|
Filename
|
Hash
|
Operations
|
Category
|
Severity
|
|
C:\Users\FD1HVy\Desktop\ragnar.exe
|
MD5:
fcd9a9e76d99cf8b85a817eee770a333
SHA1:
1a7a938bb4b88c9a840c0f2935663d3a207c3f26
SHA256:
0766beb30c575fc68d1ca134bd53c086d2ce63b040e4d0bbd6d89d8c26ca04f6
SSDeep:
3072:4QmiWfzjg59RO910Ztfb5ox1wzytOQ9XCYcQIicBT1qk1BD:3WuRfSxazy7XCYcQEbP
ImpHash:
5524982adcc05c2df0eebdb0c3ac3ebd
|
Access
|
Sample File
|
|
|
\\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log
|
MD5:
107b3267a12f71508aa242d33dce086f
SHA1:
ea7aa9d2b5eec72645f124983c4888ac75fd7c1d
SHA256:
c2963b2a6b6fe569498baba8305a6b1e3c6f1e265cb7a3dceb4a583930ce6ba5
SSDeep:
768:tR8WWm/7CR1esTl7KCZWedF+tGiTOu8jkUEqRUy2q2zyHUQzFsY:tXWm7CRdRUen+tVGqDfz4qY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log
|
MD5:
39131712eea1902824f3c906cb0aa83c
SHA1:
5d31778c318ef7768c7f45bd11b0c8ad5d4ace5f
SHA256:
5b8276600307336e3a1b53e487ca73784667dbaff26d5fc13140a465c1ad2ef5
SSDeep:
96:F/yxA19ZNq0oyHA65t+yurOMN5sNsBEOxCe+ILXLA3Dvjl9evrVMfjs+4ihkU:F/00op6fA3N5SLeZLXMvj2vrVMLmihkU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini
|
MD5:
346bab76c1c2dbe60e9eb3947e20c691
SHA1:
943bd9c3b785b948405619fdb54c32ef2e10379b
SHA256:
c3c1f7ac352c91166c12b15d8090b94dd2d5f1226265b1d2fe4e2060fa1dc594
SSDeep:
12:4uUGaGkEtSt2oeubhtg7cL/ZrrI2YMWau6fKhsk7omb7s3QwP4b23qy1Wrcifj8R:VUSvo2FKZ1rrI43Wskcm83QwQR/rER
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd
|
MD5:
6e5f5fb124032f2b280f7032fb32adeb
SHA1:
c9e5c4fd1acf29d583896f39dcfdb7888b6a2b33
SHA256:
dff40fb800c032563621459a34c053cd8d461a0929b42f68e4ca24307268e6d2
SSDeep:
24:7xDh2s12fd7Wb2tzH956oOYW25lqhRtbWuXDlzss7nwcR:Gs1KVtRnO2sPzsslR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd
|
MD5:
a199c7aea4af34a207a21f4c85500757
SHA1:
3ba2703f07eeb961ffa33da4c57aa33a84b80460
SHA256:
f866892c4639fa69dff6b98e2172b8231a7244237516da6f477ada007be2452d
SSDeep:
24:LImnc8UDjdcM2frWY0d6sGEDdOV7byhG5NR:kmvUOMKrqnGEDwnbR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\$GetCurrent\SafeOS\preoobe.cmd
|
MD5:
58599f3e9ca5d3991f52f16112609905
SHA1:
b092fde70e3306ec5dcf5a991bbf1382a25c8f66
SHA256:
27a0486aae529d1199925826964f5b96079e9ab429736c0d047557bd0949b68a
SSDeep:
12:z8kmT/6Mzes+AnDUcP7ugxGL22GbyLGxJswFM/FsqQOq7069JycxQZCXsOsoQCXj:syw9RIY7uk02LbDiSyYQ69wXZ6scXrss
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1025\LocalizedData.xml
|
MD5:
b9f75bb2c1897beff02c9c6712e31c09
SHA1:
d07348be0932ced108619bc78e88d31ce3face10
SHA256:
5ebedc606b60da16133cf87560d73a156edcb6fda66a4971b0bbdff4075ba0d1
SSDeep:
1536:lWDqooEtBQdgvdBOyFn7PzONqfZ3aymyONae+5vQB61869PSZ0:lWDnoWQdgRl7rONrymyGqvQAdX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1028\LocalizedData.xml
|
MD5:
07cb258e70ed67f30ef06f42d61af0c6
SHA1:
159e6f42ae203672d76d0c60f419577609dacad8
SHA256:
556b3d9229ba301aa5b0ea9f8055bdd2838df3c15f4aa51606b0161c5f5e5c6f
SSDeep:
768:u92mzw/OEVFuuGquZZNLKlkzL3o8uxHXYceJ7XsnLHnK0a8TEOgHhyQ6zMe6RQt:Yznes7qC0lt8OYJ7XsL88p9Qw6RQt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1028\eula.rtf
|
MD5:
c54154c4a6b4122c85c17444971301a8
SHA1:
d9ff190982a32d9e23af78de825c1ed498c5021b
SHA256:
c15104ac8c89ec8cfb8fba80a62bab71b8ddbcdefe9dff9e19ea97bc7db4fe50
SSDeep:
192:MxpyuQZdPSinosGX/lihhLwa+f9O2NeiVQOtQIzZ:E2VSinMiLwaU9neiVQOxzZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1029\LocalizedData.xml
|
MD5:
116946a38457cbe23cd4565e6caf86d3
SHA1:
fe74823a68bfe58b55592ed9506aa93d61f303fa
SHA256:
e407abc17b3cde00ea273fe59e95d7dab0004999000f4653ea1c85793a04f9b5
SSDeep:
1536:VmgEinWPTbt8pVR6MNnFxSPXPzhe+M6T+y2MwEyXaIR5LqE7SL:QQnGGprGwgT+yxpyXai5OI6
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1029\eula.rtf
|
MD5:
dc8bed4994493c674a012c6f04fd9eb6
SHA1:
6213802eda4a59599f6f43d6e96051f7b57a1e37
SHA256:
50a996112167d6a5e7d3e8fdd8ee5c8776663400e7439e5f786f3be1845f9b9c
SSDeep:
96:Ley9DiEPCVoqhzlo8fllt3TUVJoqgDpbOp5eN6n0bMhRPQdE:iseXhzftDqJJgVq5KboGE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1030\LocalizedData.xml
|
MD5:
49ca70214be6889c37de47c9de257084
SHA1:
04be37cd059f6aa385cf69322a269eee3f80fa5f
SHA256:
149178e1ed9672f3bceb459ae1d384306b10fe42783868ecb3a5e369e26bba07
SSDeep:
1536:VeN+NaTrCe83jDATLqx/+fiQvLsgqCvWUC4snkYGCe2un8vHftkEP:wvTGe8AP9fiGsgqCvW3sCevn8v/HP
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1030\eula.rtf
|
MD5:
ce43853e5d2218aba456f963863f654d
SHA1:
187cd280dfb3f943fe5cbb6f7d856f92f24ec657
SHA256:
c3a191fca6187a354a959fd6807c2c4a511ff58e52b9160143c07fdf70e4454a
SSDeep:
96:iX4g6Ixs3q+KoC0SZEEAldqFkWVKVaxPAbxfKWkThaCuoaN+nF85:Yn6fujr+qWa2NMThaCuoaN+na5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1031\eula.rtf
|
MD5:
ee0c9cf4407be679ba3ea4d4a4d15638
SHA1:
d522f238a721a09319985bf274b0b19274b692ef
SHA256:
bcc40fee2f334515a5c1025640f16c756c50a0306c1eb7b426f054a024904b9e
SSDeep:
96:085VkGk56zZNiRdL1KDgrPXJQQgz0qpCfLPYg:08ZkotcRbKb4GQPT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1032\LocalizedData.xml
|
MD5:
01baf0e673e2e9e883b586c656437f4d
SHA1:
4e031048d78901cf1b952fbfd64ca4c5e2b8cabd
SHA256:
bf296c51d534636fb5df272b4c3bbaa914893f51764e1ca6cc82ab39a23d7bc6
SSDeep:
1536:roT6DVVCpqu/A7nEnMpe/Y0PomAs+9Cn9PPwAhYAGF/9v9wmlfq7s:ceZVCpYrEnMpeKKB8Nhh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1033\LocalizedData.xml
|
MD5:
d9c4c88b8818723cb7c35cd7a544ea75
SHA1:
2ebb3e00ccecbf54d19726ded464a9461c648689
SHA256:
8f704da55e44020353cba583304138c9a4deab9e1bdd65a036ecbb15067f9e44
SSDeep:
1536:rZdFHeGKeYpCB2dBwqjNjmpNOaoHMQQ3aKMcQZQQlzSj5j+MN916vp9:rZd5euYpHkqjlmT4MQQ3aUQFl+hhN91Q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1033\eula.rtf
|
MD5:
113dcbf1e6e3d483c3fb37c62882066f
SHA1:
042553e370a8c036b19952b10de8c6f53089f66c
SHA256:
3ccd9316596d8e51910d59dfae14c2627d51a0c95f617027e8dd394cf496a0aa
SSDeep:
96:1pA2xYD8zJgn3yqF0NWKXzQ+uyVnSxfRYQnHOkoF:1pAoJi3ypVXzQLyVSFaQHPoF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1035\LocalizedData.xml
|
MD5:
d7591159ea815588a1e0efb383b08948
SHA1:
6755ce3dccef261d82c556b2eb7d50cf35522956
SHA256:
34430fc8164d93f445f7076f915acb33df800a7cbbe4c6dba48b96b11507f2ab
SSDeep:
1536:iZ7i2WVltclAUZvyBgF7n7zOUBQNZ+DahmQWTgn7izAK1Cbtc4:a7WVHcuOGgF3qUBSD4Qoo7kB1Cpc4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1036\LocalizedData.xml
|
MD5:
d28b5d0c1469d5b96d06b5e96b2ee824
SHA1:
488122564f63469a2dd468a2a58d66e36635fa16
SHA256:
11c17d3d8d639b5b32973e87d4add36b3d76d61d8823e665240dea3af23af3b2
SSDeep:
1536:NY93qZNiuMbWfDsTindtb5bF3llxkWqo8TErSz9LoqL7KmRqGaL9nj:NYxqZNiuEWfD/dtlxTxkWMormK9GaBnj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1036\eula.rtf
|
MD5:
f5e0ae92350a43f2d7e2d79acd7896bc
SHA1:
020910c96e141d2b61f67a2cfdb23f79b1fa73ac
SHA256:
b02ec3dc57a557a30d4ad6b4bec5bb3737ca7b0bfb7f5cac0d424e3e8fa9352a
SSDeep:
96:c8qcjEeem/ZM7O6thS5jRQelKvB6waCml30:cNq/Zn6SxIgwaCi0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1037\LocalizedData.xml
|
MD5:
4ee3329a427302cf68539b7143d14407
SHA1:
25a8aacf5549f001b5badd8ef1822347ec8f9787
SHA256:
5fcb3408faf0123c9b1e1a2fd97c2dbe5f57fc802b554ab6eb3573e538553c47
SSDeep:
1536:yHrx3KCt82jzZFQ3Pdvp6CWoRmtUpjDqaptKBDh2hEqF:y9xPjzo3P5prWo4upvqfDhuF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1038\LocalizedData.xml
|
MD5:
652a93710b714f5ad017ed69356d4409
SHA1:
9ee70eb352e46b2d60db585563880ec2bfedc7f3
SHA256:
8bb456c1bb12e4297d1716e38b4b70eedc6eb5f2f1156853ca7c5ff87adc8da7
SSDeep:
1536:QtUHWrpztMCPjx4zLqie4u7/as5IKdkIxPuvGWW8AQ1LMFzRO+7EYGQdD:cUHaYmuvoh75IHWa8Q2NROO9GQdD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1038\eula.rtf
|
MD5:
d124d1a3927874a0caf5cc4775e54526
SHA1:
39fdaa9ae337fe89cfbad1d36f4cd833a848118b
SHA256:
664acfc51b16facdd725cbe54b6cf126dfcee86288f24cf9383f2c954a1499dd
SSDeep:
96:LGTJGA/IT9g4AxbgjIOmsqCfO+gLNlW0MjOrnCUcbwIweton:LgJGpWRmjTmsqkaN40lrFAwIwR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1040\eula.rtf
|
MD5:
731e33cb2c3122c578dccad2a8c02d2f
SHA1:
f6ebe315cf5feba4610c8a28f5f84ee9599f34b3
SHA256:
03cacb983abec568ed314bf740c861ec7dba44a8a28f75d0c18265f2686eb640
SSDeep:
96:JkhuQaFcKiGeMj0fLKRA89jE31Yv4XbLpFTVuRVTkF:JkAtyXKAKRA3SvebLpFT1F
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1041\LocalizedData.xml
|
MD5:
62dd874ac054c6d3cc983de10af336fd
SHA1:
101603d096086c204f767397a4617dbd75671000
SHA256:
bfa8d58f6738b6ac4c689941bc225321b7473511330e0db8c2c63d23a31d4bc9
SSDeep:
768:HfsjGOcwQE2D+flTkuFC0nhIBHw+kH7fZIqB6iAkHw3QKUwWu9wK22wkQosE3NND:HCGOcw3yQ3embfSqQ3pUpDkjl4NodkD0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1041\eula.rtf
|
MD5:
f6f73793cce35c7d8d27d5bb059ecbf0
SHA1:
5f69a140bd7fc9c32ae19a9c04afda9d914910f2
SHA256:
3bf6821a0a301275c4f738fe95002f259c1e3e58a538625ce385321ad1501a22
SSDeep:
192:CQnt2ArcBnpCIYWJbrmJHjHD6jdNSkV06iEdNCWAuew6QLzQWW0TbPZSEEeLpVyE:/tpWEim5Sj6TIN80AqPZS/eHyaxZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1042\LocalizedData.xml
|
MD5:
7ded41733d60c560831f5b1545a55182
SHA1:
682cb246f25840e7dbda7fe3c770ccce5de5446b
SHA256:
5ce6c2c091f1f6f8c432224c091468a8de8390f4b74ae8bd7fdc71078984f496
SSDeep:
1536:BjDk1FMHOajOw6MCK+tOyPwDiVH7moZQ42NnwFsw4KK39F53Bx5I4D1:dI1kOaR6MCRYyPwDKFWnXw9K39D3f/J
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1043\LocalizedData.xml
|
MD5:
eef2601526a2543b85e01849fabf0b5c
SHA1:
b67ea015ac059adc44515cda1c93d310e7e5bfd8
SHA256:
64e5130f0a05de10b9389f4770d2588e2af4c4a4753d103718ab96a24d28b8ed
SSDeep:
1536:j0eSDLp5QCcwdeAKVkcw2pNvTsTehhX/bdiGHGVLLhYn9TPiICqQZvuHsF:j0P7QsdqqynnLPbdzmRQERv+q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1043\eula.rtf
|
MD5:
dc9e906c69d5fd750c27a4105f75792e
SHA1:
b50d0ee1d17be39db7162cafa133e4869e614e6f
SHA256:
97a5fb731d42eb4a16d1b5e282e3c81784bf6224f6d6b2aa46a4867ddcabca77
SSDeep:
96:QM0NxaOUw0tK1692cdZVDf/odxqoTJoyL1AODslz9kUrb:QM0NEK1653BQdxqoTJog1AOwX/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1044\LocalizedData.xml
|
MD5:
f73fdd8754513cd162e0683020aa5ac5
SHA1:
ebe65b5ecd447fc71b7e42e158c5f38ce1b51f34
SHA256:
1232a7601f137a0c64f533ab249027f1832083248fe89e86f66261a5fb345875
SSDeep:
1536:aDlEoNdsatFtL7+aXjWSe6K4b+tAe0Wi5/On3ctjmbP09c063eOzrWP4LmecQZ:yluatFtLZSSe6n4AehyIP09c06jzrmeZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1044\eula.rtf
|
MD5:
45c411618e0c2d3167ec2be57407b3df
SHA1:
76831863870e447df5832a1483ae185477b11a4e
SHA256:
dbbcb98a52dcc6be329c902c27bb614f3f45b7e25adc3bb6cc4057dc1d5e301a
SSDeep:
96:rtxj6EQX6FBv9WbMGdwkugpWsNRYNTE70SrL7jn6HW7jj+VrMu:ZI4BvgbXugpatWXjUWXjGMu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1049\LocalizedData.xml
|
MD5:
092d0dddc57c3b63d18caeac958fc281
SHA1:
a128d37e4a124ecc54998005fc1df1a2b34e15ee
SHA256:
976963a14e7b9559f853217944377aeaa3cd8a9c1dcb69a02a68da68637c9028
SSDeep:
1536:pfSEROV0Vt42MoyP79Gg4+H6tojvGkP/rhcKsM1f1YC9ff45+12w8f8OTy2jLB7T:pfP+0V3S0dsSkXrh9sM119fff158f5jp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1049\eula.rtf
|
MD5:
273adb321d127cbc7f8cec3a429c5ecb
SHA1:
6088690349f183272ad7fdd07303da109f9ae8a3
SHA256:
f872e7f141286bd85c3bc1048c1fa39e8479dc9a8ff0d09d13a77bae6d0205e1
SSDeep:
768:KiBCIdpNXOrM7vYz+QdGh9Z23MqzBwDXBcmnGA9kpcdJU6gel2a5QcACuannhGZh:KiBCIdpNAMRFhHBXBczL+QcACtnEZ6S
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1053\LocalizedData.xml
|
MD5:
63273e607edf08cfb32f461aafd73f25
SHA1:
87429c494ed3f241a5b7207d0427600c5b68fd71
SHA256:
46456283ed127f721d6c31d6c98340273f5010e61d77eaefadbbfe49cce7e394
SSDeep:
1536:5Frinw1lYc3LODQKuvoGJ4Ze7DblJVETEt643rB4aZoietJ:5Fmnw1ScEuvqZalJVkEt6Enu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1053\eula.rtf
|
MD5:
5f6930d0832ff3002650df9bcf19c8b9
SHA1:
f4afc86da22bf77f7b072520f6fa303d2e5ed9e7
SHA256:
4cdf55d9af4b1ea051efb1605744b738bba6c3de4463d51acb916b6086973360
SSDeep:
96:L8bU9wWJG6x0eEyfUzjG5O2lddAo0UAlZvjUGGau:IAwwG6xuybxlLAEAl1j3u
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1055\LocalizedData.xml
|
MD5:
b2b545601f9ea2c5feeab6b4495169e1
SHA1:
0b62824010974a7d10f70a31204c9e1285fa6992
SHA256:
6991d56707b54e638cc3681ddb6e8fe58e161c37346a71d92f57321d89a90ac7
SSDeep:
1536:YKppbLul2D7Oq2c3bhyUTaB2ox7bIVHFpKm7lIddN7+Iy7Ba:YW+y7ZbhpTaBPx4lKmKdR+hU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\2052\LocalizedData.xml
|
MD5:
75c7031fc4abd9e0f4f549a05033d539
SHA1:
fede51e9b4d3c18e81b4afcd468018e8a4c1a2ac
SHA256:
b0ec6449899b9c865198f7bb67c44275cf76546a1d4cc208435151ce680a2ae7
SSDeep:
1536:4Jl0m68U804ET7j8m9x4xRKMPJe7FJiofbCZQfv0I5xh:4SmK89ETnDARKMPoJDWZscI5xh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\2052\eula.rtf
|
MD5:
b5ef4f1dfde58a03234ca52d49b15c05
SHA1:
e728940fe2839c5545736bd5a490a6373ef4da38
SHA256:
859793248b9b559a14be34ad48646d002932b86acd250047b6364645c8179fb0
SSDeep:
192:TQIqcnz0hZd0ts71wqBgjeh2sSXqkJ2K8XtiR5YphoBD:TQ6YOtA32sBJKOw+Xm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\2070\LocalizedData.xml
|
MD5:
2ecff026bf8d51dc6b8a25130115be1d
SHA1:
60cbb78530dd6547dcc87f035c37c9b702cb3c4e
SHA256:
6c43166a219976ebb5549b66e35b44948e62eb12ad2ae7cd06295b32d1355c59
SSDeep:
1536:VoA21d2GVtE5yJQEogM+ltsUHnCV9sj4C5Vv1P8rbbwLNR43fj+1C:VoAGN6zctXCDsj1P83kLNRY7r
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\2070\eula.rtf
|
MD5:
4d02b7d7d0b9a5f8e9d60115dabf40b2
SHA1:
6e02794395f95d7dff4336d705e6992b84fb1aef
SHA256:
f95f85396e34d429b46862a39bbacced3895423df678beab7d6167e86054eeba
SSDeep:
96:zBAwwWFRUuRWSs8Ka43d64DZZ2qz3X/cL0fZrn/T5DD:ClWZROdDZZ2+/cwfZb/pD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\3076\LocalizedData.xml
|
MD5:
bbbcbe6c25c512861a885a04e3a262f0
SHA1:
7f518dd215012f88bd567ebcccfed228d73a2dd9
SHA256:
1213ab646b9bd4d3a2fd767f0468f5987b26308f32269807499d901920533c3a
SSDeep:
1536:exGul28Ufcet7hIhq1mYjyAF5wtxoQO2W9TgA5W6nmyv61:e5lzUUS7h3mYjhoIOmqgmmC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\3076\eula.rtf
|
MD5:
fbc4583267663799e7b42fc2efb71c89
SHA1:
1752e23315edbcc3ee97d762a2e4cddfd9cbecd7
SHA256:
a9fa5785769e4cba21175bf298cca79eeb2fdfb8d0229ec7f294ed738d6df9e7
SSDeep:
192:OwtdOH0pCi1wS5GdCe9MnuOh7kVD0jgffLk/:OwtdCisCe2nuI20Urk
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\3082\LocalizedData.xml
|
MD5:
0d77400d7e6d1be5247c92a6a02948bb
SHA1:
b5e4b2053577e039d20b2afdb11fbbcbd31f5683
SHA256:
29f7fa00890e7bc09795793a47be39684f1afc4d69226afc7eb617d7a7e52bea
SSDeep:
1536:WgrQu3Vwuoh/7lt+pcA/LeNZiQ2FzzgaMPdMKTqcobRjqJtxjTkVNbN3jeQ6LR:ujlt+1/LeNywz7qDVjqJtxjTSxibt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml
|
MD5:
5395d6e2b4e90cfbe40e2a49fc1b9df6
SHA1:
eaa12ae1e4490faaa5419fd3e534f5ba7ec36f51
SHA256:
5e996be4ab674e54c49c9b75a83632934e48af7efa7e2ec0cdbb0e937e9d9dfa
SSDeep:
3072:8gvcKGBCMDEE4vwyJ6GPjzIS22QHy/+47U7kGKM3kw+XOdTGbyOsaPsNNgTiDCFV:tcCMDv4vNJ66B/bk0+kw+BGONPuoH7x
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Client\UiInfo.xml
|
MD5:
46095a94e8403e30dec195c9956aabfc
SHA1:
a90743a906868bc6a9f5778db5d919603ff7c23e
SHA256:
55a33b4f631646f0c28fa39242d996266848beb2f785ecf774e1d2f933be40de
SSDeep:
768:T/PoOOrtEakZ6dCNAqwB+PUPjcu8lUkTfqz7vJIt4Lt4VZATk2x5j:7PoOSE/WCM+8ZkTSz7vFt8ZWk27
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\DHtmlHeader.html
|
MD5:
f41039d91c302201e81ab32dfa477fda
SHA1:
ba8ded84547617e3e7df7d80ee115977310ec053
SHA256:
494e68c744d5de0a5ed9e221905e42c29819ce2a5be1c846f393f97b65033066
SSDeep:
384:ogu0nrqhpe2222mAVjmLgiSSStpO761g4wP5rAb:Yuype2222mApmciSS4O7sg4wg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml
|
MD5:
5ca4988009e64f0beb8a8265e1da06d8
SHA1:
6b3bd7e1b31d9838d5f3febde7028a9182520502
SHA256:
1622166d5f3d26b1f6a2a9862cef07f7d81b54922e3d3d572b1e1ebc32a24a5a
SSDeep:
1536:1TbAgwAuagwFRzVasTeZd84g4WgBbfHYS5RvPgRONrTGct+lQvzLVfvmFHW0:2gwrPNi0Tg4P9HZ5RvPgRe2QLLVne20
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Print.ico
|
MD5:
330800cba5ec0aeee7e2e05ec262c0c1
SHA1:
6cdfbf5603ded4e086cb1999a5ee7f76d77293a7
SHA256:
32d3bd348898b36e603d8e3a7f71f148ca9fa9c2791ea692bcd42302c615e848
SSDeep:
48:YJfyhs7U1EwB4hIBG3Of7m3e7iXHu+ChiiAUER:I6mmEreBGefiu7iXO+ChisW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico
|
MD5:
27c2e4ed2bc64ab82ff9a9da84256991
SHA1:
bc586f52fb5942cb5d8dbc3917069a68dc49ce62
SHA256:
f25863ce8883ddb7097b6f78d345a1846457b05c2f1524c05cce9816917429af
SSDeep:
24:b9DkqkSkG+vlcj3UKq3juzA7r+XXa8REEVjAJpsNGG8+gg4tYEWbUd7yx4R:b9w7jG+9cLBqTuzgr+a8eEVc3ca+stYE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico
|
MD5:
d819c1e2b26b148cc6117fd0fa5e6fc8
SHA1:
cc827e10c654e8c6a70341809f660c9e5c604d90
SHA256:
accc1ed5c85d6f53f55594a7725cc1732056a24f97745da754b8e9ff6764f95a
SSDeep:
24:fUMZJZ3NanwacmuThjvHRSSwB9K48kLmTswa9Eg1yoJi5qKVj605Du5SP1usAiOq:N3gwPZTZHR6OJkL+YHyow5qKVjP5DE7S
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico
|
MD5:
ce8556a985b964d1ffe95adea210112c
SHA1:
59b07bd08b65b4b4f112cdcf876042c72df2a97b
SHA256:
568b02e9b1404f385c2f0510777e60355355a9cba199cd4d023a5105cd8d314f
SSDeep:
24:y/CeqGlxD/6t8A9mw8TOW7nzpZe5LmYtBYODptXJ4KMXccDyxtM5EDWz5qP5Pozg:sCeqgxD/6tZ8iWBZe5Lmsael+KMXc9q+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico
|
MD5:
5dc2cbde96f54c26b4d31c562a3e19fe
SHA1:
8af47a4b72eae04ca199bd3d2418783e91a71c01
SHA256:
e85a220696ccd27a65dd447fe272a38bcdde74c81aa2b3122e870fa23dc2a7af
SSDeep:
24:rzpKciW47h1Qcf9eYZ7oDXYx2ScAcOUqCuVplNyBDlFdL0oeY2SBBySQ0zHR0Nys:rzccg1Qcf9eygCJcOUqCuVT09pLDf006
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico
|
MD5:
28d46db7ffad168cc44a764f29ad3534
SHA1:
5ddf04e617a702356d0df33ee980b6ea8e16e2d9
SHA256:
b7ca8df4b7ee4f1a32f0d7270dafa31de04db684c53f3a96f1dba8af1963cefc
SSDeep:
24:4DnMVp/eUomHxxNWa9dHSd5BPj4+C1r0PvWKe3RcRC+ASDnxveBc6KCOxD2R:wgwU7RxQ8FWe+qyveOM7AnxvoKSR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico
|
MD5:
47209ad31e2e4740da18ef76d6c87698
SHA1:
8abcd42d581ec62ac609b0dbf6bef892ab086e7f
SHA256:
da08fe461fc7e160842ab650d26b8e35f1a9211df1d67850ecf473c3094e68d8
SSDeep:
24:QLWmaLajTRfOIrgHhy2K4A13mJtfV0owwscmS3vxo66DFOeePR:QLaOjdfOIOK4A1EV2oD5V3vxo6jRPR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Save.ico
|
MD5:
523b66facb16b461aa7c56f07a25a561
SHA1:
426315618d7a900ba52ac1719bca9b27f1c3a04f
SHA256:
75d2ddb0205fd5daa3a3da1e0e754a9f70b989be33b643169a6f53807ee56949
SSDeep:
24:V5U1Sme1xjAxeINUIio+/BXqoR/4N1/ZeRB1T4U5r5D2JHCl+K3MDIkR:fSC1xjiUvpB/NG/q/MU2HCl13ER
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Setup.ico
|
MD5:
d465edf408877db61f77b5ce74b2e407
SHA1:
c156730ecc21b7452562c1e008b9fe35a2c975d9
SHA256:
5a7f08239ea4762e5134782050a933314b19931835ee45b0f505c6fe99fdfdb2
SSDeep:
768:n8eKnsy4w+Lo2KnD+k9oI3LX2nGHKHVvbcx/Q1mj:8LsXwuED+k9T3SnGHuUoc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico
|
MD5:
b442fa2a6a9186f62e764f91e1a5d103
SHA1:
0604a2d57ded3d23d55eedb8e5626900743da0e8
SHA256:
6f15e14fab21517e1ed85047c7e16cebb8103468288bbe616951cef4ac890e3b
SSDeep:
48:BHe3NoZXiwk2yu1jUpu9ZsOs/THPFK8HbBV4C7cR:ZedoZywk2yu1au9Zs9/THtKDCK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico
|
MD5:
d50ebe2b76ec8aa7bd7fccc4ae240989
SHA1:
c95b0c812c281bb7199983fb0c9af2770811c694
SHA256:
1e4f0b89e2faaa301b1bcf6e124974a642cad96851765694f79dd3a578eb2dc7
SSDeep:
24:5MbXoaeDIn78rcVbKh7Zv7z05MJ5cUSY2S9WYjhIfUn1Dxm3V9qNBgQKnqXJODhJ:53kPu/v7xrjLDm3V9SHL0daT94R
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\ParameterInfo.xml
|
MD5:
4608f7312e6cc727db3b1f6404b18748
SHA1:
ec74317fc0acad9efe46950b8ddcbd16b1abad38
SHA256:
b0ea7a6fc2bc346788c561d1bb8fbfc32c7fa5d3b47fe34eb2881068df71e8a2
SSDeep:
6144:ejodi4V+whHMXmFQFmyJiUSBzgbEfFiA8:FFiXm2FmsrS9gof0D
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\SplashScreen.bmp
|
MD5:
b6856ff253dc04c56120952b42116bab
SHA1:
233fb8cdc4f10dc4237a802a321c881f79a7ebed
SHA256:
33ecafc7031cb69ce073d1fb5a9c072fe7967287593fa5e37440d110673b4cdd
SSDeep:
768:dkQLNZogsrxTAenLG3a9B0BAiuVIEUhYaFZ/C0MB/TFWo67ogD8u:SQZenjLG3aoB5uVIEUhYaFZgLFWo6Ugn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Strings.xml
|
MD5:
d3b9d6ba4dbb33f8c838ac89bde2b88c
SHA1:
0b97f12ea3e0b95d4c8052702ac82be04229b0d2
SHA256:
6efb4b656c15c41a7f5918d370369dabe8bfd5b46df9c68fd33ad2dcb3377f81
SSDeep:
384:hpgieiM9mWJT5I+7vnmMZ4W5b3d3QquzUNp:bgievTmknm/W5Z3agNp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu
|
MD5:
9f9bde04795054a584a9ee2a3043343b
SHA1:
faa75de0b0de450ac12b714087736939de798235
SHA256:
b51f5da8de85c0f17ef5db91c22147ce5ac6edd63a35fd5d7b95b0f2f6a13993
SSDeep:
98304:jUE8MI/G3BAygHUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlB:j7kEfg4ZBkOK2Knq45mY4H5OMKkKzlB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu
|
MD5:
6fefda983cef89adfcd63e5ec4f4a597
SHA1:
4a551a53a86f02f83509feb0b13c943717fee7c6
SHA256:
ae2dace4236725dc50197d03bf203aa5814904fe03062b1aa58380ea5c55c6be
SSDeep:
98304:zawJeuKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCm:zJe7BBHTK8KXZ4UuY1kB1iKFKm/
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu
|
MD5:
15ba562a1bc36e7ad6eb96271ecfe14b
SHA1:
69b2734767f0c35724976aace6677d3ffafc42bf
SHA256:
703e4b755a32d346f954627744f9d58ea6fe99e3b05db6e893ab9e61e58d82a7
SSDeep:
49152:/BYflbZuXect/IKKI7b0m2WIZSDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNj:ZeSNtAXI7IVGnRau84KUYcs31KfFKzd1
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\header.bmp
|
MD5:
f584f461518f988418c61f50a632928a
SHA1:
7be90e95d473bd656814d4a377ebaf417a110c86
SHA256:
ddefb72da0f9071b10c9eb314d798a851be80d1d82f15de0c1164cc48a147409
SSDeep:
96:ar08DpJy7ddKIyZQkqnxCrOhNxYgu2jsrpoBfhbzLlvKuBjjtSN4:8Dpgvo9qxCrOz+V9AfhPLdKGSm
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\netfx_Core.mzz
|
MD5:
ea995ef413bf2b6ad2bc90fda843c53d
SHA1:
3314cd15933478dab681d9b13cefcb6dbb8001f5
SHA256:
73288fa4c342064f3f36f5605dde0dcd2af040e2dab13f06c9cd04fce0fb458c
SSDeep:
196608:BQf4ZDMMP9Q+oJLnBXZ35w+KBKbynsMN46ooP8ZN2j9z/1HMgqIfxNb7lT:OiltoZ3Cwbyn9N46ooP8Zoj9z/1sgZrl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\netfx_Extended.mzz
|
MD5:
99a3d9bc971d03302f5c452d426886c9
SHA1:
c17dc50ae5c228e4462e3a6b3533381a628182bf
SHA256:
9c85472ebb81990d4d4e27bde768b8746b902cbfbd289f1210570087d8449ff7
SSDeep:
98304:UgST2/aR5UQ1KIBqS4x7iCJSKP5EHx3ytMQTPhRxgHu+vZkof0ni2VRfQ:Ug82O5HYiOScCx3sNjhRx2ugZmnieRfQ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\watermark.bmp
|
MD5:
4507eddbfae7179c4c887df74f3b890e
SHA1:
ae239740b35bc2cfe50acf8d78577feb5ebe0198
SHA256:
81bcb94a8f10af40959ce702de7025fef3dacdd94ed4c873a3b992d8d29b5df7
SSDeep:
3072:m2QRMaB2Tb4GDRLCik5Tq10yxHwDSGPsRQTLZh:0GcCxRTk5GzIDJLZh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\Fonts\chs_boot.ttf
|
MD5:
68bb52fe45ed3dcc24ef5a6ebfc55bf1
SHA1:
1445e2768a402723b361aea056f289f9ea3f2e36
SHA256:
480197c0acfd459c24835cac2819a3c19a000c5a434eb21a233dfccf08757621
SSDeep:
49152:SpEk8IC46i6fbnDMEIiX/+gdSxNQnfHrSGjwe18wGHLuRapXtk:SpEOP6jfbQEIGf8NQnfHrHwe1auRa1C
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Fonts\jpn_boot.ttf
|
MD5:
2bb245dc4f002ce2a0660fa10399f8d4
SHA1:
8080ced807041cb7279f0e7ee0d7a1848d8e001e
SHA256:
890fd78db05ffbbded704db19227be09b2a25ea32bbf71ab5734316b241f8307
SSDeep:
49152:MTpHXN5+HDMXPIlkULwnqjKtoerD3t8ZHHzOxw3wE:Ml3N5kYYkYwnWKtlD3t8ZHHzOW3F
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Fonts\kor_boot.ttf
|
MD5:
061f0cb09d3b03cc2ccfc4b95beb9029
SHA1:
e52ab66e0d0318d3ea427c6a032684c8d66929c8
SHA256:
1418f8e0c0650b2052df5164b955f63f9ddf62ed933ddf06b931bd94af1f7750
SSDeep:
24576:AnRStyyr/f3+bVQMZyGpUaGYqQqCAInFdgyDp7RbIUQ+l:AnRPYu6MVpU3YqDCA8FdgGl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Fonts\malgun_boot.ttf
|
MD5:
ccf005440adc4eae5d0e0d5e009e1421
SHA1:
539dec34d50591215615abcc2ad53a8421f5e0ac
SHA256:
fcc3aeb400626477d260fd1a5f7a603cd19be124b8d544835a8123ef60e1bad3
SSDeep:
3072:b4KpRUvRvBvZNweuUX35lIlvh9d3xgunVnCae5ukujJqnxGZfrySuB5b:5MRZNwFUH5+J9NxLEAkuAncZfryXb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Fonts\meiryo_boot.ttf
|
MD5:
7f24cfe721f195a5502697f333e15610
SHA1:
38dee4f2e88c5947505f676d394dd3f0e8fffe97
SHA256:
8fa846bf2c7b55a165ccd0de7c75754fb075e4dc84dd0af87903fdd5570be4f0
SSDeep:
3072:Z/LhXMMqEBVagQOQ61hHQcxVT6dzUzze2QNyg4gjWsFAl/h9TAM4:ZdB1BVaW1xQKVmyu2QkpsFA1Q
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Fonts\msyhn_boot.ttf
|
MD5:
5503a2108bdbdbd6e02304a688231164
SHA1:
e38cf9d2cff8586fd3b12a78b2e0eca86891407f
SHA256:
27551f10f77dca0db137deac3c9d05566bc83b5abb4bccec9af55c650483accb
SSDeep:
3072:qDs43hulEHOQzug3bfKOE47IYxWR0LxD7sbn+lEr4CtccnusAp:qA43hul0JyMKOB7IYxWWLh7sbnWWJnqp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\Fonts\segmono_boot.ttf
|
MD5:
75f58ce3266ef4bc23167a3dd90e4050
SHA1:
43649979cafdf76c8b28de6f129e75e0d037c9d2
SHA256:
45b3702b64900aed0f8606fd852b02d1ccde7e28009038a744de6856d78ebb09
SSDeep:
768:nVYmbp1T8DArsa7KwzE4DZQPUR9d1lGwnTPpfJ7JGham2atABxzsdTbFM0uT9tHh:nH1UVAKeE27WwnLh/22/FxtB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\Fonts\segoe_slboot.ttf
|
MD5:
e6b1ac218a36cfcc002857568d7e73eb
SHA1:
868c6c6e9a2147473eff82079fea7e86c6e0571e
SHA256:
a30109ea21c8ef3b71c7bdfe090faf594a5c5de7763c23e93a0b4d4328855933
SSDeep:
1536:ZNbwLzzVZcxQvEAbixiTkS8KVYtCgF39ggvnGfCMPSZ0B+CorfRDKArnhK815gG3:wTr8iEJiTSztCktggvmChZ05oDRDKArD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Fonts\segoen_slboot.ttf
|
MD5:
00907c3bad9f53f1e843cc4534c8482f
SHA1:
08aded46ffa2d240a1cff28948f8c26540984dc7
SHA256:
d0a9cd754a3569acc22667ad51fdf70441b0212b98aa2cc826ffffe88c9f4521
SSDeep:
1536:oUzyoEoXKW2ESqsc9obYFJsBtRJI3yBcZ2WIv+YFnr8M2xvrjYsKoQLFrub:J2oEoaVESeosFqtfJminWkcQLVub
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\Fonts\wgl4_boot.ttf
|
MD5:
fca971082dd33c108732adc60b92bb47
SHA1:
9e71c212543b51d8816e1fc6feef9df0371e7321
SHA256:
344168f1ea91d96a93058eb4fa8478eba63ce1af9e683c7b17c633162b107f24
SSDeep:
1536:JwoZiRTHDOAleI9XmVk96JQMbqgT4UeImpp:JNsRTHDTNmko+G74UfE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Resources\en-US\bootres.dll.mui
|
MD5:
072cd1e807bb059dc168c0e5362f47cf
SHA1:
991a210958dd67207491847f2e6120de27087ac8
SHA256:
64b19a7624e6b49f9ed7c10af4d11ea878609a9b513e2f5364e3905a2f0a0a84
SSDeep:
384:GMsaA75M9D7GfPj4ylVYrT4cmkB+ldHqXTALV:GMHIuNGXjET4cmHwA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\cs-CZ\bootmgr.exe.mui
|
MD5:
85701faefd2aed16fd700533f1093768
SHA1:
eda0cd95b7ed4dce47c9d581fd2efee544e3370e
SHA256:
434a10e230c6c152555a872e202d612f7954a3d5d2eb0455818efd3825664442
SSDeep:
1536:YPVSq71iLQ1GSj6sCJMmtceVijdtOHp2TyKTzOaV6ChKUZm9kfZ18Lg:dqxXTjSztrAbTSaV6CsUZmqfZ180
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\cs-CZ\memtest.exe.mui
|
MD5:
eb0e73f0f82d0790f0e7e0907f861f5b
SHA1:
47468fbac3f939e0ab7c41c2e8aa678c49cbc518
SHA256:
d626a47ef5c83a994f4fab9072ba02d55e9aca6e0dd994d052022e4ed6640d48
SSDeep:
768:Egp2jIKGejNlQHe27jSrWquoWuFH4r1nrz4BA/vUFJH0GSTUaZTOJi9WGUH7:X2j7rSe2iS1oWumZrkA/sn0GSIa9NUH7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\da-DK\bootmgr.exe.mui
|
MD5:
4ceaa2567dbd1a5e4a41186a823371ad
SHA1:
018fabb6653dcbc672144e3c9c8364c553d0836e
SHA256:
968090940b304c261d8e4258f78cf4156844ee0284b9c90a4f11a822090459f2
SSDeep:
1536:ga50J3NZ2EthluRrlRWTmSnPVsJOyHFF6lbDJt3fRfEY:g/ddhMRrUpWcyz4DJjEY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\da-DK\memtest.exe.mui
|
MD5:
64fa4b662a55e8b9e99736b9c4f0cec9
SHA1:
b6ffedb22d4cefcc6e053688543e96dd1312108d
SHA256:
0029b7498ae9d43e09b0fbd897dc339967ab9bc3226f833b27decca41ebf4cf8
SSDeep:
768:76OSASewt1U7wvrLJlLrMykCfslNLaA0cmFjUV4EA5OPt8Xg5RnlF:eiSeCiEJdMlj0cmFjI4Ktsgh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\de-DE\bootmgr.exe.mui
|
MD5:
9ea903cc3d7407081b9c5127f2c04ce0
SHA1:
33e98d53821c902e5652baca5211479c7bca7dbb
SHA256:
3a48e4461fcd88ddb7d401db9d4a685e0bfe9a0f164b35a4198a7d013356e4e6
SSDeep:
1536:Wkme/FDgAL66Tqir4kS3bL1vasZ5WOH1Hiprmzh50NslMx6khl:WkdCAThr6LJ5PHipKzhQXH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\el-GR\memtest.exe.mui
|
MD5:
5b73eb4e054f52f3d5099b07d4849f8b
SHA1:
6484c1679d7f49ceafc293ce12a25ce786e21b96
SHA256:
f30e638bf7fa5408d6ea828e84f507e5eb57cec26106cd649c94f946c1d209c4
SSDeep:
768:QuNCDqJ2eTvRUnImHTgY9afiAKOJoC7rydMmRovFRXHYkQdxLU+QEyelR0A783:zCDqJ2ejAVgY9a69Wb7ry7R2pQECT0oa
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\en-US\bootmgr.exe.mui
|
MD5:
56b13007b53e652101c54abb16de4a6c
SHA1:
d3b85ea01346ae5902c034ad2c32bde33d777c74
SHA256:
68b8b9b017765ad35d2355d227d69f99748b562dd72e6ae96c55bfa86ff602e6
SSDeep:
1536:wIjz0fsJvFPPQMW71pdo+Rgp9rCmkYssHJCZSVkQMwDkrBuBkUtPyd:94ktFPPRWBHq9EYswPVkE6rWg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\es-ES\bootmgr.exe.mui
|
MD5:
5c32e424cf6708ea1498ff2aae13f1ec
SHA1:
d85b046311fb9582a369a2c806311f77474ff054
SHA256:
cb8cd49efb1a10c5d1fe70a399dd539d1c0192f24f4dd1598a7626d7ac504f31
SSDeep:
1536:A4Mb8CKIPf0x8HSKGcFONbkA09ZkdepTV682KFFc9wyWbwskG7:/q8hj8SKl/A04E68/eXW9/7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\es-MX\bootmgr.exe.mui
|
MD5:
a6581b4b850b840446c30273b5e16ff9
SHA1:
8c38d31674db91f942ad40179cbcdfbda36758e6
SHA256:
74d6d81fe0908700c6c5ec53fc4b9c8e9e4e477bd2a8aa657cd25705d804d85b
SSDeep:
1536:TVG9fl5LGoQ1UkpfiMgIOxh+XWliIMQx1XlBm/aQ5oxe/KD0xzYTk:TVGzEUAfBgIOx7liIMOxEPCxlgFh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\et-EE\bootmgr.exe.mui
|
MD5:
dd7e035fcd08a7bffc00bcc84c333a00
SHA1:
40813cd147390205a319d1bd9d2cf8b6f376d09a
SHA256:
bf4a5b9a2001ad678eba9eb55b2b29db1187779b380e50df42e18479814c1372
SSDeep:
1536:aurZgXOLLKSuJ3gfm2o78d72bosav/aCo9uijKsYFWQ+jVkRMu3Ka:a8ae4V2osWsyCo9ysYAHu3N
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\fi-FI\bootmgr.exe.mui
|
MD5:
2f15c030ae81fd69497c73f2c9facc8c
SHA1:
5c4a66186d64ff037673d0e80c6f95aca20cb0a5
SHA256:
18f6fdcdb41d76cca3662fc816b087ee542750dc472e06e0490147a2ca3e724b
SSDeep:
1536:yCsebXugsDqIsGpIIVh6Bd210qtR73CtWSskRk3fwF2ozxiTtF2AelmS:yybXMbpIk+dTqtRrmSkRMfwFTzEZF2Jt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\fi-FI\memtest.exe.mui
|
MD5:
4d3b75b13069e8855b5b36105c013181
SHA1:
880d43e10c655254f83f5c315413c7dbead4d054
SHA256:
b143515fb7b4e9741e372a059108f37827dd00d5f0b41d7ca49b9717d01b5057
SSDeep:
768:1oXrG+vk+4v9DGsG1XTInqZ86HxkDabZ/Hl63kwsdCf9CnZcNs0vitFGWC:WXtvkhv9DGsG1XTInR6HxkalflMkvCfJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\hu-HU\memtest.exe.mui
|
MD5:
b66d3f77eef1e0ec85bfa7c3195577c8
SHA1:
59dd3505aab242c1ae076d99a934e890e96f9d66
SHA256:
89f68750fdc6816e7ab01f128fb197fe17167375b19add33465e50c3f3506949
SSDeep:
768:xJMZFkCgb7dIcThrvnzkojITZSF0A8vrJ90EZTw0K9nk0rhb6vt0af1a:oE5IIrvnzkICourvlzw0KBkXvtlI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\it-IT\memtest.exe.mui
|
MD5:
45ccfc9bb171fa481a9faa5ef91dc493
SHA1:
368877af20539d95203b981706f7920497b38bfd
SHA256:
657f29289ce9f516127317660ef2b121e1080cecffa3d1c53ee344d9a0e8f573
SSDeep:
768:foFxhJxXzC8Bt5BHmICT6+z9CaKXoxDne8LNWuxFgXxel4OBtI+ZYXh1x2UeYaTF:foF3DXzC8jbHmrW+xQYDe8LyxW4YZAhK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\ja-JP\bootmgr.exe.mui
|
MD5:
09d7439742d8af015a68143b8e1a5887
SHA1:
0077e9c1732c397c98582e2d29099b7454484c5f
SHA256:
259e641709c138038a3d54f12e972be57b21eaf84101398b54dac8048249a9a2
SSDeep:
1536:FGJDHpudHU4NjUn43CF8AMgYMZcK7f8MivnX4OsHRaw9+Q6aF:FqWHU4y4yVMvMZcCffgnoOsHR9+QpF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\ja-JP\memtest.exe.mui
|
MD5:
e8fa279af6be552ea7ad293e384590b3
SHA1:
3db11c13d3524d87ff862af0a00c6d5be96e720f
SHA256:
4b94a359142353e9fb205bd786d9868c9fb1c088c885643c7047c5dac08ad4f1
SSDeep:
768:OeZwpBVcsj3N4JdeBt1195mHuMUSfDNiCoJZv/JOu:Ly028mtrmlUODwzVJOu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\ko-KR\memtest.exe.mui
|
MD5:
f66f8bd89acc910b366c3cc14e141f74
SHA1:
968659566b37b219a1b76ed688bfbcad8a61f2de
SHA256:
ad4dd90a5beb46283c5daac90fefbe1ba199513f4138654ba5f4ea994c669bf7
SSDeep:
768:mt364pa6LQdeQwgHlh3n2Lff6aBghmZornfG15wrlfskPi+DenbfcyCqDgh0PiGe:u364pSkOHvn2L36j9rfk5wrltAvF+0PG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\lt-LT\bootmgr.exe.mui
|
MD5:
e452bc4283d5a246e80af83a3c294db4
SHA1:
cc536df5559bdb89ee9ad766050d5987b4da4504
SHA256:
20672c9c5ef5eb07aa358cadff4401fb2568fc3623df25cf16047a151c0db978
SSDeep:
1536:UaO05PdRKcUjlbFlvmHB/l5VH4jWn4PH1AVoJBlIPxwp6YFr+:qCPd/Ujlb/+HBzVH4ja4PVAV/pwsYFi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\lv-LV\bootmgr.exe.mui
|
MD5:
d5449513abf16e729c12ecb942f44596
SHA1:
0927c1adc82104691b9e0dd385c644e0180871f2
SHA256:
ab48e7adbf8b4e81f2059f1a6225c6d82a53fc525bc4bcef4c18a0708c1f2dc9
SSDeep:
1536:x1QsN0cD+PL7V738JOY6SlvFFQ2PO9gknIzuwmVeFleDJoIXYpfw2Wb:xKFfnV7M6S5FC0OWkn2mOeVINw2Wb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\nb-NO\bootmgr.exe.mui
|
MD5:
ab20b1d963c2b88524869b39ee7d76ad
SHA1:
fea7f232bb283468b9a464e6104d6fe5c516ddee
SHA256:
b2473bed6ebe65d84ec3d3d102d95e573acbe6321c9f6ca12c607fad3fd32392
SSDeep:
1536:QoMBEJFbQUDdoJOEHSX9VL4ZhIYZTHIkPt6Gctiy50rS:Qo3PdMOACx4Zh9bIuItiy50O
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\nb-NO\memtest.exe.mui
|
MD5:
485b516cfd66a509a190a9a0949d3a27
SHA1:
0c1e326961c94e84a19b281a35f969b89ee9883e
SHA256:
85a562732c44bf0eccfcf8f5dd41ce4a208bf66793cda7639293e4780225721c
SSDeep:
768:UinkyrDTSZ/MHQoGixf0hktkGkQBJSuRG29GcUNziIRjhVqdkM54wAxt2YUZ:JnJXGkLfBt6QBJLEB90I+kwI2p
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\nl-NL\bootmgr.exe.mui
|
MD5:
111c5981bbc05f1ac307fa56e10e2ede
SHA1:
c514a3b4ec1a18877f6b435d4e6d54a5bffce786
SHA256:
89a0dc3fced14afdaf6c34e4c9526379ac27d3c458dc51ce94c7d17385273b7f
SSDeep:
1536:LHHPRXquk5HBlcEYwvQFK+QEdTmc4TLGHs1fhZqpSvW+DAMwSmZm5I:LHvlNEn9+Hq5TKmWm1m6I
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\nl-NL\memtest.exe.mui
|
MD5:
c7e0992b4b18b45d6367e164fc9f703b
SHA1:
6c149e0e955b9dbc64850fefe7a0b5b851d82ce4
SHA256:
b14d11b6182413645d722325b9755845437dc8ac269e96297dc24402b72bb934
SSDeep:
768:f1qQCXGvzFYhG3FmEzSKBjZulRHt80UWcRr6ruy0mzbmJhbUih5rzMAZSQBETT:fcHXCzFYwLnjZulpOtYpVaJhYih5rzMl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\pl-PL\bootmgr.exe.mui
|
MD5:
ec655d6afe39260130266f40bd3d26d7
SHA1:
7a4d38096e12442a42e5fce6abccb265d1dcb5e7
SHA256:
cd0aafbb33c235aa877061213529a74191966cc7f0ed8806fba879de48f849fa
SSDeep:
1536:2JWJdAbw2GxvnGgMvfE0Te/43jsHavPHKpJPPQCTCvmtTnZiqTMuG2KTvwBqrX3G:2JoavTe/ujsHav/KfPZCvADPTMu7KTvU
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\pt-BR\memtest.exe.mui
|
MD5:
b243ff22ce43b79b1f34af72de8f8dcf
SHA1:
5938bfea6a9b3e48b44a26ffad659b048d051efa
SHA256:
e724643ab72eb08a4f41f2eb36f8ff83f68ae831c179ca37a49efebb4da94385
SSDeep:
768:PGNeMtkw8nrX/1+pJPpU+anwNThzRvAbtFrvWaA1VOY94wYNA26SzWbfW5AUBSs8:uN1kw8nrvmPS+bRhR8t9Wh1kYeFj66WZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\pt-PT\bootmgr.exe.mui
|
MD5:
f96254bb71770b832e565bdff4fa0a3f
SHA1:
451d39a496105ea5c15969bd5bc9aa2ac231a3bf
SHA256:
2514ec1771d109871f064ae14286a536cf23329d55f64dea9bc2c305a850fd24
SSDeep:
1536:q/Qo/iOH0F0fVypcDAr4patpDIrxSVqetynINEL14uNBuDXZ3/MN5kgjcI:q/Q+ijufRtuSS3yiE9ODXFF0l
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\pt-PT\memtest.exe.mui
|
MD5:
a9ba14b002889764a923e216fa729aa9
SHA1:
ae013b3d93a2c4502382eff70fe84098d0e43b11
SHA256:
9b7f07d277866aa03f3034fbdce72aa73a56c67281bb2c1e1a15d26e5b5d582d
SSDeep:
768:PK+MBnsRfd0E6+zYusE9FXoy/rz/JPWJOVvE21yCgtB6IvaeQ8jC1p7xxK:PdkE6+dskYyjXvEe98Q8jC1p7a
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\ro-RO\bootmgr.exe.mui
|
MD5:
0b9ea3e034a6b160b73c23b9119fa627
SHA1:
51ba0d481c64731cbcf433c38aa2f501bf987faa
SHA256:
8aef93dc6e8bff3b08b5a884ab5ef6258324df1e79afbd6afadb904ad93bc062
SSDeep:
1536:0kMtV0JsWo31z8MzJE66N9gi4yZAjsjiYurRAjdIq2vqTQDv9PO:7JsXzK6QeiTZ7mTuqHvv9W
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\ru-RU\bootmgr.exe.mui
|
MD5:
41409480b0454c3a207290ae96b6c94f
SHA1:
1ecb370f135cd20eaab4eac81a655182746786b1
SHA256:
e257bfa84b5e6357181eb2aaf678a5c6e6ed7902aea32a856aa8c8fc75ca853a
SSDeep:
1536:LlKrDTdg/AhfUFL81qOjMV1nsI99dBpk3z6M+IHRoQHt/idWn/pQBXqgS:hUDTC/AVAuqOS1nV99dkjCIWQRidW/i+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\ru-RU\memtest.exe.mui
|
MD5:
2b8ba361f504b2c543922811a274ccc4
SHA1:
da631f3189479177ece21dc33bea107100acd20c
SHA256:
0d1195d175bd96fb0c12b26dbb1352b847fcc07f19afa4f4de50596c2788a01e
SSDeep:
768:cMEvwyW6MnfYFVA7dtzIrwnpKPTn14oydIrgg+u7xA:qwyBq7380nMMde1fxA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\sl-SI\bootmgr.exe.mui
|
MD5:
999de88ba81cdfadbca70bacd5002e1f
SHA1:
4397e65aa54cd9eccc0b9aaa8e5d57c158cd480e
SHA256:
3c10d772a46c9cb9eef5ef514f9a898e2dde9233d6620b11db575bad90b96f16
SSDeep:
1536:6C9FaWCF4ZaiEGExfK2HRchA8rIC1wOY2hRAGt7msfh00J0KD9Q1NUhDbb:62no4rExxfK6jyIC5F9MWhnb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\sr-Latn-CS\memtest.exe.mui
|
MD5:
11fa4dc0effe4d6321026a59f20b5db0
SHA1:
35be5192692a4c987d45f75d4fe5126965448155
SHA256:
d7006a56518914d87f7c7ed38a68febb3192eb9c73a55b1528efb0a30465db9f
SSDeep:
768:kMW5Ojv7hUvSXn0OUNoCGpnp1yQ0Gz67xN6v7vGgDzLsy/OPmP9:SOtxX0jNoCGRa76z93/Ms
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui
|
MD5:
49d90ee86577dee672fed45907043dd6
SHA1:
8f85d8903be9b74ca9aed3ef50dccf8f065e45d3
SHA256:
49b15fc90a411ac32a7a307a8dcf6b0db18b3e8038ec81d9a83e7616bf5e24f1
SSDeep:
1536:kUc29ZkcTSM6JtTYw+j9c9fDCaCxHsrStRziDGbN6jBaztP7KkrAba:kUZTkcTWtE594bQHsrStRzoGbNNzFdrF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\sv-SE\bootmgr.exe.mui
|
MD5:
9577feaeac45fc7f8b3de04c5de84ec2
SHA1:
05ee6799b33a075e03b115573a39052ab37bb723
SHA256:
088f6e79fb14c53ab20c65a495951cf77cf70ef6de338d91457892d0b5edf949
SSDeep:
1536:a50b9l1KGq2HKnWTLaKK/42gvDp6Fl02vsJsX3+KWXlr7K1xZw6:ak9lELcnK/4tvDp6j02vsy3txxX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\sv-SE\memtest.exe.mui
|
MD5:
189b45e97aa3cdebc2e35cd03b7204dd
SHA1:
be83fd9216b01cde94994509010ecb2f8ac379ed
SHA256:
db07f3b2865c438c9280e1b8cd4bb4edd15b6a86a17704c58ac07b75856b49fd
SSDeep:
768:BxcRbP6cO7mPNjmkK70iiRtEq7ZQu4dtS754nBStVSYLWXNAX3rnqyRR6eAoG:BxkgKP5K70iifFs6sStHKNADFRR3G
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\tr-TR\bootmgr.exe.mui
|
MD5:
87d3dab4141ebd983b774ebeb6007d78
SHA1:
1041a04315de1e7d8a3990c3847dcaf62456a66f
SHA256:
4b15446ec148edf945f2a8c804a1b1f955d9dd57150ce448e4134064eba832dc
SSDeep:
1536:XcN7zESZGqmrIjBkMDAfPtgWpNJ4Wxu0mm/CIvEr:XcR70Ijmqe3pNJAgCuY
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\uk-UA\bootmgr.exe.mui
|
MD5:
0aa6024309354ee8a3bbf5fc1687b22d
SHA1:
5c20fb5b1844fcfdbcb6dd487311fe70203b02a5
SHA256:
07964df55346931660761e1b9199bd713b90f19630534246246c7cba459aec72
SSDeep:
1536:ULMepXUgYlPjijZwF6i6fJ14GrQpp3xOMEG1i:FUXUgYlPejM6xj0phxOMG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\updaterevokesipolicy.p7b
|
MD5:
e2dc95f7c315a3faa08f49a9070a7781
SHA1:
2aa409b62ead9542c5b999a778f8af9cb5eca8a8
SHA256:
cbf7dcaafc020c8ace3871e1567c843261a497e1119814a2b40e510f81eb6121
SSDeep:
96:CFKDmOGCd1aQCb0pJsuaIwO+EH3mVOg+2O20Tvj+/pau1cFK/Beb744myuU0:CQDJu07IbO+EeOg+2O2Kj+w9PR/0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\zh-CN\memtest.exe.mui
|
MD5:
e428b7357375f5335e607fdd0d5137a8
SHA1:
e1839859da4d7d1ab89ca43708f9325ed4242eda
SHA256:
502cd08a8a2086daf9109dce2b10956f93dc254e0144d8b87b9e4eae7fe3b4f5
SSDeep:
768:IHp9xuOp+Z4ZsoiP7UF5+M7RdwFhT2AjSDm9yqu0Qr7tXUl+LmhrPJsgz:yp+u0P7g5FgFhEAu0QFXU4LCii
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\zh-TW\bootmgr.exe.mui
|
MD5:
df5ab9d9bbfe83c8d0218bf5f52f2a8d
SHA1:
c1c0644458dcabc5ad5fb9632365db2c94b9de5c
SHA256:
1080249094012b6f095dadcf271507370a32f6d25fdfbbf7bbb1bb39376bf741
SSDeep:
1536:dVEfwP/4faYkFgxQ6RyDDQA0CGQ7O+nKLTSTcoHHS2Vg:dF3ekFgfRRAJ7O+KSTvHHfVg
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\HardwareEvents.evtx
|
MD5:
5ff8e5a29a63d723bcada46606426422
SHA1:
8a6c4703cab55164b1d7fe36e4916fa6fa85c47e
SHA256:
0105edcba69b3e091ef55e385089cc61cc7815514657b51b83df50230e5a8056
SSDeep:
768:/kUdl6Gblgpq66HJT/+B4Xo5Ai8XieW5bSF4Vz5XI/liFzZk4CaeLIQJxbECHBCw:/VoAupq66Ht/+BonYbBLaiCxM6hgSeTK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Key Management Service.evtx
|
MD5:
323004672b061c5dbdbb20ebc92c7f62
SHA1:
60d140575c3a84a4926fda9d72240ff50d20d014
SHA256:
92f3cae5e0110af9977aa073015aa6db00e4be21498f2b4603fcddf6a1e027a2
SSDeep:
1536:28bmA4nJVCOHdka+QU6mQEFbNraRUf8eEwIyfVkvrerH6oGg2hSlcfw5jAg:CA4nD56gUQ2prGUfhEwRVk0aocUlcfwr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx
|
MD5:
9aadb5ca19fa9885bcce4114d7ec7784
SHA1:
822016ebac75b00e9a53b09b095d4cf21355e6fe
SHA256:
267ae7c47067ee3ce87abc056fc563298d3a1db2885761bd45d61bd9afd2a01f
SSDeep:
1536:+O1fQ69dsheRhfDOi4f01bPAqIKn8CGEh08d7HaPl2QW:+O1fB9dK8hLr4f01PtxpGEC8dDgW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx
|
MD5:
a8fe88a0e65d2f2e572ba75ee50f8eae
SHA1:
abfcb042fc5874bda06cf0be0895909e75d8547c
SHA256:
52232ec894fe5ee4a53c200014e936202fe646f1e8503937aa27d15331ce492d
SSDeep:
1536:KVRbG+MQERvWcFdnfc7PZGT0kMbmHo0tDsBOT9/PUfTkYs+:KFMQP6dfcjZPkdHrQBOT9/PU7kH+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx
|
MD5:
bb166f8a10b6451dd1a1aa538c2d3862
SHA1:
37c5633ca4cbb4df8f2899837fb2b66b6f8d025e
SHA256:
9983ec8d2b9d647256fd858f9df6205669ad6e31959f14635fd096b928016cdd
SSDeep:
1536:4+rCdqF+b8G5MID9AdZr+///0+lG2FDED6hpTQbYHjYV61pBH5dP7:M8gMID9Wo/8+M2vXQbY8V6nh
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx
|
MD5:
4e10f1977a59e06e987143681bc8d9d5
SHA1:
9ef3cc924208a32259cfe1cde3467bd477927b6d
SHA256:
193268c59e171d0400f82a697a4bdcd7f23be08d6f2d22b09c00412801eb1026
SSDeep:
1536:qyB//WuZadkaK7z9oFgQgE4qheXM11H907leOD1ZIKlXW7VYV:dBHWuZa+Vz9oGkmM1t907lLZZxmSV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx
|
MD5:
c41cc5a3219296df1006b8c4a6064764
SHA1:
6ada9d1777212b25cca1f52a05b64d2bf0ea327a
SHA256:
7aff724df170fd0e1bd9bf1e86c524fb1b89b0dca83e23472ed6fd00a777098c
SSDeep:
1536:8YsrS8SupTslu4Hp8bg63Xxg3wrsVovmYekN/Y:hCS8/glu4H4g6RWovmYekN/Y
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx
|
MD5:
30914bd82b5648dd641ca883101cf6a3
SHA1:
272d4f615b6dddcd2b693d452fd75a25e04d7da0
SHA256:
57f008568890cda8aee57c1b1794a2e040463aa3d0d6efbe115611884e44b45d
SSDeep:
1536:dOWaC3WdR3Vlof+KkW3KirwI3L1Xm6qTXLpPa2Bi3tgra48R4aA25wmv:Q3cWdlfzKVXrDL12tHpxi6F8Rrwmv
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx
|
MD5:
713350760df70de9aaff34db76600d7d
SHA1:
66ff616ffaaf6991876b50561ee43f1687942364
SHA256:
67785ffd381b98f40b1a31c83a84dc4661a1db528c258b6fe68d0ebdab5490d9
SSDeep:
24576:Uf9EWd6FBeHSCkbYYFWwhm8gsgpbHoKlJNpM6bqfNgs+ZBM:vWdueaYYkDRJVbqUZBM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx
|
MD5:
66774bc7b65611401653b0ab4fc4a0af
SHA1:
4519d6266d9d6c575b59c065313f8b93398c9ae5
SHA256:
c6ed163219ecff76e65eb0c78834b0bdf26b41c42fe78a9d3d462599ce1a84b7
SSDeep:
1536:p2XUt40ot4cWhWGdjIWxFAm1FhrTdVzfcKvxqouExOV9383V9:p/tlot0hRYm1FhrTdJffwR3w9
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
|
MD5:
a02cc3f3318e29f8f5b841470781805f
SHA1:
25f69a0d936c2d3e0912678a224c3caf0b2c2c9d
SHA256:
bc8e6d83465df80eb3721898a4ec993e835b36f612c77eafa0d1d7b17a8e8252
SSDeep:
1536:iEDlJ0P0qwyENFvncWafE3bS++WMv0GVW7FnE3DY0m/GPvGRK:iEhW0d/c9++x8Gs7FnE3TdPvG0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx
|
MD5:
8a7274164bb944fc79daf9163799da84
SHA1:
830c9833fd49a6dc06fe5dc99e8b7fddf77acd07
SHA256:
abd521c766fd10a064ffbdedd279ba0d54a865abbb6f5b0609e5743ae56ebb0a
SSDeep:
24576:zChH691eRFZ99nvf/NolW8E1OafxVqgeTpQU2z3VAIO/:zCMYz9nH/I/EouVqn9QU2TpI
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx
|
MD5:
f588b54da2007243503dea2159cfa8bb
SHA1:
b58dc655a4b4b6161f13f3e995ab9c907e60ed15
SHA256:
8d9a2c3a4b582ae974f98d524216238160c7ed52beb9d9828a297cc2163e022c
SSDeep:
1536:TcvrlExuP3E3c5pPNqlQ53x1VvRHYSxtOaMKaV9o8a4s7vi:4vX0s5pPo+53x1z/xQaMKazo8a4sTi
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
|
MD5:
afc8c8c1f4a933524131c2b0f8039123
SHA1:
9fd3be9f1cdb21a43f4863cde7a410b783b34ee3
SHA256:
7c59a1d155596787d4aa0cd64de334f45233ea8522d59430d9c85355a6d910d4
SSDeep:
1536:AwT1c9Gs9GH5sUWm9niMkn0vVYBiqjSoIAttsvpksUGK:Ag1MgH5sUHUGYBDDIAYv1K
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
|
MD5:
56caf3e4bee6cde15df099210e3aba7d
SHA1:
a10c50cb4c261d5ddc5abed12a0328f02232719d
SHA256:
e59c25873603ac581c76e120951a10618c947a59fe3053a9855f4e158e417bda
SSDeep:
1536:/X8M9zfJA+4UfAmKvE/H/VYp6srO5g4EWKQS8swTtGbn2RNRn:/mha/H/ysdUYRj
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx
|
MD5:
0f1d8d710412e0a6464e9a48b1c7f2b8
SHA1:
13645add08f6346757bf5102174a073356190add
SHA256:
3a803c55a14dc6c15e29d428cf69c1366aed38c0257d191e807d1af7e1e93d9f
SSDeep:
1536:JnpNqQ6CIxIQU7ihZUhCIAmGG4aWdLLzjO1gits9xT:h6CILQhCIAFaKSgi+T
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx
|
MD5:
404b67958f1026c63bbd0545a33e757f
SHA1:
7cad53a33e15accdff2bc4b151d259b2e7bc2d5e
SHA256:
b3e339b53f503ee8bb300a0d87a913847559516eb91ffcea63a04796308d4c6f
SSDeep:
1536:db/o3gQE/xcOEfw7a0e79ouTPcpOiaJUIUxhz5xDjmlzgKVu+Fv9m:dbA3g5cOEfma0e79ouTPPiaUIKhTmpgF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx
|
MD5:
51b2e09c59fd4491bc195c287aef3f4e
SHA1:
30acf76f265448f1674a25ce218c25fbdff3e00e
SHA256:
cd631c4e5b3259f0d8d06b9b6d933bd7b4a61983c4623b7d1e955fd652cb7c80
SSDeep:
1536:dcjOlEOXVgZwazHgVQ3FaUhy8C+jK9scq/T+z6ljq/nSGwBHRR1zuV:Jl/OSs3lyMjK98/TS6ljczwBxqV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx
|
MD5:
96cb2faefd0a1c95f1a3da9c82e61676
SHA1:
f9e6b47823d36219b66e4b740f1afad91e80eba1
SHA256:
fb3253c7f597178e4e958a2930ba156d4ab66cb1faf7ceb572ff4bb100ae2a52
SSDeep:
24576:AX3g7ibaEIn7u4F2EZOscAqQ5TGwuLmTrF26:AH0ibJ10/sVqHFl
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx
|
MD5:
f36d2c18626cec4dd6dcbe71a76264ee
SHA1:
4796b9845225feb948b6b7a9f98d88f3f4ce8982
SHA256:
803ac59ea1300d0b7593854b3339f9a2f79d03230b73d362b0d3ca7bf3a24691
SSDeep:
1536:kuYucFpbgMQ0N9OUVzIxoq3vyzW0XGBn5sScNCvr4PkeS7G6NeRx:kuHcrz9HOo8vQXGR5rV0MNkx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx
|
MD5:
9a2f17ebe836d247063890eda1eb3e67
SHA1:
ddbdb60c3f25e4537c98700f883816e9029336cd
SHA256:
7371938c786a863c1c086f66b39d1b82263d3236d8b3b584f2ef4bd0536cc891
SSDeep:
1536:zirG8Rp6b1gWyJMAVrFqN+i6SLsmfCVh1tOcZdxYpIrq2l:YG8RYBgVR9LPau22l
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
|
MD5:
33160aa831cf7c1d06f5e5872edfbcb7
SHA1:
c21708ff5cf638d36a7a8f53a1a2d15253bf1d0c
SHA256:
cf679aec2508ef325e7376d9182636ed80ffff7993bd61d3a3340bb53289ddc1
SSDeep:
1536:FRnGA2BMRS53N8h/k3mG0DnQCyu4V3lONugLzl0:T8MS536h/k3xyQF9ozy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
|
MD5:
60deb76c0a6863abecb7bfea119e2c91
SHA1:
535bfee681e40c6ce27f84feef4be8770b912df3
SHA256:
516c8098115c5a4edc8e5da7b41685e12c5b0617ae860c9f6efcf6869d54d0e8
SSDeep:
1536:f1bku1pkj2lMqEx6G2PozAAqddfumTjs7xrKgngJ75uuuWLxXB7:f1bbpkj2lMFx61yAnfumvgbgbrNZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
|
MD5:
6402da7d089b39b5170d4d0367463246
SHA1:
e95f6008ed5305acfee37fc52f9fdbe2fc3c948e
SHA256:
b766c75af228f99e180f1f67e37fdb24fa10cf4193cb37fb5ce6d2107b252791
SSDeep:
1536:Dh3ayVVqCtJFcK6dO68iVhaLh3d3DZRsAznyNWgdz42:D1zFfsdwiSd3NDZ2Ay5dz42
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx
|
MD5:
67f1c47be3e0d243230b07f60f54361f
SHA1:
64b2e6a4f90f43b1445bb748aaad81cf0d6a208f
SHA256:
feac527c6fffeaa98039a95a0fa9afc0f4da498041020d312e295c0713d45322
SSDeep:
1536:TPZ4kV1naI6FkGK81UZvnZqnvqeboi0Sin/M+zcDSt9vYvOQf:FbV1afeeUDqnvxcWinkiac9vY2k
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
|
MD5:
f7aab8aa5bd67d44bb428e2ec96db990
SHA1:
162f90c4d80bd0d0fc9849cf415d9d992670f30f
SHA256:
c72e9b6f72d8f6a60ead9ae11b38510f4d7fd6236020c31db146c0857e499643
SSDeep:
1536:oXTiXny0/nst3M1VHEQ05vcu9AwH9WdO44egWeut3TBOzfCS7G7qn:oXmyMst3M1B499ZHYO1egDE0z17Hn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx
|
MD5:
cde9c823ae7b7c2bb376f2a93304ce54
SHA1:
14b02d5e8c2b333d77d0e0f54f7d3ceac1e575c1
SHA256:
ece0d033eef8939bee798408f3332ee90a4f26084a0697331a80b167c373a3ad
SSDeep:
24576:6zCaCvpplLaV1xWnZhFSQxB88eQMApmg1MHzI243k1c:6ziplYMnnFSQ3DeQZXApiB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
|
MD5:
909cb93e046d5c21e687c7a097a09493
SHA1:
b1d8ed0adde12f5ef7a13a8d8c2fbc49f663f9a2
SHA256:
8fcfcd4f7986d63602e5abdf06757982a574e97ca1841f135d70a5081217d982
SSDeep:
1536:y+zsQ2Lb3zXfDngk+19hoGAKvWvH7anfsogJ0J1BwO:zwQYTzyiGBSodT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx
|
MD5:
eac1cfdc0e5f5b7082258e2e46eb4448
SHA1:
843f70c190beeb3fe062d2152a44d5f26f24c255
SHA256:
7e04b88e8f90029f3aafe9f60bea466a8eaa2620828bb5609467fdc0874fe605
SSDeep:
1536:DBd00P9N8lnxVtWe13TetnwduQZckP9LgncwFhK/bTqGwJ2ostX:Dw0PMLRlCClcWx6hKzTqG4WX
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
|
MD5:
900e035a2547e7a7a92406ad9b3d2d08
SHA1:
81b1e4e5302be3dddc8698500170164f39a76525
SHA256:
61a8be1245aacb04dcaee920e16da4cf951d2d9daba25a5fe40f2c9c2ed7a334
SSDeep:
1536:XebrrAlCiD7vv/Hr1Cvo8KLEEilIVAoMDVRDRcr8Q0wg3w:ubMCCTnLa8L7i/lfDRcrXgA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
|
MD5:
be05e6b394c7faabfbda46f61b30e3c2
SHA1:
5cf42c3f9b245ca0c59df6c3061d6f3b0abc932a
SHA256:
78eb1251b5d3766514744f9425e4fccf9a31732ced8990c5b23acf49996e03c5
SSDeep:
1536:amB5ynFqvPlOW6jOG9ZXZxtUQCNKfcZ69W5ZEdRNKiMbSnO:VB5QqvNIjOkZpxldfc4y8OiMmO
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
C:\Users\Public\Documents\!!!_READ_ME_B8CF767A_!!!.txt
|
MD5:
1674b7ab446d41ae994f4e8eff92a043
SHA1:
6ee5bcaf2ee46a2e0347d5084090a2a47b16c078
SHA256:
09aaf59a25a64cc1a73626680bbcae9aaba9bcd7e900db633dad42b08655e573
SSDeep:
48:5wQ7LyK/TbSNXvy1tQ9UbPFxJPl/Xm+CkyZqBW3BM3BKKZCrCHZuH6FTkJMuqxjQ:59fEYLbNRnXL5unHIrpsqHer
ImpHash:
-
|
Access, Create, Write
|
Dropped File
|
|
|
\\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log
|
MD5:
49e71a43bbe3ae2c32cd60f0c8ddc9c2
SHA1:
8c37f60b961a10343187b78022cba0ea990dd61b
SHA256:
f68b445f63bd47660243c0929e20600e95595564c2744c0af77c8c9cb95f5ef0
SSDeep:
12:5wmcvYUZrIhTP+ruHuUcdQFaD9gP71av3LffovDYLrLfYfj8R:9cvYOrkTP5OUkQcgpav7fgb+f7R
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1025\eula.rtf
|
MD5:
f217a6d68b1a1dfc63a6a3b6f4e9ef36
SHA1:
a2914cb0523c78998e5b339f4d3c2832d221fc5c
SHA256:
cdb4b02b812ceedc8bb044bbfbb7e55d9eacdfb8ecb5370322ba2ba8a01403a9
SSDeep:
192:OgsD/Bd6kff/r2QduKQ2TQW/S3EGoCzfNjy01X4SsbgxMwV7:XsDvj3r2QduKQa+FoCzfNnl4ShMwV7
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1031\LocalizedData.xml
|
MD5:
5f19ffb24038ca14b1aa3cff85663a7e
SHA1:
b06d26c2fd13c7de7f126f5c802cf154955906ec
SHA256:
a5b6e5895b74b9241c7c77640cd60e8d7e0d2b6e3ce6f36ceec4b7dedf275dca
SSDeep:
1536:RYfvLwXROSF54TtKFIGFklu7R/r4gI1A76a+cQtveDORVY4Gz1hWeikp49wDG7DJ:RJhOE4TtKFalut/UgI1ta65eORVBzkGr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1032\eula.rtf
|
MD5:
f331bf2e4e2d24a0cf18f2c5be26d803
SHA1:
05ae1e6dd76ebba892033cf2ac05bf6222f4e8d7
SHA256:
92574dd69553048e129f89fc38f65d04dff6b28dcc588c6bd2ad75bab7f79ec9
SSDeep:
192:KqPafrWyR7VsaCu46ovITEuk7eAJbRdNWVcwfzfIrkIIV:EWoB3taITYd1R/hwfLCdK
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1035\eula.rtf
|
MD5:
12d2ee046993e7ba2c29e3ada955fa2e
SHA1:
50741269769cea02c5f65ef2fb8b57be8b1c22c1
SHA256:
2ebf17c5655f87db1ea379c85a47beca0bf7c99919c736f291b387b21b4c574c
SSDeep:
96:VZqS2xlZhuNWxGJMI4XoPOWBFO79NeKFURRdQz:VZqRxDh3CZ4XoPOeO793FUBQz
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1037\eula.rtf
|
MD5:
de441952a1d3d05a9189d280f98d6d76
SHA1:
f924461319e1316c88dd919db90aab3489473105
SHA256:
4b9a38de5490ba32d5c8bf9ad6a340297fa64a615b10be38a97fc3a18e018b71
SSDeep:
192:ru6yWRzOsoSTd7i+pdpce5XEPUPgazVatQKwZeLYXf9c:67u1Y+fpNaUP26KwZekP2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1040\LocalizedData.xml
|
MD5:
6c45caa2732d1b8e5e27f5e402c206ca
SHA1:
4e36ac267cfef538c54ad4d59f5b0de2bc9ef3a4
SHA256:
fad9962e27be04cd8ab01ba6fb9b4a2fc54b93d4c0cf9ac79b0d27015a382eb7
SSDeep:
1536:HFVtIltnHNESUiIauX0zKF4YPjFjR3oJ92R3hC9GB//kI0SduMAv+:HFV4H+Rrag0z2bPjFHSGB3X+G
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1042\eula.rtf
|
MD5:
f4ecdba50f84c0f717bc330191effe84
SHA1:
11c49dc2f46d100e2928f16dbc778e110b2b7ff5
SHA256:
80f2d2d1031a8d219fd13b4f6d2ed8249da24837185ded3fe229859df934f884
SSDeep:
384:h0vvma/X8JxDm+6e6nLDb3veFGFv4YS8RG:h0+EsJktrcZYS8U
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1045\LocalizedData.xml
|
MD5:
29b4c788f9692ee1de40d67dda8e490d
SHA1:
78b22293d6fba84484b0d46046d3944701e62a1d
SHA256:
89b9ef3e0bb6016c536714174a9e9c15adee8970dd0bf66ad0dbc621e932af8c
SSDeep:
1536:VjfGqQsR0D14ZP9WRY4j7l/IYJqtoW5+VavD8V5GUKJX2LxH2v2zpFMt0RN/P7Hp:VjxdOD14V9mYq5plVVcUKJXOxH2ezjbt
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1045\eula.rtf
|
MD5:
70ce261b347e2cde85145a7a7390be1b
SHA1:
396439075eb390f19509fbf1c904f354c613b51a
SHA256:
9ce5fa6b63c11d1562ddf2cd75d3210d2ba5dce0b34d6870d58bd5ba5dbe28e3
SSDeep:
96:h/65kv7Y9kfgccGbL7LIAe7/sDDDhuDDsZiR2UJSzK2:h/4u7Y6v8A4/svDwHswRv2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\1046\LocalizedData.xml
|
MD5:
3b75240347a32b1facb64a34a97d1bab
SHA1:
bd15ff3deae00c3e72ee1cadb970220246d7d0d4
SHA256:
723023d26538d0e67a7e2c818e948eac306d3e7d8bc2ad06fbab6832a6bc8c09
SSDeep:
1536:vJ8EdsXNLF3NjueLIlD7l7inZrZxtFwoJL7hLd5bBhokhDunRlxbmSco/MDBI:LdsTNyXl1AZRJxdJoaDuRjmvTDy
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1046\eula.rtf
|
MD5:
8ecb2d59a07e291424d22a78c719830a
SHA1:
8b9dff6d47383dc96ba5c1f53c8b0c189af2a3ec
SHA256:
5d5beb742e5bed0be2147e3255c2faf51531bee9bc49f578fbf73406646dadb7
SSDeep:
96:giosnWo1v17Bo4+BFyJiN1wVkmu+k3GmAMgCsxcyA0:bIoPBo4YNmk+lMgC03
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\1055\eula.rtf
|
MD5:
a7cebbf7e567494f818b6dffdf318805
SHA1:
518354b77c45306be549dac946158294445d5487
SHA256:
e907c76763d55e37ebf409aee3b9a6e048e79f6a11c75bca4f3ccb322e7197d7
SSDeep:
96:EWg+aYsxckn4i7cHX2ltEvxWeCKkx1tcBjU5olnF:naZckn4i7c32IvOwjU5OF
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\3082\eula.rtf
|
MD5:
8b7207f5e20155a3943ee090f0f472f2
SHA1:
9c28c13f7c3dba4286e82320bdc6ac88940b61fe
SHA256:
dd98b8d21cc6e408e8c725a7373bcff2a9e2a35899ee8ac3416751807f9a1420
SSDeep:
48:cVphBh36mnm8P+Yn6uZYiaF6d3995oa1G/xybO82Tz3PyJObqjCfpsIiNWjRoVUx:cVnB9pZYiag3PI/6TG2wsxNWjZ+yK6Xr
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\DisplayIcon.ico
|
MD5:
b9248bb574c369dd0b05cff0ae98cd96
SHA1:
bdf86e8b96a2b1ed13cacd4b0ed142842407ac86
SHA256:
9e4225884502fa26329cb2e9848db5d87ba74b2b06798032ddd21cebdcad6cfd
SSDeep:
1536:D+N0uvX8jsIasv7pZ3CMgWkYieDxESUabuwf2MoP+wghrViYVUtC8BM+v1rRim:KXj6FZrgWkUVzUabcMoWTApLpD
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Extended\UiInfo.xml
|
MD5:
132318647fb5d012853dcfd7d0af42bd
SHA1:
bfcecc9ef94541bb4f55b4d72cc0fd781bbd14fc
SHA256:
c02921eaad43ac67c6c45fed2aef467fe11219e884216600722ef543e69e5786
SSDeep:
768:ansXflZcrR5CM2j5qB1edPBtM3HIz8G7/3/xw9PO563VzG0:VXflZR0f0PBt0NEHxwo03lG0
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico
|
MD5:
305caca4d452abc85be1dfd73813fc12
SHA1:
df5a7c26f86e27d9bde020c4773d25e2e8f300bb
SHA256:
c81f1b8069b4f5c7cc51170d65e2e519b07160cc4f227076e0a2f6b9c2ccf261
SSDeep:
24:55Dhw6fEKq8TF5F2YnLZO8AAh03r4e4DrUglSMSD6XjqBQH643++IgNJn5cER:ja6zTDQaQ8AWIrL4DYoH64uFgNXR
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico
|
MD5:
672ea12f76cb0271ce11f78b912c1ff0
SHA1:
f0f25b6315618f3d053e1107928cfb4e1a0d3eda
SHA256:
ab2fbb068d5aa58bd223447699b98775634ad914ea4285f557ec5605746929b6
SSDeep:
24:S91fxv4/tpZK+FQtsIoRT0EINKqi56Oxj2h8soBHvvlzcVvnUCxAhybR:aB4/L9qedwPhikOkLoBH3lzovng8R
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\stop.ico
|
MD5:
79e12a8c3c4ec84634e6683434c084c7
SHA1:
b4d6b86bdd163d441d949e64551ddf56bb359a4a
SHA256:
bc04ab1ed8c7a461c56df935e2bf5695718af784f6401bc3c5ae9e2bd605c523
SSDeep:
192:7PElTNFF4/GHdq8gaRQzr6lcuMV1jPFBZ1fz2ku+ubgmLwLIojqTpt//otT:7cheG9DRQzr66NzKbXLkqlNC
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\Graphics\warn.ico
|
MD5:
d2b6e0e955d63b175e72fcb90b1c3530
SHA1:
36b1d495ccf2c373bc748048da55ea5dc4e8a969
SHA256:
f38c23fd7d58b18e350b7ca3ca002971fbd5c294e2fe45c560ded93b7cd1eba6
SSDeep:
192:7WUNZHxglmLZktuCVAu6dtTxpOFyx7QxzHcpgLv8Pmxla:hNM0LCMu6fTiyVQRHdv1la
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\SetupUi.xsd
|
MD5:
ccc8765f20badf25c05ba1a4ab2e04ce
SHA1:
aa07781f1accc28face2e850528b2d595c3bd8a7
SHA256:
1d88aeb221cc236b35b2a1e8e460657ea8a17c4c23c821c2018be25b217f6a20
SSDeep:
768:DqHi6VwfBxXKJYEImnPLg5Fp8SSLmCdUZ92R+v+Op4ZcN:Ui6VUNpEIQ018L89EU/pJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\588bce7c90097ed212\UiInfo.xml
|
MD5:
9694371fb10905fed556c57b1f12b58b
SHA1:
bf795b9f75a4f65443fd86da88826782aaeccf9c
SHA256:
5fd9fc81b7fe50e9476d08f89943ffd0da71f9faec1a485b469be8c764b36a97
SSDeep:
768:ygwGZHrBJ77onKfxCifBSOGay0RpYgc3DQ257dqbTTw8p6PRXJVELJ7E:oyToVi5yN0EzQ25kYPRXJVELBE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu
|
MD5:
2245db515842f4c650af3e8ec0c1b2b2
SHA1:
c3261f31c243b809a8bf07ca8a6a196847133918
SHA256:
ffd77a8432d59b22c6beb3123c775cc158e67faaced9c45089a4dd97e2047c7f
SSDeep:
49152:stpxHsA3VnzdWVIA0LiqPDumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0e7:stp9VzdWALf1PAdXZzKUYxs3pKZnKxfu
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\BOOTSTAT.DAT
|
MD5:
30d18b5a6f6a6dc22229822cd1f55567
SHA1:
16d53466067c71ed4c67d56e16b01d2bb6adddf0
SHA256:
9cee6e8e4ed55ab5bba98d624dfc0f8213d25279d6a8124c99eee4207da96c54
SSDeep:
1536:aDpDDC7oKp0gNTKRA9O45zrHJAAioIcIAGRgkOJilA3OU:aFOoILEAN5zbXipcIfOJiyf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\Fonts\cht_boot.ttf
|
MD5:
6cd000f418909cb5989eb561d46643f1
SHA1:
e49320bf051dae8e96dbf4c5c56f98ba1ac5cba4
SHA256:
bd931ba6bdb02114301ff2e779e479d3093c7e1b4bfde4154f0523efeeafc227
SSDeep:
49152:L25SFIwbyozsezv624EzurWGBydrGOIs5KknYNqW8L/:yS6RdIJoWbGOIghnW8D
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\Fonts\malgunn_boot.ttf
|
MD5:
7c9f55473488c3a8bff201c2e5604d5e
SHA1:
7a3f3e8b2f059d57000ed698b3a27dbe8198f8dd
SHA256:
8130fdfdf0dd4539c0f70c7bd4a9e373c7b1782fbd3728c05500014be5c12862
SSDeep:
3072:t6W6w8F1VzjXq5pcmQxuMakBPwiURl4An2BkeLXtssXc46XBtnOvrwYFQxxZdfMS:c1we1tjQq/xZKtRl4A2iebtVXcrPOvrA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Fonts\meiryon_boot.ttf
|
MD5:
b89bdd12a448013b27361aeac2df2ab0
SHA1:
4513fff01bf4586ac91bc3725621bf2504f16c2a
SHA256:
007ef25eaa8e965194e7e18f1dffdd0df287a82fd2cac75834d819fd684ce51b
SSDeep:
3072:csiE5fXPbBm1AUSgn+QO+eTiVsz9mDvcSOjFEy+:csiE5fXPbEJSgnHOz9mgzG
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\Fonts\msjh_boot.ttf
|
MD5:
ae5b86df83402883a6e0ca455e548973
SHA1:
30ec57abc8ade3a46dce28be32899dc6f72c4dac
SHA256:
5052f9be17af13b48f9c03ed02e13faefbf567f2330898e868001f7d2de16e6a
SSDeep:
3072:EVxoUsAo7SOSZ8Qd6k+sxQJ6XRFi7WeKhhormt0LvmbXpTm+o95:8AACSOSZJd6ZDJCqRrmt0L0XpTW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Fonts\msjhn_boot.ttf
|
MD5:
69093685e43e6204633f7f3211450c4a
SHA1:
1de27a8e39221eb42da79e8bfc0157bd037fc694
SHA256:
538bab8db2f83e88f0ff44cb9c83e53e8684b8f1dec7e479f4a2a5e74daa0b00
SSDeep:
3072:hEFIVbXEL3MQMUJnpYnQd2SvwRcmADuoT0VuKNa1PUb009x0bU:yFIJ0MUJnpaSsc790Pa1Ub009J
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\Fonts\msyh_boot.ttf
|
MD5:
10cab6f304b10734f49232c1c24f1474
SHA1:
81eea5d5176d345e2c17dc71b0df419a21b7eff8
SHA256:
27bfe187a19c15533ec019a453a9ab07544dadd6be43e2864e792e90fb20d0ad
SSDeep:
3072:0hIAYop1WlG6PTbX5skctWx2/bPjtfFs7SbFxxIFRWHlrzLLD:B5o/6p10vXtfFiSvCOFvb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\bg-BG\bootmgr.exe.mui
|
MD5:
745f5ba2af39e17e24ec29dfb08780bf
SHA1:
4152e658de08ebc698e31dbd66bf7ec119682f69
SHA256:
4644bdc4807709ecced40c3af8102b3016249c61403910e3f117c76f1b21e95b
SSDeep:
1536:JpWAadl20csVpDTjAM+OmlLTMBvWRgBzCr8QU80xc06Ld0pIK:JpW9do09DDXGOmlLT32L80xcDIB
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\de-DE\memtest.exe.mui
|
MD5:
0dd5db1d273bf07db40aae713106f1ee
SHA1:
39fd9dbd3741dfbc82ff6420c171c013e995c526
SHA256:
a611a10e817e25758e8bebce70e41f6b4fd966b16dfa4ebead84b05ce6c3547b
SSDeep:
768:hooFiaDrDr9JXxcvQONVBGQHhSaVeunT8GkGcdIQimA82Kr2J1IKkix:hFi8Xz8b9HhTpSIQ3j2Kr2Jxvx
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\el-GR\bootmgr.exe.mui
|
MD5:
a2a9829d9fb370a9bca1e95637c349fc
SHA1:
ffe77087c354ec275356d1f4c2b8720a4462af35
SHA256:
b30eaf388de34d945a1888f7edf25206db5da7754ee672adfcb8969687f4befb
SSDeep:
1536:PMkU3ULW4Ng4cdvpdhMy9vQbsw56IF2G+b31r2rvLVvjTtagc8:Ukdy4av/hM6QkU2R3cLVvK8
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\en-GB\bootmgr.exe.mui
|
MD5:
ff133c9240c0bfd87c3c03b34de108cd
SHA1:
c60d9ea457f60926ec45982bd763d741e77ba1ee
SHA256:
dca835675a9e00bc9549c6ff2de86c4df02fb80300538bdb3e6c1150343e47be
SSDeep:
1536:iDAfRTvV8lM6nct1GMZP50eRuSKttIhho4780YGuw2:9xV8tncTPee9Kmh17G
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\en-US\memtest.exe.mui
|
MD5:
0be23ffacd59e775ff3c1ad85fce66c6
SHA1:
604a3ba57d876a25fdfbe5bb65d00b23e0e172cd
SHA256:
ae1c47e24a09c81a8429ef246f38b940753619b1e19e090e2e60108a31312e38
SSDeep:
768:ZP9cDi1egngf43LkLwkqmew5+dluvYKKxk9QsMqtjicOD6z8ZLZM5fEM:91egg08hLqKKx/qpeD6zSe
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\es-ES\memtest.exe.mui
|
MD5:
d927ecff2bd9825452680106a3e07e2b
SHA1:
1350251a8f739de61737c58bdea75e699d1ddc05
SHA256:
05fa0d03d3a110b43d52251e504089b73a91630be631370992cfe19740d0b527
SSDeep:
768:Mhe72idp4zzmCUOj4YHqp2nxkbvVrGfE8LAla34vUqOaAr94q2GKoywqfpq2cP12:2e7d/smCO4ybvlGRLAl58qOai9+Gjywq
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\fr-CA\bootmgr.exe.mui
|
MD5:
c68fb0329943325d7658d391e2ec5edc
SHA1:
772fda0193caf9a42f0757d56bf757dbbcdd9cc6
SHA256:
674ac082a0dc093259470d2e12f21ea189a833eea251fafadaa0c2fc8390fd98
SSDeep:
1536:1mXXSadhW368w8NyixqbVPCrQkectwXvX1TSuRmh6H2ezoT:IWLwvsqb2ecWXvXRSuRpWezoT
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\fr-FR\bootmgr.exe.mui
|
MD5:
177d91b1a2e5402a44e3901c77155898
SHA1:
3997c7063f9af3cf66b7e298761a5014689a597a
SHA256:
dad2616e54be32c16e44b53bc4c2955a7dbb7d4dee228a8b1a40683e34f5584a
SSDeep:
1536:lNLDLyJUuFsLwVwxcGgx4ATM+fNhyocAxF//RGpRQbRYDQef:l9DLLuiLwufglTM+fNhyr4FnApRjDQA
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\fr-FR\memtest.exe.mui
|
MD5:
9ced0f7c57519f0dadaa5ff422c8ab79
SHA1:
f0c5756f1a00a4e4de6953b9b5e1510fc6a11db9
SHA256:
aeecdb3dcdaff38f07858e86b726d7bac9d31200ecc047768273df43cc4e8e23
SSDeep:
768:l84OXKCjv5+9tfwm8xHhKvhT5yJ4iR2d3sJNNYRWH7RY/kJYOmkRlB:POj9+ffwmEMvhgJ4iRRbROLO5B
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\hr-HR\bootmgr.exe.mui
|
MD5:
f50f0dd8cb448e4afa70f931a45c24e7
SHA1:
46c84c7ac6152cac63e63ff947358897970f9088
SHA256:
5b456c197557ccfa54036ef84146d4bbecf737dd6227719358d53a2a19b141b5
SSDeep:
1536:ogkx1VjQGXcHpljP95pc+F74DKeQn0eMdPlDCw51c6gYlHdx9d:o/1Vj5cbZdFAjQ0eW77dJ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\hu-HU\bootmgr.exe.mui
|
MD5:
fdaad47d1bb9f38152caefab1c9a4803
SHA1:
51064a1df468c98d6e4007d13592cc964a435f5a
SHA256:
91696ef358d9233a456d68bca46ca36ab1c91a6f92f9091aae8e037fccc9ff99
SSDeep:
1536:5SMz2F3d9nndtNilA0Qj8rhp0CLzwYoFb/pCNZD3q5WIWmjPzVmxvIwj3TGyk7Wi:L2z9n70VrICLFoFb/pCNZ7q5WIWCWAwW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\it-IT\bootmgr.exe.mui
|
MD5:
b68c06339e0bc619ba6593dcc4d22155
SHA1:
da5c4ba74a4f75030b39f2f288f70866baa2f820
SHA256:
c344dda4406f696e94099b08afbdf64afe1627f1322e36b9be183bfc87a03b1a
SSDeep:
1536:LLUze9tDC+GJeoeao50qyOz46H85S4+reLATkQ7upBAl7S89QVbCSQ8aEX:AytKJw0qNlH8oSMTkQ7upBAMxVmv4
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\ko-KR\bootmgr.exe.mui
|
MD5:
dfb9074ff7756112824b6e5acd068c9d
SHA1:
0522ba532187141f3987f9c821aa5e63c37a2e12
SHA256:
c6ec1103313130d8a1787da22d2631042f3a844403caa5443674ae8ce146ceb8
SSDeep:
1536:HjapGdJ9FGCrsTpYbRen0T33RFMC+6S05mw29K2ytTn4z8ivf:Hja2w3ybR9jXS0U8pn4Aivf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\pl-PL\memtest.exe.mui
|
MD5:
ab5568123e510e8f411489ce95ce1310
SHA1:
bd2fd4c0165723c2600ead5136c414f9b8155cd9
SHA256:
25d24d040e81260c017346e17eca29a1fd09ae7794e549057ffcaeed30f50e3b
SSDeep:
768:9Xeva2uvGAgfxNZPhcF9BXyF9ML0cBwZrPFvtr2U8m2jp6NooU7/T6Ez3yo:9XOzumfxNZPhc3R/L0cBwZDFvtff4p6a
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\pt-BR\bootmgr.exe.mui
|
MD5:
27f3bbdc691b480122fa8e34aa1abf21
SHA1:
60e3eb9cdbe09e9cd64bbe083ea575aa0627b7e7
SHA256:
83aa7257f57be7ca9396ea99937be3604622b3a93b765cda15a89bf3aa296d15
SSDeep:
1536:+sUdJsp7hZytX4+Kr+BPELdhjP6Dhs/Fjpbel2zjBC8:piIotX4+I+BsLXP6DhQbYWBp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\qps-ploc\bootmgr.exe.mui
|
MD5:
a8c1b0fd0015109dab2de4eaa366f6a4
SHA1:
58f48a6fbe8546905a447550443363b87f6b4752
SHA256:
ce1038b941b18fa70fa307153a79f9d02c1a999f1f7bf3efd054efab6ac158ed
SSDeep:
1536:LrRSrx7gJO63Pka/ft7Q2a/iE2ku2+mDtwC86HpOIWOm:LrRAx7gJ13jXt74qt21tB86va
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\qps-ploc\memtest.exe.mui
|
MD5:
970db8cb1a5df0435afc0e70cf2c99cc
SHA1:
2da5744064e03b4af450489b5b01d4131b060c13
SHA256:
748fbd4b143a265d95444e5d09349b64780ef7d7b1a88b6abdb62ad69abe2884
SSDeep:
1536:ATNurx8BMnHHefk9nZbrhT/qxuERnjlwcC6V:ATNurxuMneoHqkERBwcZ
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\sk-SK\bootmgr.exe.mui
|
MD5:
7b7e1867fc761214514f226f0a9e3387
SHA1:
466ae19d499206486282b165b23f06bdc699f1e8
SHA256:
ade966aa8a9d2f175f0f3a7466bb5baa8bb1efedadaca16c7e9616832f614100
SSDeep:
1536:6ZeFBJ/Lzvr6zc9zsu/AOHBJJtx1Ks8CN6qbBPzklSTwZZ8EzcyVOEf:6ZeZ/LzvlsiH38ERlzKSTwdzRVzf
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui
|
MD5:
be3631b8e77963bcefe44b73eb997c27
SHA1:
0f7bfe03b99fe8d5aae9727cc8d7dbba17a17856
SHA256:
74f691062d54d90b35521c1680907099eb82b36c971bda1c3dd5cf49cba4229f
SSDeep:
1536:Fz0HM6ddtGf3naRRKxBRlH3RpCCTP9W/IPPZjn5vs+/mnXC:aHMMdtG/aCR1RpCmP9A2PN5kE
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\tr-TR\memtest.exe.mui
|
MD5:
bd3308856bec39af7ff1cef0e6b3c8af
SHA1:
dcfd4d19305e6593c6eadd170b01166174755261
SHA256:
7cff3ec04da58141ea850e0aa274a6d5583ea137cbd30965841062b0ca8a74e4
SSDeep:
768:rv5xQ07l3IRf+lFXPmejYWZWAw09KwxMhDyHAQPUXL2D9r0kPwuPW1:rhxVxIwXuedZWFzwxMJyHAy0cwus
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\zh-CN\bootmgr.exe.mui
|
MD5:
b9c56df94f27e0d951243239c28ec007
SHA1:
9656a3ef74281898c3fde616d36e6fcd7c54888c
SHA256:
e76b3e98e62e87340c6b0af0c928dc57148b2d4037ea51d3a321497dc77a606c
SSDeep:
1536:EfA4VmEtkhezn67CySgQBbc+ynUIKdMSa2MdAuFbmc6b8lCqIpcb:54XkOuCyXQvIK2SkqcOiCqIpcb
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\zh-HK\bootmgr.exe.mui
|
MD5:
c31c126e639b849d5424a747577e34ef
SHA1:
7eea8b6f30d647d78df9878cec8ef4a84c8bd1e3
SHA256:
d9a1ef563d5752d0d1782b65dbd5d9935988e5317b4ba9ab44abef1c6dfba2d5
SSDeep:
1536:4FOkxuEKDdC6iGif1ceXtZANte0832PxwHYB9m1nIL:nkxlYUGUltZy832PaUkni
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\zh-HK\memtest.exe.mui
|
MD5:
150e11d7970559c62d3c2a848c1a2ae5
SHA1:
9c2978db1638471219abe9ecc30dca5edde6e114
SHA256:
5a27d87330b46d79175ab7235db66f4063d14f6782aba5a037aeb2431f756eb2
SSDeep:
768:rGa1a9lTaZKQy3E0UemxiqhrtYF1gHhJ20Kr+NzwwX1fO/UD2u3pKY5FRtlrmeF/:rGWaWZKtE0giqhBYWJFKr+/JWG2m5FXn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Boot\zh-TW\memtest.exe.mui
|
MD5:
804dd4b1300bb5aaa8316972df00f41c
SHA1:
91a87e849be6d3bd914e0608b750982a52f1f4a8
SHA256:
266c2df5a09dba0d3b958a3b786b4a96ded6dbc9461854d464db691c6483260f
SSDeep:
768:w6/s8WcgClRtiTEJVjkSecPKtojQX0O4YXt8ZO4gNNE3tciIzWMnCkU7WDWUwp:w6/sIBiTgIlp8ZObXEciIiMnCsDWFp
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Application.evtx
|
MD5:
f017473bc0ebe0d354082181673ed4c1
SHA1:
33fbdf93b3e08005ae8fb01ef52c25d696e6ec8a
SHA256:
25fe891a9a4d6432689059c0db20c52a452fe4b01b427ce9a29f08dbe37bb8d9
SSDeep:
1536:XMi9RPTBrFcAByKvPRf4+DtRoOXcikySAX0dAW1:XfRPTBhcAlvPd4+pRoO6YqA+
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Internet Explorer.evtx
|
MD5:
7083b156c397b53a0f649afa41f22359
SHA1:
7054d9f79b8ee817e16c4726a94102bd7102e83e
SHA256:
94b71c919ecdc4c773adea6f20e3ac618aab6800979431da6b373ae602837260
SSDeep:
1536:TJsJnEmjwYDin44mhg/jjN4i48xgrEzdWoVP62:1sxFjwwu/jj+og2
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
|
MD5:
0e12adca3a920a52430682bfe1d641b4
SHA1:
3f6a5936239b8a1640e3dae578f35402a556c3b4
SHA256:
68950133eaad43dc6aeb9a1ce74ac25a2ec93c6f5ed32d46133de6bc1c92bae1
SSDeep:
1536:3cTZJggrZIw4weQYvAbm2AblXglDY+Vgle3KySAryXM0+RpfRC:3OJVZ+we1vAbm2ABQlk+aQ3DpG8Rpc
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx
|
MD5:
eb9e28be3c4c769ff08fe0ef6baa2484
SHA1:
a7215b32df30a243cbc2d5002dedac8808277b03
SHA256:
73b9710679f32ce8222e1452be62ca23571d3fcfc6ed3ed703a28f1aad77faec
SSDeep:
1536:3tsIkBmVdSr/5o8vrobKGst8vlMDT7Tv6zF9EJ2MwC62OZDUggs2g:3tLkKdSrnDoOGstT2M2bxUgzn
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx
|
MD5:
f760095cf96882032feb9ec1775ee028
SHA1:
bfaf27f29f67c0c013f363ec18098363e6bf631c
SHA256:
6410460789cb65d13b369b02c66417102f6ec56f22f747d71de247b1e04ecd70
SSDeep:
24576:ZCy/VFk/HP5Y+MgLVUXElqyfSGWEeZItDG0ew48vj2rnzQM2H:Ml/xYhgCX+qy6GBS06M48vCQFH
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx
|
MD5:
09e19f9578ba9231beea023f2bbfc55c
SHA1:
a256273b22535b621192ceb2ac942c2c3e7469ed
SHA256:
ac0ff08056e8138096f7d61a5ea713246e6ca6fb483c66be98cc3e00c8bd2ccd
SSDeep:
1536:GCSZo3k0PcFWbhHNPS4swG/KWulR1mQ7XT4R7l9kBrRWKcdhmM:TScc4VH5uFKWulZT4R7l2bQ/mM
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
|
MD5:
503c6dc589033dd4320fc1d0eb3acc82
SHA1:
ce8a3ad0dd980a37381bd53859f504b1aa6bb6ea
SHA256:
3f17ca2e39a3c2f7ba359e0a303c10034a027756c26ee41ef04c3aae0e2a9e26
SSDeep:
1536:vRlKbBpHEgA6nCdq/bsKehrQiV+Wi+2P+rtcZ8O7rEtsu:vRlkPEgA6CdSKMc1MFg5
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Modified File
|
|
|
\\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
|
MD5:
71c6726c054e6476b6e5bad6ffc8bb02
SHA1:
f70b4df1e209a8a8493700f33fb80dca648951fd
SHA256:
1f3052ee0befdf92f398d5f8df551c67b53b4ab4b9196e959736263f9a8e43d0
SSDeep:
1536:XeZLXPIY1TUhxy15xilXFHBkTeOralb81BQ/Nkru3mLI:iTP1Qh0ilwJalb8hu3v
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx
|
MD5:
9eaba64e8cfa2f5e61c62550cb53baa1
SHA1:
1dc5203d545f65e9a298e81205ddd04782c35250
SHA256:
a96391337568ca4127c018fc9a0ec45d0785662145b1426f1c7c98952e9b4eba
SSDeep:
1536:0u2RhA1c2cVPN+uoegU56wB0/k0oYQkAmwNYhmNDHb+zzsRUQVKFn1ca:w+b2HBYXzSbCAlVAca
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx
|
MD5:
d808794f227a62677f01a88cdb6ca595
SHA1:
17d8db3cbab41733211047befd2273871594f993
SHA256:
4a42690d27c46d179904f9af603ff7f2906dfaeacaa8b126eafbd4cf0be49327
SSDeep:
1536:ICAWZ3fChF12GPs3aWAXHham68HKIDhomxNntZB3CRfw62SrAcV:ICnZPChFEGPWaDHonOGoNntZNWbV
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
\\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx
|
MD5:
1166d444b5f5952b3bae044c65138625
SHA1:
dade782d98299eacd28034445c3a51134ac1e294
SHA256:
0871115b5121d4b885bd47af9d09b62aeaa6f1017c253ab3667dbf126bc69714
SSDeep:
1536:F6vAekoKWFSeRTlWpoxEyeE0r/pfSOxcQSzKkpQPmtW:FdW0eRTaoEyeE0r0tzJiOW
ImpHash:
-
|
Access, Create, Delete, Read, Write
|
Dropped File
|
|
|
D:\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\.\PHYSICALDRIVE0
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE1
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE10
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE11
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE12
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE13
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE14
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE15
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE2
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE3
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE4
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE5
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE6
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE7
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE8
|
-
|
Access
|
|
|
|
\\.\PHYSICALDRIVE9
|
-
|
Access
|
|
|
|
\\?\C:\Boot\BCD
|
-
|
Access
|
|
|
|
\\?\C:\Boot\BCD.LOG
|
-
|
Access
|
|
|
|
\\?\C:\Boot\BCD.LOG1
|
-
|
Access
|
|
|
|
\\?\C:\Boot\BCD.LOG2
|
-
|
Access
|
|
|
|
\\?\C:\Documents and Settings\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Security.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Security.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Setup.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Setup.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\System.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\System.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Logs\Windows PowerShell.evtx
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Logs\Windows PowerShell.evtx.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\PerfLogs\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\DESIGNER\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\Services\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\Services\verisign.bmp
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\Services\verisign.bmp.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.rll
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\adojavas.inc
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\adojavas.inc.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\adovbs.inc
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\adovbs.inc.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\en-US\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado20.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado20.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado21.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado21.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado25.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado25.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado26.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado26.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado27.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado27.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado28.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado28.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado60.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msado60.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msador28.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msador28.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msadox28.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\ado\msadox28.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\en-US\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Source Engine\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\TextConv\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\TextConv\en-US\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Triedit\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\Triedit\en-US\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VC\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VGX\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\Content.xml
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\Content.xml.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui
|
-
|
Access, Delete, Read, Write
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.__r4gN4r__B8CF767A
|
-
|
Access, Create
|
|
|
|
\\?\C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\!!!_READ_ME_B8CF767A_!!!.txt
|
-
|
Access, Create
|
|
|
For performance reasons, the remaining 3956 entries are omitted.
The remaining entries can be found in
ioc_export.txt
or
ioc_export.json
.
|
