Filename
|
Hash
|
Operations
|
Category
|
Severity
|
C:\BOOTNXT
|
MD5:
591ddee972c227f1c5edfed0f2daa0c7
SHA1:
3a3cd8d8b26bbb613b3d5ec8a0b3e189c7eb154e
SHA256:
f4d312a9869217608e8de491fa3f4faa1d839e5b23e004444718a37983a904b9
SSDeep:
12:JGXi55/tfS8lS2E3cfPjTQc9bUho6iNVw:p/hnTV9IhbOV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\FD1HVy\Desktop\XColorPickerXPTest.exe
|
MD5:
d4f2318beec5fb9fbe1c8e33472159a4
SHA1:
55f05db53254f8d129c3fabc91e1b46d93c81b92
SHA256:
f79275288b3c6595220430984cc2a75576d8998b8f19e624c9fe6327e2602b05
SSDeep:
12288:JoUm4Qx3a00000000000000000000000000000000000000pjuAZtDUq9zfCZCy0:JoHnp0VnZzRZ
ImpHash:
f20bfd81a665501a37c898f41d4e270f
|
Access
|
Sample File
|
|
C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log
|
MD5:
850785595f8fb530563423fffcdb1687
SHA1:
a6859be308529d7431cc4a15529c83359dc0680e
SHA256:
39259bbe7663c8130d89f6a952874dce7205164f881f102d90c83290a000adeb
SSDeep:
12:uLC6UUabfJJR33JPQW8NoLdt9B9Fh8X0goDUIwtg4+VOD:LUabhL35PV8GLdtj9e0Xgttb8O
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log
|
MD5:
e68c9819d4eadb30d5a0c959c605bf06
SHA1:
97c2642d4f6f99c4dc7ef1197b64cd48f106995a
SHA256:
1a7bf85c6b8e35cc9dd23aebb066296e41622914a0d392952493b54d373aa662
SSDeep:
192:q+L2IX5tBe31x6nKgYjXhzl4jzK4NrhhDWI:q+iIpLkanE7hR4XRNJWI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd
|
MD5:
e0a2077af5522f9422870d9b3a25d727
SHA1:
16bf0f0ce923990606dc4c2063cb303383d8bfc0
SHA256:
ca10896050852875f1f13f89da8932a8c6a43c29e9057ed83e5a08bf4c922ce9
SSDeep:
24:84R/LX8OFQnoNOjqRa2trWAIquMVwdi7f3o3SPzzq:ZFMOkoEuRaUr1Iquy/7QA3q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\$GetCurrent\SafeOS\SetupComplete.cmd
|
MD5:
b10dc175e0d6069a033cc98c8ba25e67
SHA1:
ac1d995f912b7708c313cae892e08286d95b2704
SHA256:
aca6eaf7fed052e740fea7e5e6ffc04a9035c58d9381822b4f64ab2e7c7a93ed
SSDeep:
12:GIthrBZ9lAFrAqXyOAfBbfOHruVYPLtBEDrhDHZvaUsM10qwkpzj66ZZaKfChT64:z/GrAkAfdoEYPEFHZyro0Rkqrhe4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\$GetCurrent\SafeOS\preoobe.cmd
|
MD5:
ae42105a24f8e08d1b3ebf56831ccca6
SHA1:
8ac1f1363538fb1937a5888de73e465388d61067
SHA256:
42c0e656c087ff1e376a373b8bd42cc902ec30fbc5433c121ca47137b262d6bd
SSDeep:
12:dpAcimrnWuFJSnEBFAHIPLfa1Yt42AW3UDhSCmXJDAGwfvY7wr6FOUWwOSd:dpAcFrnZ4nwqSL/u2AX9PhfvYM2Vd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1025\LocalizedData.xml
|
MD5:
1be117f537fa51a0255277c5896ff8a7
SHA1:
016a683d2605144a7d9ecab4a87535d1308c22a7
SHA256:
b12504a8ade0065f0691dedb61826a4f596c817eb08b644aa916a442171a7074
SSDeep:
1536:i04lAWb5G+xGtcNYLZb1x2BQdKaN9G4Jo1Bm6jj/xmwFXhvdwUTDq:iSI5G+YSNYLZhx2BQd7N9G4+rjTFTDq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1025\eula.rtf
|
MD5:
91161ddda683b584b360095c8f99f994
SHA1:
6978a7020a950bdf3f4cc942d24548214e579ee7
SHA256:
8c2ada02e78a67ec15576d6714c6684c6e9774ca756da524bdf90a4c5109b9fb
SSDeep:
192:B5UkuZj0xNpn/rrLm1QxIZxC6ifZKq6JgeDKQJ8oCeHVXWdX46:PvdpzrLmDZxC5ZQgSf8Ze1XWdX46
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1028\LocalizedData.xml
|
MD5:
e21d124b9dd9037396bc200893aef3d8
SHA1:
c986641d36d9a9fd67de8f2acb3d0bf7cb618b2e
SHA256:
7a8a105ab00990c4c783ea96ae4aad050db456b06eee6dafe9c1536cbdc54421
SSDeep:
1536:hyD44FVfBcvOKEj0sYAVitQKB0vtNsPxZ7Pi6OLoEfBLM:hyXFxBc2KEditQKB0Nyx1SLNLM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1028\eula.rtf
|
MD5:
3b4b165436882d133b41efebb676b4fb
SHA1:
cc0b290c97237b82d1c9e3e1a5f1705a8c04e018
SHA256:
c20c807ab4927b2099cfe8cced89042bc2b133b388d096aaeb4f2533ae8809b5
SSDeep:
192:eYH2Fjo7C6UkZOHFVjpMs22FLeGefHy/Q8phXhzr:es2Fj8ZYH/pT24kHm1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1029\LocalizedData.xml
|
MD5:
75b3d166f36640c44fb5a51fb75f510c
SHA1:
c822bbbd25784ff177aa59c82f9e3ec5e9cdb199
SHA256:
7830cba4dcb7f86bfa0253f6c22803cef58372846cc9d0f115cfeb3be36e38c2
SSDeep:
1536:NNHKgKF1fY3p4o6MgGvshBfzCU3cFXhXyhC4V/lbiO5wO0:Nx+1fYZf6MOhBfzFc9Zslbig0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1029\eula.rtf
|
MD5:
f46fd1b23240fe96d0ffff98c5fedf91
SHA1:
2b51c61fe2afb468e46d52ea06232eada2d8e284
SHA256:
02a6e257860f6c77e0399c38806922f106711cb42041dcd62da051f1be7e4647
SSDeep:
96:VjyQZioJ0uQ9+HDk58WA5AbqlE0oz2bjWElI9Ssq8OGda:V0oJ0xuDka15AbqXoz2mElN36s
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1030\LocalizedData.xml
|
MD5:
7c29f32838cb0b4745647bd1075ca8a1
SHA1:
561db73ba80e65750b56ba9de00123dea256e6ba
SHA256:
39f8acd3c0e5746c91d5bcaf95a0e4e164c192b0693eb85d7cf5481c8fe7f4c6
SSDeep:
1536:32wx3oEdxcSx1cyDc/cQJF7J8yc30uu4TtOLS23d02pvYhk7dBT9HXusRKJ:3Z3oecLqwB7ADZESG02xbdKsRm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1031\LocalizedData.xml
|
MD5:
32acdb3540b32b344bb0f414034eefce
SHA1:
28d8ddfabba8d499a16c777c05c74fbb1670ec90
SHA256:
cb4a913604743d5b17d22aeac1f0a51a70edd85f9f1918e4d40fe6ec5bc1c77b
SSDeep:
1536:/fixoom8zWMn3q6A2D0SQ3w+8P43CSbVd+6vBsXQouZCvpPG:HiOj8SMn3iSQ3w+Pb5yf4mPG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1031\eula.rtf
|
MD5:
83ab7da0ecd571e21842d0661d7afd39
SHA1:
8ccd39c6bd0c77e25101fb5ca133b44823c8601d
SHA256:
fca0a593431c4773a4bbc2adcf64b8642840b016076825f5e9517f1dc853fbf0
SSDeep:
96:kBn5Of2wQcZlUkpCCCivIGeSsiGo8UL1c:klcfGmbCtif8w1c
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1032\LocalizedData.xml
|
MD5:
ddfa9ee9bd22671c4b15f50627906ee3
SHA1:
7cb9f78de563f2fb6292403d73f4e3ee6328d1c9
SHA256:
c410ce579a70edc08a2de7da301ff7f2c92d937d83c797c73b1d6a474af0931c
SSDeep:
1536:XcOhs6ydmFcu5YaQkGAFIt+fq3RFTg3ksXDJGLtbdCdICP1FNbsq:MR6dVYaZeuq3RtgUKYbjUoq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1032\eula.rtf
|
MD5:
f57c79c13dbceb39d7ab456c77fa0499
SHA1:
57dff619e3ccaba9d5bcef22aebcefc631fd2bef
SHA256:
232d1a712a15881591839f1a7038406d10d08ec8a8e450f414f633dc5e5ae176
SSDeep:
192:w88wDQJAaefrerrIsCQq4pkaZhc10Ld6XM3++4MFbwcw/ibLMrURG97DPTn:IwooKQ8TpkaM802+EbKinMrURG97X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1035\eula.rtf
|
MD5:
45758178fb322ba38752e9cc04e532f5
SHA1:
0b26d3df773accc09b641b7d43718663e147d0f1
SHA256:
9e3d8fe3c08cf6a0a9838c2220fed57678532abf62972c51f435d13533eb7f97
SSDeep:
96:Sf+qRGOh4qSWrJ9VAiG2Vky86fTqq1bEKk4hlvCuDs41RPv:Sm/XWuihkyrf+qBEKkKlVs41Rn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1037\eula.rtf
|
MD5:
da988d413968331832bfbbdf68c68fa0
SHA1:
76096af1cc0a16ec49d1337617e2d92041266929
SHA256:
e3d937f407a5db94d8339fedb549f84b2c1b459c354ab55f26edcd3bef28ba4e
SSDeep:
192:XZaphk/hOs2miUSd6t3w26N4JkJgVyZGM+8MyVTySI:7/hOs5KGj6MkyVC+8XTLI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1040\LocalizedData.xml
|
MD5:
f233bdd6e24f14d68b375e1ad46f583a
SHA1:
bc76b5a00df830bedbd9c6e66c4c67fe893de7ba
SHA256:
1835781180aced242a67c34f6f12b0684de8f92e5e931283b802dc6751e033c1
SSDeep:
1536:rURqvjaM9bZX9D6udM8TmEdG5nYqcTYolU9bLwqk/4X:rFvmM9bN9lMdY/1a9Pwqk/4X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1040\eula.rtf
|
MD5:
fa6d6a2f88e4d1ea6e4de50249f34419
SHA1:
665e4de29c73662b09899907ad3901fbbc43ab70
SHA256:
8eb2e4c193f4c67c199d2f282ad8da09e5e3f75df3f3886f043e6133a14afa35
SSDeep:
96:9T9ldRVNlValXwNRYTjna1VeNKMJyi4viiYLrKL3ZaZ+M7w:9T7BknTjnweNxyi4viiYLrKdasyw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1041\eula.rtf
|
MD5:
d359f732b5c01c9ee14ea56b6556bd16
SHA1:
a6fc708b20355b04851523528e243387d7b63d30
SHA256:
a7a68c24461007c7acd26ea9c9733e138252536cc5e169b5424dfc35b8137ee8
SSDeep:
192:8lulq+oAuP7PM5tBmxqoVD/9PXNmv2GHJaCJT0tuZJTySJp5BG:/lFoHM3BmxhTX8zHJaCZ00ZJTXJk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1042\eula.rtf
|
MD5:
f6d47ed2485472a3574dc26f58c8b46f
SHA1:
6a98d5bd797fe3df64fd04b55e25f01a4dc5d721
SHA256:
86311a335ec77dbc6e97da4b16ed9106cdfdbcb5bf795ca7c70cd3327c438263
SSDeep:
384:W3pjX7lYJyuBuyfRY4M8Mh56Snjq3kV8QGwt:ojrlYLvMOUOQGwt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1043\LocalizedData.xml
|
MD5:
2b648b5f38b33d3073a4ddb153a56daf
SHA1:
879f1dedf420357cc19846cb38ab3958d3bb0dc3
SHA256:
959253ad799dba4df630ad727d599abb4d0357409287df03fa9d3276193ac166
SSDeep:
1536:+XCvw1ELGw2Jj88sdTD7ugF3t4YdmyYtLzTbQBVfTIuumryyGmHfYqmeHt:Vbqwo4JTDv1oyYtvEpTgOU6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1043\eula.rtf
|
MD5:
af0dceefbfea8118eb600769dc307ee3
SHA1:
64f3fbc3f9031c4787292ad3288c470eefe562a2
SHA256:
daa29b265ac1196aa1c773814eb6dcc41e2c469c4b70e08c172fd64aa0f169e5
SSDeep:
96:r4mpJNH7dxY4nE10hjnr5D6GuFbQ/Fkx8DytYTP:HpJNbdWeEGh16lhQNc0ytY7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1045\LocalizedData.xml
|
MD5:
1a818d5d32b5aa87e3394960731d98f7
SHA1:
bb5c19b9aac806b4470e95a9e8c4833d191e2927
SHA256:
195e6cb59ca2e6a28f1c45edba632d8adebff08237bdb12dead7976dc03d408b
SSDeep:
1536:rEC+phR3XFz6etBrVOB6yX9JtGQA7IwWst0OHCXqlEu+XzFZ7WYpCkJ62:l+FVz6etBrVOBNXtG9IwN0Ofi9L7tp1x
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1045\eula.rtf
|
MD5:
2e09a62056338e49d3ac9e576bd552f1
SHA1:
228b7a89662a50b6237e7ffd217c86b2a384321f
SHA256:
51cc36bd2c55230afede25040cae94cd548d0173de40427d6dfeb79eb0c9f44b
SSDeep:
96:3BOhp7PlFe0K9GEAT6DCunklOKNRD8UQNz3yh:3BOhpjev9GEATfunf0RKEh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1046\eula.rtf
|
MD5:
fc53058dcf846b245adbb232c4748ee8
SHA1:
74637238ffa4232e685db03ff96855d68bef2142
SHA256:
06915b226c8524147fec95effebc6d0fdf0adc2c83cee260836ddb5f75499179
SSDeep:
96:obQk/TpuVMj14qepYM53MwBZTJWkr5tkAopNbkddnAXmiUVVe:obQk/Tpb14RYMnbNkBQddA2tVVe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1049\LocalizedData.xml
|
MD5:
80b7130d8e24f77e5dccb0c4b36af79b
SHA1:
9c97c64e10dfb07bd88408100beac51b1879af4f
SHA256:
ad4ff7308e7c8eb6dde5a517ccadef3c6c9d6c24506d65906290a598e0a3a035
SSDeep:
1536:kJcdLDA9GeeQT6+47x4MTBlyAEBOrkf9O8ya6RsN+:kuDcGe5TwFRTyTwrkkhaesY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1049\eula.rtf
|
MD5:
ce933672a911c2f67195214c22e7db9e
SHA1:
6dfe94f44194518fcb56a9493901b088dfc6f937
SHA256:
7ad6f275d46445c260870c85f51814db8cdc6f03338ac7f732be340e6a3856fb
SSDeep:
1536:hNraBN1qaGyP5uGI+/p2veE1wpTv/uEp9gq99OS9g:hZav195sGFlE1KTvGu9r9Xg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1053\LocalizedData.xml
|
MD5:
5356731aba4189c82e175900264476e0
SHA1:
44b3683077cca5dfcc5f1dbfa7b7529b2f895b94
SHA256:
8cec47a30d1c4084cf12d6c530dd0798b330c80c78655de6553e0613f461962c
SSDeep:
1536:dUCwITfJL7utjMhpw25JfDF3S9AvIRkGHTdytpmd6ApZpeGjnHrmo0:dUC9T97uJMhpw25jCevWkGpCmdLpvRHS
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1055\LocalizedData.xml
|
MD5:
4e9fc365c218c5ff1d347fed4e22bd9d
SHA1:
87f140be97595d916d4e4f5db45742475e85cdd7
SHA256:
1a4656137e5dca1ceb635469b73f4826985f56b96060d7f60575ce50e780e59d
SSDeep:
1536:UjWqTE4e5pgVirpWTBrTwOgc4zPVEwK35nuhxfd8R0QDEfUpu:Uj9YD5ii4TBrUOulK35ubd8RNDiUY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1055\eula.rtf
|
MD5:
8556987ca120f9a0621b8bd312e50438
SHA1:
3665841d599fc264296903a10dfe26618587616e
SHA256:
fd71aa7ec543b54ce779b84319dc71960b3b1a7e17ea83f3ad666d0e856a23fa
SSDeep:
96:9g/NK02mcYJR9AoLtVYJs4GVLQW0PxPZlAeyUtzURtExHXGcgct:mNK0cOttGOfxQvdE4tUtEHXGr0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\2052\eula.rtf
|
MD5:
7a07948af72b06de3bcb9326f8f05622
SHA1:
7fc046ccd106bdae613237fc79c2585ee966d7aa
SHA256:
0de52247e115816c7a9f8048ef51408beb9de0e7a90b63515014575c3f347993
SSDeep:
96:Zq+xtyGPtAyFLm3mW1N9/EHYZQUauzt8ore44/WamWDVGskU0G3Psg4aKtqC174:ltdPtjKN9E4ZQat8ou/pmOVGW08sZaiE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\2070\LocalizedData.xml
|
MD5:
06b3e2c49f10f917ce2e764099543c97
SHA1:
fc13845199e9c7519804e8424c2f51a7d645b56c
SHA256:
d53a031d06d0cbd78687cb95f588a621a06d8a2550863f9599a30b348cb93cd5
SSDeep:
1536:F8ldauMuPAT84cNKtw0g7f6N0vB7BUjeFbgaBgrFRYWNgcEK+//aXrTmnw:H5TtcNf7CNMdKj6gaVQEK+//aiw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\2070\eula.rtf
|
MD5:
4dcbb608c1a5e632b7ca7c8a97334042
SHA1:
802e1a41095c41bddcdf83245a116968b14f58ba
SHA256:
0855e6b60e5be3eb2075db6b25c3c61dbcc25c5f030f2f8bfa15122f168a6c27
SSDeep:
96:fIssU0r+mfbUcBkbW2Fe+mSXIh8QOHF1L1Bc8JS+dz6/zt+Voz3pWb7:fIssRRHBIWERmfhJOHL3BJS+gpsP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\3076\LocalizedData.xml
|
MD5:
eb7d7bbdd39e4d73c88c1f395a4bb2ec
SHA1:
b98e8417bfaafc9f0b9ce6145ea4c71fb87dcb24
SHA256:
e50bb061e7906df5fd6fc5cc4ccea8963cf05b109f7e20f76bc616c0d2f4fd77
SSDeep:
768:lEV0uxYL20FqO1iMAq0WtQt/R8BxUi9/Yjlox+Ho83KFOPFz4sFnlXUC6XHd23q0:lyZ0xuq0ne9Eoxko4KFOPPlmXAETx4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\3082\LocalizedData.xml
|
MD5:
1edc8270cff7e14863adc7e3196bd95c
SHA1:
8051d37fc6ea3a03d3562e061b35834d106087ac
SHA256:
3164b7b291eb09de4cec3d8f4aa2837c100636e9420e8be3b874995008140666
SSDeep:
1536:SmVa2DmQi0uXG3A3oV/FPcE3uZs+MZyzNbHPHH9Cl6QEF3FjHKzYQWH2HS:SLkjjQ4pFPcEFtINrf9ClxUFDsYQWWy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\3082\eula.rtf
|
MD5:
d6973afa8d1fbc0f767478c5aa2b3a95
SHA1:
f849341d5f2ed505a9fd7677cad77ef0546aed75
SHA256:
70501c4440781f80fd866ffc8d060513a9ea2762c0e665ee9dabc00c1f5c5f5d
SSDeep:
96:2RHTH6tP/D8X9IVj5lXtcVNyyZfYcudWEmlKAs:qm/D8E5l9cS4HLEmYAs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Client\Parameterinfo.xml
|
MD5:
bd96588e50dc8270e3e77c093e4fc9bf
SHA1:
f72ebc115efb046e7a9cb986a376ebf7c3ec9bc2
SHA256:
036891d962c69a87964a01bf081f600faa31886aacf60bd4d55da798bb7031c9
SSDeep:
6144:zcJmvD53SBa9b+bt7HuLaRPbh0I2Q4REVsD:oJat3S09bq5uLEl3DC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Client\UiInfo.xml
|
MD5:
1b331d0fd1c526470823e6952f7acd93
SHA1:
e8b91229c445cdbe7a6a7435d95bfebdd0fd4f5d
SHA256:
b5d10433284684e6a800c8ecf2ac8587c38e4cbef0d0727b646e84ab318ba93c
SSDeep:
768:I++uzmJo6sA4OWqy3e8H0ZxXPdpQ5+TZMkQZt22iZzTRqfj6k:9NzEoIKO8AP3MkQTOtTnk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\DHtmlHeader.html
|
MD5:
c1dfb5f41a47bf09c6eb9689edce9747
SHA1:
11b862378bb09a755b94e9c9a3d9784ff36a0c56
SHA256:
76ae7b0f217bb347b527494548067daf68e808eadba04cb245870a4c5d755083
SSDeep:
384:4LFJpWYaon+6p9yUu49SABILxf3HSovRLspHrBZ9VuK:8XpWYaon+AccStHSadsnZaK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\DisplayIcon.ico
|
MD5:
65cb5092ffeb93e2540596e347c56567
SHA1:
b1c42212fd85dfece29f3f8df1f3f930d90d4d9d
SHA256:
514a979443e33946cc4a928e153a625e23c56073d4277eab1c47aafee8cf849e
SSDeep:
1536:OdvThqxohiNQHLoTVc/BltbmJea2GH5fIOq0eE2DEGLai2I01ec:OdvTh7waSVMBlNEea2GZfq0rksIhc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Extended\Parameterinfo.xml
|
MD5:
80cac977d19316f6dd0158cc3de91c88
SHA1:
8906fb5190a3ff6050bc8522cb47bb14e4fbde78
SHA256:
2802c49819cd3c357f08a4267db79404f8b3f535511f16eb4a255c4b42c73bf5
SSDeep:
1536:9AGSZg2k4IkGFridnGXQWjMKMBcTuWnOECVjZnZN8y6LaUpgDFbhxniPA9qh0uS6:9AoX1/FridGlpMBuuWnqjx8yegpbT4TF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Extended\UiInfo.xml
|
MD5:
8380aafafc594dc350c1518db2253870
SHA1:
4ae83e27ed69de61deb6c8d0ecdc90f8c30c33fb
SHA256:
24c737956cf7225d00a345ce8f02b6eb4f33ed8d21cc92993ce84ee43cc99351
SSDeep:
768:J3ymcm85/ngerENpStUVP6O73+PExRMeT4IuLTgONAeq2EUt2pxF:ErPQL3VS9cbMeMLgO+eV2R
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Rotate1.ico
|
MD5:
bca3d933a9f6e979dbd420dc9398e70e
SHA1:
ff9d924599a779adea39ebe41cc77187f76b3703
SHA256:
32bab905d4b7ccd4481d646566ea444f097e81be742fb0f31ea457183554c9c1
SSDeep:
24:XeXvjhLwDojkqhMfmMNSrVbMZtE7wdOs+VWmfLEdgiSkMf1DT0xvVXm:XmLhMDojHMNSrVYfkwghgWiSkMBYxvZm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Rotate2.ico
|
MD5:
917395e6b811358383f2cdccfcbfb7da
SHA1:
960b320e0c03e2a1c136ca6e6271f2c801a46d04
SHA256:
5e067d6409c61af8c2ed1d21803d6badfaf0ea42bedb3a0e76102a4d2e77ac03
SSDeep:
24:Bp4O8DdSBjpFrptxQYSwngcdZJHWbNnry8N4y/97LixTUUzfLrnYFdDPb3:cdSx1tKDwgc9HQvO2JmbzfLD6bL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Rotate4.ico
|
MD5:
a5f571d763ed767bdff5eee3a6673da8
SHA1:
31281bbf93014b52c1ff132a5b8b12efa8c2e1ba
SHA256:
7c233c796c3aca152421d8c042b3a9ab4eb529223aa0ca78d67f85107adbf67a
SSDeep:
24:Hz7+RO4ydJFLow8sYEPi9IehRIJHbsrUA//d/Wgim1ycLkGZrtLUgsPSywivW:vYydHL5822IIi77A/1Ogim4cIGfLUxSn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Rotate5.ico
|
MD5:
8d8f0ed10c82e711f3e2320e4b5c7941
SHA1:
d1a3d523e48558ebfa2d6c0cdd455394ac192bbd
SHA256:
41cdb50eee0444787dd48be3f9fe48765c1cd271db2497b1ba1d5c1e4c24440f
SSDeep:
24:Psi+1DRtt5l0DwIxd3GjDL5mBmLXsMWYbeDAYHWOtiOZK3labEnzf42fq++aMC:PsbttP0Bxd2j5thbesA+labnKq++an
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Rotate6.ico
|
MD5:
4ef5c19ef8bf32a1e98130026a7ab991
SHA1:
0a1c21d5909542f640f756530f6dd08cf536efa7
SHA256:
1f9a4e8e32d0ff4f17209a5d0ee3b00fefe460aab374e30b348184f8b042ce90
SSDeep:
24:aFaLmC2DvogN6kowND3189cc/BeANnwKNCOexw4lvaw29efy0rFqUNuURWQoo4CU:uQaDoe6a518+qeANn9NCVwxFwMHQ/a
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Rotate7.ico
|
MD5:
2c5a1d2fa0320b6eb9ff7d7b3c670c4d
SHA1:
9becf6e78755fc9cec6bb4926bcf198401b3c448
SHA256:
9e26b2c33e039903243ea6fe69bac84fc0044ac3ee19df91d2a761b2c51f2091
SSDeep:
24:0kAjAdvHKGHJgJ+kTTpRjf9J4KgDzJAMjh7VwD8bdml7rn7NrGBdG4HIJbTJ2:0mdvHJ7o3DzghAMjte7rErGhL2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Rotate8.ico
|
MD5:
efd53927f1aeea4d0ee6c424d5658bca
SHA1:
cdad8e1d90549f380e7cb67a7a9a274b04db6d14
SHA256:
47886a144dee2a05da22b28bcc277aaf5f6044b283cb9ef45414a99415dfe036
SSDeep:
24:pF6m9H/M+qWiXQQhRQlVgFcRzc19r7hb4PINk6SK6d+cjA8xqWuQciNU65lgjFoF:59H/M+zohREmyzc197QCgdPjXPupiNS+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Save.ico
|
MD5:
e374ba81675eee943f1dffd17fa413db
SHA1:
189fa5aca21eca2871114bb45f8a129ed17ce845
SHA256:
f690d594fea225f216f739292ed25a1ff66a94a43ef1d98f0a0ef6162014c9d8
SSDeep:
48:W4o1xxLsPO+gfZyv0k441oliQzpkoGxlP4:LC2O+Fvp441tQuoGxlg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Setup.ico
|
MD5:
118331a9ca2c468ce7f197ebbe6f925b
SHA1:
c50d0cb2db84bd650065ee6f23d8de6bd9d5df23
SHA256:
8d88d8610d057e299617cc655e667ce2485efb6322c6f0d853eb8b0573feaa0c
SSDeep:
768:RVPrt4ULMoPhFOxFTwSzyrcJlqa2ip7lCwbUlAp6AYHCT0X3e9mqKvVQ:Tx4UpPaTwSz9RhJBU46hXsmqKvVQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\SysReqMet.ico
|
MD5:
d7637c4baaafb255d4a0e99a326a0849
SHA1:
7fb3531fadc9b34c2c61a62cca2e51c8b735c169
SHA256:
c4bbe7708b215058134d46efc0d0e4d205873e46900a39d935b9523cae50fbdd
SSDeep:
24:wRCa+aXNXfSMdUuMffxAEY/gz62Z/LA1sNQpNqSMK8fy1wR09YBaceycPF2:ICgxD2uX2UsNmQSMK8Kms4ejPF2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico
|
MD5:
2b68571faeb0a9a5c4ba2e8d5c298504
SHA1:
7a2c3644bedfd906da21ff66b4e456fc50c1afbc
SHA256:
9df48245d2557499d0f72bc767d0804fb2d16d1aa055e628c928986847cee5a3
SSDeep:
48:eOW3FTq7REPvf3nRQgK7nT4WBJZ8f3CS3Tue1:9W39Xf3RQB7E+JZIdue1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\stop.ico
|
MD5:
c9d49b0c690a4942ddaca68db668bd1c
SHA1:
56546de22068dc5fc208e9821048cf0d0cc0989d
SHA256:
b8c1a8c93b6dd5360598ef4edb27e457f74875b672ddf8bc0f746aa93620186d
SSDeep:
192:e3OFokF2jrcfpdCda85PYY02bIiadumJZhTEsNOCaorj3GvKrep/yMaiW:MYBF2jrQzC5PYz6IiMDtTEkOz+ToKyy1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\warn.ico
|
MD5:
ef4801344e3a56cb9f7f38d6ad5b9391
SHA1:
9199e3782455c21906a75ec153a70c5b55646a45
SHA256:
9a9c35c777d1be6073848b08e708a498d8a59017d1eeaeeb51fa9bdb9a0b778a
SSDeep:
192:OxDZltn51UfnozVX/QTe0A72dhOZvTWqrgZOvn7W6Msnm8E:aZrn51UgiK7MhOZvTpriOP7JMJN
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\ParameterInfo.xml
|
MD5:
60e5f6ff05fb7e9c6ddb4931cbf7cff6
SHA1:
dc903b95387ef9100fe22e3c79e2330658526be7
SHA256:
8fce9f696ebf84ac3a9cbb273606c2fdfedf567c593b9a0ad4889d57ce84267c
SSDeep:
6144:BvSLoeW3abQV7SXth2u/nOLNNo3S8+ytd:ZDabQV7eMvo3P+ytd
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\SetupUi.xsd
|
MD5:
2505a60505a5154ac844db2a2b308ccd
SHA1:
e8a80ae7caf4f260623f2bc8558d1ace0808e6e2
SHA256:
ce24975b12d5cdad5f8dff55a1d05109f2448442346107b87a9f539d649a6705
SSDeep:
768:ar/TDSmcVEJ9rqIGTcQqCxQ5Zrsjf3YbGWMFeN8cm:aWpuL+fjq5ZrsIVMFe8cm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\SplashScreen.bmp
|
MD5:
7afa3de2599c957d93c1f9978360367c
SHA1:
6aad4b0fdaa02cc9e4cc3589d00d5e0ca65ba62b
SHA256:
1a6175015011bbbe14e32e7a70db5685acc081acd947483f5e5fb426cf91451b
SSDeep:
768:z2Cp+mMJg989l6sHxMVjguFFMWLo96vXEB9twMXCA/SCQ3DVVYVT:5+tJg89/OZg2I7twMyueD4VT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Strings.xml
|
MD5:
e75810929841c2f64f371a2ca90a36d1
SHA1:
494bc875b8832edb44b3929e95cae06c8449d13b
SHA256:
2ac2296082a6ac7bd07f6761cddf1aa3049c1e1205943255a5aaf9e815c7946e
SSDeep:
384:71PpGu4ztMT77i1p2Qszt8K2MsIpJvH2Rnd6M4IZUB:LYs7W1IVt12kHeyU4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu
|
MD5:
167ec5cd535329ca60ba868bbdb8ff03
SHA1:
d270531ee84a6c475744e14ae17ee002401f886b
SHA256:
84a6907959a477c1dafce775329998a054f3b602cb3ecab43ae743437d45d285
SSDeep:
98304:usVHTq9xXyMz9HWiPUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlI:9OrCwWBZBkOK2Knq45mY4H5OMKkKzlI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu
|
MD5:
7e2348f81665c9855c8bf0c59f785f1a
SHA1:
823027264449ea16c3f87f1f157426187f3eb350
SHA256:
d1fadaa990846c10e46647d5b7280f19e69e568310d896f26655811dd2b06b40
SSDeep:
49152:VyOPaIfA+1dRnfjRNiiogVE+Bku1v+5DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWw:KyA+75tNSgBu1PAdXZzKUYxs3pKZnKxt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu
|
MD5:
7281cb002ea48ea9be0155254fc154ea
SHA1:
667941a8daf4e65b29da07e72aaf483993389fc6
SHA256:
f037d878ad3fca01256e4ad2768a8ba0ee06b90360d2220c8f41a9b1139e8caa
SSDeep:
98304:3bg4UJTzPNWlMh+1XKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCs:3fUlzEw+EBBHTK8KXZ4UuY1kB1iKFKmr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\netfx_Extended.mzz
|
MD5:
bdaba70b788abc6d6af7c72cadded7d2
SHA1:
b142d5b0f48173d8aa40f4067f74355f7061a247
SHA256:
aad5f97a179913d58fa6aab8033f9d76a4f492ee7637deabfc61f430527ffc58
SSDeep:
196608:ps/8vc5oq+sUbtoGfuS10BGAvnL2q6NTwgZ5netj4ZDOSQ:xUjUbto8NzAvnL2q6NTwgZYqxhQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\watermark.bmp
|
MD5:
fe46ca8b2b74ea9140145b7060f07709
SHA1:
e433f2d4323dae6daa52a823f8281dc76f4b1089
SHA256:
99bee2485479ccd005ee42dcc88060bf94d175cdb5bd55f69f15499891b112c1
SSDeep:
3072:rUkiKgkWw5EXqTvVY+J5v/f4mIcc75j2Dax:rUmgkW1yvV75nQmw2DW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\BOOTSECT.BAK
|
MD5:
984233cf10259c31e240e573ac3d3cce
SHA1:
5d48845252b500668f62990c0b0def053dd1a635
SHA256:
6ad6e0581e1e762846e1cee1805f8756ffd693496a1193968ee6bf9e96efae3f
SSDeep:
192:IXa+rV694x1uXrqQXhn3vXedrvW+W9ihUxifcuGip9PxAPJW9Fo+Fv:dKV694x1+2w/KC1QexLE9PxA89O+Fv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\HardwareEvents.evtx
|
MD5:
1b148fdff4d3a677f83ac91a43c8b3b8
SHA1:
fddf1edd96afb18e4565ffa447a33b6e2cb8af5e
SHA256:
3e3727a63d75e967842c383e085d8f8cfb328e1eb655662f1ccecc183a39f7d8
SSDeep:
1536:W50d62ts8oSqBJ3VoFN91/P3+7WUf8UmE8Lb68H:W5M6KslT091TUE6MHH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Key Management Service.evtx
|
MD5:
0526fbbeed7de4f5f092cc3fc84c80ff
SHA1:
4b7a19aba9d207991df6a20c59ce92288820059f
SHA256:
e5a9b09a1a69aa978fe6792e206017fd97b251f866b236421edaa10e7d199ab3
SSDeep:
1536:tw+ALcOMu5PNSJv2FR5ApL472B2dekXq6+lRNVcJQPtb1ynZk:kLcRQ8JaPAl4kis6YYUtb1ck
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx
|
MD5:
f0badb59692f407cb25ce9f68fbafe19
SHA1:
c3ba1005f83b08fc1e1d5868a6a5115f56595386
SHA256:
c7bf56425dd0815df746f32d1467d9e5f88d7df4f684e187cbc85f7431235132
SSDeep:
1536:Sih3b6HhU1OxvYjngHNj/uF3xHcnM/S5wqbmttF8+3doWp+MBYDj:Sihr6HhUW8gH5KhUwqcDdonDj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx
|
MD5:
dd73cd437d854856f82a1654f5a659cc
SHA1:
c4ba823d62b5d32b0cbc2c557e0e1468b42752aa
SHA256:
ad1a3e9c445d00240947fdfc6e51b30d296ff5793d6811acbc11db53d54e2208
SSDeep:
1536:pFnE8ecoGWUpioHqwU7Eztn6G+wTX6JuM6tG:p9eBoe7ERnv+wlM6tG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx
|
MD5:
99658f06528f71304be1db198031e80c
SHA1:
1709def6a87ca98f0ac3bb4cc60a69bff2af5286
SHA256:
dc9851e240b40ac34ae9c8a58e3be31f2d46b1e625301c3b6f84a701dd596260
SSDeep:
1536:EiBOTPSJHnvKhYL1ow9zDXTQ7ZfSNoSAF2H6Nh6LU9JXjUeHV/Ko:GTP2HnvkYLLdXTgZyoVWcjXjrhp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx
|
MD5:
5af6c1d55947df055b58c6106118dbe1
SHA1:
5bcdf28e333f7399a25dd2174cb20ce72d82f088
SHA256:
4603b3a8375e7b8389a748547fa351d69012cde41db5910f95c554fe66a72efc
SSDeep:
1536:MJubFcDY6E1MmDNmmhdY+Q4fLMrqldU+eHnJ1sURbGq24GTPK:MMFcDY71FAmS6LMrqIHnLpMBjTC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx
|
MD5:
d450f6108846acf9c0716a02c41448b8
SHA1:
4bb6eb346a6d159a7c635bb8f46314ef164cfe1b
SHA256:
c7fccf154de2efed118455db0e2a29f2c685dabcb0668f4b9eb716d67dfdce7b
SSDeep:
1536:+1SJIi+FCbk1HLVnAaqFUeiWo88tOqtQ5A1x33mYwDCicIRD:+8pmCEZAhUeiWmtOrMV/vicUD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
|
MD5:
ec5504be055b17c72b2fc3aba21047a5
SHA1:
98d8ecfcb9ab25fa955fe047c9927a1ef5d1ad50
SHA256:
b0a5e7991367b3b3626c4411a5e347e98061ee6fb24ecd7c71cb8ff278cd60d8
SSDeep:
1536:oRi2KqbYwkn0Fi3JSop6kI1dFKPpGUGUHgDiW04IR4S0:oRi5qb5i0k+11vKPpdGUIiDxR4S0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx
|
MD5:
4186032cb79d767717307dbdd1abab2c
SHA1:
f26f07ade5060a4c874d2cf660fa2304412c2552
SHA256:
f642cc4d54600d0fb408a36830002b8b44c3ba4eea3d1fa9ec2653d6642f103b
SSDeep:
768:grCO/rZPiYN5FFkrp1qEexsDoxhCr6MPSyLwSLCTX5/7+1hU7K7gZV7sn56XpMB6:qPiC8cxkoXAYyhyKaqXjKo/V3hU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx
|
MD5:
c26d9d4946d83918d28cbe1831cf0b65
SHA1:
cdf003d2187dabfdb3fa9c9326873dce4538aae2
SHA256:
e0f047b7a486b5237dcc75c9eb4a9d99866b07cd15e4973f4fa3a6aa1d279cc7
SSDeep:
1536:viQ5a75wN+oBLj6mrH9WseP2tGGFaJcVTDfmTLwF7l:v5WGooBL1GYGGFaahDfmTq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
|
MD5:
17e6e3141c418ec32a964d403911b124
SHA1:
59ac16d63f5ac6aef66d80ef2bd45df2c99773ee
SHA256:
e19f04943f5809213cc897adf1f247159b8c98b8d663444297bd90fddda4432a
SSDeep:
1536:hW12VhNRh0LzO53tdPhxNNHH5MVOeD3vtr8bu2G1JxtW:hWSrX0LzOPdPh55MVOklSu2KW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx
|
MD5:
de35eae4ec62044c5e01a75714e274cc
SHA1:
57007639143a6dc4436dbb5f380752c50ed2f6c9
SHA256:
cc8e155217045c30662715f827b5e0cfa8c33abeb3a01b359b238fdc74a25da1
SSDeep:
1536:ApwQYwkYWSHaX+HW29h+V2cXSaI63vpciBD16hFmQbO9tRYT7Bguz9Bf:4wQYwzWSHaP29UlXSaI6/uHFLbI0qujf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx
|
MD5:
3fab11d3f32238057b30c2a86706dddc
SHA1:
d968f54e837968612823e91044aa791d36763c39
SHA256:
07a734689712a85afb70dbcf5cee95a0e1733f0f94dd58db917bcaaa7eca5fe0
SSDeep:
1536:x99feHCdrxhe4/A8jHo67QLFcrPJKb9MAK0Da:lfeHCddhvH/8L2rhK5Da
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx
|
MD5:
2b24cdb2d63214440b994bebbc36bf09
SHA1:
42c5788e9f308d131be1b7368c369fb49312244b
SHA256:
8e1fac565df65fba777abc64eb99a21f5add456bfa706878fa6ec6c3db3d55bc
SSDeep:
24576:wUIzdue6XHD51oFEhWz7IJmfYsBzokk3HSCoVBmc78z:wUIzdOD51oahWHr64BV7q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx
|
MD5:
11faaae719f70cfb93a5dfde9de1c018
SHA1:
209df68edc69c26cbdd69ea1813cba6f6d0d5d35
SHA256:
1d409dda4dae4d59efc52e748548f1e8c5cca05aa300b558f3a21b000417d8a5
SSDeep:
1536:X+ecaejWOK1FZK7rArN3KC4kembfXoq3N79Etofgw16zpDlX5DThw/Zx+Xw:ueGWOKhmAUC4WnNCSIw8D9VhEZ8w
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx
|
MD5:
b3d79c93f3adba7f7b624a6da837561b
SHA1:
70253b438011c27a83118819a777a941970d029c
SHA256:
7a63f11368d9388b44644c6218d420a28a3f5bd8987ceb33d6192c575313f492
SSDeep:
1536:AATZZ6BgvmnXJTxKGq0A/Nrwhjzic5C1NLcTiejlR3EbY:FTZZaq0A/N8hHc1auM0E
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
|
MD5:
29bc7292c49a218b966e944b2a37e090
SHA1:
dc46b5aaa4c116fe78c41b7270b17e38e974946d
SHA256:
a76afdf082c07afc6e75b5b87c3edf98a84dd7dcf0032db4d2fbac18a743710b
SSDeep:
1536:CH+k1YolFj8YXq78THKgP/o3sOp1aYYz0bysx:CeOll8a1DnP/R8YQbysx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
|
MD5:
32169e855f9d249ce1fe420ed0a879e2
SHA1:
169f339b142751c456ce222482ee31ba15daa616
SHA256:
b00b715a3abd14005e99ba8460922589253ec2b681c3aa519189e705be56610e
SSDeep:
1536:Am9tXiNi2sZLL6IzJcq/zT41w2R+QBszAOs:ttXp2McWTJjDs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
|
MD5:
75ab4db009acaabe5f89d984309d15fc
SHA1:
9ab28357851bb7bfa6f7405c83e9520e259bdfca
SHA256:
4c8d71242247dd1c71243d8f9f3fa545dfda3a47715c41be066e71cee1d08c99
SSDeep:
768:KrZT/W6R4odwT3tlh6HcjnzliP+bM2C3w8mRq7drXhH3ihFHQIng8Tx4TzQLsfFY:KdTW6QTdwaZy0RChyhFwO4vQL0FGX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
|
MD5:
b7e3a914b30dc095db6c8b0644d4d5c6
SHA1:
396e34061487d4d88f92ca2877352c812cbcc174
SHA256:
b724187f0eaf32ba9ec57bd8bc8f27a7b6ba661f44378df25654b2df2ddce581
SSDeep:
1536:Blt9WglPqge7YG+hoLCqIP35IAsSvNqUWmUPwaot:PTKaho8f5IAxI5lot
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx
|
MD5:
ff61d3cd6a0d16db9d68841369f1c892
SHA1:
9b4549238bc9e2f6ce465f3cecc22806c19c64c3
SHA256:
5e78d4a3dc70752762329f6201ac2866f021e8551266fff506893a47228fdf40
SSDeep:
1536:5l3r2wATWXMxmfmE8TVHwgDDA1wK03+MMPh8P6Mi:Lr2oB8TVXD01wm588
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx
|
MD5:
804feaa3f527b635b216f9081e191715
SHA1:
6f3ddcad4a503059ac51540f1344dd13010cc753
SHA256:
ebe4bd3c9976586c1916c2070fae0eb4956dc8b2ea6ed29044d540ec3f0551f4
SSDeep:
1536:Pe/03PRaL6xtqgptipGNZk60CoizD0s+i2C38GGVaTnmk3mRx:Gerq8tipGNZkW/zjaMtTDWj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-International%4Operational.evtx
|
MD5:
1d94fd575cfabb2dcde552b8db80aa83
SHA1:
c06780b1f9b01a1666f011b0f7b08b33bd127b33
SHA256:
fe48d871d18f8c61cdcbaaf3ae890a03014ebf53f31e51071926a5b2b5cc9ef7
SSDeep:
1536:VEuDjfnQiEiLyJTep4MKjg7PVMWCqvBEkl64nO6NPUeIr9Nf:X3IL9psMqGkM4OLe4Z
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx
|
MD5:
a434324ac8d09a5fb9510822bcdc8104
SHA1:
3f7989f044ec376538d7ba7a3a137aa5b40530da
SHA256:
f20b3772d3e0f4a962b38289bb2df95fc4cd570d2d9c2929aa919c223405a610
SSDeep:
1536:PyPPLivGYOWogHZmAQyZZq7cbJZ+Xfev9MuKuCIS//v0k3:Py3Lb1fwAaE7nfevFa/v0S
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
|
MD5:
5a14cad0ed143efb9b5bc97cdbd57705
SHA1:
d7dc50e66a3c1962c36ea09b89f3cd92ff56e9bb
SHA256:
80d760f8bba5eb281db4e4f56fe05e08ad9672eeccee311ffe90bf9c6a0bf10a
SSDeep:
1536:NE6ItNrzOU4scCDioYMpSLmvQEQ3+Cd5F95PiviG:qLtNrzvJDiMpOmvxO+C7X5KD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
|
MD5:
28f11a04ae2daaf9a6da25e5268f77ee
SHA1:
d1770aa2f31d581f3498078f6257713133ab2a80
SHA256:
52bd1650960d9e725c96a015ef4e934959e54bf6fb7700c0db6ae0b756535a77
SSDeep:
1536:CKwF986u3Yu8+PAiNlXJIHntQ1ht4lhpgyGUmOK37TZFtU54x:CD9N7+PbXSHntAhtczgvUmO679U5i
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx
|
MD5:
9e2b7dcdff57f74aeb979cbcb1c40333
SHA1:
c1814e0d47313c82f1a43ca70827f67a5f034074
SHA256:
1ac3a6b9e1dd88c9604c8dbdf8d95580dd6eec639cbaaf5b09de9971e1bb1231
SSDeep:
1536:C33/R9T5ZVyFlzyjPVgY3jmi1Dt+xF2YpjAazG/:C3nT5ZVZnz9DI26g
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
|
MD5:
cf05c9d5ecc22b050ab980a40ec562af
SHA1:
b6b1db450ce37f9714e9026fc16c9ba1c1f957d3
SHA256:
35aff7fbee48d54bf30ac7b1dcfe85e8c0e87b37fe965271746b168ea0ec9583
SSDeep:
1536:nsJQZjgH/pLKIrO5RxDcuCLcXlU3x0QLEDo/zy2X7A/L3bgkxZA8fe:n3ZgfNKh7W/cDQLE0u2X7AT3bgnWe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Known Folders API Service.evtx
|
MD5:
080ef7ce32619ad33d9f7b8dc28936cc
SHA1:
0b4947cf6565a5adcbe04b253c8ee374383ae320
SHA256:
546385fea332abe9a415be92b95d56254d0425370afbaae31d9b85d1dfcd7459
SSDeep:
1536:da56uDwHBhzqkdCW39Nf9AGkPZnzVhEqN:mDwHBhmC9AGkhnnEA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx
|
MD5:
d9d7035ecdda952fdd4268d632cef3ae
SHA1:
71d94712210bdab644c73f5991f6d43ea737fb2c
SHA256:
2fb7fa7d294a567925cf0a0a11a16f7be197f44ebb497e99410a99ca00c0c1fa
SSDeep:
1536:rmApuqFysfvjqc0Twu2w87s/bnYYdqhIxxE5q0qTTxxECxc:r8qFyKvOc4hK7szYYqIxYOTjHq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
|
MD5:
bf37b651377f492e1637933936a8f556
SHA1:
43b11527b1a7945d1a0b6d36bef63cdf53038d64
SHA256:
d775412aaa502cd551d6d9f631c7d0546c699b9e79ab08866400a45a1eb13bf1
SSDeep:
1536:Vhy7ENO3rZYr+oAUT27R1JxXVj7CR+MpNK25icYpx:Vhy7BYr+oAUT27/JxXVj7tMpNKKNY7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx
|
MD5:
175836a372340a74d34e49347932f402
SHA1:
3dcdefe0a9f1a01950de6ef3cc74fc83a1a995f3
SHA256:
60461b94a9ba5c5b437f76527caef5576f36967ab162714616a586e1c549151f
SSDeep:
1536:CXumaMQyA+VFutBe8UVJTTqrkEswjQyx/0oPUi7mjEDgtVVG:ClaMTA+/aUVJTq/bx/1YjDtnG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx
|
MD5:
ed4464c7751a95dac9e466fe759a02a6
SHA1:
e13e843f84959ef7b2eb0be5b87cdd988823c928
SHA256:
f924a46ff8180f731a8567eb4b85392d46f7382453fb24e8ef1d93cf6b7488f2
SSDeep:
1536:KQrUNIFvkY5BkEHRirWkqIpB/QCwpHNkQf0PBJ8/vZLYAP/c:KCUNIFVaEHRMJB1wdrfg6/By
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx
|
MD5:
b6cf23493da18ee5e09419e04385ee6c
SHA1:
41ec9af3246298f02d7403b388e1513529006cde
SHA256:
4268e6f63e37b9a9796494bd78de5c31099e063339cc7ce6b37467dba94d5fc0
SSDeep:
1536:bTTMQ8LXQVwI1bWvkgnZNGSBzg+BuN25kFzW1JJp5K:HTMnXWSHBNJCFzkJJp5K
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
|
MD5:
84eabcf7f5b702e779e04aac64854c41
SHA1:
14346183823020faecde9a4e2552ea1ffb4e7511
SHA256:
b73f955ceec12d83e9a3681f3a00c2522cd1f16ad414c4cdb7ec753f55942d66
SSDeep:
1536:QzMW/Pxv9KF+ps/zCWMt0oHaGE40+UY0CjGkZ5WvoJ:/W/PzKF+pOzo0IzE/ynjGc5t
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx
|
MD5:
36203a2f2be822c85f23ca5f52546232
SHA1:
a769b7ace80e9d504c0bf5a2d012db4135f2a423
SHA256:
bac41497f4b5271c9f59ca41c38865176cbf4897d9a70ba63a9976f7f5153299
SSDeep:
1536:tP8cpkPHDzIfBtvx3B0ArFJ6zO/wQIKy9PHyDEnjc7T:tTK7zGB5x36Aj6zOoQIKy9fyWcn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx
|
MD5:
8aba9b84d8aa9422b012ced60edcc3e5
SHA1:
ca973ce726b9544f83530e6d6492edc8d1a74056
SHA256:
e968efdb24de77ac048dacd333b3654f96b59c284155018a0861ed5cc60754d2
SSDeep:
1536:GuiLGFeYz0r2l+ML8EJYBgCBZ0RmfFJsAM3rDb0oHzQMXTgRcJ7VnkmBDB:oueal+gJYB3BZuKaTTD0knkk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx
|
MD5:
6205b7da0a9a456f9fa2c13f34008aba
SHA1:
4ae5c3d7e0ec66aa9f09e3e546943f30247ded0b
SHA256:
704e5c71424e20a9467fd43547d3a324d052b91e894d365d67cd057bddfd4bb9
SSDeep:
1536:9pY7s8AFU0DKsFyIFiNh4RogQQn9zc87UR+HzKs9g:9pGs8AZ5yFh4SQn9f7UMTg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx
|
MD5:
5a343f3408367b6821d5022ac52fedca
SHA1:
06494af43d9fc200679bf956f5d2a09ec69bd7cb
SHA256:
61732b8434978acf3af6649c525c094d7ae229b5c1d8efbe2162bd5bb0baca37
SSDeep:
1536:+P0pzdIGD+DYU7FTTRh9LXPMjsu7EC95jGjaDweSotJCw+cY/Kf:+PNhYU7R/ZkT7N9MWjF1+cGs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx
|
MD5:
b37fd93e5267fa647ae6005a3863d9d1
SHA1:
a266b26b6b489b386da6f9f8e6464b35197207db
SHA256:
e6f5744da47ce3e06d7220ca7b3cbf7f884d80b7b98d97127a7fbc8bd77a4e95
SSDeep:
1536:PikiuK5kWikihkDPN6qiLOjxkh+2dxps0+EMOtkq/dms5FxlqOyeZN2:PSuakWikj6qiuk82d3+EJAevlBJZN2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx
|
MD5:
0b204aab78614c77ad2761f752f4801d
SHA1:
19a814bf541942e6d3d8b29f4d200964c6887ef0
SHA256:
4b05a505c79b53fe14e3225a384f383e371407abe4354e94c0a57373e110cea2
SSDeep:
1536:AyHFNVslq1WCbDqPm7f6ty7/p08A17eM2igjivJ:PHmIbDqe0y72iaJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx
|
MD5:
411314ec56a77bba32d57b81a06ff2e5
SHA1:
5372db592890cffabd8acdef283c5b6d50309bb4
SHA256:
6eae1e4dbf1b659187b74ddd25eb4c3a987557fb8031d3e3ba74b6441df12c9e
SSDeep:
1536:CJanywGixDtGV1Lr+OBw9XKwyjjn12t1Eo1+SQ87JT9HJW:CJd0ps1f+l9XKjdq+SxJW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx
|
MD5:
d9c980617cd023c4fd72456709ca3f05
SHA1:
f54261d8276aaae98a72b18f71e37daeb8377f81
SHA256:
3d79041ef25eb5b86019733b7301ca51a0e81d1e9debd90487aacf4c08e01997
SSDeep:
1536:dXmCq9AIt/AoC9IK7ZJZH5tMEqeUyJOb6L:R7q9B29ZJuEqeNJOb6L
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
|
MD5:
b7222e1dff47f47d24e8c5dcf9ac2393
SHA1:
33afbca31ef9eb349a6ebe8627868fb339a51cc8
SHA256:
7f272d60c62fa760c223ab64f0764907bafb59ad26f3159348c5aa6e63908cc9
SSDeep:
1536:9ry3nZ5sOOFOJHWbA/jmY62p7WfImktD6fX1TA9mKVomteZRM0gwu:9O3nZ5jJ2bA/jm52FWgNDY8mK2XM09u
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
|
MD5:
2298f231f4bddc49b46b3e20ff881f59
SHA1:
cdc4b6e5e5a7e623ed5771a1b58d64777945f53c
SHA256:
fbd8922f3cc9cee53098354a3e8f18e9ea2396fd53fd82e4a4df898cab8942ed
SSDeep:
1536:bbsSlX3nOm2VeL9/QiBvXNSYkax1UfCl4gU:bbsSR3nuVWoiBgaF47
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
|
MD5:
6137e5f21c88fc80c8801168a04f61f2
SHA1:
3c59122e31b79246c3a0b989036d3836f57a484f
SHA256:
f4c7d8afcc8f46990fc17ae512cecafbf7e9c91634065c69c5c6fc5120bdb00b
SSDeep:
1536:k/kQ3G5uiOIZ0P47Mr+O2GdKB8e/6ucaIJgc7TtyF3B2xan9IRA:kt8u8ZWsdOKB36//JgcfYj2xlA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
|
MD5:
a6ca4ed6451d472d04a0b140441d5a88
SHA1:
4845a037aeca1c7fe86515490896bb542bab9150
SHA256:
b8c60b04402884f8264a3949b86728bb012ed78c3b0f03a72e100cfd862e974a
SSDeep:
1536:9UUs7DG0i0OYS2LywhAUS8oZ/qWrwH9CaOZP6R6CpAjSdnEKi:9UUs7DjLOB2LyI4z0H9CinAjDx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
|
MD5:
981d976e879572ee53f5bbe231c7ee6a
SHA1:
c4ee21b9f7315c13d5a5fc447a637ad0b6352d0f
SHA256:
4f02a54a580377d586bf2cd4cb4bdeb807e99245c9c5323d2b20669b42abc310
SSDeep:
1536:h1F0NT9Orx7pLfdpgdh4JyeGtFIJF59XNQxLskC:h49oxXGdhsyec2TXN6skC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx
|
MD5:
c8a3f8ecfd8c63f9d98d698810183dfc
SHA1:
314e6fd271d32a0cd2bc414271c474d884997bc1
SHA256:
350a5e34a324edf04bb277f50c62d80ce7f55bdbac9b1a7c5aa6064631d9d211
SSDeep:
1536:hlNUXedSOxULl9/wPOHKum+gzsqaZeVL0MR9JOBGho1L4p:hlNUOmf/wmHTmZzsDQVLkSdp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx
|
MD5:
b4f81047376be3451773cb53c29b168d
SHA1:
7d13624f28009bc0d50977f83c5e0bb3bfb37f4b
SHA256:
1ba0b799b22fc40f71ce7a6d6c288ca3d8c2408293b4cc2fe65558949ccc9204
SSDeep:
1536:DplhItqAwC3I7yshYyWKSPRrJNoSQj7/DQ5a+DuS:Ph4kC3oFZrIRrs7j7LQw+Dp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx
|
MD5:
217c36e3e5c15bd67f30900648c77247
SHA1:
68b4a417222c343ae8bea974a1ee283db3be3436
SHA256:
2954494e6f1985d74007f3b18b53870d87af3e534e2eaf52280d964a727cdfc3
SSDeep:
12288:Al+Pbi5UrjXvZeY0e5R+8g9rVhSk+HnShsgp9RIkW2ilsbVBZUN7irdOGCG7NMAN:Di2nBb0eDmSsdek9il+ZUgrxZMGM7tzu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx
|
MD5:
f833509291acb96d22cb0b3e67dee61a
SHA1:
b5508ac62ad74c42ba2cb46c01ad1ce3aeeb376c
SHA256:
0af4aeb6bf11e8646ca00c0e1bef2639e04ba7ae77b3ee1fbd5131f4f42865cc
SSDeep:
1536:S0p6LuJscbNLLK+E3uZX9e8+GYteH+dD9lJGokBR0oGrWmrx:SqSuHlLK3undkteuD9lebXGrv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
|
MD5:
80e6329a0435257b1202240a172371b9
SHA1:
463ac768b38e282f44edee9200e64a7f91f3b43c
SHA256:
04c4f6a6474b67c3970c64ef8ef0e50d8adb9f451ee51843413e0333c7eb0898
SSDeep:
1536:JHAAzut/w03m+Ula9DnLXSdej01XllC4piqgPj:JH1Q0+UlaRXU584pEL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
|
MD5:
72e19b787afb34886d5398498250a13f
SHA1:
e783e3358f60790ed142c583b6e226b6de926081
SHA256:
0f14bf9132d27a3943fc7fcfc0941f26d8bb2009d5ec5ce1e50954296284d518
SSDeep:
1536:xreJXMAeuSWyeuPYo56Me6Wbf3gUnnGJtGHZ0gER3/nr4dBnuytqCOTKCP:xrI8AeuSWEnfNWDFnFOtPnUdhuysRbP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
|
MD5:
0b08edcfff2b8aa54adabea1f3b18818
SHA1:
da369b458c29e79f3e68c6df44d6f43125373187
SHA256:
85367e543e50ff7c87c9bb0bf5936b167d637ef58ddc2cedc2b873449730c741
SSDeep:
24576:L345H7svZNVU3Jj/iVoaXlm9o33tGgDiGXT5k4XaJnu:L345HOrVU3JjdaXlm9EGcT5X
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Security.evtx
|
MD5:
668e614901c5177d8b5b39e84614da8f
SHA1:
40d0a0bf5ad9dd1c6db965dc00550a9a8b1bf4f1
SHA256:
dd5b554a093aec6c230f1590ffda3f93d518f4b9d1738f43d3d98bc0593f1a27
SSDeep:
24576:euMUgOMbQTH/+eIMcu2Unbn7lnSFAx81Bu4RN5:e1UBTf+ucuZAFA6bu4RL
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Setup.evtx
|
MD5:
9a43a5c70dd339041d8d8e6847b29b4b
SHA1:
d6b5b6f787a9c4411376d104fb062971d7e063c2
SHA256:
7312fb42aae0f4c3ad5dba38e956ea613b72bc6c2ec36a0624e8c6cd4eb0f2cd
SSDeep:
1536:GW/0HSElbpNg7uoxO9ghTenQ77cB02GePpPByEbLcGHthh+6aI:GW61pNOuvgh746ePJBxbYA06l
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini
|
MD5:
b16b875fac313547eb82c23773ea640c
SHA1:
f6b6d31739278dabe7343aa84630dd51c1c7a03f
SHA256:
e91c354d22c5ab220c069ee229fc0b000758f7c79b46e74d7bebbda86845176d
SSDeep:
48:toyFZMq4331EreDjx/NBDMWH2HWJyBSCqvEmZN3+k6:togZMq433acjxFVLH2HWJ6qJN396
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files (x86)\desktop.ini
|
MD5:
6ed5ec2a574cbcbd5348600cc7c477d4
SHA1:
7918b731dd9c07cb60b42d613d1b8382befb169a
SHA256:
49d8f80f685227449ef966f08282b30cd358deab13fdfb134ecba44e0d5e58e2
SSDeep:
12:uYgB6aYtbwjJBrmexqsQFGNCVFOwsWZAtaUeVScD1jdnGJSILFzSJxV:uXB6ah+1FnFOwsWZEK3vGJSILYJxV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Microsoft Office\FileSystemMetadata.xml
|
MD5:
756e8e76cd7176649c70724de9e47632
SHA1:
59cb6cf6ba03c6fdf22077d89add5596b3655c9d
SHA256:
64187e3ba89f0acce1c490c8643b8af000d95c25565efd97c151f477773068a2
SSDeep:
12:J+XN5cT9mT7C4df3m4Sn8PrYIhQIEgXEHn2j+kdV5OQ0D8Z4yTHEJ3oPZRDX:wQEXCiPm4aI+IESEH2B3OQ0DMUohlX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\crashreporter.ini
|
MD5:
9074ea16d6763648f056ffbf1d59c158
SHA1:
5652577788e1c9b5d3b56da0aaec5c8caaa2c26e
SHA256:
014b15f11833caef508fce2a3b5937c195a65bc214eedd4dacbdb7b9bd4252dc
SSDeep:
96:FoaOY1+OrOzjkjDXmcdn6oRpkytd60qyWklpezuPzoYTzOm/sdmD5dt:/F+OrsjgLLd6kqyNpjvzkE5/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\dependentlibs.list
|
MD5:
7389525a43f7271c78b9320225645720
SHA1:
c851aa56b743463e8890f7003e3076a5a685c67b
SHA256:
807587a477320f52596f01cc10ac22a1af58ac0fec3449c41364ca59f911ac67
SSDeep:
24:fPf9bGQ8TkyiCCwGUQPWisgLu4PnuCZCthZ1ShU6pYShrgD4fVoAj:3fZkqCC1PWv4A3nShU6SShED4fZj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml
|
MD5:
b77f006e524c34251fa5dc1357073b12
SHA1:
27ed7928a8813e8302e0b24a9ee148110f71e9a2
SHA256:
ae355bb6780d4f3519bf8cdaa584dde0d4d21eb4ace400d2cf814c9861a4d5dd
SSDeep:
24:3YAzo5Bteoh+4UHiUPsGda6kzr+TT20d3mq:tzoArCUQ9Ylmq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\freebl3.chk
|
MD5:
217eb34231f1f8ca050e9f7b94731433
SHA1:
1de720362deb5c068d6161d894075c61458b962d
SHA256:
4953895f5fdf6971400e78bbb78eef17544b333b599989e770814d7d23d79224
SSDeep:
24:LmUWmRhyK0ooAYkTZZ+NTyCQBfmBWvCXfzTHzMavCa747kU/1:SUWmRsAlL+Nd4fDvwH4aKmED9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\nssdbm3.chk
|
MD5:
dc2869fec273befe34560cfc60d66f9d
SHA1:
da7d1c7c660eb046cf7b00a07a8d003ad56f92cf
SHA256:
b580a4d6273a98899e82e8cfa5d83c4ad457c6c7ec4abcca2d7bee7d578b95c4
SSDeep:
24:EiNzpwx1dZ43fydosp2yq/EbyDtg8ACIn3RTM2QpbGldFlNEQzj+HhlPHIHbPX/U:NtwR6MXp2yq/EGy8vIqonEm+HML/RczD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\omni.ja
|
MD5:
9d55a1557ed6a730198ed40a4fbf5b74
SHA1:
df48a0233f2978672a5ff8017daf090ee8c98a08
SHA256:
3601d2d8d99cee44eb7e290c79f1745081a6006eff36b3bc0d33fe743f3587eb
SSDeep:
196608:R5a8v994ZMohCcKCdnzDXB+kMIgklh7bd+DeecCOf2V:K299WMR+/XB+kMVkl5dOcCOf2V
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\platform.ini
|
MD5:
0deadef69f54aa61cc11601df69060d2
SHA1:
08003e67f791f45a6a2e3dc68bf38c9099cee24c
SHA256:
5dc24cd7d7f8371f0f831491d3fff948d66ae3c34c97f1fe80bf2d233c904172
SSDeep:
12:pxR3AH1X+c+c3ShAOW+CWWI1MsTJgNbaK44d1/Ku95U4SAmTV27mrByTthRhr:pxCQcjCyOfP1NJgNbakPK4NY5YTtlr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\precomplete
|
MD5:
b0c252e6b0be96d9e87735ee88442a7f
SHA1:
cd8933d9b1e296823a9756cf674e595e34b8eb26
SHA256:
f51e3680a9b741edea0a70bba5260c3bd6d4628eb787c8ba2c09a09880237c44
SSDeep:
96:eXFb5jjIa5CHsz6859OyD1MpwygoWJmkbtbdy/i6JK:eXFbF/AHP87jRygo8mkRd/eK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\softokn3.chk
|
MD5:
a3d205808aeb9ae645475a6836d3857e
SHA1:
ef5f734f12c36bbed0db10cb1d38b59762bb9c07
SHA256:
6e1623652a2767a62b108fc6bc86c4b9a8418381c9e0532987daa57242d4181a
SSDeep:
24:vYM287yv0yTp3td09FgV5iGlsd8/hW8i50ck4BzZIxBkb3TdzuPFdInwUmDi1:Qvd0wp9dxVXYvCqIj8tOFmngDm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\update-settings.ini
|
MD5:
1b82baee929d5e14bcbcffa4e7305d74
SHA1:
f55396db4f7ee8d646d60b14f2d1b6ef6e162cdd
SHA256:
a0c38cd115a88f216a31d6804c88de7506bcff1149579ccc748cc4439b47c444
SSDeep:
12:9rWp8Gql34xKPF5l2Y8m0Wtt1DkUaZ5kBE4ETO8DVQKR3z3LGK:9mql34xk5lgm0Wtt2ai4ETO+VQAH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Mozilla Firefox\updater.ini
|
MD5:
3aada9fd1b9e7200d5c636f359a7bfec
SHA1:
600b8e009b3d98b38057d3a9d6a5f64c22b367b9
SHA256:
75e1c1e2051f7206253062fd6cedec2addcf61fcc36c603acbf6a00d6c6371ce
SSDeep:
48:iiC3xhPWdb+6xj6PCVDy4eC0LS2ujGFKS+Iu:iX3xRqas6yDQNqG6Iu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\UNP\Task.xml
|
MD5:
cd752b3d5b3acbf9e3d5cb0db0351366
SHA1:
d92812a220678802923647cf52409c959e604e66
SHA256:
384920ca3a0048812b38d61163c2e39fc354684a7c4ef17217c6057760e3400a
SSDeep:
48:kxiUTPHHVdoFu7qCIjUSqRFI7FT0YvP08eA2+JaGBLxcV2POoFYAj/DO2Ej2yXt3:kA2HpeF113zAGB1cWOoFhy2EjDER7U
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\rempl\Unlock.xml
|
MD5:
7352f98de4a76b634292b64c9d496d0e
SHA1:
6324be2aa680155322f31ca3ad189d3afecc5e0c
SHA256:
7caa51b05af049e7a1e0ef64d7d0abb090a13a10d930e0bdda4f826584c5612c
SSDeep:
48:QXVsqOuSA1U3nIrj2qJsE2qgf3UsXPH+ArHqgMCNMgfK+lX:T5Q0nchvoLfH+ArHq4qOX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag
|
MD5:
ef3e917763262945e3621ba2f4c3d0ac
SHA1:
10ce88ffce6ddbb61fb296a035ddc3db5c54ddc8
SHA256:
f71cf093dcc7c8a936e306b203d7cb593b7706a16f49e86f614e119814d8d595
SSDeep:
24:LUdKQtdnpCSkXOnEFkv7ttINA/0oIy19kougnlL90Im896Y19jNlr5vX6Q/RTYfp:LUdZxqXmECvgk0py19koYIZ9/rtvX/Fa
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
|
MD5:
de458af0279bbb6b478d5cdc17b046a3
SHA1:
898bd0c897de0158adf61df1325e2dbc8384f477
SHA256:
c6e5e618ead914e99ad5e01a50ac73349a88ebdaa1986d4e057e6155cb161e1f
SSDeep:
24:1NQZcsr18SJwGwDTCqcoW8AoZHyGfA1ltaIgYClg88W+5eFOqNnBTcnpeyCKo/pb:Q8SJwfTCKW8AMnA1DTgbg8yeFOMBTwpy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\R3ADM3.txt
|
MD5:
862867e080d00bf0df6ebeb3aba87620
SHA1:
f29017992c7d40dbc2eaa958657a124f089a126b
SHA256:
1a738c47e8d1c10279eaac92bb5caf05c0426759ee22077f63d515d9271f68d5
SSDeep:
6:loBuk9NAtfXYhBLlK+2WzSs+27HweTWWFyekx:loBvmfIBK+2kSv27HVFw
ImpHash:
-
|
Access, Create, Read, Write
|
Dropped File
|
|
C:\Recovery\ReAgentOld.xml
|
MD5:
316014a5d3f695b5d951a79d50bd7aa9
SHA1:
ad21e5dbde89fc52a2f3cd7f337d01de20aa89e0
SHA256:
58081192d9e878f426ca3adfb0aee1612f1c4e151de96517cf39c6184e858778
SSDeep:
24:65A9ir568O5ff4crvJ5PKUArdX9815b5B0SPSZtBp3ppMJ1MFgqZcSIY/6t:yR4fQcLyUGSVSSQHp3pXTiSryt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT.LOG2
|
MD5:
6ea243ae0b4ddf75f7eebf20b7682754
SHA1:
8802d5dc4b00f3de1fe4cf4d6845e9ef8a58f25a
SHA256:
a38aa8aefa8b38257351256e1a96da21e621f7a48aa0be8a4839d13c8c2d9cc5
SSDeep:
384:lpBZeFSejZ1xYncBnhftOhATJHpk/t92+yXT3L62:lpBaFBhft4iVpcb2JD3v
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf
|
MD5:
98ca40bb678bf6d513795ca3645b0556
SHA1:
9eb3a0e6de502ce5a0cb98b127722c27c0791873
SHA256:
08c53a11661d4e380be666e8a2df3b7549d8f52d9875bbb139bdab01c32fe75e
SSDeep:
1536:WCj3g5EASgV420gKZKpXYxkIkTUTk9Y+GMySi1:vLkSAqoVCkIkv9YJM9i1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms
|
MD5:
b752cbc080137ea2db52b56577548e76
SHA1:
5c5d662377a7f23aa9a7af957c11f1d771f8ee5b
SHA256:
45e506de9b567659a15594d6558bf14325dd938026eaf1b7e7707a34477f57f4
SSDeep:
12288:7dvI0IWPHDOOd7IQZcWz/i9Ez+A1zPotPH7nlFNJlCdwJYoZPhqFxkT:7hJIWPjlTRV1zwtPH3NDPYoVhkU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\Default\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms
|
MD5:
2dcb059fb676219af105499f8441a62b
SHA1:
20e8c3951ad502df308e4f4c424d8f305001b826
SHA256:
c902761bb907f146b899af91cc49631b358c9b692b745b96d2122b4b8fcf28de
SSDeep:
12288:cEawodDhzsabXxARaMFoIi6NKGJS3n94YHUb4REMv:jawSzsasaMFFjN7JO94YHUbETv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\Default\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms
|
MD5:
6699df90b2b7a7bff08912ea343d800f
SHA1:
1abf6c9dddbf65d891bb2a39528a6ad42eccd2bf
SHA256:
341768456212b23ae1d1f9d2c66543ed6d6b57985cefd6a870f2c35236c3b450
SSDeep:
12288:WfSrQY11isCBSEpor3acNSGllIBeQcJWTxk6krc:W68eESEpqacNSkIT1Yrc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\desktop.ini
|
MD5:
140ad035a7348d913ba4f3248f6b2084
SHA1:
90e8c1766b8d8a8ca6fc4b66041dbc150ccfd9ae
SHA256:
7e1850a14560264526c0aa63cc60360889acf0df7266fa33adf6f4d4220a9172
SSDeep:
12:jcSMpPrSOyjJ+SLeo6TpJ87H7oc5USl61XQZAEwTYXOE+SCt:QZNrSOyjTF6j8UcVl6NQw0Xd+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log
|
MD5:
f2d6b4d75e472f56dd0a9a056bdd3e88
SHA1:
f78063d462a83b75634e7109e9354fbc139a8b97
SHA256:
e7b790fe21289f87082d4bd510e7a5fe9f07f79e9fbef3c53d0c3b45363f68c6
SSDeep:
768:KbSLPTJfeXGjTVZmTeJrx5kSYgdDOpPLV8ezQOOru0UpEZ8I:KObwG1c415kS1apPLO0QOOrXUOT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\$GetCurrent\SafeOS\GetCurrentRollback.ini
|
MD5:
ec09a9983237164497ee94ab0cb58b33
SHA1:
d15026169bff5f26f25373929395515be3466be5
SHA256:
7806fc93619048658436df33093f0e608bc368030fd4e70097fd74c83879abcc
SSDeep:
12:TmNpLMPiERp614wNgdCpFah+2Wtqk75lSyA/YmWHB1gt8aG:TopLMC7dk+2W4ekhLWHzgiaG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1030\eula.rtf
|
MD5:
0b1d703be594388641534bc50ccd506e
SHA1:
397656fb1b3b5e393c72680db9d65abfbbcd842f
SHA256:
892b0ec01e0509454f0a25b68d947f6a12947a2650cbcfe1b3764fbfd88ad6fe
SSDeep:
96:mT2NJMRAOZaTrsZNzcdKtE7zQjo10HvieYSvJsng:mTwROWCzdtm10PiIvJsng
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1033\LocalizedData.xml
|
MD5:
58b16241747fc2e18eab04809a52f380
SHA1:
b736c41abebb7fc4c78f37be634490449d7681e1
SHA256:
2bdb24e27454cea85de47e33bfde5b47a06611ade6e6560b8cdd20e309601239
SSDeep:
1536:R4dBffkGCO3zUqzrgk2IYSnTL/2+cBsxVCsoc/24liCCaYG8qxBpP57:R4ddfVbgwrb2Ih/jcBs7Csoc6FOxB157
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1033\eula.rtf
|
MD5:
9d81a6d611e284f7d7f336b144e19a3e
SHA1:
a9f783d530a9eb7ed7e0ccf434075d4fcede9c08
SHA256:
0bc7ceb726eb7242e3e016d577e6f78d1f134db3cc207a811b1c58ad575c6eaf
SSDeep:
96:/jaZ2LZSBtgMd2cS8zJF2xRZXiuPIQ18KbVq:/PZBMw3+n29TPD8x
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1035\LocalizedData.xml
|
MD5:
9dc4d64937837e3efeb95859d0fc022b
SHA1:
ad76350dc024391f89095a7439dd06e3ca19ebac
SHA256:
ebd99748e25e4d7ce1c96045abc18725753c04a58b214414d179a4076acb52cb
SSDeep:
1536:zOUa7nLGmvCKxZZKHBwFlyOTqWnESUW18jzTSbyp2BtCcIxV:FoL0KxZZgqFlzOWE+WXcuV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1036\LocalizedData.xml
|
MD5:
0b93319f2f508e6d89e08236618a223e
SHA1:
a23448255ef81f4267bf4fb2991303af864e9fab
SHA256:
f79950b3a60adc25a535a92d63245d32836e98566a009be540fafab6588814c5
SSDeep:
1536:XclpTQkVxRpg2fkvPnnXiuGM8p8+X15T9ehaF9bu7CB1KTL8:XiRVxXePXiRM83rTAMaMKP8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1036\eula.rtf
|
MD5:
8a16ec96488fca705f8d244b24f650b8
SHA1:
318a934d924934287ebdce18c2e14d9b5124c114
SHA256:
00936eecceb46dd2ab83ec08957c91a142d2e18285cdcd1ad8aaf0afb70594db
SSDeep:
96:BpMi0akD/nxrkzuOMX359oM8STetl/07v80N:magfxYzI9oBSqtL0N
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1037\LocalizedData.xml
|
MD5:
cec32f0f3451fee6ba1833c96c813fb8
SHA1:
40cd5e3232bd723dba0edf2a574b7d274e20234a
SHA256:
e6fedd858dc6b5e9c1da406d60879c967fa920235a695a990652e70d16d7785b
SSDeep:
1536:OC+1DAE5oB/iqfQYCgA93O7Zag5BaZCItyYFvGifyKLRCaRCnyS:OCoZzqfCf93OIGbeTvGuLRCaa
ImpHash:
-
|
Access, Create, Delete, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1038\LocalizedData.xml
|
MD5:
cef946d2d220699414da8fd2d7caa48f
SHA1:
56c0c7d926c5b16c5749de4de683d7d7e798c8ad
SHA256:
e0f6e216267de0de19162b82514b2d008fb8e3c0be86c64101141a243fe102e3
SSDeep:
1536:0DEK5knqQajA+0M5kIazO8f2zdt/6kyjM3ahg0u7lKoKSUkwdo+NqBFtM:QOdDM5kIGWd56XjM3ah67lZKNkwGWqPO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1038\eula.rtf
|
MD5:
4198b8d2010704e4f180d16d67391e92
SHA1:
607ae59cd0e7eebd555fd64826781875d1ddd16d
SHA256:
ade3a6f117ad2b0893cce802752188238ea6eb1e7089e1824f9d22a04db783d3
SSDeep:
96:nXw0liNV8zUjcB71v2kqWpmxPWB5K3mWveJe0xuLdDx4:A0E0z6wpu4pcPW23mWWJe0cht4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1041\LocalizedData.xml
|
MD5:
33a1beb907b463059d94e14011f314b9
SHA1:
c51df690f0d49fb36d5fdef3808d6f3ef92e9be6
SHA256:
924cd012c7a9a3d76c8453da76f2af054c63b1186b6928946d25e4707a251da4
SSDeep:
1536:XdEgUGoPWgTI65T2VmzZBMVUjPOb/w+UwU9oEqQHa:vUGArTI65T2VmzZBXO7vUpoEqGa
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1042\LocalizedData.xml
|
MD5:
f6ca337de31d5417502cea6128ae2e76
SHA1:
bfd1a405f41d78d3ea40ea4b4175bd57710d4953
SHA256:
4d70df28e408fb621889493e457cd0269a90a257f7643b3289658b13fffb42a2
SSDeep:
1536:qieZEgbyRlS+NxgXFcc7bT3ueKB8IS+p6quKj2SPaNc0yYWcQM5fv804mTD:qioRb8lSaxgXFpvTaB8IS+p7lj2SPa0W
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1044\LocalizedData.xml
|
MD5:
b9be6bd15dd09c443c1c92a407c881f1
SHA1:
92841b5015ee756f42deab0be943a1035c18758f
SHA256:
3247e5c682b39f2f23b79379e141bcb567b62e2e5b1532da5fee436af06ce778
SSDeep:
1536:phAqprOlU8s4/d2YmNfVdRjAY4kdXp7AWOwxxEsznq5YtiIERRvqju34kF5/:pLOlUw12YCtj74k15FMsCNRJOPW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1044\eula.rtf
|
MD5:
589e5f6ac6e5dd1db25444aea6ac9257
SHA1:
f8985fef5776c19fc282589f4ae3aeed74f31472
SHA256:
377d64eed6aa2036246af74fc7d6a22909de4520874d5c3473c8f850a7bb58ff
SSDeep:
96:Ksdosdmr0b9tFkGFm7zNtmlj2AaMosYCtOQSmMzdCfOvixJPLLpQsDyHfo3n:KEndI0bVkGFKzCZp/6dti/LpBh3n
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\1046\LocalizedData.xml
|
MD5:
3035fda95bc97f35177ebe71de9c9d0e
SHA1:
7d96b6b1310ecfde7719d58085f25dd4f4574e4e
SHA256:
b1726ecf24531b7f64c7a1b6e65121ef00c3fea2c5284923b282b609824eb30d
SSDeep:
1536:ibkVQjx4bT2ZAyu09Ma4mfTdOnwbAFTWcDXujt7aI7lrhcQSZx0kEefcv:iIn32Y09GqKxTd7uJ7aI7xhzSZxdg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\1053\eula.rtf
|
MD5:
66de9d7898e266d3ff4bb66e618c3bdf
SHA1:
50bad16fd18949da2c7e711ec1830c306c9c3f22
SHA256:
8fcd9566d89d062ac4acdac81cb48c1a8728cb446beef5020e40cbdda4cba984
SSDeep:
96:znn5ajwXn3nxOjeyt+6gprt3oUG1FyWHlqG4jsU0rOMcaA:znn5133nxOjRUt5zEzwjsU6dA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\2052\LocalizedData.xml
|
MD5:
ca4b39acafc71b448dd2c4a52d7d1e8b
SHA1:
4298fb8c693f9af6c3de27f56c6800bb49a9c8a7
SHA256:
633c5f1d2bfe07daaf3077382585f9b731fd9dd92bb3768b60e1c09b872036c8
SSDeep:
1536:dwOhA4cv7CSlffj4+oefclCtPkgBXCtBn3scJqyxp:ddhVcNlfL4+oULtNBSjnVx/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\3076\eula.rtf
|
MD5:
f623f1eb7edaebd82236669b456f685a
SHA1:
2d105a95869f1e50965749a6b10e87a2e0ece18e
SHA256:
8b887f9c5a0106dfeffceac0884f280d4d7afc3e532b55dda805a565fd693fa4
SSDeep:
192:rqPVnQCX7YDETgjnZ5U3+swcDLDpJd1TZq:0X7YDvVswUxTZq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\588bce7c90097ed212\Graphics\Print.ico
|
MD5:
1f1dd478589cd5df8aafd271fcb2243f
SHA1:
423b96df40ea96c7280c2820d8e7d20145b841ac
SHA256:
d3f1e13c30934caae23771a8b78097877a20152ed640eb3cbcda4aabe2a7589b
SSDeep:
48:z6zmnoqZO6YwD8/z29Q1gJsd5F7w+SoNVE1:mCoIcS9rJse+SI0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Graphics\Rotate3.ico
|
MD5:
71550b877eb15ed05df9eaf49619dd98
SHA1:
bad136f2f75940a1f7ba752f6a39e4b41b76bd4e
SHA256:
2b41c4a5f77a98ed1af374bc5bd3ccf17e9959a25fbcd94c91561ba8f0d2e14c
SSDeep:
24:qcIRgBHRi415u33rL+RjaOW8/0iLOZR0SYDyhb6tlxruoDBRmUecOfna:qctHxDu33rL868/0xvPglBppua
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\UiInfo.xml
|
MD5:
a271a828c15f58a910ce02ca67d023e7
SHA1:
828b48950004da29da22219b40867ce02c518266
SHA256:
f5adc01e6275f1fcb9459bfbcafebbdf77d3bf6719f7897508b52fd7bba39480
SSDeep:
768:fwLMyL5hgu0Iyp9BQZa2Xpf7csCAabFawnH74B:fs5hgPprn4pTcjtnbw
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu
|
MD5:
a5ae7d4c20847efe12f1f2f62069ec23
SHA1:
01260f521ddb454e4e0d9d6de2786ab99aaf991a
SHA256:
57c5ca63a22c2d2b346f1f4f702729a17a98532be93402d168685f28880c4b9e
SSDeep:
49152:nQpTkEBYIQxa7isiK6vJfYsmJDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNk:nQt5Q07SK6vhDGnRau84KUYcs31KfFKk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\header.bmp
|
MD5:
6620127d86167a21de3ae78bd554a37e
SHA1:
d6b51d2f30163b35cbe1dd48f114bcc80b3142ab
SHA256:
0e8178600f170c5ce8562016ac4efb98567137192213f54c69eb998a7b3321b2
SSDeep:
96:TtFJgdyUXFfxws2Db919ajDM6uMUXuh6IoMzk5C13:T12VfwDb9/49UeRoD5CB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\588bce7c90097ed212\netfx_Core.mzz
|
MD5:
afe6b4035360cde409f9a62da4ea21f5
SHA1:
5955d78b9e7d66bf93378d3aa8e20b18f0067ff6
SHA256:
f45e16cd75f53159fd22885251cf0b87867ed1ba8e46a6ad87ddff756dee7a3c
SSDeep:
196608:wgVSM+Fb1/9UJBCIzSpSIKLKeEpREgT/4szXLTkAoXPDxjfrgyBZolQUi:wqSM01FIvSpSI0EEgT/RzX/kAoX9jhyo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Application.evtx
|
MD5:
b0a5a1bbf614b9211ac3a029a0531e24
SHA1:
086bfb0de0ebdf5d35295051f1344cf665d01aa9
SHA256:
f5aeb6c648a40e12d8bf50bbef5ae34b804d2b0cdaa9123e7b6d611ee9d73758
SSDeep:
1536:yR9CK6wM7+PE+UYi44z4Kq3T3Z+BLN8WxAWP936juruYyctnxEFn:4X6H7+P9Hiz4J3DwbGiyEtnul
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Internet Explorer.evtx
|
MD5:
6805f756136c454045f478c89c45eab4
SHA1:
ad284e507eee8c05a86f01ad01c4c57e400c7f44
SHA256:
33abb881126c402fb187f0ba0c6a12f1bc96bb9dbf1e13f10b5fd75eb95456af
SSDeep:
1536:mToaLiyg1jL+zvDz9lVzGD+PNtU7/in2g+mB2bqBrJztT:mToaLkEDz/VzxNA6n2syuT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
|
MD5:
a49c05e057fc43c59711a46fdb393fb8
SHA1:
c5b2eba837dc8e8a9951888af236f332c582662f
SHA256:
2f93379744c28cd02f25d6f96ecb978ec3ec31ecce06edf25f158a5660a9a7a1
SSDeep:
1536:3MyAzgfhTp483u+kBIo4R/0JK0DWSYYFhXgvDV3tghV4QW0h:c9UhFtIIoIKVWh+ux36hq0h
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx
|
MD5:
65871c23b2ccfe5b5d5ef431f76e5d05
SHA1:
19b0faeb220b1ddbd399d87b35c929822a1b0bd4
SHA256:
f7fc8463a7b2275b62b8decb02d2f76ae07786da0e12bf4f95342c47730573f4
SSDeep:
1536:ABx8gqGc3myqfY3geKoAg2/TSmi6t3gRZfN3JFI7Vxoz:eLqG01qfYweXABGmi68ZfDgxoz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx
|
MD5:
1ed18125fba18bb790d344b5b614abb0
SHA1:
86220c3260d6c6df49217bfc1cd18a7a05eeee14
SHA256:
4b6afd1019213ba024397db94838d31899fd44f91d219ee16affdbefb03a43f6
SSDeep:
1536:BRoxkRSWmQ5Cyw/KvXVQyYqARds0riMsUP5uToFInTrEkfGvimI5/2dg3:BRQbWmaCywc8qARKohsu53+TAMFudo
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx
|
MD5:
fb13086d72e17f8ee53e762e7177e3b5
SHA1:
d56630f3f0cb7464e24b4ee32c016c2957e84d2b
SHA256:
911b360447f75ffc248fdd6541636574de6855ae968aa569dac323dee29652c5
SSDeep:
24576:z3cQeioTu70HtJ6iCQ0q4bgAS7ESHlVJyOPkdrZ6R4URH:zsQeioTu70HtqxgAS7HJyOPkdmf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx
|
MD5:
1621343388ac173fb229aa7c86d1a983
SHA1:
f888d8930cfbcbabff4ad47ba78b39722a44c737
SHA256:
b893e4a4388533c282917861b6ad5669967620ed8a78472f9ce9976c42e39c1d
SSDeep:
12288:tJGb3Rhk/pel5h02MXdEZcLhiK74dRSedP5mBctq7/cMLTDfHjpf17jwfByG7VIK:tIlvBZJe4dRLZ5m6tWdp5jUB17VYLW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx
|
MD5:
10132d5bea6b51356305282f2218d050
SHA1:
44f801ff6132b94891759ffd313a38b201f50062
SHA256:
1d8cc6341b80c08363dfe5eeb5c57fa3c0bf4da7eb23743a220c8583890a30ed
SSDeep:
1536:Qbc0hpo0JmSu9EOrhsHNKAjrT57XRZrtNKMLWRgVKTtPH8h9o8mT:Qfpo0JbO8KAlFZrtbLWuVT9x6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx
|
MD5:
079af4d6f96284814e1c9e2170360d31
SHA1:
01e2301ef05029f7c7ecf905ca9be205366c9b53
SHA256:
17fe40e942154f621831ef57bd31cd476331d64cb454f429c48dccca9940b1b6
SSDeep:
24576:Qcomf3isgRflv2i1fSK3WhOPrE/3o9XqxFnBkNevLZ:QFVR9eoZmhOPc3otqxVBUmLZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
|
MD5:
45a12edfdfa03149848d701d72db768b
SHA1:
4eaf3adab579816e98588068a54a4e0720379928
SHA256:
a74f41dd361faddf2b5bec7d836c53892cb4742b2f1e25a8e794a42191835436
SSDeep:
1536:FjWHtMzr7Ez6Zv8+Y1UJlLMTfF4uc4H43XB0YebMWH:Fjg67E2NLYeJdMT94sHMx0xMa
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx
|
MD5:
613bca03b79f94afea94b0251e7105c1
SHA1:
c5f3c0670a4eed0a106b19a4c654cbc6916d7a81
SHA256:
a2d7ffa0795de015719c33261c4cdf26988f388104a082795e74dc887481ec26
SSDeep:
1536:Zfj29jlEucDBetAkLRSMEubKeh4nnmiTJ1qhLjwfhcdI8UeKm7jJk9dF6c2:ZfiBl5cDBe/IGbUnnT1qhw+dkeTxk9PW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
|
MD5:
853abcb64fea0c2e2de30b63cfd55930
SHA1:
ca81c5eede33eba0a11e638a46c7170996132f14
SHA256:
2ad4a30a2acd2958c6b0196f83cea7842dcc9adc58e60d2a5e1a623aa7d427e8
SSDeep:
1536:5XFUCo7xEMtMmuyfM5LvXfWiJ27mbmulb45BvEvFHr0OfFHKL/2K:fUDxptbArvxJ/bmulmkHYOtqt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx
|
MD5:
fe795f3c62810c2f7a77389174a5cd27
SHA1:
58f86676b9a729fe827133e6da0ff5b1e223a5f3
SHA256:
060f8ed5fcadd63024a34319a697571513a76aafed6bac6fa313216f87b81146
SSDeep:
24576:1E5A7IHi0HYEt7sZz7EdYDklD1h4GXNA3:hIdYEt7mz7E2Dih5e3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
|
MD5:
833c558522bbe42caec5f153073505b3
SHA1:
9ccf2c6b0fbe5f9e7ccbb8ba74997833f4e0ded6
SHA256:
19f21dd783b4ae15eed0e708ae7b53ca65d8d6613c2715679c17b9898443f392
SSDeep:
1536:fTrclTwQJfOyf+I7/+KgHL0jPKOn3GEIZWSdqJRCIcbajO41Ble0MP3LpTb2M:fTrGwKmm+IL+Knzn3GEIJqJrcbaa41Bs
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
|
MD5:
683717f419532956cf8c0c40bdc491f0
SHA1:
a733dec4182be9229fe078f503534540fc084961
SHA256:
8b11328ce32b01c41e78fc9359af7242a0bf6e3c813f02d992c5622f0b61b320
SSDeep:
1536:/AJuM4vDeziE729xlpLw6y4wsigbUqUGI4OjDqx41NYc://M4v6We29xlK6t3b5zXWDUaYc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-MUI%4Admin.evtx
|
MD5:
96150196dcd256f76df447a67a01b192
SHA1:
b7bac2ff92d44b2fd4424d4b783f5c3c1222a936
SHA256:
2ae5f15ba4384af128237e7c52e654fa6dd1637ebcd878a6cadd7bc75a188498
SSDeep:
1536:NffmjmdfZ07OmQAxJfwL5vR+Oom/l88BxH07Fn8pZvOE3Fsc2FbGonE63EFfyt2b:NmmKCUfY5fLK8Bp07x8pZvOE1sDGjfyC
ImpHash:
-
|
Access, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-MUI%4Operational.evtx
|
MD5:
cceb3c2f6d54b495a1c157d3d1dae642
SHA1:
055b1173f845ae86ed787ce6274cbc08de26ee13
SHA256:
58e2398d8e33ba53eee191e283a9c016b729d829897b959ce850ffe39658d671
SSDeep:
1536:lWHnZqdUjn5Yq7K6hqADrSKjaz6jWyXRiRG8Z83WK/:IZ5jnqCSzKeSWJc8k
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx
|
MD5:
c00063eac14d8007babefddbbd9eece1
SHA1:
690071e446025e6f0653d7524ad31d0282672b8a
SHA256:
8595e73d876df7549fb32554ba1b4dc7bd0502ba67bb7399cc479b3007a80c00
SSDeep:
768:F3PooJX8+wkLT3RwyUZ/c75jBviRdV6Nw0pBMezb+7YydWyNOQvg4HMZCjsxlMum:WZ4GcfKRdV6Nw0vD+UDQvMQsxfqbGpC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
|
MD5:
1328b7180afa20540333e45d71e5a512
SHA1:
bf824f1a609b2b1f75108a5cd0b8895ce0eea12b
SHA256:
03adc1b46fdbcacb0738c951272e23b4c96643e6400d04b4dbe50764294d6225
SSDeep:
1536:e0EswLj+/S6Q1N/asbELvs1d4iBTd3PluhlYqXFZVeVc2FzXps:e0EXLjiSvN/FOvs1dHTd/lRq1ZoVL2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx
|
MD5:
d73e424fa0ae90cc0653701979048847
SHA1:
8fff1b17fa0b6ee89070907498154996dfb8eb14
SHA256:
f71119477be215b9104ded39cf69774d5669b87c82b0c5c62dae8131784f8208
SSDeep:
1536:n7TIWuwy1zLw8ae0Y0XfxiLg2Ir4sqhYSMgVWKqdr+le1/vgq:dCXwne10j2IzsYSrED/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx
|
MD5:
effc9dd3a274de2d5293d75c1c573eab
SHA1:
1a7a41e4d21b16e6c77c9a559a82fe8d0973d21e
SHA256:
de3819ce24b2025b4235861174bead20d46e6c1d56d338ef3480a2fe22b85df5
SSDeep:
1536:ziZ1/GwAt+AQvlz3NTbbcbCXxbOTrnzgux80/HkDFjYMS4ULxR5:zg/hNz5vpmIux80PSjdsr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx
|
MD5:
81ef7c6ca201ed4e9374d699533bde01
SHA1:
fc7faebdc2e564f69c0d8d070298581f40532bc6
SHA256:
b484e97d5a339bc04c63e07a2e02b4cdf1f47f59d9ee1aa8b108c7d629f5b24a
SSDeep:
24576:kHmgvMm3/KoPrg5Yvol9U1SNwu9QstElkfUa0sMw:kFkmvZgs+9U1qbElkfUa3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx
|
MD5:
af5d61f1a0a78a4d29d8f1559bb055f3
SHA1:
d28b0a400d739d2506e8dc96ef5ce6b211f7440e
SHA256:
fe08b42a7d3f52724b2ddf37725f1d80eb8a8b9cec5279e6b85ead3df58f72bf
SSDeep:
1536:8Eal9ZR53Gr+TL30ubK+RLC6h/PbX/sNSN1NLGNy:8E4tL30ubxIybX/TPj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx
|
MD5:
f0ad69384f3168db8af17816cf152a63
SHA1:
edcb263efe703bd4eafb750dd69fc73217102ded
SHA256:
0c0a8de69162914acd92917add5ee0a11371813e147cb9e5efcf6d75971da349
SSDeep:
1536:yFsOPSML6lx8SuPgzl8o6d5DmAAEjLWJ2YF7iaYdd1/x1:0ae67FuAr6d5qAAEjLWbYnb1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Store%4Operational.evtx
|
MD5:
ec5225032a96d4cd579e3ff2e47816f4
SHA1:
7139358e27f6ab3dca6146a0d5c4523da59e32e7
SHA256:
bad051495a3a02938adda952235d661c04e3eaa353e4884d03a4fc015d482683
SSDeep:
1536:bnPZ7C9b2KFYknJ5/6K3cj9c/y0WtOgnHqqqkxxbq:bx2928lnb6Kpy0WQgnHBHxZq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx
|
MD5:
a6bb6086b0e6f60d1eccb1b864f48a85
SHA1:
0adb483d9fd8f70323604850463977532c327211
SHA256:
a84fc064f7bcd07b680f8baedc6af503559f0629a32daea3828cfabcd2f72984
SSDeep:
1536:IIRk76lZlrTLZdhrm4eaJOpzFPAfUGSeJYPYXyw0VLVAv4z2se:Ij+lLHZdhr7rJOgUFYXkLAE2Z
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx
|
MD5:
9f093197ea88a4572a8c417c4d4791b8
SHA1:
1a5103f294d58d33bb8ea7ad21d9df2dbafda95c
SHA256:
50792ce2e4fbdae3ef0f15ae58be8f48a973f32dda8ec0ed116118114793c41f
SSDeep:
1536:Vgg+wDfTWhjfqQiNCIOfmmj/PSgPg5xEExtWuAgIvh9WYF4GumprKK9g:RDfcfqQxXOeXJo5mExtWuA7nWYFfr3O
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
|
MD5:
73413d4d7eff916ac8d6a21191c998d9
SHA1:
0bf1c1a407ec07f7f4d81225cff2114e970f16bc
SHA256:
ea57f128229e76c723ea0514b277a1db9f811de673a7d4f7a8d42c9abe56bc51
SSDeep:
1536:B3P+5aCq1qGRjEMKumF26bAXdanJnNSm8+OKpWC47JUeXb:BPDf1LjEMKuSb+dMpNSmlnc9UYb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
|
MD5:
394f51902f4e870f9b0eac5834ca058f
SHA1:
1d0a109239c8c9693bd818c9f83a31255175517b
SHA256:
aa2345a038271f6d6ac0068719d20c930937121914f0a0d75a1e1fdb25872f8e
SSDeep:
1536:4fDUJPdE9qb6IILvBH1Tcp6YoLpKPQmP9R75ocDCTFseYCp0WvBasoq/Y:4fDOlEccLvBV4p0YP9RFoNhsL0LN/Y
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Logs\System.evtx
|
MD5:
04a721a3b7377ab31f72ed627539c628
SHA1:
4c332b1beca47df4cb274bbe8b249fefccc06f34
SHA256:
7da2eb1947b98c3bbd49e353a83923ac6c121b4f10e1feff8cae8ef18e185b73
SSDeep:
24576:b+HcnXHYBO30hrHIbzbvmt6KyTf0KmZBSF:Qc37CjIbGQKyTEGF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Logs\Windows PowerShell.evtx
|
MD5:
2eaeb431125ee2425508a759d63da4ad
SHA1:
9ead8d083cf616ba68a0e6066d8aabe872ac1674
SHA256:
b4111f74d58ec92173affba9958e0bcc59c25fc15c7bfbef2dc8a1d9a37afa72
SSDeep:
1536:zLL/N5Ihl9tix0Sc64SrvMLQ5Wt3E7mmeeCfQli0jIBrA:zPV6Xtw0h1SrvVSYiREIBrA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Program Files\Microsoft Office\AppXManifest.xml
|
MD5:
5552a0131ae52222a03c79d7854f8979
SHA1:
bcaefd72b23909fe02bf282830826b55f4fcc987
SHA256:
5491fe8c5d80a3bce902e9755c2d6e7d310337207e4718df7124729805f93e8a
SSDeep:
49152:q9+1bEFqUUTULz4By26tDZjgu4pV5PYum1+vL9DxTW+4wm2wZJ/Y3NIogqPJS43G:flEFqpG0StD54r5PYV+vbTR4Cgqq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\Accessible.tlb
|
MD5:
b13170c9cb879a3f2476c4f0a1e3bd25
SHA1:
bef02d8dc33d76c3af61e2f56ec2c40facb0ab8c
SHA256:
e5acdc00b1565cb597a28225cbd8743651483193ceec9ef37289eca6e08d9dfe
SSDeep:
48:8wB7HSXxTeeaz0yl1mC+XjVB2/mKDC/YfVb6rsfh8D51peDVtuKoJqEEhvsSRg3j:TB2Xovzp4CkxMDA+dA53wVtak43pt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\application.ini
|
MD5:
e293aa023b36d7a2ad922c45fada49e5
SHA1:
208007b225efbfa4c38490b499ba10804bb1e349
SHA256:
8d4c95f5fa71a763c8fc71048d94ae6240d7ad7e30a1c19568583f8897acf839
SSDeep:
24:6mEv1UMtiQGKFmwVwoPcnuteenKuwVBsxtOtBaSuQRn02Fs99h7Oqm/V:dQ1UgLbcteK3/sjygQ9/Fa9h7m/V
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\install.log
|
MD5:
afaa707e3a668898e380f7b4fe32fa91
SHA1:
fed777090c06c7f7d5a656c09453f92e1ae113b7
SHA256:
c53f70190a4b96e5204f7ac375d816d01ffba98b25e9a0e6f30cf77495621e15
SSDeep:
384:otIAb78u2STE/hkDlP9Ao+mpmOIxQAgdwsnuLHLh2TczSRkAeYBS8A7TkHER/thq:Ks6A1bxZgd5czLXeSDtzvXuuBQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\Mozilla Firefox\removed-files
|
MD5:
9a8b3c1695097418196b371fafc573d9
SHA1:
f14f12728fec43c3ec6b18c4fba433319cf89225
SHA256:
4dcdb3382a2ed328dac73a69ba3bb3183d5cf1d78c3f52c2904b2c6e36c2b7c9
SSDeep:
24:bKYJejVq/HH/ICnVsdXvmkogbSF1ltyo8tRDF9lGH5weM7i2+Q:nJUunLVQeSbAAnDFGH5Q7ifQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\desktop.ini
|
MD5:
abf100d9c6e8e07e76234cd346a790b9
SHA1:
42fd9373a7b721424b57c41c0d7a23588c2669d8
SHA256:
e0673728a97b506cef404945ca8c74cf22d4c0d4e2551b6c6c53a13439ef5289
SSDeep:
12:egKe7X1uklh4Aw2YVNhcTuVaqqDJ3riVlXVRUXJGyQ8LU37X4BPOriY6fKKiVlhU:RKe88hI2CNqTu0Dpen4JGyZLUwO56fKA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Program Files\rempl\rempl.xml
|
MD5:
77c03ced0a2723471200d7713b2275f7
SHA1:
aedac99483178a1c0bd9c8801190d3f17c2be6a6
SHA256:
28fe990ad368864b7c2ef0cfbd1549ccd64f646ce2cafcb4fdb68b902bb4c99a
SSDeep:
96:Tex1xzGvk09gy3DvoDagsfmWUn/Vkd5mRSqxoOUurgu0u885Mu0O+suM:A1xICoQDa58U5mRSq9N3p+suM
ImpHash:
-
|
Access, Create, Delete, Write
|
Dropped File
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag
|
MD5:
77d62dd3707cca0dd440200945cfefb9
SHA1:
82139a836bc36c6319bbda1b38a29daa9332ce72
SHA256:
9b6ba455fc5257bfc37b90966eaac968c2f55e2b56cb7d8b713f072b0b035f76
SSDeep:
48:+DmhCl4QLOjl4n11LnmJR/dNnJnXpCmm/4/p:0mUKjS11beRPCmm/4/p
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag
|
MD5:
f6e44bd2afe7860a438b712e95c82536
SHA1:
0ac90617b3a5443d2495d412b191b02cbb79c446
SHA256:
c0c15f9b458424e7a458d8f2f0cf74b6ec554c237beda2899a4106bc8fbdc081
SSDeep:
48:UbTaWoju7gG95/lAshF0aIb9C+9TppFSj:UaWEucUz36ZTm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT
|
MD5:
b748bd37ad185a28ae7db723d8dd23e2
SHA1:
5093390d7851c100585bab9c164b121bd4019707
SHA256:
b8fb3faab590a1cf2184a890522161fb9582068ab1859a621cab44fa464956a5
SSDeep:
6144:zSwBjeW6hTNh+yl1X97FuapUiIimERZv2uJPd3kXWPTzaJRJrfbk/:zJB/GLzGviRmkvpJ13lz47O
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\Users\Default\NTUSER.DAT.LOG1
|
MD5:
443dc3489c7400613176b96603f4cc01
SHA1:
ac941a9e378a4d0f3bbe2d2434e747cf9e812711
SHA256:
c5507b40bff252d30657aee63894b12d260c1936fca97a831164ee437228d561
SSDeep:
384:Pijk0iUxnibKDdo+Oif3szTbCKFn/uiRGppNAFkywWjTPVYtRU5veNrL6z+Zbt/y:r0iUtibAdZN/qbCxNlsDV2UL6Z6Hv3
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms
|
MD5:
264780c4aac93ca24439abc9372c57a0
SHA1:
73801f50025bbfa0e46c73f3235b28733f6bccc0
SHA256:
8eca5c849b13c04085a640e1b0be97ae7a05fd496feea86ed8137ce0956efc61
SSDeep:
12288:ShJ97HRdDVfRAPNfoAwF/QEHFw+aiaHo+4N7MccmlrjYpkMNsuyLssi3p9DP:uf9uPmXne+aijN7rfO7P77
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
C:\Users\Default\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf
|
MD5:
4d487b443392cb74f3954d74f199f86b
SHA1:
58d9bd761e16b7be89cebc19db9013cc9dfe261f
SHA256:
8ce446e16b8a7c4c28a0db964220c0d819118c6053acae86973c5474b7fe67ac
SSDeep:
1536:IIvmntQAsWk6LgJHFvNDQQPfO9hVqfozgc7mS1oKWvCndYDCVDk:zmEWksgx1RQQe9TqgpKS1svCECC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
C:\$Recycle.Bin
|
-
|
Access
|
|
|
C:\$WINRE_BACKUP_PARTITION.MARKER
|
-
|
Access
|
|
|
C:\Boot
|
-
|
Access
|
|
|
C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates
|
-
|
Access
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Adobe\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Java\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Garden.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Garden.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Hand Prints.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\HandPrints.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Orange Circles.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Peacock.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Peacock.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Roses.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Roses.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Soft Blue.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Stars.htm
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Stars.jpg
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VC\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee90.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Common Files\Services\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\Services\verisign.bmp
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\oledbjvs.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.rll
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\System\ado\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\System\ado\adojavas.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\adovbs.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado20.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado21.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado25.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado26.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado27.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado28.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msado60.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msadomd28.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msador28.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\ado\msadox28.tlb
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\System\msadc\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.VisualElementsManifest.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.VisualElementsManifest.xml.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\master_preferences
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\master_preferences.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Google\Chrome\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\CrashReports\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Update2\1.3.33.5\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Update2\Download\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Update2\Install\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Google\Update2\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Internet Explorer\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
|
-
|
Access
|
|
|
C:\Program Files (x86)\Internet Explorer\images\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\MSBuild\Microsoft\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation
|
-
|
Access
|
|
|
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml
|
-
|
Access
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml
|
-
|
Access
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\logs\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log
|
-
|
Access, Delete, Write
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Reference Assemblies\Microsoft\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files (x86)\Windows Defender
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Mail
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Media Player
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Multimedia Platform
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows NT
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Photo Viewer
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Portable Devices
|
-
|
Access
|
|
|
C:\Program Files (x86)\Windows Sidebar
|
-
|
Access
|
|
|
C:\Program Files (x86)\WindowsPowerShell
|
-
|
Access
|
|
|
C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\DESIGNER\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\Services\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\Services\verisign.bmp
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\Ole DB\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\sqloledb.rll
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\ado\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\ado\adojavas.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\adovbs.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\ado\msado20.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado21.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado25.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado26.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado27.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado28.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msado60.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msadomd28.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msador28.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\ado\msadox28.tlb
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\msadc\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\System\msadc\adcjavas.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\msadc\adcvbs.inc
|
-
|
Access
|
|
|
C:\Program Files\Common Files\System\msadc\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\MSInfo\R3ADM3.txt
|
-
|
Access, Create, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\OFFICE16\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Source Engine\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\TextConv\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Triedit\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VC\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VGX\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.UAKXC
|
-
|
Access, Create
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\Content.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\da-DK\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\de-DE\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\el-GR\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-GB\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\es-ES\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\es-MX\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\et-EE\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\he-IL\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\R3ADM3.txt
|
-
|
Access, Create, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\R3ADM3.txt
|
-
|
Access, Create, Read, Write
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml
|
-
|
Access
|
|
|
C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml
|
-
|
Access
|
|
|
For performance reasons, the remaining 3147 entries are omitted.
The remaining entries can be found in
ioc_export.txt
or
ioc_export.json
.
|