjKB2Bx8GQRiLnOo3h1mM:t1Q6N7oypLlCnzzTjBBeG5Lnr3h1mM
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.OFFWHITE
|
MD5:
e0a056a5dcf328943828bdc09bc293ad
SHA1:
721cdaa4cbf3fddddee74b770f22e44c9459669b
SHA256:
1082b34754c6a6331b14ae666cd931f67ba3c52ce75fcc3840002da2f7b8eed0
SSDeep:
1536:beEMxWHaAt3pZhVPUzSkveQhNZGV7EI94Fthbg0nXjPPjXylLRqysXRiuNid3VAw:bauzyxRhNZGhE5JkyXjXjXwLY6QiPA4b
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
cad7e8ca60a245b68cfa183fb9e3bf44
SHA1:
2868817ddfe2ca5fd1e4be54c4f7f1775ce59fd7
SHA256:
a0d6deb2571906a349d035ccf33204eae2add3e36fd1fbb14e9da55402391931
SSDeep:
12288:b82d7poxeIlycwhSy4ygMnd6FEHUK7qSECqOAcQjfevYzi:bPcgIk/MCvn8ET7qrZOAcQFO
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/588bce7c90097ed212\1025\LocalizedData.xml
|
MD5:
2795db6ae3b92954884d25f88aeaba4a
SHA1:
fc87a33575491f4735230c267a2ab999dc6ba9da
SHA256:
ab619d79cb61ee499a39e69dca5531909c3388cf7fe7015e3e79c39cd2b61f74
SSDeep:
1536:L7xej5b0OXLxT8FYVXv+eGPr2eXCkU2vTQWfyhfDaTBLhnDkXG:vEtAOXNAF8XYD2yCkbbTahbkRkW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1030\LocalizedData.xml
|
MD5:
74be7e51096032253bd72addc740fbc4
SHA1:
59b4755be2ede73542ab67ddfd184f6c3fdc4ade
SHA256:
ba408a37866ceb0020c77f1eb8a76fcefd893ece7d1e644d2360d644694a23bd
SSDeep:
1536:DZw3yXXHcaSXreyGcYHq+A7myC0EoMpSLdBKJSR9BukRIrge0eitYMIe:23sjdKo4Eo7LdB/4WIIeiGe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1031\LocalizedData.xml
|
MD5:
244d2663f85912b8fbf4228661b6e56c
SHA1:
0f2c788442fd2034dc2dce3aa64ac9df4cbb6776
SHA256:
503330b7ef460d47cb48a3f1f006ce455a185d8f534685b50f2d75cf4da59919
SSDeep:
1536:nJxDoyFp22RB8Mml4F9LgaUMcFt8K+kX7SPlOBjqrjrzG67W:JxDV22AM9UMxK+bYJqLzd7W
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1033\LocalizedData.xml
|
MD5:
3f0fe40465304c8031b96d7b4494d320
SHA1:
a6cba249ed0292d037b77aa3a6fc26748c4798cd
SHA256:
12e2edcf50d08cbd985263880620446226e177fbb528fed9631792c8c159e7ad
SSDeep:
1536:Y6D9xT63gCZXuA25QtZHUitIiw1PjNFPhpaFHz8uUusGEXM:Y6ZxTApuq/FtIiwZTPhpaTdAc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1035\eula.rtf
|
MD5:
476c52b0bc43e461f33e48975d7e2a8f
SHA1:
2f5acf54d9d0f8004eb3ffda152cba5c72e59ebd
SHA256:
7b12a27c64657570b836d2600a0dddb17702be260e55115a9d0d303c1ad04f82
SSDeep:
96:k1Z+urJ5Wd9QtUAENju67GnMUoX+eGUOxSixvf7KjD2tEkhdPO/o:0Vl56miAgK4aZHzxr0ytSA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1037\LocalizedData.xml
|
MD5:
3c28e167230c38eb2fa9955cd8d6e297
SHA1:
0f077001dc451e2cccd5ed1395375be75c99d5c4
SHA256:
50abdf7319fbb6063a0a7d9e9a53a313b8ecbac0c99a548d053774c4f419a036
SSDeep:
1536:xPeuoq2/MvvxlEpMrHaHgAOeJTaqAzjbe/fi7bwJ9rglbXuKwu:Yz/MvZlEsYuK1Azf4KH6RgBeKwu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1037\eula.rtf
|
MD5:
9a4691c24bcbb0918e6b602d93e7d3fe
SHA1:
9673d60fde59b347200af80294c13acd9d7687f6
SHA256:
66ff83cbc7a2eec402e56bbb4022eb24c344cd0aa4a697ebf39f93ea3c95f9d0
SSDeep:
192:qjnDeU2ekDjtQQi42RIaPKWQTz1kc54fnl8D7DBG4iy1D:qjDeU2T1QZR6z1k3KD7s4n
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1041\LocalizedData.xml
|
MD5:
1146475b80cbd99c6a80bf84c214c722
SHA1:
5d27e117b51ff70306b48279cb4ae5bd1d13d456
SHA256:
ff743874c6887ac181c20ed366ecc169155df100d1753a1eaa23bbc2045ca782
SSDeep:
1536:8D0otFrWaJWuquA9/+0O1zkogPpfIYbeWIDv+Z4ehWf:8gozrWaJTquA5c1oph3eBJ6Wf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1042\LocalizedData.xml
|
MD5:
9a238b67b50ce64903ef791531b5cfcf
SHA1:
ea5bf0cef82cc5ed902bd6d96b50a664b7132591
SHA256:
1119e9fb521148d0842ba8a87396d3c98a46d61d5b313bfd3af0490cf0e50c1d
SSDeep:
768:eClENgM4Hw20a/p5q00D+VgNWVfdgcOgKoNy4Ecfv9rY2yC+ctXlirBKiSdY+EVa:HONwQ2VXUkdg/M8EeCpirBKhdr2pVlK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1043\LocalizedData.xml
|
MD5:
6e47dbdf54c1465af8f4d1a7e12e2699
SHA1:
878b65e14f50b29a8caafd32630d49290e758ec7
SHA256:
a8cdfcdae5b8fb49f5341d0993f39cd768e901ce6d05c10577a101d9a98d43d0
SSDeep:
1536:eXL9x1m7VT61bWEVHxNuy0sOaaz7IeY74kCvYYxuEPv1DlaZrqHOtWk8N:EfuQ1bWwRNuy0staz7IePvJx3NDlaZOf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1044\eula.rtf
|
MD5:
ceb5793f8216d6804891b3c80d39f895
SHA1:
284d4aa4cd7a413fe43b58a587583c13e0f97c1b
SHA256:
a02f628f2373b74258642adc405d119d8dbda0f04028d3d159f266c76aebf630
SSDeep:
96:VImm5+mJri8XcIfglAX3+u4kWFendiztt/XBHH9QqP:S+mJrirTl63H4kWFRztBReqP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1045\LocalizedData.xml
|
MD5:
65c6b95fa74222e9fc29062b93f69609
SHA1:
461ce55ccd2d0a98c5d04e84f34107fa0207eca0
SHA256:
7e114e47fd305954d8e40da41165586e8d788f16673af18a345254dd1f0a3ded
SSDeep:
1536:Ltl3L58WTMI5hiMZQvMPbJyniXBAuEFZDqI/v8AHrG8XblrVD3uVaqEg/vEK:L7755hLZQAJyneWR74WF3u2g0K
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1045\eula.rtf
|
MD5:
0e7245673fea34e03598645ed280fad4
SHA1:
2e1f2d294798fb9feb2723891672a10d10c46172
SHA256:
c02a21d9f2c62bf297ee6148ff09eed98ec7bf6d2349e5f2da2fa8a5b07fe7f6
SSDeep:
96:I68Y+3e4Sqfwujzx32fQL033xsStBEYDxdxfSPcJpNCLJELwIRPR:D83e4SNe92fLxsS/EwxnfS2pN8JqwMR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1046\LocalizedData.xml
|
MD5:
7ef1c75511ff59304fd9e90a1bb9e1a9
SHA1:
f8450411861a2e29e3eb206ab53696c9a263d1ae
SHA256:
6e279375be44e0b810e73e6dd57448d1b1cd16afdca793f34978de5b193b1fb6
SSDeep:
1536:86RpC6XYH5VL/2Uu2Pe04T2cDMlQewRZUcoJkWFlp7g0i/6eVgCzVQ:86RpKNRZPQacDIQe4ZvoJkWhHi/m
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1046\eula.rtf
|
MD5:
21f740b46341a68757376e8ad5ee2727
SHA1:
a56f1cc322325c4392fd09a499157d68a8f4224f
SHA256:
03afb4c37189aed5ed7f0e761c16fc285777be12ae48cea36092ce9d5c0a38e9
SSDeep:
96:me+QzZQAtG6r6V2VAO+UOSpqzgdPUWwdXAp6aQh+hW4Jr9Bo:me+YZztG6rc2VAO+cTdPU5a6Th+UMrA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1049\eula.rtf
|
MD5:
4456de2cb9c2ae533bbf355bdb7529e0
SHA1:
245612ac69222f475672076b841de23a2e4605c7
SHA256:
6ba02ce06c6d161d87f7ce2c78243c0e7576037068cc602db3fe5f7b8e3f2e4b
SSDeep:
1536:3fwygOB+pvn0uJiNDz6RAbIkdDg2hgNrL3toD4cR:3fngC+Fl8DZIkdZGhLmDDR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\1055\LocalizedData.xml
|
MD5:
94742ee0a13e9ee164900414e020ec15
SHA1:
14c474e56c22f810c9246a839cd33475b063902a
SHA256:
78407f4fcdae84d2e3691ef711b30c56198c101d844b754ec44454056051ea7d
SSDeep:
1536:T+Vv+bwRoU/M+YRtP032FHzQtblZoUbTlmPFQGoueV:T8WMoz1f+OTQtbliUHlmPFQGo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\1055\eula.rtf
|
MD5:
a213f45230b642d250cbce761af658fd
SHA1:
919f30353be2d09956285af9cb91790c390577ed
SHA256:
f1f8558d2266f04eeeca6f095edb70428d695e60b11c72c74ad5b11ec13b299c
SSDeep:
96:S2P7rKWkfBxy1i5Ejah/baUXeoepBg9IVz1Nt34Q7QlVxOY2hXxuxpeqPs:vz2Fpxy0WAeUX2BGIZZ3jyjCfuxpees
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\3082\LocalizedData.xml
|
MD5:
036978dac528b188bc116ab6b5e83ee9
SHA1:
9dbb6c8f0437bce703e7563ab4011d54536fbd03
SHA256:
b446e4db93d9d1f26f0d904b67624b51f21aad8fa265d83c3622a62c3f4a9eaa
SSDeep:
1536:YzzwcWHiw1JOG5Qf7ECHqdEuJwYo0vHJ6wg+n/jUWsqHfkvIwl1CuoZRrehqV:kzwcWCGJOECKdbGngppg+/jzYIwnCu0f
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\3082\eula.rtf
|
MD5:
34a66df517ac3828647e87b1ebd349c5
SHA1:
fe95482fd2ed6c428681352c839d8f92a1d6f51e
SHA256:
066333795ff355e9ce77c9b55eb4983f452bbcc70632d1be5c1c04c87460fd3c
SSDeep:
96:CF2Dju/c+Wxq/x9pZXD/x54ehf0fmos9Nt8d/+:CFQyk+Wkx9p5D/x5Xhf0O7t8d2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\DisplayIcon.ico
|
MD5:
a1408cd7a5c134e6b5ff9cb2c37039a9
SHA1:
2a6ef97ca3743872706bad231b4004f0af55aa1d
SHA256:
3b815a1615669c6c1057b1bb71ad2e8f67b2a16f2a249689af563a5692d34a04
SSDeep:
1536:D3fxy1JWCpI86DOeVAyuSzIyG2w0xxtU9EJMBbBb0niv4IRBw1DbPjcgHAPTO:xCfy8yG0xbeEJ4Nq1DbPZHAPC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Extended\Parameterinfo.xml
|
MD5:
144a2a9db8f8fae6a57e8c17e4d7a9e6
SHA1:
14c0bb3af3adf127025cd54fadf9be9e027a856c
SHA256:
672564c6756b64039b03db107d2e84597bb75718b6a632b6401b22f31c5774b3
SSDeep:
1536:k1ThnHpX0OOC7FuDmZTtg43ApaaO031sJ09GiMnIb5sdD0NiD/tn/1Tn0woMnyW:kRhH50O/uOOGObFG0UJIb5sUir11j0p0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Graphics\Print.ico
|
MD5:
00e4967e3b6121bcecc81d210323ecca
SHA1:
a62e53e2f66dd94af6014c4f70a376e46ea5e666
SHA256:
951d86d9e1bc37b9b502fc7c1056c375649f881520b6e7e4793c9d9c2a648433
SSDeep:
24:2Hg6hTdHRSVAR9IYMUBUB5ftctVHxP7mmT8+yeQwypPs/zAg/d3X+qCB1x7LBvv:Gg67oVUzq5lctVZnDyH9Pscg/Bbu7L1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Graphics\Rotate1.ico
|
MD5:
bf9ef38f23aded501d42fc80d257f053
SHA1:
669f5071ddad9d6b10a430d9ee2938f551a7125e
SHA256:
547b3fe2ab7c0d5ef831f7d5d187bf81d73a9f27236d2407ed17a5ad7282e23b
SSDeep:
24:xOySPDXvojQuMa+owr86smYBsJtNwXoPaXLOIyYE2SrGiRMuim/6xeQk/X2lk+02:gVvojQ5a+owr86HMsLVy7tSrXRM3gOVj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Graphics\Rotate5.ico
|
MD5:
79bc2a1df7ca8c0e24c788255a4e95df
SHA1:
8d2bd2363231baab0c4da4bcd59e5886c65a5018
SHA256:
1fec43ccccc0057fb4cd615c8336f2454760844a4046c95b951ec1ed77abe9b3
SSDeep:
24:X1EvuwEzn2DFvmzynod4IYjX7tVgyUMgi5Ll80AJf+xR9/hzbfjYJMof1Hqaiy2O:XuSzCFviynod4IYPAPMgi5LlRm2xX/h6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/588bce7c90097ed212\Graphics\Rotate8.ico
|
MD5:
ab8788961f5545cfafb84f54ce0906cd
SHA1:
1a7f83aa84bee888a37c37490c7cae0a88f89621
SHA256:
05e0e9856d0b1eccd1a4a99f8b25a196820c3b5f3828a2da06facf290da70c77
SSDeep:
24:ShhX3PwcRBZ1bxF9Nm4VHtX0wFbszE0/jX5Ein605MeVzzRsSK/cg3uzU3fqm:ShhXImxxHNmGXJszEgeETCeVzzRsS/gR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Graphics\Setup.ico
|
MD5:
35bf2af37f2e659043d56e34ed6b8583
SHA1:
385b9dbe74407041f76a2811142ede576b852370
SHA256:
f4556ae1a4b81e9abe2fa67162c3171500e88d407c4220c8d8f7dd3ffd5625f5
SSDeep:
768:eBrbOjRTHNMHj1kreywrxcGrmDHwOBupfqr1Vo6PcRv4Az:ed4Ra2L0pQuhqLo60RvD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\ParameterInfo.xml
|
MD5:
b76f5fc4ef5caa34e6b37cc66cdb097b
SHA1:
bb5c7a25fe49271e81637ac514984df0940584df
SHA256:
56d65c7dac239ed16a619784bc7b475d8a16a12f4a6a352c62cd9e684d7fd231
SSDeep:
6144:roQ4yioHQdATHT10x0cYeNDoSVnQl88eb+LLKqtFNbNGVWQU14ZGS3A:rDrHYVYKW8JcFvxcB33A
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\SplashScreen.bmp
|
MD5:
450640334b56bcec5686bee2140901c1
SHA1:
66623314f5b6669a4d6c11b7ee98636642e79755
SHA256:
f2a815eae66019284319979a97cda05ed8de02f34bbe26b6ff2b09eee86f539c
SSDeep:
768:c/WwHDXxz7Ce841Upt4LPhIDsvDAFuRbWBc2WbYe0wjlTevgxc6gdDs2kVtx:c/xHDXxvJRqpsID8DAeb4c2eYAjlTeqV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Strings.xml
|
MD5:
8b7d800adef27b8cb62a32c41ef00505
SHA1:
a285673e2ccdb656774658b5b7b910e653f46101
SHA256:
82513a0ac919c174e795dcea264930de869cf897fddf8551f983d3358abaea69
SSDeep:
384:vcc1j2d2d6BYH5ZQ7jZ2t6B86F5pW1FVgINA:l2IvZZQ7jZ20BfF5pcPg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu
|
MD5:
f1ec8e23a95d283d424242c5f8ce0213
SHA1:
745f5ed5594687a15a3dd4e650d21cf690730ba4
SHA256:
eda2de6fe69631d960856126128882f8a3de70907ac730d1220b549142a3c510
SSDeep:
49152:R3TUa9kJf/7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0eH:1oa9kJ7To1PAdXZzKUYxs3pKZnKxfeH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu
|
MD5:
081642dd96048f60909e67010219a67b
SHA1:
ce08cee2ad7e2dc1aa786de1065cad956aad41c5
SHA256:
451adc00694d8c985d6fdaca55192948430747585922028d7ccb2932a2de9e4f
SSDeep:
98304:WBVwq6O0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCi:YGO7BBHTK8KXZ4UuY1kB1iKFKm5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/588bce7c90097ed212\watermark.bmp
|
MD5:
a332b059fa0154f0d4db54322747a187
SHA1:
451ea4eb885064e8fbcfe916940dbe1cb3c6558b
SHA256:
fae8b664df020603a3b46a0c1a8269693a963d360f69a90f085a0a3006f87e72
SSDeep:
3072:avE1p9r6qsgPLT9BQG+egUZoMe1wlKb3pDgnuSZMTz1yJce9:b12pcf9BbgKGqKb3pUVBT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Boot\BCD.LOG1
|
MD5:
2bbbb22c5f24ae55f5debd510bce794f
SHA1:
f347151d205a03a378d698dbd7ac46a9d09c809f
SHA256:
d063e5ae407096d935d59c19f426ddf1ed9d9a0ce3425670c098c777d6f3030a
SSDeep:
12:lDfOjm9TEtrEapbLtHyGSH9327s3wdK5kUH7SZl:dfOy9HappyCUwdK5bH2l
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Internet Explorer.evtx
|
MD5:
0220c6e8b300b15f95f50a879aab63d3
SHA1:
81419fe904fc8c78fda95e15474b1e17210c64f0
SHA256:
09a069828030cbdaf08e937177393868cff6664a029c5c0f847aefa08f156faa
SSDeep:
1536:D9jY0tBTrh+A+/J1P27zkXLXhwovDrYuE5CZ8+g737RHCUuy3xH:D9jtTrw/JBczk7eoLrYuE5CBg737Rr3B
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx
|
MD5:
05d0d5518c9455736eb159af6e37221b
SHA1:
0ad11ef336a68d85c187d78eb73119af121bcf32
SHA256:
3e879bede2174dea7c009342826f8593ebb47e4cd034fb643eb9d3951d7d06db
SSDeep:
1536:lWWnVi/Q6cf4fI5t/JHq7KBt7Q/qYJUM739YTu4rJiH4+/Bpqp:HVfpKKBt7Q/beGEAH4Uw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx
|
MD5:
1fb657c98e45b20f7d898e5b77ab792e
SHA1:
5764631b19b618dfadb79c82dde9c9000c832ed1
SHA256:
2df8c561929ab36bc1a110c8061987dcc750b444166bd11384e0593c2d46606a
SSDeep:
1536:VD1ZYtfIiXZsg7HlLOqdk3bAB0F28Q/qgyAgKlsO+L2uz/1Gdcre/X:3+JJHtOckC07Q/qBKP+hkh/X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-AppReadiness%4Operational.evtx
|
MD5:
c18bb4fd5686d1db4f9698250c4b0c76
SHA1:
f7e9e4f1461acf24ab0f5614150cc02e6f1e9533
SHA256:
08b42535474cf74aa2d1c77904ba8118e540795f50cb1423ebd2a448b0affde2
SSDeep:
24576:GPZZ4p7ZOEcHRgngPJED7kVuAEudpzOB8e2fq8vL:QT4fEggYoVhfzOB8vpvL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx
|
MD5:
2c0aae0227afb3e72fa309c7471cb558
SHA1:
957507bb697beedcbc9d1fae4eae059f76474f8d
SHA256:
6957d6dcf3496cdeb4ffe42b41e36c11ba0413d736dfcd356bcac76020a4861b
SSDeep:
1536:b5YZrclBSHrA/ICq3xoumMpiczNc4KXx0S0jcCp5tklS9x:lYZr+IHSICyxWmicG4qx0/T3uA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
|
MD5:
2cdb45723047481fbc0e6dac39a6b7bc
SHA1:
f091e8339ac2c1650e9a8535b775fee0138a3d4e
SHA256:
2415cbe47be3d6891be25ceeb891144a3a654df84daed3c41a12290836e4aa45
SSDeep:
1536:WfawQ+qzF5bXHNHxdNAcFPhN2BL/kp19o1yI1pTuauWhfX:WiwQ+qT9HacFPrQL/kpX3+VhfX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx
|
MD5:
d847275337972e20e42be66a888e4972
SHA1:
5ae68e25f82710298367f4ea892f378707b39708
SHA256:
05576eea4a530a50f15448a834f440dc504196627e70275ed35de9e90e904356
SSDeep:
1536:aSG1/i0bTMcL/LsBYxWmBA8gu9FWRURrzxZTWfh3oPUj/Bpg:IRi0Uc3HWmBPgu9nzP62M/Bpg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx
|
MD5:
d9a82a301695b05bfb70709b277eb877
SHA1:
58b4c03a0a4d920bbed67f2f94c7b60b51c0320f
SHA256:
d97b6c57a9feb62214a29e63259bdc36f22d7f03d427f76900a32ac632d00c80
SSDeep:
1536:TkEg9S6MzXU4CsDjv0F8pt/KmO6fGaFpokbIN+paM+H5M:JgBM2sf0Wp9Lrxykoe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-International%4Operational.evtx
|
MD5:
99e892f8c2542755a0cead06659c0186
SHA1:
91d78929eeaf38cccd86cae016c8785aa7924990
SHA256:
e6d82f5ef0766848c0c38a4ca60ac148c9a6c9a15c2d5772d649eb5ee154779f
SSDeep:
1536:sQ6svF2zTDWuBTl71yBzJaEUcdH3wybF1aBs96vKSf0tlWTdNYHy/++:sQ2PrRl71yBzJPZHAyF1aOkKKMufiy/d
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
|
MD5:
f483a60332062bedbd5200285623e8a4
SHA1:
909e2004af4c7d8eea285a547ade102a27f530a5
SHA256:
e1659ca5e30243085cf89e9618dea15e049c8fe09b238e391985b8c39b7428cd
SSDeep:
1536:80BiuzFpoKC/+fevIpRX8k+4oxg+9+ZpOxqGrV5Pt:80BdoKC/+WvIpRscoC1ZzGrDF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx
|
MD5:
137173e0dd42e0fd96d7705c65e5d2d4
SHA1:
d139513dfa3ca0047c9a6f4b8003aadb13bcd258
SHA256:
247f26afb077a70a0dbe955d7300891232671abdeeb62261167b50fd3376a783
SSDeep:
24576:Mh/U/BPGT8MrnpcWTdS7b/d38p6FC0/eBw7i5/Xq:MGZPOrnp1I7r+KC02K7qa
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
|
MD5:
a8ebb1e7b45c14740fb729935b348b9c
SHA1:
60de0ffb019212cd96b6ace1d3d23247fab18f02
SHA256:
e7fa63981e1e4964fc10136e6aafa8d49119a8ba6ea42b75da88e7fed22214d5
SSDeep:
1536:gwP9iUcZG62cSxwpE455p9NFpb+UJlnzvfqInwGWsQ:gmiUcZGffxwicf9N3/JdvfqInwLsQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx
|
MD5:
5c6b9177025d2b995503dac33df2b0ea
SHA1:
612385712631f5f5441d7df398eb49bed3507d61
SHA256:
7ce053bd502b484333c1576f879c8931ac928982dc63cb61d2d47be5cb607ee0
SSDeep:
1536:XS0mZWD0/x3Ku74EinMbCeYG/21dtxLfEnikO/alBm:iTZB3X7piMbwqqZexi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
|
MD5:
39e5cb4169698241e6f4060770c68ca5
SHA1:
4719970e9691c852d8b0785df381a495900668de
SHA256:
56a70876fa7e2e6d9d4d2dd2636ba673beb5a6983351f7e708cf7f22e98ce478
SSDeep:
1536:WAYjxxZc6v2Owwss+4M53GZyE3emTbBOvPEC7u:zYjx7vC6+0yE3kvPTK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Known Folders API Service.evtx
|
MD5:
205e462024f4d7e3198eb1f1b6e05184
SHA1:
03abae68580b6b07fad79f17eb65e3242d95d961
SHA256:
2fdc842e8d75440ce43525379194dbc8080a7f41556da64c6680e146a5de6610
SSDeep:
1536:aqyzTp8lDrnfgRm6fT13zAhWpGyoxLWxwAgHsB:uzTiJrnIRBfN0hWE1hcwPHsB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
|
MD5:
a269b5593660442d789e5401be8f169f
SHA1:
5d63909b5487e4752eff0c268a16b8c62187bd01
SHA256:
04b940856985db4a8858b627939591f920ec3f907b6eeef68f879d09925f2d69
SSDeep:
1536:Qia3COa6COyLr3d+9e3FZ0h137xPTonLAHO+cIAHG+2:v+COkt7w9UFuhnTceOIAHGR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx
|
MD5:
dd9d1e47a9e6c9763e3295ed1df39dc8
SHA1:
b2fddc6683e85fbd26fef47a1259a4318917ba9e
SHA256:
725a2a41bce9e2198d84bb3d5d10877168f21a49c842f38f36bfcad8ac7d7170
SSDeep:
1536:bIep19S49pO2Nm139fc77FmBqKY60gDuCrnp0MECtvDonYOemcCk:bIs1Z9XQtfc7WiCrureP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
|
MD5:
9543153acf6a997f8067412fce4d2caa
SHA1:
4469e04294697bd5212dc5bf937a9fcc37d94bec
SHA256:
d4e262e43d2c7719d7ab392eee98ddf04ce54fb4d465cf678e8d05edb02604cf
SSDeep:
1536:DFqwcl4YWTFWjrjJ1h5wUSchBJzMQLVR3DN1grKWtaQ+p:9cl4Yrjrd1hCDOzMKVR3DNuOBQQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
|
MD5:
7ec50e1bd873f71c3a5128e477be61dc
SHA1:
af7b476057aac4c35f91244bf9f8728627a3e261
SHA256:
27e25af7fec90e85dcbc3630ce121e02100187e7b678af918d023918cb9a8b07
SSDeep:
1536:yHoHgeJdZqu9rG6UXByK52O5gEODBh4VQRw+1MFIZoQs2rT:yIAMev6URyK52EKBhGQUFIseT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx
|
MD5:
c32cfb7ef4fd93421615f86dfd6f8f09
SHA1:
cecc028e3b0d4bb0d897f7324e86808ee3eeffd8
SHA256:
926de032183045039fe4acce26d1d421b87dfa8fa9cefbeda543e6ce8b7187e4
SSDeep:
1536:IYaRcepCvoWilYga16tUPfxqnd70/yoa4MDfzpl1zq5:IXRcOCvoi6tmqd70/tahlM5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-SMBServer%4Operational.evtx
|
MD5:
95133c375190fb9a50770b1fe2f10655
SHA1:
93fcb2887c6724dff60442d60bc5ebc79ffa6d6d
SHA256:
95cd645ced23b5a5041223da553487118e50eaa55bc1917bba2ea39b806d480a
SSDeep:
1536:SkH7zGJ+e2DMVMIlud8J2SIZmzCK9ypHjlQqpTFXI1:97z+vr7l5mgN8NCq1F6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-SMBServer%4Security.evtx
|
MD5:
f10b54e3664dc3c2baa38552b5e6dcda
SHA1:
a2df18f71b58a984e6af6361b4ff4601d93604c6
SHA256:
9cb8e971ccde2e04012d26b6c1b60e04d22b69aa1ab586d6dee6dab18d2ccba6
SSDeep:
1536:ayhJ0j6InF5+4hkivn5p/cu2nnfGTLHMiOaTzfGXU5tS80SqvL6vf8w8zr:aasF44hkivn5p/6neTLjOCjh5t7/x4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-SettingSync%4Operational.evtx
|
MD5:
6e2d13f8ae986ba085e3171c6f779705
SHA1:
50539f27eaadd699a9be21fd12213567d6cbcebc
SHA256:
0b3434d7eb7da5e6a28bb0a2c89eec5d9c814d72247adff966d29b74642fc006
SSDeep:
1536:dDmvPGukbxQOwIu/VQZR/rNY7/VDOeF0XoKmhn40J2D:0wAdaR/riKYKg5J2D
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx
|
MD5:
cad2919e9768fbb021ea0109b7cc041b
SHA1:
f2b0857290634045fcec5470ec4a8d94818fe986
SHA256:
34a8fb9fe1dc2b507deba70523fe1946d0c75a7ff8387ce996c91688a1bbf06f
SSDeep:
1536:SDHi40YIw/uMeRAjakdsMZKSseIJHGzTBwQyOeh:SmLaug2kdsMZKNPhGzTLO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Shell-Core%4Operational.evtx
|
MD5:
b639d31b65f5440611fb6f0de862fd9d
SHA1:
3cf7599ddfad0967686c0d5dff17c4ee084895b8
SHA256:
de3d9161d4700c9dc1c86d2aec1c0d9163c7c513ecd796c36d59df22bc13dcaf
SSDeep:
1536:b2s++Lv8t87cAoWkGS3P3MzQkpcGWxSMZa62k4:bMwV7cOS3/MzyGWDZaN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-SmbClient%4Security.evtx
|
MD5:
7818125652c65dcdf4c0e572eb5401e2
SHA1:
cf7f0c4ad64968a14d470a8d39b0a6f825d3f2bb
SHA256:
cbbb6741c5f6021558dceda84ccbbaede60be5820994c64309d7d31717e43239
SSDeep:
1536:uEezCqv7t8ym0RavfZ2dtwu39cGw4vJT2NEDpj:XCCqfVavEdeuNQE1j
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-TWinUI%4Operational.evtx
|
MD5:
f4474126f96cc687edc5b6dadf140da8
SHA1:
0fc7b1b86be0d85b55c4c81a8eeafbbea1ede799
SHA256:
a5aee161f44678d3b3c521a71683567d8d5c69fca3c877a74fa5fa1e92e6e6c1
SSDeep:
1536:dpmc4o+nUrpPfZA1q80YPRkSgZ+froXLX74ZB0N/se1MVdFfwU5y6a:dpmFo+nU9XZAs8ppkAjob6Bx7dFfb0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx
|
MD5:
d9d024c9ec16056af26a394acb3b8120
SHA1:
091d992097738dd8b63dcf5999e97a00d5660357
SHA256:
39577ec070e4a8591998847756f0167403ea36e135c85c14cf423b03813df49f
SSDeep:
1536:txT0LXgOllIA/0G3ZffIAnvD6RiUwrSOEFALM4BMkMudW:txT0LPl2UZf2FFAouMu0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
|
MD5:
5ee268aac205d561c606aab988492d46
SHA1:
8149358378e8bed09cce1c92bf83214cda4a1318
SHA256:
667ed4d84ff9c95ca06a0c20092c3703ee8cd3b8dd173dcb4a174fcc35d9e5ef
SSDeep:
1536:Hv1EUr4dUu0B1fq00eXR6x6+RLB++fYeqBy9Hm6KDu6nsYEm:HvqUrOUP8e4xbB+iYz0Hm6KDu3s
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
|
MD5:
f57349ecf2c193f276bcd7833d3b74da
SHA1:
2d75d84ca266c552b98f5faf7583408829473bf1
SHA256:
e3f9a975d89cb487b75f7253231635d38c58411a03c1918cb9ba8607817ed5a6
SSDeep:
1536:Nnd3fjMTTjkruUXrxTcOpF19lmBM9XbC55yWzWosQu2Gx/q:HMTEruU5xjh255yWz2B2ci
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
|
MD5:
071c47bace34206ede26a72a120a11dc
SHA1:
57bbcb2ff20eb1308845ab28170f22640e360101
SHA256:
ef0ebbace749a000b99c612afd2c72bbe613d9f7a03be172db654f57f1929e43
SSDeep:
1536:RjJ+FLG+7s6Jr3GyfbtYFSzaSYLm9cOsizYqNey:RjJOLG+7s64OhYYaj/9vqx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx
|
MD5:
6d169fa013aa6dca0114f570aca6434c
SHA1:
ac76f5146221b32807bf653a20670286b9da873b
SHA256:
8017f6200857c49f8cb4e364fb5488cee8ff0de606e980477af0f0701b363c07
SSDeep:
1536:OLv0ssr2yQmNXQLMepRwXuBXzNalxv3QKFgx3ZGscqt:QnsqyQmNgYORHBZXcgJZGscw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx
|
MD5:
6883950e1534fec89823247f45b3b8c6
SHA1:
534b89aee26dd1816176f9ca66c2a1bf39965b90
SHA256:
c6f2e89c05833db2eac3d28e364eca08bafcc175ea47e208bea9b7530d183e81
SSDeep:
1536:5NSwV+alzCZHa7fCNq0wgWu3YVmwyG0oI79nGql:ywoDmCNqDhu3HwKpjl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx
|
MD5:
808c14d2bd42b706a8547d7ddfd3e228
SHA1:
d7009cba890e427a3e22cb2262c74c98a50851f7
SHA256:
6250e4940365a315a27a766739e55e8051e072323beb07f390a56d3157ed7796
SSDeep:
1536:texwj9RK/kR0V0J3iRodKh3WX5A1L7ZR6fwkf+DddkFb:a8K/60V01zdK2Uyd2do
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
|
MD5:
982ab5cad165e9fca78c4c46b0cb4ba5
SHA1:
beb982a36ac687568a07b0a510ad94d0e9d82429
SHA256:
0920f3c37c83d0d3884bb8aa98d927144dbe9d39994525f8a65c79661f52c084
SSDeep:
1536:caV5mjlbPjK7tPG53gVTVo2mQZ2SpgPHT0QE8kHIy:cazozjK7MtgoeERtjy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
|
MD5:
13b77cd5823c52aeb76daee96dcff66d
SHA1:
c23705e99c335c2b171a14c7fc8fef0d7df93dbe
SHA256:
e28ae9f6d36cedae8b02691314f5fd7ddea94244fe25fd0dec8678910f41549a
SSDeep:
1536:+o5ZUGw1u6VE/3H2lNM8KceERspeFZevF+sjtkkXKTgJDAOu18dW3RW:R5ZFmYPWf52ZpeJ+ak6Tq8e8W
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Logs\Microsoft-Windows-Winlogon%4Operational.evtx
|
MD5:
b3c87b933564618a125d9d014873910b
SHA1:
5cdafe5205ada106e781ba1f98978df90bb15e88
SHA256:
daf5327d66044af36e7aedc311ac69ac8e8f5430e910eb89b0631a52d864cf3d
SSDeep:
1536:NolqijU9M3blthK8VsEqoOBLFkUk5bMlbF4iRGT6MkmeMrJq:2q9qLpstBB2bQvG+MXq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:/Logs\System.evtx
|
MD5:
8f8fbb5edfcb5158beb997e7c74c8dcc
SHA1:
162c690100d55bb9b625e2549ffccd7dd5fcd743
SHA256:
a4c34097e35610bc2c6a09f15a1c965d6300ac474464aa8f782b58285d5c5867
SSDeep:
24576:lVgq5Ysvdu2J704IGl+ncr+56l3FCTCoJD/rg5rXWibto1:lV5Ysvdblacaq30TVg5rXWYtG
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Logs\Windows PowerShell.evtx
|
MD5:
ef6c937a87f96fef5a5b14dc5653fcaa
SHA1:
f8e3183f7739fc0f7438c1fefd3feb552b509545
SHA256:
ec96c000b9acf4ade4c3ff00aae5d674320de041c70fb7ebaa801659d5b463bf
SSDeep:
1536:h74FuSDZ9lOQ+hjU5E/XfESefpsRIJzi1Ni3rJcne3Xd8:hMsxfmCsTXIri+n08
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Recovery\ReAgentOld.xml
|
MD5:
31452d22c73dfbbdc49e9f40a3bf6672
SHA1:
6f5ccb9f31a3cda44ab968598b6ac971d4d776b8
SHA256:
2a74351dfd30f0aa7e59a430bcfff3c9a966a606d328d0fc625d808853147482
SSDeep:
24:u1ygXU4lDB3o+9Pk9fsVuG0Ks5WnVzSn31ZBC3mUIxLAL3FnigZ0rN6uSpkO:u1N5HisVuGuqVEjBC27OLVnjZu6uSpp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\s641033.hash.OFFWHITE
|
MD5:
aba80a3ecc3b2a6548a54b506441256c
SHA1:
861c5efe6dcec470f03bd8c6163ce1f035ce2360
SHA256:
0444c8b103305ea61aec27d45f68ec0b79e5eab0958cf0b00e54385dd1487fb6
SSDeep:
12:dP7bWTHcZT/lnIEIiVjVJYjH7vsNSp+7zZt3CScW:Bq4lpIipVJszs/CY
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml.OFFWHITE
|
MD5:
d256f66c099cf1e5926373a0adbd61c7
SHA1:
c20fe19151b27e81095ac3133bdbbff46eb71a88
SHA256:
be8b42c7ad0f6e56bbbb1995cdf21989fcfd890f156e5bafeef5ca7bcf90f97f
SSDeep:
384:Bh55oOYteJBBLahbgs6v4xPvAtVV8qQZgOxRwSNg4Z6n+GwMogBjTmy361D6Y:BhjobeJBBQbgs3XAr8gaCS7Y+kjBTJqt
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.OFFWHITE
|
MD5:
3735de7c72ad7f9bbd4f5ed818b0323b
SHA1:
7883c9db6e7245ed5b50e4e1ff6509082b39a0ed
SHA256:
0731738a6b90170c56354272e1a2c84cf2dbb49c7e85629912b1e8374532b3a6
SSDeep:
24576:rD4DkV2lykddEqylsz/phLeZvKErxJP6gPAqHoENusUsWwxF7BJTQlDufC5WnoPx:34gV2QkddAs+hJPjZAA16DF40N
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\s640.hash.OFFWHITE
|
MD5:
1cb4938365cbe8bfad1593d28de25251
SHA1:
8a37b47d62bfb602ba2453fb570161669908d87e
SHA256:
064989931f7c8ab87aee7f6890a4bf5f998e9563f1d6dc851979905c412109d6
SSDeep:
12:yoMiwQTsn5O6Ebo6pgzKwvVps4r5oRqYECy0Ejav5IAEOs2jueA2gK:ywTGWoFzKwvo4lKSv0Ejav5VsyAM
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.OFFWHITE
|
MD5:
2a2f37af35c71150ecdf05759e2fb037
SHA1:
2be77bbce4e1e593663d1b07be8ca0cc43857d98
SHA256:
f65b00f432f24751401253d4169e60ae0e6115e9180faa6fbae393355dc35c42
SSDeep:
24576:DDFsNqdm4wA5IZUtvqoFHUpth+cUdAmiB:DD8qYTM80vqsHat0fdAmE
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash.OFFWHITE
|
MD5:
3bb4e6355ce3e874c74c992f6cec4fc0
SHA1:
82e1e7dbb1401624ccc49ffdc583a8139ef5e13e
SHA256:
6a246ad6ff5af317d3c5566f0826dc3febc4f8a5eb60ab67f9266e0dad317dee
SSDeep:
12:2Ey6Dr27j+EcsuV+9pka2CfMYb3+hPVKDTmPgvIDZZy6DtfyebTwlRzrdBWvs+5:2ErDr23ksuVYbEYb3+hPV6CPjZc6D5ye
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml.OFFWHITE
|
MD5:
473b7298fd1518b307840e544bd0bc8c
SHA1:
c95bcdcda26c596aa4b52caf6762b74f12e7ab3d
SHA256:
9cef41a1f8a3b90c9d02cd85e5cb9c795a5d8c1371753a640ff492bb31234756
SSDeep:
48:vWUWhuq/YtZfks52kqqlvMje9vgHWrXCIGqS:EuqAt728lmya
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.OFFWHITE
|
MD5:
f904ba30711041317e201ad64ed88259
SHA1:
1f49362dbf24dd9d56aa557c311e2106776eb1a2
SHA256:
f8d35b03b51ec708375f0275fe424fcf2dc7fa729d022648b30c4b60eff8a913
SSDeep:
24:6MpZBT9D1oLxlnl3GzgXz7Os8BsQ/nttdc70PTIwOh:fpLT9DqXnVOs8BsiLPTa
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\s321033.hash.OFFWHITE
|
MD5:
fbd7bc01fc11a9720c92156c62687006
SHA1:
faf5a814ce3f5ae4d826f36618a4d96785c30e19
SHA256:
8634b4701e979306f1c7ea7d15fcae4cc2f1f6ba02b8c8052f0ab00396f85f4d
SSDeep:
12:PjkS7zfVl772npEJ0INq2c6zrzRpB4RNGDQhTfk8nAlL4P3/Sdc1QxrqscMHHtXo:Pjk2PqnlINqgvlvfMhznsszmxhVH3e
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.OFFWHITE
|
MD5:
a3e26c42e56ca1cc15c624b6619b5c8e
SHA1:
7d5cdc3b597a6963ede8670a14d5db6b2ef52b36
SHA256:
8ee0f62fe7eb88004fd73c282278600500eaff32f29a640f7df934733f94e3cd
SSDeep:
24576:GDv4PQSikyVyHKEX9FzU4tkzH90jaPlK2C:GkPGtVyHKEX9BU4tkzd0GPkT
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml.OFFWHITE
|
MD5:
be44c78837b4f845988667b6771bd853
SHA1:
c9e60eb94005fe3e2c4b877c727d4485b33f37f1
SHA256:
f17fa7c195da0745d55a7aa2c26b154e40c3fdd50e9021b224963c04bc0cdab2
SSDeep:
384:0HeYe+5ueexIabAb+JFJZA4xQsU6TqxhwkMv6DxKYiuXCoVEPKSyls7msQqMfqe:0+YbeCkAQPYYUS6Y7uXCCCDtkDfx
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\s320.hash.OFFWHITE
|
MD5:
b7602d35558f24c76f53d8a145c1912c
SHA1:
4c3f4275b5d27401b2df42e83f93815402deebfe
SHA256:
2f4f1ad89d8b7f7a97553df78a99ee68c7abd18e5f969e8299da268787983229
SSDeep:
12:8vs6K8PkybGAjl8anbVb/ZpKpMO6U2PagOrT5nbnT3aX5yWauJkMitIHu:+m9yKQ7nwMOnjv93Q5y7uJk5Uu
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.hash.OFFWHITE
|
MD5:
3ee4347d13d87e2a0b8caef23129eb38
SHA1:
05e4e27e4c61a970115701387cea860a909f8bce
SHA256:
ad1cdd157965c8b93e5835c409bee063fd1d1fba09a21e38839d379138dd037e
SSDeep:
12:j0Dzfif1EwGtEsWv+vi78l30iK5NJRlFT1M1MpVXsTm4b9U7OV5a9UOLmt4KY8V4:YDe1Ew6FvG8l30iKblFT10MpVj4RU7Og
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.OFFWHITE
|
MD5:
8447eeabf1abe173833472446faf17cb
SHA1:
5901d4cf7c585c538abf003b67b42c4c0a74bbff
SHA256:
2027e76d45a3fc0d354dc551009b168d1a60c8ff0f408bdf5423e61a19708f73
SSDeep:
24576:3v0ltTn0354Y4utbHgrO2oTEPFgLSjMYibGE2BOEYmEVyqE70:f0sQMbArO22EPLibGEXBw0
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
2e1a5e48d1918d5941d273ae9abfce29
SHA1:
8fc65a47eee806cef559cc4957fe36304c9b57a7
SHA256:
1052d90ba709bb3016646d1e80e7392f43cd073e8101fd6f7e50d53353623a5d
SSDeep:
6144:wRubeWhrjYOPG8my0WpzWCM4k8+g1hohy:nbRPPKGKCGeDoA
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
3c8c27f3ce6b290007793c331d86672b
SHA1:
00bb061b42db779d854aebf176d48a96df6b2c3a
SHA256:
5ece3664c50388561f0c6a5bf9835936d541928da9c76aeb177f290008555174
SSDeep:
48:eVxhB/PHfogEG1CncBrrC7wfLe0XvtYTM9VjkIbSwo856+Y1lhs5UnqM6d:ePhJ/fogEG1yRwR4MbbL7oP1lhs5UL6d
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
7c9a78a5df106dd8e284bbf8f960faeb
SHA1:
eefdffa66c6531818483371e2f4677379fa6710d
SHA256:
923245ae65da5e34c3f491b2c06345caea322aed2ddb9a2b14e2be4491d2c324
SSDeep:
1536:33TjITKiaAg21bBJ29ql/aKEqXTykBF6VBlGz7s+oxKTQBE8wnaKbZ922QcF3P7d:3oT3dJ+UBafMegRzB7P7I+jUW
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.OFFWHITE
|
MD5:
32ce8ec6376f9a5d7874e54ce7e7fa8c
SHA1:
70f5812ae1b02cd2bff28f9e5d26830659d2bec6
SHA256:
783363391b08bbea4fcd80844061790a6aafc1daa83b5fbc01b0fef0601168f0
SSDeep:
384:oeHqH97uXsvzNLB3ZhwCS4PH3HDDC7wtCL5xj24LTFg1qaXKZNE/96/mK7nRI:lKYXsvJtZhwJ4fDD0p5xM11KzEl6/K
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
662fb647548d1964fbbbe3e5ec2d2b6c
SHA1:
163d4de07642d4ed87b4081c109e98f34107c754
SHA256:
af464dc80c966f5e06a7efe1ce1deaee07036c3177ec3fbef0dcf27520b7b586
SSDeep:
1536:eCk/hs+yrwiiUDKx+Az+nXBAK842AiolNowrn1xNoSH6DdE2sPOeCBf:Pkqid5z+niTdnyowBx9H6xtUO5Bf
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.OFFWHITE
|
MD5:
5eb921843530c88a46352b6cd06a106f
SHA1:
c653b1c4b91ec9deab05a97f484449e3850454c2
SHA256:
a3e0906e953603185885a288ebecbb09a6cc8dd69c363a9401a93305fa2349ab
SSDeep:
1536:XpfEkXtibG1GDjeAA/oNwi6i+8UYCMl73uIwKoq5Ad7v:xdgDCAG+xLlRCMlYKoQAd7v
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.OFFWHITE
|
MD5:
bfc3737deea5fa6c78153baf03cb913e
SHA1:
395ca744fffd92c20dbc47349bd8b5d2ec0eb2fa
SHA256:
2684fc4adffa99c7b8b70b2b6ab52d99079808049a3a3bcff5a4d6c81958ddee
SSDeep:
192:jrhrsUCq2IGmw8FLaoNA5Ev4w8D1J8Oqejo1qI9Lls:5rsUCq2IPFYxJxLe99Lls
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.OFFWHITE
|
MD5:
e97ce3230164fb63134b1e4872ade659
SHA1:
34fb0df55bb1be602988e16075b73e48e44bc273
SHA256:
b0b36b1c73e8a21ce9f78d46c06c52b2daae9f3b68cbc5eacfbf7c372a77f847
SSDeep:
6144:s4MxF17/mn4mqt6lNDEXI9bNura1Ih/sTgHGiMnWsGCjjeXYXjvtaAL/1:VGFN/mjqE/SIn1IRYnFJ/eoXjFaAL/1
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.OFFWHITE
|
MD5:
fdd359cdb51f551863c2fe6d2ecce386
SHA1:
8c737d24317a4971b33eb875d53e4f15e49679c8
SHA256:
3dfda35cfe82c5f42b8c990fdfd88d42cfcc983f6e9a77edeeebaf287c973ea8
SSDeep:
384:C0bLnM7jFkSbqobi7PdWG4/eR8kHagYwPK76DacwYLdeCLGBb1aqI/Y0:CEnMfuAbkYB/eR9HhK7sZwYReCL2I/Y0
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.OFFWHITE
|
MD5:
785b3914d63e03050e66259fb51fb703
SHA1:
f1e7394d557a4a846f240a8427438f5c6b04eac1
SHA256:
841655ec735220f687d317d915ed426f3aadac05e47aa32e9a4c2510ab0e0580
SSDeep:
192:hks9vKfBKIp2ng8K7jxeWZF5ULDaBBsPksWHOO6D49Rygmndn3ZPC6ONwUEF97m1:KyWKy8CjUWqCBhubW4gCn3ZPMoF97m1
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.OFFWHITE
|
MD5:
38bced76924afa19696ee3e5ece530cd
SHA1:
e66b48187c1253938ed0e91adb72ebcdc1381145
SHA256:
bf19646c75d0dde6fad04df96d3cf7d08f921763982436846ca79f84aa24da67
SSDeep:
192:6sLQLY7HkmLLgnTj8QMKl2qec6eo6/3bCHFEVJvBATT+uwsTUs9SgWrlKjbP7:n8LEkwZKEqN6t6/3IWVAPJkgWs7
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.OFFWHITE
|
MD5:
b230eb62c7044da8ef66391950cbccb5
SHA1:
931af783d6b203a20aec2bfb2e23812f5b178349
SHA256:
e44cde97ad823b054921bb7abce33159e008e1bfef5d77d84f894bb1bb6db371
SSDeep:
384:iPdWqXURjRGpzAF2UmS1hdsax9IN4j1cxOa29Z1wNAbAkWu+P8heAt9i3B+RW3tc:g9qj0pz8QUCq+xTMC6/+Uvtk38Wu
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.OFFWHITE
|
MD5:
fd2aba2fcde93f586a8cb4d8dac39f30
SHA1:
64a4cc12788740c11003393fa164acac01bf4c39
SHA256:
bedfd4d02f41b699750b767281d15d96c5c9722cf74851a23e53470586a07d12
SSDeep:
768:1+oB+lOCQ+JZZGOht3nXrbtbm2xPevsOlkX2BvFG1eZ:MoBKOu1GAtXXP5mQmvsOrvF5
ImpHash:
-
|
Access, Create, Delete
|
Modified File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.OFFWHITE
|
MD5:
c8f468eaa504e7ffc81875ed7be39e7c
SHA1:
d2d0f3eddf1ecf6dd42827477f0b51671dde5fcd
SHA256:
11579d6ab954b4a951fdb22b92fe983329d7406af28cfdb70a17ae3727949adb
SSDeep:
48:nww5hrnY7zNgNhZW5t2q3/YczKMP8B8bd4TTkqcqS+npI9Hc+kAbK3WZ99+:wehrY7WhZW5t2qv/z1AhSip6c+ZbLZG
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.OFFWHITE
|
MD5:
dde3d43f539b249d310592debd3f606b
SHA1:
d5b4a37f670f35e4ddd7e942ae12dccc5a173ad6
SHA256:
96c638226b9cf8105bf1b769fc7cb2709187b3789c760445fbe5d2e6fbe1f111
SSDeep:
384:CUxTiB1s8IPl1WMjDTjPrHsS25Is5QvFYladP23:ZI7OjTjPAS2JQvFgae3
ImpHash:
-
|
Access, Create, Delete
|
Dropped File
|
|
C:/BOOTSECT.BAK
|
-
|
Access
|
|
|
C:/Boot\BCD
|
-
|
Access
|
|
|
C:/Boot\Resources\en-US\bootres.dll.mui
|
-
|
Access
|
|
|
C:/Boot\bg-BG\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\cs-CZ\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\cs-CZ\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\da-DK\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\da-DK\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\de-DE\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\de-DE\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\el-GR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\el-GR\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\en-GB\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\en-US\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\en-US\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\es-ES\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\es-ES\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\es-MX\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\et-EE\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\fi-FI\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\fi-FI\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\fr-CA\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\fr-FR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\fr-FR\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\hr-HR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\hu-HU\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\hu-HU\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\it-IT\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\it-IT\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\ja-JP\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\ja-JP\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\ko-KR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\ko-KR\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\lt-LT\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\lv-LV\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\nb-NO\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\nb-NO\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\nl-NL\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\nl-NL\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\pl-PL\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\pl-PL\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\pt-BR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\pt-BR\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\pt-PT\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\pt-PT\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\qps-ploc\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\qps-ploc\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\ro-RO\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\ru-RU\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\ru-RU\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\sk-SK\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\sl-SI\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\sr-Latn-CS\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\sr-Latn-CS\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\sr-Latn-RS\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\sv-SE\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\sv-SE\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\tr-TR\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\tr-TR\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\uk-UA\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\updaterevokesipolicy.p7b
|
-
|
Access
|
|
|
C:/Boot\zh-CN\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\zh-CN\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\zh-HK\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\zh-HK\memtest.exe.mui
|
-
|
Access
|
|
|
C:/Boot\zh-TW\bootmgr.exe.mui
|
-
|
Access
|
|
|
C:/Boot\zh-TW\memtest.exe.mui
|
-
|
Access
|
|
|
C:/OFFWHITE-MANUAL.txt
|
-
|
Access, Create, Write
|
|
|
C:/Users\All Users\Microsoft\AppV\Setup\OfficeIntegrator.ps1
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\s641033.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\s640.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\s641033.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\s640.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\s641033.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\s321033.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\s320.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.hash
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml
|
-
|
Access, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-31f8f00f75ee43d4996762625b6917f2-ce77d96f-eec8-4063-a05a-09720f5bbf1b-7138.json
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\Events_CostDeferred.rbs
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\Events_Normal.rbs
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\Events_NormalCritical.rbs
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\Events_Realtime.rbs
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_show.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_show.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\VortexSchemaRequests.dat
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\osver.txt
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Diagnosis\parse.dat
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\MF\Active.GRL
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\MF\Active.GRL.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\MF\Pending.GRL
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\MF\Pending.GRL.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\edb.chk
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\edb.chk.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\edbres00001.jrs
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\edbres00001.jrs.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\edbres00002.jrs
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\edbres00002.jrs.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\qmgr.db
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\qmgr.db.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\qmgr.jfm
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Network\Downloader\qmgr.jfm.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Office\ClickToRunPackageLocker
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Office\ClickToRunPackageLocker.OFFWHITE
|
-
|
Access, Create
|
|
|
C:/Users\All Users\Microsoft\Provisioning\countrytable.xml
|
-
|
Access
|
|
|
C:/Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:/Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.OFFWHITE
|
-
|
Access, Create
|
|
|
For performance reasons, the remaining 2564 entries are omitted.
The remaining entries can be found in
ioc_export.txt
or
ioc_export.json
.
|