Try VMRay Platform
Malicious
Classifications

Ransomware

Threat Names

LockBit

Dynamic Analysis Report

Created on 2022-06-30T12:27:33+00:00

0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 15 seconds" to "30 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 101.50 KB
MD5 889328e2cf5f5d74531b9b0a25c1871c Copy to Clipboard
SHA1 d14a6e699a1f0805bd1248c80c2dc9dfccf0f403 Copy to Clipboard
SHA256 0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f Copy to Clipboard
SSDeep 3072:AmD1tmtnnhf1j6VTAjIF66yRru77xHLbMqqD/txX6T:AyHWnn7WTWIF66yY8qqD/txqT Copy to Clipboard
ImpHash 2430c4d884e6b7c075f835fdb6a6475c Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x0040F970
Size Of Code 0x00013200
Size Of Initialized Data 0x00008200
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2020-01-23 17:27 (UTC+1)
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00013083 0x00013200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.47
.rdata 0x00415000 0x00005DD0 0x00005E00 0x00013600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.08
.data 0x0041B000 0x00002344 0x00000200 0x00019400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.6
Imports (14)
»
NETAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetShareEnum - 0x00415218 0x00019D24 0x00018324 0x000000EF
NetApiBufferFree - 0x0041521C 0x00019D28 0x00018328 0x00000065
IPHLPAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAdaptersInfo - 0x004150A4 0x00019BB0 0x000181B0 0x0000003F
WS2_32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
htons 0x00000009 0x004152A8 0x00019DB4 0x000183B4 -
ioctlsocket 0x0000000A 0x004152AC 0x00019DB8 0x000183B8 -
WSAGetLastError 0x0000006F 0x004152B0 0x00019DBC 0x000183BC -
connect 0x00000004 0x004152B4 0x00019DC0 0x000183C0 -
inet_addr 0x0000000B 0x004152B8 0x00019DC4 0x000183C4 -
__WSAFDIsSet 0x00000097 0x004152BC 0x00019DC8 0x000183C8 -
closesocket 0x00000003 0x004152C0 0x00019DCC 0x000183CC -
select 0x00000012 0x004152C4 0x00019DD0 0x000183D0 -
WSACleanup 0x00000074 0x004152C8 0x00019DD4 0x000183D4 -
WSAStartup 0x00000073 0x004152CC 0x00019DD8 0x000183D8 -
socket 0x00000017 0x004152D0 0x00019DDC 0x000183DC -
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptBinaryToStringA - 0x0041509C 0x00019BA8 0x000181A8 0x0000007C
gdiplus.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdipDrawString - 0x004152D8 0x00019DE4 0x000183E4 0x000000C8
GdipCreateStringFormat - 0x004152DC 0x00019DE8 0x000183E8 0x00000084
GdipDeleteFontFamily - 0x004152E0 0x00019DEC 0x000183EC 0x0000008F
GdipGetImageEncoders - 0x004152E4 0x00019DF0 0x000183F0 0x0000011E
GdipCreateFontFamilyFromName - 0x004152E8 0x00019DF4 0x000183F4 0x00000057
GdipDeleteBrush - 0x004152EC 0x00019DF8 0x000183F8 0x0000008A
GdipDisposeImage - 0x004152F0 0x00019DFC 0x000183FC 0x00000098
GdipCreateFont - 0x004152F4 0x00019E00 0x00018400 0x00000056
GdipCreateSolidFill - 0x004152F8 0x00019E04 0x00018404 0x00000082
GdipFillRectangle - 0x004152FC 0x00019E08 0x00018408 0x000000E4
GdipGetGenericFontFamilySansSerif - 0x00415300 0x00019E0C 0x0001840C 0x00000113
GdiplusStartup - 0x00415304 0x00019E10 0x00018410 0x00000275
GdipGetImageGraphicsContext - 0x00415308 0x00019E14 0x00018414 0x00000121
GdipGetImageEncodersSize - 0x0041530C 0x00019E18 0x00018418 0x0000011F
GdipDeleteGraphics - 0x00415310 0x00019E1C 0x0001841C 0x00000090
GdipDeleteStringFormat - 0x00415314 0x00019E20 0x00018420 0x00000097
GdipDeleteFont - 0x00415318 0x00019E24 0x00018424 0x0000008E
GdipCreateBitmapFromScan0 - 0x0041531C 0x00019E28 0x00018428 0x00000050
GdipSaveImageToFile - 0x00415320 0x00019E2C 0x0001842C 0x000001F0
SHLWAPI.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathRemoveExtensionA - 0x00415238 0x00019D44 0x00018344 0x00000088
PathRemoveBackslashW - 0x0041523C 0x00019D48 0x00018348 0x00000085
PathAddBackslashW - 0x00415240 0x00019D4C 0x0001834C 0x00000030
StrFormatByteSize64A - 0x00415244 0x00019D50 0x00018350 0x00000128
PathRemoveFileSpecW - 0x00415248 0x00019D54 0x00018354 0x0000008B
PathFindExtensionW - 0x0041524C 0x00019D58 0x00018358 0x00000047
MPR.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetAddConnection2W - 0x00415200 0x00019D0C 0x0001830C 0x00000006
WNetOpenEnumW - 0x00415204 0x00019D10 0x00018310 0x0000003D
WNetEnumResourceW - 0x00415208 0x00019D14 0x00018314 0x0000001C
WNetGetConnectionW - 0x0041520C 0x00019D18 0x00018318 0x00000024
WNetCloseEnum - 0x00415210 0x00019D1C 0x0001831C 0x00000010
ntdll.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlAdjustPrivilege - 0x00415338 0x00019E44 0x00018444 0x000001C0
RtlInitUnicodeString - 0x0041533C 0x00019E48 0x00018448 0x000002B0
NtAllocateVirtualMemory - 0x00415340 0x00019E4C 0x0001844C 0x00000087
LdrEnumerateLoadedModules - 0x00415344 0x00019E50 0x00018450 0x00000054
RtlAcquirePebLock - 0x00415348 0x00019E54 0x00018454 0x000001A6
RtlReleasePebLock - 0x0041534C 0x00019E58 0x00018458 0x0000033B
memcpy - 0x00415350 0x00019E5C 0x0001845C 0x00000546
memset - 0x00415354 0x00019E60 0x00018460 0x00000548
msvcrt.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
malloc - 0x00415328 0x00019E34 0x00018434 0x000004FF
calloc - 0x0041532C 0x00019E38 0x00018438 0x000004A6
free - 0x00415330 0x00019E3C 0x0001843C 0x000004C7
KERNEL32.dll (84)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
QueryDosDeviceW - 0x004150AC 0x00019BB8 0x000181B8 0x000003A0
FindFirstVolumeW - 0x004150B0 0x00019BBC 0x000181BC 0x0000013F
GetModuleFileNameW - 0x004150B4 0x00019BC0 0x000181C0 0x00000214
lstrcpyW - 0x004150B8 0x00019BC4 0x000181C4 0x00000548
GetWindowsDirectoryW - 0x004150BC 0x00019BC8 0x000181C8 0x000002AF
lstrcatW - 0x004150C0 0x00019BCC 0x000181CC 0x0000053F
InterlockedPopEntrySList - 0x004150C4 0x00019BD0 0x000181D0 0x000002F0
AllocConsole - 0x004150C8 0x00019BD4 0x000181D4 0x00000010
GetCurrentProcessId - 0x004150CC 0x00019BD8 0x000181D8 0x000001C1
InitializeSListHead - 0x004150D0 0x00019BDC 0x000181DC 0x000002E7
InterlockedPushEntrySList - 0x004150D4 0x00019BE0 0x000181E0 0x000002F1
lstrcpyA - 0x004150D8 0x00019BE4 0x000181E4 0x00000547
InterlockedFlushSList - 0x004150DC 0x00019BE8 0x000181E8 0x000002EE
MoveFileW - 0x004150E0 0x00019BEC 0x000181EC 0x00000363
CreateIoCompletionPort - 0x004150E4 0x00019BF0 0x000181F0 0x00000094
SystemTimeToFileTime - 0x004150E8 0x00019BF4 0x000181F4 0x000004BD
GetQueuedCompletionStatus - 0x004150EC 0x00019BF8 0x000181F8 0x0000025E
SetFileTime - 0x004150F0 0x00019BFC 0x000181FC 0x0000046A
WriteFile - 0x004150F4 0x00019C00 0x00018200 0x00000525
GetFileSizeEx - 0x004150F8 0x00019C04 0x00018204 0x000001F1
ReadFile - 0x004150FC 0x00019C08 0x00018208 0x000003C0
SetThreadAffinityMask - 0x00415100 0x00019C0C 0x0001820C 0x00000490
FindNextVolumeW - 0x00415104 0x00019C10 0x00018210 0x0000014A
GetVolumePathNamesForVolumeNameW - 0x00415108 0x00019C14 0x00018214 0x000002AD
FindVolumeClose - 0x0041510C 0x00019C18 0x00018218 0x00000150
SetVolumeMountPointW - 0x00415110 0x00019C1C 0x0001821C 0x000004AB
GetLogicalDrives - 0x00415114 0x00019C20 0x00018220 0x00000209
FindFirstFileExW - 0x00415118 0x00019C24 0x00018224 0x00000134
EnterCriticalSection - 0x0041511C 0x00019C28 0x00018228 0x000000EE
GetCommandLineW - 0x00415120 0x00019C2C 0x0001822C 0x00000187
FindNextFileW - 0x00415124 0x00019C30 0x00018230 0x00000145
lstrlenW - 0x00415128 0x00019C34 0x00018234 0x0000054E
WaitForMultipleObjects - 0x0041512C 0x00019C38 0x00018238 0x000004F7
LeaveCriticalSection - 0x00415130 0x00019C3C 0x0001823C 0x00000339
InitializeCriticalSection - 0x00415134 0x00019C40 0x00018240 0x000002E2
FindClose - 0x00415138 0x00019C44 0x00018244 0x0000012E
GetFileAttributesW - 0x0041513C 0x00019C48 0x00018248 0x000001EA
ExitThread - 0x00415140 0x00019C4C 0x0001824C 0x0000011A
OpenProcess - 0x00415144 0x00019C50 0x00018250 0x00000380
SetFileAttributesW - 0x00415148 0x00019C54 0x00018254 0x00000461
CreateToolhelp32Snapshot - 0x0041514C 0x00019C58 0x00018258 0x000000BE
Sleep - 0x00415150 0x00019C5C 0x0001825C 0x000004B2
GetLastError - 0x00415154 0x00019C60 0x00018260 0x00000202
Process32NextW - 0x00415158 0x00019C64 0x00018264 0x00000398
GetDiskFreeSpaceExW - 0x0041515C 0x00019C68 0x00018268 0x000001CE
GlobalAlloc - 0x00415160 0x00019C6C 0x0001826C 0x000002B3
Process32FirstW - 0x00415164 0x00019C70 0x00018270 0x00000396
GlobalFree - 0x00415168 0x00019C74 0x00018274 0x000002BA
CloseHandle - 0x0041516C 0x00019C78 0x00018278 0x00000052
CreateThread - 0x00415170 0x00019C7C 0x0001827C 0x000000B5
DeleteCriticalSection - 0x00415174 0x00019C80 0x00018280 0x000000D1
ExitProcess - 0x00415178 0x00019C84 0x00018284 0x00000119
GetConsoleWindow - 0x0041517C 0x00019C88 0x00018288 0x000001B7
lstrcmpiW - 0x00415180 0x00019C8C 0x0001828C 0x00000545
GetDriveTypeW - 0x00415184 0x00019C90 0x00018290 0x000001D3
GetTempPathW - 0x00415188 0x00019C94 0x00018294 0x00000285
MultiByteToWideChar - 0x0041518C 0x00019C98 0x00018298 0x00000367
GetTempFileNameW - 0x00415190 0x00019C9C 0x0001829C 0x00000283
CreateMutexA - 0x00415194 0x00019CA0 0x000182A0 0x0000009B
OpenMutexA - 0x00415198 0x00019CA4 0x000182A4 0x0000037C
LoadLibraryA - 0x0041519C 0x00019CA8 0x000182A8 0x0000033C
GetProcAddress - 0x004151A0 0x00019CAC 0x000182AC 0x00000245
GetTickCount - 0x004151A4 0x00019CB0 0x000182B0 0x00000293
GetSystemInfo - 0x004151A8 0x00019CB4 0x000182B4 0x00000273
GetLocalTime - 0x004151AC 0x00019CB8 0x000182B8 0x00000203
Process32First - 0x004151B0 0x00019CBC 0x000182BC 0x00000395
TerminateProcess - 0x004151B4 0x00019CC0 0x000182C0 0x000004C0
GetUserDefaultLangID - 0x004151B8 0x00019CC4 0x000182C4 0x0000029C
GetConsoleMode - 0x004151BC 0x00019CC8 0x000182C8 0x000001AC
WaitForSingleObject - 0x004151C0 0x00019CCC 0x000182CC 0x000004F9
GetModuleHandleA - 0x004151C4 0x00019CD0 0x000182D0 0x00000215
Process32Next - 0x004151C8 0x00019CD4 0x000182D4 0x00000397
lstrcmpiA - 0x004151CC 0x00019CD8 0x000182D8 0x00000544
CreateProcessA - 0x004151D0 0x00019CDC 0x000182DC 0x000000A4
lstrcmpW - 0x004151D4 0x00019CE0 0x000182E0 0x00000542
SetConsoleCtrlHandler - 0x004151D8 0x00019CE4 0x000182E4 0x0000042D
SetConsoleTextAttribute - 0x004151DC 0x00019CE8 0x000182E8 0x00000446
SetConsoleTitleA - 0x004151E0 0x00019CEC 0x000182EC 0x00000447
GetStdHandle - 0x004151E4 0x00019CF0 0x000182F0 0x00000264
WriteConsoleA - 0x004151E8 0x00019CF4 0x000182F4 0x0000051A
SetConsoleMode - 0x004151EC 0x00019CF8 0x000182F8 0x0000043D
SetProcessShutdownParameters - 0x004151F0 0x00019CFC 0x000182FC 0x00000483
SetErrorMode - 0x004151F4 0x00019D00 0x00018300 0x00000458
CreateFileW - 0x004151F8 0x00019D04 0x00018304 0x0000008F
USER32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PeekMessageW - 0x00415254 0x00019D60 0x00018360 0x00000233
GetWindowLongA - 0x00415258 0x00019D64 0x00018364 0x00000195
wvsprintfA - 0x0041525C 0x00019D68 0x00018368 0x00000334
SetWindowLongA - 0x00415260 0x00019D6C 0x0001836C 0x000002C3
ShowWindow - 0x00415264 0x00019D70 0x00018370 0x000002DF
GetMessageW - 0x00415268 0x00019D74 0x00018374 0x0000015D
CharLowerBuffW - 0x0041526C 0x00019D78 0x00018378 0x0000002D
CharUpperA - 0x00415270 0x00019D7C 0x0001837C 0x00000039
DeleteMenu - 0x00415274 0x00019D80 0x00018380 0x0000009E
wsprintfW - 0x00415278 0x00019D84 0x00018384 0x00000333
FlashWindow - 0x0041527C 0x00019D88 0x00018388 0x000000FB
wsprintfA - 0x00415280 0x00019D8C 0x0001838C 0x00000332
IsWindowVisible - 0x00415284 0x00019D90 0x00018390 0x000001E0
SystemParametersInfoW - 0x00415288 0x00019D94 0x00018394 0x000002EC
GetSystemMetrics - 0x0041528C 0x00019D98 0x00018398 0x0000017E
EnableMenuItem - 0x00415290 0x00019D9C 0x0001839C 0x000000D6
SetLayeredWindowAttributes - 0x00415294 0x00019DA0 0x000183A0 0x00000298
RegisterHotKey - 0x00415298 0x00019DA4 0x000183A4 0x00000256
ShutdownBlockReasonCreate - 0x0041529C 0x00019DA8 0x000183A8 0x000002E1
GetSystemMenu - 0x004152A0 0x00019DAC 0x000183AC 0x0000017D
ADVAPI32.dll (38)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCreateKeyExA - 0x00415000 0x00019B0C 0x0001810C 0x00000238
DuplicateToken - 0x00415004 0x00019B10 0x00018110 0x000000DE
SetThreadToken - 0x00415008 0x00019B14 0x00018114 0x000002C1
OpenProcessToken - 0x0041500C 0x00019B18 0x00018118 0x000001F7
RegSetValueExA - 0x00415010 0x00019B1C 0x0001811C 0x0000027D
RegOpenKeyA - 0x00415014 0x00019B20 0x00018120 0x0000025F
RegCloseKey - 0x00415018 0x00019B24 0x00018124 0x00000230
RegQueryValueExA - 0x0041501C 0x00019B28 0x00018128 0x0000026D
GetAclInformation - 0x00415020 0x00019B2C 0x0001812C 0x00000124
GetAce - 0x00415024 0x00019B30 0x00018130 0x00000123
AllocateAndInitializeSid - 0x00415028 0x00019B34 0x00018134 0x00000020
AddAce - 0x0041502C 0x00019B38 0x00018138 0x00000016
AddAccessDeniedAce - 0x00415030 0x00019B3C 0x0001813C 0x00000013
FreeSid - 0x00415034 0x00019B40 0x00018140 0x00000120
InitializeAcl - 0x00415038 0x00019B44 0x00018144 0x00000176
SetSecurityInfo - 0x0041503C 0x00019B48 0x00018148 0x000002BB
GetLengthSid - 0x00415040 0x00019B4C 0x0001814C 0x00000136
GetSecurityInfo - 0x00415044 0x00019B50 0x00018150 0x0000014E
EnumDependentServicesA - 0x00415048 0x00019B54 0x00018154 0x000000FC
CryptReleaseContext - 0x0041504C 0x00019B58 0x00018158 0x000000CB
InitializeSecurityDescriptor - 0x00415050 0x00019B5C 0x0001815C 0x00000177
CloseServiceHandle - 0x00415054 0x00019B60 0x00018160 0x00000057
OpenSCManagerA - 0x00415058 0x00019B64 0x00018164 0x000001F8
GetTokenInformation - 0x0041505C 0x00019B68 0x00018168 0x0000015A
ControlService - 0x00415060 0x00019B6C 0x0001816C 0x0000005C
RegSetValueExW - 0x00415064 0x00019B70 0x00018170 0x0000027E
RegDeleteValueW - 0x00415068 0x00019B74 0x00018174 0x00000248
QueryServiceStatusEx - 0x0041506C 0x00019B78 0x00018178 0x00000229
RegQueryValueExW - 0x00415070 0x00019B7C 0x0001817C 0x0000026E
OpenServiceA - 0x00415074 0x00019B80 0x00018180 0x000001FA
AdjustTokenPrivileges - 0x00415078 0x00019B84 0x00018184 0x0000001F
SetFileSecurityW - 0x0041507C 0x00019B88 0x00018188 0x000002AA
CryptAcquireContextW - 0x00415080 0x00019B8C 0x0001818C 0x000000B1
SetSecurityDescriptorOwner - 0x00415084 0x00019B90 0x00018190 0x000002B8
CryptGenRandom - 0x00415088 0x00019B94 0x00018194 0x000000C1
LookupPrivilegeValueA - 0x0041508C 0x00019B98 0x00018198 0x00000196
CreateWellKnownSid - 0x00415090 0x00019B9C 0x0001819C 0x00000083
CheckTokenMembership - 0x00415094 0x00019BA0 0x000181A0 0x00000051
SHELL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHEmptyRecycleBinW - 0x00415224 0x00019D30 0x00018330 0x000000A5
ShellExecuteExA - 0x00415228 0x00019D34 0x00018334 0x00000120
ShellExecuteExW - 0x0041522C 0x00019D38 0x00018338 0x00000121
CommandLineToArgvW - 0x00415230 0x00019D3C 0x0001833C 0x00000006
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoGetObject - 0x0041535C 0x00019E68 0x00018468 0x00000035
CoUninitialize - 0x00415360 0x00019E6C 0x0001846C 0x0000006C
CoInitializeEx - 0x00415364 0x00019E70 0x00018470 0x0000003F
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f.exe 1 0x00400000 0x0041DFFF Relevant Image False 32-bit 0x0040A4D0 False
...
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f.exe 1 0x00400000 0x0041DFFF Final Dump False 32-bit 0x00412730 False
...
C:\\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\hwrusash.dat.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 3.93 MB
MD5 32b27e1b953fd3cfebfa9f1467f1fdc5 Copy to Clipboard
SHA1 035c65498758029d781e80e562822e3f28b6cc59 Copy to Clipboard
SHA256 42c622e07173484ed9b52a3c6229b1f363481ac02f3cbace879515b805a339b5 Copy to Clipboard
SSDeep 98304:+ztUOCCc015Jlkeozd2hPY44PP/b1ZC9omoXfJZXKMDzE8W1kJL/YDfoNp7K:6m501TTozdfPPj1ZC9eXXKMnE8V++tK Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\hwrusalm.dat.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 3.05 MB
MD5 3ffac6c454a56f3617877355ba405218 Copy to Clipboard
SHA1 329259cbbeb11b7028143223aebdfdb0dcac2ef0 Copy to Clipboard
SHA256 f6c70487a935d519482a1ca2e3ea7d39c61e3594834b67102009ca9180b4ba6b Copy to Clipboard
SSDeep 49152:+F0mel5bqZTLUgpwF+p8UgESm2/sBbR1opeArK/EjYYpgt0JrTp:+Pu5bcTQFjaV+pnK0gt0JrTp Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\hwruklm.dat.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.91 MB
MD5 d3738e8b66edf3f0c32a8d17cc825489 Copy to Clipboard
SHA1 7742c9f56f855fadb81321ee995ba4964cea667f Copy to Clipboard
SHA256 74439f7b997b671c7127a993e84ae58f51c15d5e77b77f8883eed0775d58f6be Copy to Clipboard
SSDeep 49152:zKyTngj9BxROb2kebaJfRCznF7dVmeT5Gk5Y0UFJGiJYf:eyEf6b2krCrzpY0UFJGiJYf Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\hwruksh.dat.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.13 MB
MD5 b91604ccbe63711d7b808215d8a854f4 Copy to Clipboard
SHA1 06384c53322967c178a3f4bc98e3fba4e1c77799 Copy to Clipboard
SHA256 a7e7145d2f8dd1284924debaaa06c20d290b2b3c0e55ab7cfdf3f386bec25d24 Copy to Clipboard
SSDeep 24576:VnYq91f2AxQZZye3ns3JYaMwtbQxBMyJH7mv3OVReLaRVXgNftVm4:1Yq91nxQZZUJKmQxBb15VReLkVXgNtVb Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\flickanimation.avi.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.53 MB
MD5 e4bac64b6ecdd4315d679783cdeda527 Copy to Clipboard
SHA1 ee16a421e28fab812cfbef3cca6d7ef4ce1b4040 Copy to Clipboard
SHA256 cce93243fe1ecccf9fe1e9adb51ce376a7c5f5791b17aeefa51fd9e95e33237e Copy to Clipboard
SSDeep 49152:adU5FSrlgnsoeVb1L4N6x+yptp4vxXZ56d:axrlZos1D7C536d Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\hwrlatinlm.dat.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.05 MB
MD5 64a7ad1879cf52114fc3f795c4c44142 Copy to Clipboard
SHA1 2533b19103edfe6265d90359c7f19f9ca8c40594 Copy to Clipboard
SHA256 cfcd61fb6e01ac119e120ffaa6446d02de0d39d1e7825b9633f67924f16534ca Copy to Clipboard
SSDeep 12288:lyPyFIDPddBUAlDPbI6rhXACTX2XibfMyQgf5bAJa+9zUO0vkbrzVK2N8EFF+4U:3iDP/dlDZhXACTIotwP/w2uEFI3 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\hwrenclm.dat.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 798.08 KB
MD5 6cc5a4f394a0abb1238f9faafba1c09a Copy to Clipboard
SHA1 ae07e71f07ed290cf286e4d12c57948900ace757 Copy to Clipboard
SHA256 ab2793f22aa67281e865fd779f4b272bf60d11b457b14db021bef25a89717e6d Copy to Clipboard
SSDeep 24576:+jCYgvZBmFIua3VA19vS7LvAHNr1UBCfYH7oA8gpk5:fYgvZBmedV6qmYUfkn8gpq Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\alphabet.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 774.65 KB
MD5 9c17d4a77fb5e72bba739ce797bdeaba Copy to Clipboard
SHA1 53a655d5db04a6c2a6660c5aeecd553d3be620f2 Copy to Clipboard
SHA256 e37fdb873c8290d629629f02ed949606f8392a470e5e963125cacb1a634e88dc Copy to Clipboard
SSDeep 12288:fJdIyxLDd01QcW/qYnJuFiRGxUcRLA1njJI3oRKvctaDsK:HPxn08/BJ4iExUcW1nFaz Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\hwrenalm.dat.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 731.28 KB
MD5 f9fe55ff97f32d2f5c92dbe0967573a7 Copy to Clipboard
SHA1 a827f3f7ea500e14a63c664336d9fa7d48547c31 Copy to Clipboard
SHA256 eae14390cebb2eeb05da088a90157a56071b90094153959ad56058a087de0a9a Copy to Clipboard
SSDeep 12288:Up5dNpcPk4HbLKmeqyRQaC/Cm/KIhpJ4tlJIrSr5yiEqX2Ohf31GSuMJg2OH7xEb:UzdNpc84Kgi0v4t02J1GJMJROb6JZ Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\delete.avi.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 220.52 KB
MD5 467466c29d7c696b954acb50c94b2f64 Copy to Clipboard
SHA1 251f68ac7edf5d8f693883499d27cf72be0645cd Copy to Clipboard
SHA256 14021076f9eeb9681d2e2e585136d761b5c7ca143e9e8a1060c166e972f588b4 Copy to Clipboard
SSDeep 6144:RT+6QLcY+DDoFeiIsn2bqKOgUjSkJBPJIQQE0Xgh6lFEu:Rhrh0UbqLNn0wQeu Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\join.avi.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 218.52 KB
MD5 1f62c78ef26fd23a436db0f091a117cd Copy to Clipboard
SHA1 babc4f87c7f6909ea90b6110ca52b0f61f8aa241 Copy to Clipboard
SHA256 716bcafb2c66a66034f0f53b1122fc1faea285c61555a0e8d37f31a5ec4713ba Copy to Clipboard
SSDeep 6144:fFIJmL/j7elC6wnRxRXugJaKro+SciPf1DJxqeP:NjL7SsnLRXurKk+hin1HqeP Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\correct.avi.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 194.02 KB
MD5 2e9e8e735b6c74a143df48fdc91cf040 Copy to Clipboard
SHA1 b5f06d58c51c4b80315316713c58316fa506b0e5 Copy to Clipboard
SHA256 f61d9e70394152bd49eb5d3d86efe9f18a63a1014ebfbd099379d73c2631f90f Copy to Clipboard
SSDeep 6144:f1XaYcKHvS2hapn1dfjy5/vxO6/M0FYTJEFvAbQBDTCSdLsx:paePLKfuvO6/M0CT+FvAuP1Lsx Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\split.avi.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 191.02 KB
MD5 8bc5c732fc35862b024c3699de76aea2 Copy to Clipboard
SHA1 ba2eb56fd4fd909df87b63dc6ae3e8784208f69e Copy to Clipboard
SHA256 84b59f0ce95e68832d5fa87fa6f1cf74bc9417839b22469a1d846a8702898046 Copy to Clipboard
SSDeep 3072:fYGHehJchwcoBkLbClQXuG8dZ73+X1vWQ2plks/PKjNxWyphGH3izTLc/RSpgBGo:gGHehJwwc8OaAn8r7OtWQ7SPsjhY5Sp6 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\boxed-correct.avi.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 89.02 KB
MD5 d2fddbd65e558ca7255a6fbbc93919de Copy to Clipboard
SHA1 2c7682294300939f0e209868b8f56879e8d6f144 Copy to Clipboard
SHA256 8b7b8b4839014de48937664a94c92879ec0dd037ef0fef8b2a48d24cbefdfee6 Copy to Clipboard
SSDeep 1536:zn2fNsA154/3RcyhKEOXbYt1ZIjYO6dHeatquTnVZo4SuTkKSZVq30J6CP7hZjwX:7cCAH6ijRj78+IqGZoSwKGVU0J6CP7/U Copy to Clipboard
ImpHash -
c:\program files\common files\44-vnbktrneu.gif.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\44-vnbkTRNEu.gif.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 78.44 KB
MD5 a2acaeadac649509be52b764c692688c Copy to Clipboard
SHA1 b54d867cc828790d708c815d06792401ff6a0e45 Copy to Clipboard
SHA256 344d37ede376887ba1f501fa360e01f578ee5d3cb481a1db1e9c814411b77b37 Copy to Clipboard
SSDeep 1536:smaCF1RvUGMRhap9XU8KuNvvWp0uTXHFFNGx+V6XR32IEd64:GaZU8K2AzlFN4rX92IEd64 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\boxed-split.avi.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 63.02 KB
MD5 cad98215fa1b5c7edfe8c808151d891c Copy to Clipboard
SHA1 29640a2ea37441de2736c6e85f975efb79598a29 Copy to Clipboard
SHA256 2aade3d0f04183244fb2747d908f179d5ef6e9b9af3956c0fde13edc0065c8ab Copy to Clipboard
SSDeep 1536:LmQXdeXxirWjLPV/OE27NfxYcOJiWnu6+X0rZL5V/wOw9NUF4:L5UXxirWND6YcO3nul05VuPO4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\hwrcommonlm.dat.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 47.05 KB
MD5 bdc4a47dd8f2c4aa4c13ae0a6e319ef8 Copy to Clipboard
SHA1 79faa44688f215e519d6f5b1f825412b2a1731b3 Copy to Clipboard
SHA256 100f8564c80c388c13edda48d46ff2f545c8a3a2e4730b99c784b6fe47833cb2 Copy to Clipboard
SSDeep 768:ON5WaPl+r+1GRaAhlYMIMCw+j7FtquugRSiNkxBcgY2miYeN/7YmmUQoqBrAxLwP:OiaPlo+1G7PsquRIKPOd0dHB6F4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\shapecollector.exe.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 44.02 KB
MD5 86df5005d05acac6b6c3a325dd600268 Copy to Clipboard
SHA1 e5b38b12d0684a63f96390fc85026801d77e5028 Copy to Clipboard
SHA256 a2ab56f308734dd1627a87ac76ec612d973dde49a6fd930f6be2dd932e9a80aa Copy to Clipboard
SSDeep 768:jIR7hxaKWzNaU2YL4MnaFJ1etXmODn7hKcH6pXgTX4wyVXwUVef4:jIRlxZWzNiYL4ZFetXm27hKcadwyVXjz Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\main.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 39.11 KB
MD5 ee12cdb9997fd4859f806b543fa2cadb Copy to Clipboard
SHA1 ab631e255f6bcddee14cc6bb24c8ee552bd1e7f7 Copy to Clipboard
SHA256 d94ca372bed98d3ae531fbe1a83abe91717a5a3435e68c3d87f76c5f000fbf6c Copy to Clipboard
SSDeep 768:nBRGuss89hTYw+dPgZaGOdPQzB6V+QUOgBiCpriQdFDuD/kpo0BdV4:nB0rs8XTt+dwaG0YDQcn5DF08pRn4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\boxed-join.avi.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 34.02 KB
MD5 afcebdae77f6a9ff834592c718c0082e Copy to Clipboard
SHA1 b5cdd7fca4b016ce84776671ff33f081343204eb Copy to Clipboard
SHA256 776f7ec1e9b025eaafd0a0bc2e1cb0167604a44f882c3a0f15a3155426d484ec Copy to Clipboard
SSDeep 768:0FnNHyYWxu2mqt6IEj92avXJ6xYKz2+x8GeyJZQ5Z64:CHcu/qwQavXsC02+7zsZ64 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\tipres.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 33.52 KB
MD5 41df5424e468ac7841375c2684f537f2 Copy to Clipboard
SHA1 16784e7a219e1aaca3f0310cff356942078dc1eb Copy to Clipboard
SHA256 116c3debb350ae3ab5caa7ab3be34749f922980c97679d3497cb9cca2680d358 Copy to Clipboard
SSDeep 768:5O5xwEEr+Cl8N6jdPU1FhDUu4m+LHMl65PwgiqVKooN4:5O5xI+Cle6dUBob+6xwUv+4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\boxed-delete.avi.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 32.52 KB
MD5 1c4abbc1f3a222a6675d6527fe489fc5 Copy to Clipboard
SHA1 fdf8a7f23f2ede0b8c9b53ebe9abaaa063225168 Copy to Clipboard
SHA256 ff9a2e45351716baefba7e85b4d015a4408a31fd6d94c88178905006cf8784d8 Copy to Clipboard
SSDeep 768:ajHjp2ZFfmEdQfzAR032UjN/I7C5cENoGsoe9/di4:ajHjp2GfF3ZJ/XDoeb4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\Content.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\content.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 27.94 KB
MD5 cdd7b79fb62deaa27a84c95a59d480f7 Copy to Clipboard
SHA1 8f6695301f22c455d67a56e08a1c7c46637b79ce Copy to Clipboard
SHA256 aeab27c925b596d7030801c318230f034a70bb0c5a829dcedfbf438b79874682 Copy to Clipboard
SSDeep 768:Chgtor/3l6FKhHq6JBNJZJroGWQ1JB2j6N4:KgiDlXhHhtJro32Ay4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\ipseventlogmsg.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 23.52 KB
MD5 b0f4e445734e10b4380f92460ebd6557 Copy to Clipboard
SHA1 c01b15fb3a32025a7f9f3601e27929ccdcab7daa Copy to Clipboard
SHA256 f1c78a3c0eadf79fc5eb48608d3d842d4840d6de57d8a1ab138dafe8da91fbce Copy to Clipboard
SSDeep 384:oW53VM3PTiwT+Blb/u5V8OZVFqnPKOCNkDy1HaQNu/EB41e+LaiZTRBFqv0mN2N4:oGVas08UFqyOCuy1HaQ0DLr/BFqlK4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 17.75 KB
MD5 bdb5ae43b70aa7f096429511a2530dd7 Copy to Clipboard
SHA1 6982470c252c7e0bed1e4e694fef723b842571b7 Copy to Clipboard
SHA256 392e91173904c9867b531bb86aff31acdd5db59daf724b4c008220312460a8c1 Copy to Clipboard
SSDeep 384:pglTN9hvM+9FMVrxp44p5mSyVewuQKQzmbjmRhL1N+WHV35BT4ki8ELN4:pgrjk+DMFPtp0SyVtKVnmh5NxV35BUkT Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 16.27 KB
MD5 e4ec71459d4f974bf1da779dc2b30ecb Copy to Clipboard
SHA1 61568ce3c0cf2c91a99b1329007f2d21c90a769c Copy to Clipboard
SHA256 f0e2c5e36798ea02f51d5e2de2c58c0ab7d9b26c4af9c4fd4912c3b2128596a8 Copy to Clipboard
SSDeep 384:PY3H+OYC4hj5gIAs1nO1LruCmsn990oe6eXpcN4:8Ds94wnSrXLFe64 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 12.33 KB
MD5 e2e33c4f98bb26f88866dc641cd0866b Copy to Clipboard
SHA1 807575623deb7a8fe063148a4b7d5c639e73c440 Copy to Clipboard
SHA256 f21f8f948c7755f5bcec6b033a8ffa74407b2bfe83fd643b9ac8b1d55a1d3026 Copy to Clipboard
SSDeep 384:XLqIbwia/NyxRbBzhHxWB34SGE5VknZ0vmWyN4:XLqdi79M6SGE5SnZX74 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 12.22 KB
MD5 63289ed95c9f25515efb56803e2e5998 Copy to Clipboard
SHA1 4ffdc372f4e65dc72b0adf8c8488bc8b03f1a564 Copy to Clipboard
SHA256 cce525b3986c829b3ef500af425866c707a391417a8c1afbd2bce330c39a83b1 Copy to Clipboard
SSDeep 384:5WZEgNx75H4BMOCAavzMSje343+7RE0HoN4:i57qavVyK+x04 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\mip.exe.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 11.52 KB
MD5 8652f0c5f879638e1e95e812de914e48 Copy to Clipboard
SHA1 23fd365b7f96a754a587c44004d7b7cbda4bee5a Copy to Clipboard
SHA256 8fedd8ad67b29928b46e7e089513af839456a2b6ff69810a2b77706312db102f Copy to Clipboard
SSDeep 192:oAfJVt6LbDYLGRlwsfHI5VFyfmORUOPFDhx1PnZrWWAXeWEKfzLW1fRptSsTMz/K:/jA77w6HaF+rDDzrW7Xr+/osM7N4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 11.09 KB
MD5 626c16384234911a57c3c414312563ec Copy to Clipboard
SHA1 976f1173946c5f0e81170f71362838fd08765927 Copy to Clipboard
SHA256 b7b8b7584372e5223003d20d9085b402ec77109019c675a2eeabaedbbc19e127 Copy to Clipboard
SSDeep 192:jRKAWWyyg/1gsVl22bThInHrFxlqvVuGf0dZUiuM4d20NhntV4:l/J+dgu6LFxl4c+AyiuJDNN4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\inkwatson.exe.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 10.52 KB
MD5 c2d0157de23691bebf95928d541b3120 Copy to Clipboard
SHA1 18806b13b09b852febfef4e9d2decca3bbdd446a Copy to Clipboard
SHA256 06a0d475056d67826618623ca3d16f403e66ce324225e82db99dcf54dc6d2e37 Copy to Clipboard
SSDeep 192:e5lY60TOuzNn2YJHuxG7f+06Zjgsg3O34Ye1qd6L+62z0RbEHjjiZH18sspB60nK:enY6IO2uxIf+0CssJ3t4qwLd2zJjjiHv Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\micaut.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 10.02 KB
MD5 83e81c56fdbdcd7a17fa863f91db5539 Copy to Clipboard
SHA1 c2b349dab84cec8eff030151c6c79175f2938b57 Copy to Clipboard
SHA256 ee88100174afc061d8ca7ee83a54ffc2a350105ed16b6e97142f8d4f920bd0f1 Copy to Clipboard
SSDeep 192:C3RJRRfDfRvooCXuOkeoXkvLYNq6FxIPJdkxD5j7F2xcII74hntV4:C3RJrfRLCBdoLN10/SNjh2qKN4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\flicklearningwizard.exe.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 10.02 KB
MD5 3177efeac552f9a1b5fe63c6516af38e Copy to Clipboard
SHA1 2068b3dd44a3dcbe9930e31061852061e83bfdff Copy to Clipboard
SHA256 7b8727d57e2bae19b4fedf15c2a6ed056e6e0245cf6a54dd400ad8513a4b16bd Copy to Clipboard
SSDeep 192:4Zf43vn+MfZC77TbBYG4hInjkYnmsjRt8mOHxIG2DCRfibunEmFXrShntV4:wg3vn+MZC/TFYGjnRRRLOHa1De+unJWK Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeUpdateSchedule.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 6.19 KB
MD5 ff772e0bac0c0ba4cb05f7e49fc74216 Copy to Clipboard
SHA1 2b2e78b39df52340bf88f73fcc6eba932f2e61ea Copy to Clipboard
SHA256 0414ac37585d5b4b70aaa80bb96d7751a2bddd1a76d5224c0808727f3976905f Copy to Clipboard
SSDeep 192:UlUgZjnwGnoplEHwRHSfk8wB2YcvEfMK7uhntV4:UnnwGn6lLRylYcOMrN4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\inkobj.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 6.02 KB
MD5 87c97da629991c5fa9445677f090a7cc Copy to Clipboard
SHA1 d74d82899ef1d00e14162c139a43942bb52ac1b5 Copy to Clipboard
SHA256 00036a9256e15b1ff6d4853c87d865a7602ff4af47a1179fc793e26a62cff854 Copy to Clipboard
SSDeep 192:58VI4iiWkVM98Q7YwHSupeEJqQN7N4TJchntV4:58VAiWkVMVDyupD1N4TSN4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\clicktorun\servicewatcherschedule.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ClickToRun\ServiceWatcherSchedule.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.88 KB
MD5 ce911c516613c278660a2193219cb0cf Copy to Clipboard
SHA1 689bd55201e08a32abaf8c71a1dd314ce572e10f Copy to Clipboard
SHA256 5fc0698756a34c6a8f4b6b79e4a8fafd914e772e510bb3e7e8ce61bed23a9ed3 Copy to Clipboard
SSDeep 96:lqZnfXrHYBO/ntugFKmDbGbWChTWzmekiJLkfh8usFCKaCUtabzI+EzP8HinRjti:Qf8B2urtbWkTvekWKauGdH+8HyhntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\clicktorun\c2rheartbeatconfig.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RHeartbeatConfig.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.56 KB
MD5 18c7f026e0b51b0af401ec33f62578ea Copy to Clipboard
SHA1 2c65767d67509188f8a2d4537acfa0aca13c1936 Copy to Clipboard
SHA256 bec7a30c02a3a6af7eec94b88e168e011bc16ccfc6c7e27b31fafa51ef4e4e00 Copy to Clipboard
SSDeep 96:Xbuiv7j1266HW39jHSG4xi6+VaIEZPkXJgJr+sP4wAJwVrtrNnRjtxtG6ik29:r5P12p239zSG4xi6+VaIMsditr9hntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\bg-bg\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.52 KB
MD5 35cd9da487b41f49def937d1dbda9c1c Copy to Clipboard
SHA1 d32d15fe99066e2649efbf12ffe962fbd521c34a Copy to Clipboard
SHA256 328dc24e58838a2287e76a4c21192ca7769bb7bf6be4d9b83b5beccc9bf09e70 Copy to Clipboard
SSDeep 96:bqmUNIuF9A/tjWtMrTCkaZ2gKLGNna4DZt3f5ZiSvbt+KvnGnRjtxtG6ik29:AfFmFjWtMyKnK84DZz1h+KuhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\el-gr\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.52 KB
MD5 266500c654a5126c1d129d569cc5806b Copy to Clipboard
SHA1 6521978b7d118e524772a49a5c747a97de91284b Copy to Clipboard
SHA256 5afef6eebc19e7c7e3621d9e7ce7054f10ab2410988c1f5c7983b91983790a37 Copy to Clipboard
SSDeep 96:YbVtaIUeJNIWiiqxeO/KQL5Hmty9N6Hd/+goqyho0gdB9AnRjtxtG6ik29:m6IFBO/KQtHmLdmgoNcdBuhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\es-es\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.52 KB
MD5 df8896af1180f329b5557b0e4d133c5e Copy to Clipboard
SHA1 f09673c63abb11545f86509dfd8a192626edeaf2 Copy to Clipboard
SHA256 e669ad36c8a0fa44b615cd84dbb9ac76eafee441c6e6c4c073cea09afe1578db Copy to Clipboard
SSDeep 96:ZrL4FUPFga+nWx9TnVq5GH8Hu9uI/7oPpgLw0uDIoqanRjtxtG6ik29:Z8oFga+nknc5YCuTq6Lw0InhntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\de-de\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.52 KB
MD5 4f9f1887cac81ea688bdd12fc40aebea Copy to Clipboard
SHA1 8129b26e62dfa44533a3dde8a8f938b4dfb13245 Copy to Clipboard
SHA256 f8bea6dc41c9ccb7ddfc691b4f4f40dcbc0d7e82f383dac1d22538a2c8f79cf6 Copy to Clipboard
SSDeep 96:D9NkXQDEKdka5R2Qylio91QJptPB1nJVixop5ajso9dnRjtxtG6ik29:D7kXkEKdN5R2LkE1gptPB1Mop5a5bhnQ Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\et-ee\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.52 KB
MD5 50a941096ea87fdd78904c1adc208a9c Copy to Clipboard
SHA1 5b7b949f9a4cacd01495fc1caf1b221b96fb7055 Copy to Clipboard
SHA256 9204fefbaf6e62a62bbf118f47e321f2074875b57ad2536ffdec70787787d310 Copy to Clipboard
SSDeep 96:xs8kj/0mkhTkP3DmUUKDKpYjutaAHIX9U0UXlHTdUQmb3wB02y+c58VlnRjtxtGv:kJk2PzFRjuBu9XClzdcbX2yBwhntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fr-fr\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.52 KB
MD5 344ec6694af13171c2b87f144731a0b6 Copy to Clipboard
SHA1 375ed3a80d9a0752801e16c44a054728d3474737 Copy to Clipboard
SHA256 e81bc2595d349fcecc447baccf91732c957894d459503aa0a071a87cb3e064e0 Copy to Clipboard
SSDeep 96:ktaKdQzPfDLMTQqVT7oFfPVPS7MJFLPA43OIUHe6XSNFfb13jskqKpnRjtxtG6iJ:ktaKmPf8TQwEPVPS7MPLPxOIoEdNqKhK Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\hr-hr\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.52 KB
MD5 e31a61e91470ff2be0d84e386ab5c7e1 Copy to Clipboard
SHA1 4eaafcf0c0b70868885ddcac6d627de8ea6d89e2 Copy to Clipboard
SHA256 f809b5e7b9dbc9049bf689cbd6ad861b71489c0bc93f1144a0e0ea355b13fe1c Copy to Clipboard
SSDeep 96:tgdkFFPjAkbtDwt2ZwGDWMYfmzJoWghG8cPoP7V+BnRjtxtG6ik29:wkFFPsthGa1OzmhJ8MWhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\cs-cz\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.02 KB
MD5 1a52cac9a97e9b764d570296ce094e6b Copy to Clipboard
SHA1 91cecd2038f0fe46637749849c3ba8d6e0cf604f Copy to Clipboard
SHA256 d8163ee1b2346855929ca5e2c9dfa5cdd875eac83dbca88c7446211937280490 Copy to Clipboard
SSDeep 96:iIrud2M1vQ+JbOiplDcBUyCZtlt/PLzoBzA+8nRjtxtG6ik29:iiudD1vJbOiXpyCHlt/zzHhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fi-fi\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.02 KB
MD5 fe2687396cbd0ce9dcd2e453b16a1765 Copy to Clipboard
SHA1 80ca02f31d2565eb158291a49bd44675d66bec3b Copy to Clipboard
SHA256 d827ca4d7b0da5bf2869d40dfb659e48295127a786d6ffc4819434f2e4b78705 Copy to Clipboard
SSDeep 96:nfYA4X3LC8jwfernRLTMH9CME3xRBNqNPVe/E7GysAI9F3yyHnRjtxtG6ik29:nfYAS3LC8cYS9CHvn2de/SGHZhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\ar-sa\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.02 KB
MD5 45751fcac792224011987d11a4694106 Copy to Clipboard
SHA1 eb59237afc13aa0d7899da9dc66814287afdb3bc Copy to Clipboard
SHA256 1783951e6b096e03aa1e302caf54084e053f772480ed7f3a95f0b607f623e989 Copy to Clipboard
SSDeep 96:/TXbWFQGAA19gonZoW7GufSitE/P71cry3nRjtxtG6ik29:/OFR//qiqZcu3hntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\hu-hu\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.02 KB
MD5 14531896d1aaf8b6beee19cfec3aba2d Copy to Clipboard
SHA1 394ac2c41cdbbd5761561ea8cf0dfb406f1f32f8 Copy to Clipboard
SHA256 d7e55b75eb0ca283562a7ef9883c41dcbf7b604205062b9772454b66d54ad4e6 Copy to Clipboard
SSDeep 96:eNqRqfVc2/ifrlSYKmgWbe0YP39XZpfszrghNCInRjtxtG6ik29:eNqRiJifpSYta0+Ppog9hntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.02 KB
MD5 2989ed4c86958bdab9acfcfac742bfd1 Copy to Clipboard
SHA1 534a9426ab232d64be2012cd79e687ea29322d09 Copy to Clipboard
SHA256 68c024ebb99d94c79ccebc58a4cac4cfc93d58c641bcccc3f852b9271c84563a Copy to Clipboard
SSDeep 96:qEWFEAID3Fxo9MsbYJAZce8TP5yQ91uAgcUnRjtxtG6ik29:qEWWdD3eXb1ZZ89N9YAgHhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\da-dk\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.02 KB
MD5 e52643fe457e6b69039a2b00cebfcdf6 Copy to Clipboard
SHA1 e2c78808fecbfdb9b86b693d6962f54101ea49ea Copy to Clipboard
SHA256 f597411834957efb1543b16cd45de304f489fb95fb7d8810641e7a217d30e0f0 Copy to Clipboard
SSDeep 96:aETuTpLRaKLJKjFA8hNdKM1mPmkeOmhc9B6i70SWnRjtxtG6ik29:xCMKLJ8NXImIaR/hntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\he-il\tipresx.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.02 KB
MD5 cbfc67129252426ce949a88986ea7e4e Copy to Clipboard
SHA1 33c9d4de79af41df18c1d570ec231dd43f5fa868 Copy to Clipboard
SHA256 c7e9725e691f76da715ee495a82686161c0d210f278de4bf198ff10d3aa98556 Copy to Clipboard
SSDeep 96:rivuUpRdY/wTU0nlcdZQVsy5vARsulQnLoWct6tsQamGiLW8nRjtxtG6ik29:XsRdCwRlcdGfv+SRtoshntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.61 KB
MD5 d8dd309ce9887c34788e256ce54e2c8f Copy to Clipboard
SHA1 ecdca133f4bc8f824a699e66f3430b72ed478abc Copy to Clipboard
SHA256 894de7e5f1b4b05f96c13fb6d83c11908ad2e645dd72c5d349de8a881fc532af Copy to Clipboard
SSDeep 96:veRY6n4tsoTynZjhFAHVYsPL01+EfNPAt3nzMfJjFGSYuAyfjfzSnRjtxtG6ik29:veRZ+iZ1oxPL01+cA1+J+GfjfzihntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.61 KB
MD5 8a22b7ff12893aadc1fdd0eb391612b1 Copy to Clipboard
SHA1 33338a518053878686ed95f670423d107ab12a99 Copy to Clipboard
SHA256 430dea8972661266a5408f77e363305d23d8065174f6df2588374662d72ec842 Copy to Clipboard
SSDeep 96:sfeDNK/i3NaL/EGEAZR2sIpBa1vtOn3MUdVyn+YuXnRjtxtG6ik29:s0NNaLcARnIpgOcUDyn+YshntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\main\base.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.59 KB
MD5 685c9c28a1ec1d3e7ea2b2f44be054c4 Copy to Clipboard
SHA1 a2c82bcd36c20da432bf4a42585a9a6926d87a44 Copy to Clipboard
SHA256 7af02dd0e30b7d4b6781622f7e5c0d4698e537971ab8ace3004bed1c813e758d Copy to Clipboard
SSDeep 96:5sMkAwIuVPNP6O3unKaRemubKb4q4yHhiq+nRjtxtG6ik29:FwIuNNiRKaR8g4/yHhiqGhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\tabskb.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.52 KB
MD5 a94419f4b928c618134e6756966b1d83 Copy to Clipboard
SHA1 0d3d3944a38aa13f82ddb21c88349e632bc797f1 Copy to Clipboard
SHA256 17ba56f48000aec9332ee8bdf3bd95187faf9066c0b40ce10be6ae21c2aad331 Copy to Clipboard
SSDeep 96:EQftIYH6CaUKoqmKwd05bJ9NERCTANku7ur+pBbU8mnRjtxtG6ik29:E1O6CaUKxBbDuUTOuh8OhntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\tipband.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.52 KB
MD5 5ec22feafb6a32d7df9a6a8ba51b037e Copy to Clipboard
SHA1 a62aa10724b2c9ab638d5eb6f581b96bc50cb0a4 Copy to Clipboard
SHA256 e99019308c1f8dc80e416dda6e5d712e21a16eae15607028213c7bca45015e93 Copy to Clipboard
SSDeep 96:2WqrHWcZn1tXV7MCebJKFAUBLVExU+4aJvpKupnRjtxtG6ik29:fqLjHV7MtbA2UF6xU+4aJBPhhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\tiptsf.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.52 KB
MD5 37309cd57df9c8fc7e2f0932b918a09a Copy to Clipboard
SHA1 a158c01ab1ae462a3c57555ddc506ff00efb1683 Copy to Clipboard
SHA256 464a53a27a21ca3fcfcfd5a0df34bf7485f2399db1c66a755696129b1221dbe3 Copy to Clipboard
SSDeep 96:ZkMCHfNO8uedE7F+5WNtTemo8T6SAe3xSKKnnRjtxtG6ik29:ZkbHlTD5CEmo8TPAUxwnhntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\ipsesp.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.47 KB
MD5 b341c6e28cf84c0686576b56d7a5ee05 Copy to Clipboard
SHA1 5ba4c8c126c5f42b3f413d6c86fa5b790085351f Copy to Clipboard
SHA256 fa5c5989856ec1c3c646e091f469d1e57e3642fa25426a378ec867183e546a72 Copy to Clipboard
SSDeep 96:sXZefVMWJ3enDhg7cspsgZ9V4XQQhPCJbnRjtxtG6ik29:sXZuVngFgos/0HEzhntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.22 KB
MD5 3f919e411b014625d66820b314aac37d Copy to Clipboard
SHA1 433f478d51aa085f190f95f83fcd495ca24d11b9 Copy to Clipboard
SHA256 b23bfd1cedb8568d7ffb3c7c076c3d89a5d30bc3d53a80fbce639fd04cda0323 Copy to Clipboard
SSDeep 96:089MP3I420OhTw1WXgIgJS90ynRjtxtG6ik29:kgX0oTw1rUHhntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\ipsfin.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.12 KB
MD5 745615d0262abd64c733d4fbe741735c Copy to Clipboard
SHA1 3a4edfe0639bc03a64efa1aa7c894f17c60de63c Copy to Clipboard
SHA256 ca5dda5dd53179e1d8efce6bd22574e77febc049ebf0a04573a82d3269db95d7 Copy to Clipboard
SSDeep 96:hbvx1cMoH0y+yKYwbMu37uiL5jzXnvWUMnRjtxtG6ik29:tnc3H0zpMurr5jzXv7shntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\ipsfra.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.09 KB
MD5 2999926a25593c421b3eb6c84a8e5a1c Copy to Clipboard
SHA1 13123247081f84d35e543c64117b77250098b13e Copy to Clipboard
SHA256 010d2279c4ef47316641a802ec93c14d6e284230614f7fc13a7abc93c942058f Copy to Clipboard
SSDeep 96:XGf63U55oa4G0oWwauXFCyc2alnRjtxtG6ik29:X2cw4uXFCycthntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\ipsdeu.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.08 KB
MD5 0f60de6630f6b8b859085c83e5fe021d Copy to Clipboard
SHA1 eb47008cfd05c2eff7a24eec008cd0a12cf4d68b Copy to Clipboard
SHA256 95a0f7048806cae844b32e64e637fc162796fa397983c3db3518e8aac1ca2db0 Copy to Clipboard
SSDeep 96:WVivI5oCgqm5c+9h/sXj2BXQT10qUR/9gtnRjtxtG6ik29:WJDCcf6gTURVgdhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\ipsen.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.05 KB
MD5 b8452abf844a2744c6fd3452b5abbdb0 Copy to Clipboard
SHA1 e33a512ed4d83c278d6079677b486a6c01261c09 Copy to Clipboard
SHA256 a6edc65824644329e6e75a0dfee0bc50624ec65018770072761190222354e123 Copy to Clipboard
SSDeep 96:ftf+5kinq54jqjR96RpB17ioVWenRjtxtG6ik29:Vf1Mq5JlA5dioYmhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\ipscat.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.05 KB
MD5 1eeb5a8c46a374e529d43e76150fe44d Copy to Clipboard
SHA1 0680f90ef51c2ec5486dc4059d6f9c5b3d964437 Copy to Clipboard
SHA256 0d69e634ea24fb8ccd2dd2bd14a650efe156b3a002990f4563e23990df6eba78 Copy to Clipboard
SSDeep 96:EXJao1Dqf/fPXQQBAcuyls3Z6Kd4nRjtxtG6ik29:EBtqf4QVEZJGhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\ipscsy.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.02 KB
MD5 620a9a572f493e84b29e8926aec60f24 Copy to Clipboard
SHA1 333810699f1e1763222980d3b6cde5993bf1390e Copy to Clipboard
SHA256 5d09cab7302a19cc68a99df5221d902ab261a657e9875033be0ecec5fe2adf24 Copy to Clipboard
SSDeep 96:Ze5sgCSUGmZa/rsz7bR94Qey3it3KAnRjtxtG6ik29:Ze6OcZazsz7bR+QePJZhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\en-us\rtscom.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.02 KB
MD5 bdd8a5d497047522f054fa9181d67e8d Copy to Clipboard
SHA1 0e9389e70dbc7fd732b6c526bbd24e85ef86fb6b Copy to Clipboard
SHA256 583fddd5dfa24a9959df1ffd0761c935c236ef85d6696b7e9d78677377a77697 Copy to Clipboard
SSDeep 96:G9+RcO5WI7SGURyG31wtYtpXX7zfLdXqlxZbpp1nRjtxtG6ik29:4+RR0IWwowKtpXX7bREZtHhntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\mshwlatin.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.02 KB
MD5 0013e3031ff2aaabb9ed2f8cad0e74d6 Copy to Clipboard
SHA1 dc76eaf3532ce91402d6dd4b741ba4c71a472b64 Copy to Clipboard
SHA256 c22163481fb87c84bd7a7c05f4798eb0e5d6c6216073ce5f2ffe35a76091aab8 Copy to Clipboard
SSDeep 96:zqMEWHM92ZLad65Q3JquhTMgpVM0Qz+ypnQilnRjtxtG6ik29:zfEWHquLaM5QZ9h40U71hntV4 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\ipsmigrationplugin.dll.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.02 KB
MD5 ed23f7c0caaee672a3520ddcbfa5b3ae Copy to Clipboard
SHA1 913e47e2b23dc6780b7efa9d1e3f7d0c31e1e785 Copy to Clipboard
SHA256 9e436403b25f9fa297ddc623e05eb5d6fcbcab79da6a5e19cec0ae73d0d6863b Copy to Clipboard
SSDeep 48:bl9utcaYnOAXCkkHmTXqR1QAfB0mT8uqu0hja1SQljlIcqMmt+7PnE6jQz+xtG6E:SY9TXyMkzqu0hsjUMMmnRjtxtG6ik29 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\en-us\inputpersonalization.exe.mui.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 4.02 KB
MD5 aeb08675d563c523ca8abe6433f1cd60 Copy to Clipboard
SHA1 96afe84681e8f5a4c0b99b4d1e991a141718c35e Copy to Clipboard
SHA256 a32b189630479af819da78600a2754f7cd6c15e5d43e27303bc6313c7fc1b451 Copy to Clipboard
SSDeep 96:JE7hzebtdRvcfrT7qP+d0/K9LR7TFJxwnRjtxtG6ik29:HRPuTGCLdTF4hntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\ipsdan.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 3.98 KB
MD5 9430e989a04fac5a65ecd74b74c3f32e Copy to Clipboard
SHA1 7f2a29e04087db962647f456338d1c2e4abe3450 Copy to Clipboard
SHA256 5ef79e638448d68c41f71d68b54bc09e0da9a3a873eba748daa1f50aca689e27 Copy to Clipboard
SSDeep 96:Sj8yByaZN2/KSrgJDLyi4gm1nRjtxtG6ik29:SIy4aL2/KSy30hntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\ipschs.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 3.92 KB
MD5 b773efe9a5625c2abccef250fc5e6a2e Copy to Clipboard
SHA1 ba44c7054b1d77a8de94b94b24aa4df06fd7f81f Copy to Clipboard
SHA256 47afb4bd9a06ebf073899dd8fe7416ef9b7dd9d77e3c8c84c64a73806cd3867b Copy to Clipboard
SSDeep 96:DFxMpTIiwy/5lM+595+VsJhESePLTfDopnRjtxtG6ik29:DFAZH/5l5595+OESeTohhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\ipscht.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 3.91 KB
MD5 59413a2dbeef75539cff55de83148fd2 Copy to Clipboard
SHA1 73277eef33149f97e5f3e32af27afa4f21bf39ea Copy to Clipboard
SHA256 187071538f09bfd94e0a500ea631dc97cf5bc093c686cc65d40ab90a57385474 Copy to Clipboard
SSDeep 96:VRwdWHWx4DadnNunAiGdfbnRjtxtG6ik29:Vr2xvnN1XdfzhntV4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.92 KB
MD5 8bc01ccf8bda17af8455aec84bbc2663 Copy to Clipboard
SHA1 316ca5510029dd16a1fdfba6282ffb472c51a61c Copy to Clipboard
SHA256 2322d473ad5f68712d24a70b7b28c701392c49ec9441d8c5e7ef39484f4b9a3f Copy to Clipboard
SSDeep 48:sLJqplMKryfuK6imw9TFDq6TAMx+Guk2his17KX2QNGnE6jQz+xtG6iGxJ4ND:EJq79rmuMVlFDq68MRuk2hPeGQNGnRjQ Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.92 KB
MD5 bba3ab322a9d904cf6d530eaa93961b1 Copy to Clipboard
SHA1 f3cfce2a6fb569272ae368cca4885d08723f4e82 Copy to Clipboard
SHA256 036e3b6f50095fdd7e8cda42ba932a1bae124d5c0c956f8ee39988d75706f10b Copy to Clipboard
SSDeep 48:MjS7v1A1Qa18CV+DrZVQkx5ytM9BpRY5nE6jQz+xtG6iGxJ4ND:6SbC1/rMrZVQkxmM9xKnRjtxtG6ik29 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\numbers\numbase.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.72 KB
MD5 ada16c3a851417c4de20ec5d22f76b6f Copy to Clipboard
SHA1 4a43242f4942804ba39b27419ee6233c863192a4 Copy to Clipboard
SHA256 3d398f1bbfee8c4b89b625cdda8cd0ba11c7448dad43cdeb5754dba0005e6566 Copy to Clipboard
SSDeep 48:uL1HpsMc3ROi6q6cX/H+Imupvv7S7HGeQ8nE6jQz+xtG6iGxJ4ND:uL1mD3Mi6zuH+ImupvCG4nRjtxtG6ik4 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\web\webbase.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.66 KB
MD5 1e77de7ece0a6119083b2759b67c448b Copy to Clipboard
SHA1 20ad7b62c898969139fa2a3a299642a683d676dd Copy to Clipboard
SHA256 c7d76d8bf1d03518ae76316989c26b34c00527df220a57038ffe54bc28dd2a60 Copy to Clipboard
SSDeep 48:9dgPs9rgxZzdYUZGkHv2gNlQ3EBmdnE6jQz+xtG6iGxJ4ND:9ieuFdtZ/+gNsEQnRjtxtG6ik29 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.61 KB
MD5 bcffd57f4724e96353863e12cf48a6ef Copy to Clipboard
SHA1 51c181590a808ee050ee4143613d3dccad94766d Copy to Clipboard
SHA256 e835b781d2331fca8493b11e462b183fba28c13e39962e535066004f7ef5b73a Copy to Clipboard
SSDeep 48:MDkRaSKqDvilWwzAxWGwSDjlWjDuCQNesxa53VuyAlnE6jQz+xtG6iGxJ4ND:MWaAilwxZwu4H6Isxa53I7lnRjtxtG6E Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.42 KB
MD5 b1dae05ebe356f9069ffd0c8b190ac82 Copy to Clipboard
SHA1 b8c92b7b8843b096b33a3c9f1f5edfb59ff34840 Copy to Clipboard
SHA256 0041110e24481a211186bbf1cc593a2782ba424b5d78c0d8bf9c9f1fc9ae6f07 Copy to Clipboard
SSDeep 48:0RlIeoHLdmmZAHMBpkEnE6jQz+xtG6iGxJ4ND:FeoZUHMBpkEnRjtxtG6ik29 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.31 KB
MD5 c17e7bb3f7b5826735574cc95d7a4343 Copy to Clipboard
SHA1 f82964fa86a08c5cee46efbb26cd64a749338898 Copy to Clipboard
SHA256 90f04406813c795ca904c11a13f8067777900892bf32cafa88035cd161a55034 Copy to Clipboard
SSDeep 48:P2gcZ6L1kGKlnm88s5onE6jQz+xtG6iGxJ4ND:P2gcZMKlnm88s5onRjtxtG6ik29 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.25 KB
MD5 ec675445b58147e9ab07270c8cc1c0ed Copy to Clipboard
SHA1 2b3049dfcb1a98e4ad9e9666a94eb2089e84a3c8 Copy to Clipboard
SHA256 7ee74ad46c0b81246c899575936dd945f11168124db8042392466f88558d25b2 Copy to Clipboard
SSDeep 48:mtlKJlwj76MDMjiU34nE6jQz+xtG6iGxJ4ND:+IJUqWU34nRjtxtG6ik29 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.25 KB
MD5 386e08380424edadcc705acece9568c4 Copy to Clipboard
SHA1 f84ff72cec21dded17fa3ed688519c88136220bc Copy to Clipboard
SHA256 b4b84a8e7333f3adb0f7c9748481396862f06b963b01e222b607f600c6f31b8c Copy to Clipboard
SSDeep 24:YuJhoBIqy1bM3jUiYQXZXR5loXayFXnEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3a:9joHomJXWK4nE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.25 KB
MD5 3bcbabdcaadf94b4e5eaf97b1f64f90a Copy to Clipboard
SHA1 caf59f20b0a7a77a0b02d78180cc0c53bbcd9a14 Copy to Clipboard
SHA256 d5da7276c02eb7645b9fa2c8915d538f3f4824e0394c9b938ab5b91932e228fa Copy to Clipboard
SSDeep 48:ite5rsK/wS8I08jfAy7LZsJVnE6jQz+xtG6iGxJ4ND:Se5j/wyIyXmVnRjtxtG6ik29 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.23 KB
MD5 25499a663e0c42a687e38201d77f421b Copy to Clipboard
SHA1 551a7b90b6444b4d85548dcc39fd6011382bafee Copy to Clipboard
SHA256 55f4b086ebb9d22e926e69152ce57e7f18556a07663aa4aad0b0288391f76670 Copy to Clipboard
SSDeep 48:URIX7Kw4AjxyA6HPwRepprx0nE6jQz+xtG6iGxJ4ND:s7OjxknSnRjtxtG6ik29 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.12 KB
MD5 ed8d49f33129376060785febeff20e5d Copy to Clipboard
SHA1 31bdd31c939b833e87f3719263d824ba512e5b10 Copy to Clipboard
SHA256 459ecfcc63921133deffbed9258b2dedfe2c2147488859e9f0c43eb85ec167e3 Copy to Clipboard
SSDeep 48:c/sQG3Oy/dPBPkjjNO4SZlenPkKE500nE6jQz+xtG6iGxJ4ND:isRFkjMfZAnPjEnnRjtxtG6ik29 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.09 KB
MD5 eb5509a38d2009635ee3729848908173 Copy to Clipboard
SHA1 e1c77632e89f869e6c15db35e80ed21b197196f0 Copy to Clipboard
SHA256 9f8a55d127dda6337a9f6ee4bed61dcda14c21371d66adc9decba497d191f661 Copy to Clipboard
SSDeep 48:y/mio7EZqXZxcZAagnE6jQz+xtG6iGxJ4ND:y/mLuM6ANnRjtxtG6ik29 Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 2.00 KB
MD5 e5097edbe31470ce7341730f19b8ea06 Copy to Clipboard
SHA1 a31136f48ed21186a19a5478c860a20f00643024 Copy to Clipboard
SHA256 6993afbdd4c716f0d1e1cfbec0eb35cc8c4bd9a41e0f5750ffbdc3dd25980152 Copy to Clipboard
SSDeep 48:mEUry1qDEPzBtCGtbjQnE6jQz+xtG6iGxJ4ND:omUDE7BtrdjQnRjtxtG6ik29 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.98 KB
MD5 08f86751989e3a4d823fd4fcfd2585bf Copy to Clipboard
SHA1 09543436669663d78827233db4055dd7a190aa17 Copy to Clipboard
SHA256 e050d405b6e9ceb3008c8943f9c64ba44de1eba94fbd44d864719b26d7834c38 Copy to Clipboard
SSDeep 24:ne7hOEAEjeVFHulwf1sIj3D4o7R1SlnEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3a:neEkwf1jjD4znE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.lockbit Dropped File Binary
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.lockbit (Dropped File, Accessed File)
MIME Type application/x-dosexec
File Size 1.91 KB
MD5 89b6ef9aabdae51aef010791482b446c Copy to Clipboard
SHA1 58ab4f0ce8cd3226d9440af172f11e6a4d4f18ee Copy to Clipboard
SHA256 947865f3d39a2d9589a9a423796d14c3b425ceba33b3a400cd06a1141f7aa6c5 Copy to Clipboard
SSDeep 24:ASydTmoVFCGil2iUPMnEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3d8w4NllFp:YZWGUnE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.89 KB
MD5 05b065d44460ad03100b36c672ad9d55 Copy to Clipboard
SHA1 1b757dbedb7e9b130fbc687d3faf5ca1346b5c57 Copy to Clipboard
SHA256 16c54cd441716efffb1928226ec3a3d1e047a873f3ef591182e35cc4b67a5c75 Copy to Clipboard
SSDeep 48:tEL4XEXbaHVqk6t9nE6jQz+xtG6iGxJ4ND:tELfXCponRjtxtG6ik29 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\basealtgr_rtl.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.77 KB
MD5 3550ea58ddfef761c02e80250b72e647 Copy to Clipboard
SHA1 9108b68a7b207b2e0c4d5934ad482259e4401ee1 Copy to Clipboard
SHA256 aa09a9dbe015a1a93fab9382ba2ee717ff64340fb71d60bc3e105bd66c4747d2 Copy to Clipboard
SSDeep 24:6MJW9HA+WPMPj1lHsuhnEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3d8w4NllFp:/JW9HhWkDnE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\oskmenu.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.73 KB
MD5 fdb9fceebb92b04b2b7f7917733c6e78 Copy to Clipboard
SHA1 d40eda19df97a9bb885561976df6bd3f9fa4e7bf Copy to Clipboard
SHA256 a688d2f64e56196387e260282985d80b17c41321e29cd81eadf3dedb5d6e65ae Copy to Clipboard
SSDeep 24:jl9KREv7N2CxonEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3d8w4NllFp:jtDlKnE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\numbers.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.73 KB
MD5 10067dab9759b2045846ab7e04331128 Copy to Clipboard
SHA1 7741018b9597a687247da72b259443c05b2137c5 Copy to Clipboard
SHA256 b847b4fc8deda4679b2ffe3504d1467d489da486084d0a4826cf24dfe071c9f8 Copy to Clipboard
SSDeep 48:JlG8tJmNkB5uIp279nzXnE6jQz+xtG6iGxJ4ND:Jg8tJ4kTuR79zXnRjtxtG6ik29 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.73 KB
MD5 0dc15d5cf1601d02922b6b9023ea7e79 Copy to Clipboard
SHA1 b1c41ad4112258d341562ef2cf797e3912271ff7 Copy to Clipboard
SHA256 d0db0b2592e06268bba860d0fea1156d8eb4b5d6afee27ccafefdb931236b1a8 Copy to Clipboard
SSDeep 24:NqsvQpDW8afbTaR3Q6kZ+nEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3d8w4NllFp:XQ8dbTqS+nE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\ink\fsdefinitions\oskpred.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.73 KB
MD5 722d0f85732a64750ba99048f9e54459 Copy to Clipboard
SHA1 a32448889f34dec5aa6061281135862ee550b338 Copy to Clipboard
SHA256 25cfa20995eca6f34942f2c8d3106970163d221a73afad87764d2732f79b37f2 Copy to Clipboard
SSDeep 48:vjj1109MalicjJHfbCwlnE6jQz+xtG6iGxJ4ND:j094c5RnRjtxtG6ik29 Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.73 KB
MD5 cdd9c05a87419048fb6b42fad4431018 Copy to Clipboard
SHA1 3e2c35f960377c49043d12ae6a9a759cb689a0dd Copy to Clipboard
SHA256 4d3571c4a363a9afcd08c1c9e0f342d4b0565c632ed88cf48ffe4485c288def8 Copy to Clipboard
SSDeep 24:xD/Pcj7YvehYgLdGcnEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3d8w4NllFp:xT5vgxxnE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\fsdefinitions\web.xml.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.72 KB
MD5 0ce55c39a4f65af73ee8cbe9757e8549 Copy to Clipboard
SHA1 164480ba05415454c4888e7838fdfc839ad37c23 Copy to Clipboard
SHA256 9e965cb63540087b4834ee1027054e85d3c8ab822c22bf491ea0e3491e25c099 Copy to Clipboard
SSDeep 24:mOucYOIrvDVgxoWOHZDYnEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3d8w4NllFp:3uZOIrvDVgxBmenE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\clicktorun\i640.hash.lockbit Dropped File Stream
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ClickToRun\i640.hash.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.62 KB
MD5 84b2df7d07d24f989657c9e5d220d420 Copy to Clipboard
SHA1 8f31892ccff00c07d9414ab33450bad970860b0e Copy to Clipboard
SHA256 b88dc3712345d6e1c61170a49e9ea97f24805c62c4640847154d8d26eeca26bb Copy to Clipboard
SSDeep 24:MvdoxygIjx+okoQ2uSanEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3d8w4NllFp:wdgzquHnE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ClickToRun\i641033.hash.lockbit Dropped File Stream
Clean
...
»
Also Known As c:\program files\common files\microsoft shared\clicktorun\i641033.hash.lockbit (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 1.62 KB
MD5 0c2d7ff53dad317a8213ae3b3316ad8c Copy to Clipboard
SHA1 35af273f96e21898e4649acd957a0beaa8184e85 Copy to Clipboard
SHA256 41758cb9458d4c69496d57ddc6bf5d061bd8f32093774e8ebca749768519c567 Copy to Clipboard
SSDeep 24:aq/hr61FUkYHzkkUc0nEJckn8LXQz+xoqCbvoSkSJMDiu5t3sS3d8w4NllFp:aEUekkzLT0nE6jQz+xtG6iGxJ4ND Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ClickToRun\Restore-My-Files.txt Dropped File Text
Clean
...
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\ar-SA\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\bg-BG\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\da-DK\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\de-DE\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\el-GR\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\en-US\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\es-ES\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\et-EE\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fi-FI\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fr-FR\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\he-IL\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\hr-HR\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Microsoft Shared\ink\hu-HU\Restore-My-Files.txt (Dropped File, Accessed File)
C:\\Program Files\Common Files\Restore-My-Files.txt (Dropped File, Accessed File)
MIME Type text/plain
File Size 929 Bytes
MD5 78c8e72cfe6dd1d7fdd96e5bb4595eea Copy to Clipboard
SHA1 4e0bfb905a775cd1f1f69781c8ea78b8c1d1f2f4 Copy to Clipboard
SHA256 177d51941e2085a69987af5ef7dc168694fab25cbeda0ac2b793cb3e67d5dd8c Copy to Clipboard
SSDeep 12:AW8XgetGW8lyiHFietj7lllYNpGzWalMw7LVDCJS6QQ8Bqr/VMBze7pNDwrXwP/k:hXtdFjtYaN7L516MQrCAPSVcHdo Copy to Clipboard
ImpHash -
C:\\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.lockbit Dropped File Empty
Clean
...
  • Actions
»
Also Known As c:\program files\common files\microsoft shared\ink\ipsita.xml.lockbit (Dropped File, Not Extracted, Accessed File)
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\program files\common files\microsoft shared\ink\ipshrv.xml.lockbit Dropped File Empty
Clean
...
  • Actions
»
Also Known As C:\\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.lockbit (Accessed File)
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\wkssvc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image