1c2513c5...5400

File (852)

»

Filename	Hash	Operations	Category	Severity
C:\Users\FD1HVy\Desktop\PIC123174.jpg.js	MD5: 137f0a805aa86ce00ae6d3953a5b127e SHA1: e0a214af11abc9b6ca7461884f53706dbc7387c5 SHA256: 1c2513c56929fe7826d7aa78ea57ddb1c713e5443aebae2f147d10d14f585400 SSDeep: 6:qHsRkbc7xvCqZGaXnGQO0cGzV74SN+/C6SoIMFC6BbZGaXJMCirfB3ASN+6mW+6g:knbovCA3GQpc074Q+/ZSoIM46BryfuQg ImpHash: -	Access, Delete, Read, Write	Sample File	Malicious
C:\WINDOWS\system32\05750050.exe	MD5: 6c660f960daac148be75427c712d0134 SHA1: b3c597060abc20d3b3291f8b5252a3834d49b92f SHA256: fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6 SSDeep: 24576:du13Ii3FoHjrdVIxpxJbpvR+h8O+DB8lll7IbbbbpcMs:du3IDHjrdVIxpxhe8O68Ll7IbbbbpcM ImpHash: 84789fed28ecdb34d8ea466d9386a4ec	Access, Create, Write	Downloaded File	Malicious
C:\\$GetCurrent\Logs\204502-readme.html	MD5: 874c84a8fdaee6b94c0b737329077fad SHA1: 7d9160b7613be89ae2413e3822ca262fb589eae8 SHA256: 51e3d7873788904ff0e5ed302ed0751b0c790039cf3256f31d2c215b38df7916 SSDeep: 1536:2vZIf9/RWnN6c2sq6LxDF2EVnUBhnKRXdB:2hIf9YN6xsdLxh2ERUB8tB ImpHash: -	Access, Create, Write	Dropped File	Suspicious
C:\Users\FD1HVy\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	MD5: ee5c425bd4738521f177f2a418bb1745 SHA1: dbfa3fa1dd387290394fdfa19e163a2ef774567a SHA256: 1675997a7f2dbab63b955889ece8d81e0331e25a0b551f8fd563e04b1bc3cb9e SSDeep: 768:jUpAa5BHMrxbfrRJPFh48Fq3ThRW/Y+e+jH0qlwKH/mYohV3IpNBQkj2As454Z6D:jUpAa5RMrxbflJdh4thRW/3e+jH0qWKh ImpHash: -	Access, Create, Read, Write	Modified File	Unknown
C:\\$GetCurrent\Logs\PartnerSetupCompleteResult.log	MD5: 11ac18ca0993bc02329b4b61fedd9042 SHA1: 3d0a84cb3ee66af29ee92365ca797f3f5d5c9e4f SHA256: 7ac1aee267f000a85c2c487b8586151e5cc6f82c96983e1f765253598eee7117 SSDeep: 192:R4vSW2ERTTbujJs2+uah4WeQjrn6DBhxBYltmqE3Fp:liTXEJscpkkFKfbET ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	MD5: acc08cd96e9b98cf90e540673c190b3e SHA1: 1f6b67f9d76740a5f44ea23bb85e1820c6ad649c SHA256: 746f08b748895ddf036895fc5a1bfaddc6e8b48d7653f72470a2163cb07c4032 SSDeep: 1536:hHUjGd8YN8qLFs7HFdYZahwTp40Td5cx0Zd0H:hJcqLu7luZo0TTcxMKH ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	MD5: f79ee04d9188a4d94436d506b462f903 SHA1: 76d53db871190fa86cbd984ef71c459d9b49bc5a SHA256: a50c49d1c6533556c40f84099233805a6387448a49b938835ed8a687b9514ff6 SSDeep: 192:pQcuqxKz4qyF4d6Dlm8FKDk0/3ODlzbhIuZ+74hq/wWyC9I0rE3FC:S7s1nF4w5hKILDlh7cJzEA ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\$GetCurrent\SafeOS\PartnerSetupComplete.cmd	MD5: b140a2b9770e131dcdecf0ac5c055f72 SHA1: 30064ba937e4c957f970d90ce0630f67c936d5a2 SHA256: bc74f3356a174cfe2c891d792c4e7e6cd07093631f894bcdb8f75b249dd4bf73 SSDeep: 192:j5hw7frkY7yyiIWSiSVlLCr+r3AzUlOnlvpcpqE3F4:9hOrj7pVWGJrCOqEu ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\$GetCurrent\SafeOS\preoobe.cmd	MD5: 59c87293b5cf4900ea62297072c8344b SHA1: b294973bd7ac27f11937398d351babcd031f2cc6 SHA256: f76b18ca2a3477923f787e9538673038b88b2bf81228b352d28541c8d8eb475e SSDeep: 192:vgrqoo7CMjW7DkSd2W5otljIEVLRpW2Cjt4nkb4j+yzeNCwHSe3E3F7:4WvOMCDZd2W5oXkeyMheRHS6EB ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\$WINRE_BACKUP_PARTITION.MARKER	MD5: 40d8b7eb1648a6a332b98deebd70b3b1 SHA1: 71c1a78f431d5054b68fb4a962418634b06bd8b6 SHA256: 4eff4d6e2bd6d6091222a15ddd616a25487b9028b2d991cbd388e7fe40d64802 SSDeep: 12:vX5gwFWwXUqFFL+2tGdcbsM6ZAV41UBRwnx1qkfNHYRltcQmDn:vXfF3k23UdVMW1oUnfNHYDAD ImpHash: -	Access, Create, Delete, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1025\LocalizedData.xml	MD5: 0d238d096ba1eb55ebb2cf32d39d333a SHA1: 675639ed358257625da1ae242f89bd3c744e581a SHA256: 7d4260c2477d113525cb8b921077778b1ffdb64fdfed5926cbfe06a5b29e6da1 SSDeep: 1536:46tkrQr8XyXDmCcPNYzc0O2GPEPy5Y9NzwdKWbloookp/7JtK2r6sd5:466rdXy6RPNXAK58N7W5oookntKW6U ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1025\eula.rtf	MD5: c988daca2e9439ddac2357d1c4af53fe SHA1: 68e2d4bdddb42ae8f70fbc5aeb2beac4af91c121 SHA256: 1f5874084bf7605ace5ab97b11d92778d67b9958179e6dafa7749fec2eed792d SSDeep: 192:ceCpM/zhoU4VK7XSU06BwBy/DNRI8kksNXo0QJE3F9:ceBL13XR06ukNRbwXovEr ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1028\LocalizedData.xml	MD5: d9b487be58fe86a2a2c07b7eb46e6db5 SHA1: 5ebce7f6101d8e335d4cfdf01bba162c5c706864 SHA256: 848ce6c476c2a4fe3b7eca47b60a62b8989a5273e6af8c8d31b83aa1ac10c652 SSDeep: 1536:P1LIlMPMl27Hfu5F20+rjZ1Y5Laz2gN5GfWyYHe74:RkMPMl0m59GjZ1Y5+ioMYHeE ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1028\eula.rtf	MD5: bd56507ffb8361bad27c50889f638531 SHA1: 4e8be4bedb3cdbb1356c5e0e7ea52e6681e5441c SHA256: 1828433faf8c194983becd97fe8ea55c5b2dd6bce31eedb3fec6e9634635fd22 SSDeep: 192:pJERAAUO9Lj1QGIRnDjiSkxoyFhiYT+X3GEO9ZwI4E3Fi:cU2Lj1/cfPk6A/AGEKZwXEs ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1029\LocalizedData.xml	MD5: 2c4c9be94603a9ce747eaf519bd2506d SHA1: 9e4d01b4ee40cc9f69f4378815314e3150240518 SHA256: 409c41f01fdd500add3038eff34a16fe26b296eaa1a52afb7e91578deb2dc776 SSDeep: 1536:gDUEok2252y2KEqe/3rIl8bFWPQiDoZd8joIcw2XAxYVELhY0iguT9f+HXxS:gUEoktKNDa8xWPQiDod8UqKjVELGNT9b ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1030\LocalizedData.xml	MD5: 388b9eee734136505e91bdd183b6e5eb SHA1: 0dbbfda4d6a285b6cdb3e95339e04d35803ce387 SHA256: 8d26b9b2d6878c6a16a88fca8f8df8dd8b18bf4616a3d3681daf73d450908536 SSDeep: 1536:l3zoAG68+S+13Mj3ehlV5N4Ga9zwjL4QJxPJ9r/lW8UWwUzO9e:lDoAG6TS23MjsN4GatwjBzbFzZ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1031\LocalizedData.xml	MD5: 0fb5b7138254b755e31d0a8df58789f7 SHA1: 4255649028826b30205056bb4e552111e7dfe06e SHA256: 72daf571e1e603105ca2019ff97ff5a746aa626e722151ce908476ae23921d45 SSDeep: 1536:3I5SpDelwcQukj9WlTcYNMaE0b8fAt5uPKHq+GzJ910e+T0E0sOj/:YMpKQukZOTcYLEfAzuPKK+GNcCPs0 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1031\eula.rtf	MD5: bad0f7f7fbdac7958842cde7fca3b104 SHA1: 8848d6229d4363860104c84ca1052d6cbfa2a877 SHA256: 4d22e30adb42d7ecc7e6c8118122f70ed303c21d19a688ba26b0a7255fa70b26 SSDeep: 192:EJGrsfKiegTqFgVKBemMOCOM2rC4K2CuW+wy0pzKWonTpE3Fp:EArgKiegTvwmOwp4K5dlKWoTpEH ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1032\LocalizedData.xml	MD5: f9466bafea4e2c15d7492d70dada94ce SHA1: 46934f12e86a876de92b4bb50d058a0bffc7b249 SHA256: e5dd65b1df4d8630e45b990e58fbd242b31791d47577c1283bf9e5f4efef8f10 SSDeep: 1536:YN66IEgiV8msFlSzZ33zwtIbRDDGvGObwUhwC+N5mPuZ8rK4DIPM614paciN:YI6pt8Fc10SZ3OhhE7mPuZ8rK4DiDurY ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1032\eula.rtf	MD5: e2aa8dd7f6ca3eef4b81c54ecbbd6990 SHA1: 10a129c1ac213e692d64549f84bf29e843c62512 SHA256: 327b3643f26dfe52c00405ad5dfe3e9bd0c4f85d66a00b950a43f805525a8040 SSDeep: 384:EWiMOY4xeDadQwR3NQp0BUevV8ja7xM+e+VqqLh2AlyER:5OXEDwR3+puLmj+G5+VqqLh1vR ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1033\LocalizedData.xml	MD5: 0dcb244c88a72d82c5f03ae87427e86b SHA1: e099c77ce0489689f99efdce4c9ee9b703f6efcd SHA256: 5faf488e158d7ab5ca22672bcf9cf4bd199b4b13b13a67299ba2ebaec5d1d8d4 SSDeep: 1536:VmOC9n2ssK5xiwfI8pfWjwqvz8AW+pO5ojmovr2AYMMpbtt+Mm:sscxiTNsUWW+SFC4cn+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1033\eula.rtf	MD5: 11e7f0fa77694d2a4642951cffd15335 SHA1: db4838233b8a23f39cd4766155dace0d88226302 SHA256: 041a8017286aecc0e97527522a5640e1976746d07b5be104f047ba0ed808aa68 SSDeep: 192:EVNKWK2pHvW/VS2KIZlcVRYECuBjlJgSERQH46yC5E3F5:EfKbp/PZEjQc4FC5Er ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1035\LocalizedData.xml	MD5: f149165c1797adb2b5599648654f2c95 SHA1: 16671706dbee92fca71479e349ef279fc4e6e874 SHA256: 224c490649778c068e6f66ef7af0d1cc84a1fa495f3259e73ff483b1b9d95aab SSDeep: 1536:V/RMNqLctPrvSez3Zs27cBZqMatvfyLFWjdtqA+2wPT/pDd0v7GefAtcl:LM0Lcxr6I382MaxfyL4ZE92wb/pDaEtu ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1035\eula.rtf	MD5: fac196ae739eb31092d47502bbe356ff SHA1: 8be83ac4e831995089f2518ebf9559c62314084f SHA256: 0d4a3d87ecc6f254772081bc2337bd28047229a7b36a7cb02d2ed7fd2499d93e SSDeep: 192:EJIviyslm7mdimFD4T57mzqSWPDPz5q5H5Us47RnwI2NS06WDIE3Fl:EWiyscqhFQZmmSWPDP9q5H5X8Jw9QpWn ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1036\LocalizedData.xml	MD5: fbf738e70bee400ded9f25c398230784 SHA1: 8bfa9226bb0edae41df5b5b6cb541e24826739c9 SHA256: 94823ea1d21f3d9e2266cf81862b52c21c35bd3a4bbe5460dc97417c20f05fc0 SSDeep: 1536:hEnluTYpkAFl1MK+RHNzXYqzwz3MmHcs0aPtRdpCZaKiT2JyAUnwzr/bwJtezF8:oQTYbvCK+Rtsvz33cs0qHpnbxAUnqb4N ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1036\eula.rtf	MD5: 5f0a6404870f43f7ed472b55e4748fbc SHA1: eb78059e286a69e8a05e1e38fa279c4d474ccebc SHA256: 5fbacf6ee6cf5f6664da22e50b925988c407b73dd254ff7d564874689e412df5 SSDeep: 192:Ei6gSb1CyfVwvPPKh3huY79A7vRow8f0KRE3F2:Ei6JwXSvD7ov2w3CEs ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1037\LocalizedData.xml	MD5: ac1abcf0533ef5e93805a697348569a4 SHA1: 3fed6f2ca9d8b238fc6b9ba1a21d078c8b18f246 SHA256: 3c7676ae131a926fd47c3d65756e086e20ab6db451233bd5533f42f43dee95e1 SSDeep: 1536:sxVgtX3KC9A07RS6qc6nTQGMULGSTvSm1fPECmiE/8f9JioN:sxV6X3KP07RnH6nT/fdPEji+eGW ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1038\LocalizedData.xml	MD5: f802e74b49a9d03a7fbad56353900f3b SHA1: 726f1128b1d4d0e60e4f3e2b8f5e295ca6c5300d SHA256: 2780d851a168092cf17899d9258c3e8c465ed24cc067359fa5f8dd8e2b8f2dbf SSDeep: 1536:DgqdEFzZUlSWcJDTSHJGuzkeRuS2XPL1jJz+aF+H5LB0:DgqdQzxWUDTSHJGcReT1l+aCLe ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1038\eula.rtf	MD5: 6fe8f9a93cd6e2c62eddbdb166a9a49b SHA1: c05c0dc66ac9333d28e857174d3e65fe179b256a SHA256: f1dff718f69c93ab1044c139a7138b91a41a4d838d3844cd033487e565a7db87 SSDeep: 96:qVDZ0C38ru7m9gCcKGYTvUKVKRWZtKVjgPuUTmItoRq6yu+DpHgyWxTOGgOhH9uV:qr3symeiV+W/0CuU85yjpfWdYEnE3F3 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1040\LocalizedData.xml	MD5: f28b6cdf60216694093a7705a3286721 SHA1: 432c50757b991cc57b5231c97ae940557e70adf4 SHA256: 6eb31bba6725eb874ce87ef8fc44a96691402e6ab0e83b591182774527128ca2 SSDeep: 1536:5jurFDXDabssvlc45HWxtjeASfCGJ+naApH1k+Ul5kY79ydxx:sx+lR5HWxtiASCGG365UE9ixx ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1041\LocalizedData.xml	MD5: d0ef42a1b05a09b8a41292a32712a84c SHA1: bf6253a8e9a9bd50690a8e4c2d2388b5b2bc3224 SHA256: 2c0d7c26fef064143af47e88f073ec532594ac60e99a118700d61cfb117760ba SSDeep: 1536:djOzrxcslxZVVFtm5+KQUm1HEtW6wAqd7gn7B0i885:dY9cOLbc5+KQ3s/jqd7gn7Si885 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1041\eula.rtf	MD5: 8bea92cb5466a1e51c68a1c4c26bcef3 SHA1: eadd6efef2e2a2162de44fa16daf660d866d9be7 SHA256: 8fd52aab2baa2af784f18403127de6c103eee44abff8a044e4ba38221f194e6f SSDeep: 384:6+gLLq51TsMyCutFV6AaNJeOtfIx8hxiPRmBpczY5KHs/exEb:6vLW51Tvyn3yeOtUCsMBWemab ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1042\LocalizedData.xml	MD5: af663f9cbb02ef267486ab77bd5fa554 SHA1: 4a4e980ace0ea30eb6020671727c1b418028f28e SHA256: 7bcdbe36f58072d36d6f83dfa7fee1ba1465b8f786276655c61f11bd591ea22c SSDeep: 1536:V00RciXdj53KWqUrOJBCiqWRYbDP96AFni66o5I9yv9Arg:TRnNhqUrOJsCObh6A4QI9y1l ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1042\eula.rtf	MD5: 96be01159db7e66cdd47446a9e32b71c SHA1: cb03f296a22009b20a279a0ca05230b6d0a8e59f SHA256: 9ed783a4a702870dc1fa5bcbdbbb19c28c3618c0a9e3c5e044788eb36ea65f49 SSDeep: 384:rKv6WQhvT3GNhlaKXkQYSiqTvCZe1DDZo1F81EX:rKvsTKCKX5pT681D1s1X ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1043\LocalizedData.xml	MD5: d78360b56f9b9da91aa0812750f1ff03 SHA1: b8bf76295e4a320b78711b25bc4767c95e6939c6 SHA256: 04a3e492262ec1534cec00456b60f810f93f1243e1852f5b317490c3a4fb3089 SSDeep: 1536:4i8qcNdQMigZNYrfNWuDHOVjr8UwrM1/gY75JDZpZx+wbGNT:p83OQ98VQSojDlxZGp ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1043\eula.rtf	MD5: 6f8228c8841439857a8e21c7bd6c4601 SHA1: ac2961b44be8a568da81ce21beb59edc79a8bfac SHA256: 618ce11707e590738f90a916c36950bed52624a92e2cd5a0acca24a4d88fd9ff SSDeep: 192:Zbn/lHtYbfeVRt+B1ScPuvDHc9vzORqs5dxwRuQ2doN3E3F6:xTuPoeGDH2CXkuQdN3EQ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1044\LocalizedData.xml	MD5: 891d9c7d13be9bc001a965cfdd335a16 SHA1: 53c2bebebdca9d76262b05286eaa10a444afee3c SHA256: 6072bf53e236501445e9c450634590d3dee6630b98fb02acc377f21e9a904462 SSDeep: 1536:2AC541yE4chfsr1pecacQiqV4IydIRprncJg3Hf4ZPehANki:C4i8fsBAzvjZydIRprncJnZPeemi ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1044\eula.rtf	MD5: e223176571ff603630bdcda317a6f35e SHA1: e61b7f79c47aeeba462f71d826a44f0e87e5fe72 SHA256: 9c2accb5ae3e92dff6dc37e1af7e497936d24aa79809e839a36b6f36f186e32b SSDeep: 192:bNb2FPcwoEKO2ELs28Ephobq1pd3oYBqRiJE9x1IHE3FU:2Bo/O2IR7obq1pKYBqIoxmHEO ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1045\LocalizedData.xml	MD5: c95cc1f2c7dd6235340ec6ad1639386f SHA1: 90d10c4bfee1a775dbd967d7b2956cd520d69485 SHA256: 7a6ba7278cdb578f185e09188be0ec4c8776ee53ce42be8610db2695566f43be SSDeep: 1536:yssqq2K2pK+vqOJ3TPwk/J53odsCiJ+hKKrZZcnHbv6bqKSeXsbLWh7XCUjERpgL:Vsqqh+vqOtTP9UiKrCv0KY2Stzj5yO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1045\eula.rtf	MD5: c9821523fe9748c00136c31a8da408a0 SHA1: 33d08c3b9d3403b5be94c723652b35530d6e587d SHA256: 6606a6671654e8d1cc6879230ac5faa9705d5c2af924feceaa9aa8f4d5324b0c SSDeep: 192:6H5zB8f6lJjRTUoMLBfyTgo2sxvUFZUcXcRBb16zXPtEE3Fu:6H5F8oTUoQ45UFZUi4OXPCE8 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1046\LocalizedData.xml	MD5: f567cb4019facfa992a8b4ed10a5b85d SHA1: 72ac346e92117315d415e190675bf527d9c9ba27 SHA256: 49d4910d4ca3d14c11fa6f44133da3d9782af7f20c662779094dad32674a3762 SSDeep: 1536:vy7eMHQmmBCeiKleSCUjh1VNee/9UeZAlvnNU6N1/MV3RPJOvYtEYxqPn6:vyYxBjiweCd1V+lvNUIxMbPJO8EYF ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1046\eula.rtf	MD5: 8073702f637bd92331c2820986db0487 SHA1: a98ce26d1d29ae5495dbdf34837bf143bffc6343 SHA256: ea3f9236b9122fc7ec00128c50583a032da8d773cd8225c0c49d5410931ab6c3 SSDeep: 192:Z2+6Cyk/3CK5rIZs/0lycx+4HQKuXuWtuiZH5izGct4a2GP3ueZE3FS:0+6vu3CK+W0kcxHQiWtv5SHt4/W+YEs ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1049\LocalizedData.xml	MD5: b6fd7c232267dd2758041784ba4720e3 SHA1: 33e3d7bdd154eefb88da80bc23cf344104ca4101 SHA256: 1cfa1e2bf13dd2fa31deb49137ddb771d28b49436597b3be1d2fe2d27243e9ef SSDeep: 1536:ItoIpplXoP+Gzy6toiti4OrWaC+nPlv5UNfSV2J7yvbmKZ:uj32mGzy6toitGrWaPV5UNfSV2J7AaKZ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1049\eula.rtf	MD5: 6a373d093a35be19c14a896b6c6b4128 SHA1: d40ae82e843fada9e9c14e770616531afad8e74b SHA256: 83c35fd921bcddc225b70acbf893a75a5a3bacbb5907bd054f211f93b9fd6a72 SSDeep: 1536:H9eGv/XmJphUJXTMZ2gvF0R/Kt83yp7uInPeEfQR1c7I:H9Hv/0pi+2gNDtN7e91c7I ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1053\LocalizedData.xml	MD5: e83fe2899a34637a757a61c57859f400 SHA1: 38b9607753358921ed90b79c939169b27d12bbdb SHA256: 4ba4bcb8cf0daa1fe8b033896891e15b29d951c2caa7c10ecefe037a78bdfeed SSDeep: 1536:t9dzVtY4na8JtQJQ6UNq6yhHnGqusN2deXO8DGIJjLwRGgMvAyWxAm:t/zzraMm6Zq66nGVFkBaAm ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1053\eula.rtf	MD5: 2a4c778e2e3060c7342b6d0ef5448ca6 SHA1: 65650ddd736041c0e3ef732a95c36a93ecf9abc8 SHA256: d14140e96e8a71896e1c0dddc73919069b0903c2b1393832954a31bc1f186596 SSDeep: 192:t9BFCruLrTaj5E69Jcd5EC6g4oZAiO0Ut7BWOwN6ilgBrnE3FB:LneIr29TUmg4hiO7t7BbwN6cg5nEP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\1055\LocalizedData.xml	MD5: 361cfab6a6fb1d4ef44c5472bef31c50 SHA1: 8f6a52c2ef898c537412e4d577920e1e99be9a2c SHA256: 6afde0c94d0daf4dca7b95975f61170adc06cf5be41084743c2222beee524f16 SSDeep: 1536:1vSqn73nZNFSYlaYJbd0cNetUKTkzF8gpINFBha9mbXl+6OI/DlFuD+pPOE:1Kq73nVSYlZdmA8KezhZc6OQruK1 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\1055\eula.rtf	MD5: ccdb2ef2bb71b2a03df0f8b145cc661e SHA1: d7c0147e3721642b46ead6e78cd9c8ca7e9226c4 SHA256: 73497932e1f7e5456e7b467b836852ecdce39ef04e50071ffd49f7532cf47205 SSDeep: 192:QSaZwzgc5HbSltDMfHz3MCqKvoPMlrVu5FvUhE3Ff:BBlHLdoH5ShEx ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\2052\eula.rtf	MD5: 322f7e874638d3267fb86038ad7955dd SHA1: 906a132ce1fc1522f2d1b30f59dbc3fae50edbf3 SHA256: 6eda5d66bfd19d84aad23fef8928bbb5e440201b7111b9d045fecd5ca2a02a3b SSDeep: 192:EwhSHDNzjMHM+g8aEaoCPoH0ujeeWy+eQHtRcQvKGJYYzCfE3Fq:E4SHDNCg8aE+AH0GejeUTvxlEEk ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\2070\LocalizedData.xml	MD5: 38ec3135a666552666cf3d2b46302ee6 SHA1: d5575532f5f44cf5474c1baded6772027055828d SHA256: 6320e42f591fbbe9fed1df9a1605d842f8615e0258df4e46525c79a6432a19e7 SSDeep: 1536:diiQvTya/cbL9SI6QdvOhJ8PfjUYnxwNDmr0xMSaL+0LU0/v7QUikI:ARAbohJzYnxbIraTLv76d ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\2070\eula.rtf	MD5: 7c5fdc215c61fe5a23a3938b03622bff SHA1: d4987d9009668eb5285aec5e4f20e98ae9b9651d SHA256: 011fd1551eb6b7fd3c8757bc6c68079566ea1cceaea2086368e49dbd7cbaef96 SSDeep: 192:FyIn2rRZUpr4FVI52ZsSGdWkRxmqBDzcd82cWJZE3Fb:F7n2rRiEDsTWGmqVFWnEt ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\3082\LocalizedData.xml	MD5: 2710a4ae1b9f6b83283dbcf3f5408076 SHA1: 68710c7831687937e248085a4d83fea6c4bcdb50 SHA256: d45d42d3025e20be7db2480d222e661cd3c71fe21c2ddc8f178c022d05e04c51 SSDeep: 1536:qSGR2TrAEMjgPalSIcN6E7qYraMbE0K5FBvzeHTBRY08FYIGnDkXwml4O:SRQpm5C7+YGMb/CGfY08Iotf ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\3082\eula.rtf	MD5: d34dc8d15507f49f3c2678d50b667abb SHA1: bd2719c8d20110a3975a03ec40689cf6057cf10c SHA256: 1d39447cd7dc8772e19b114de96cb191949888e000cae41e36fffe77f91e75cf SSDeep: 192:EtC1qL9IqS3DpXet/qSUt7+mgQbsNZEvFZaNJME3Fp:Eg11qS3tut/qztqBQsTUFZaNmE3 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\Client\UiInfo.xml	MD5: c8d888d0603c70eb67a8aa970444d572 SHA1: d0ae09b890c592be5003c710894c869ec757c091 SHA256: abeb3cb46265b5ea92d6be7a3bd1ccdb23a43b319144b85be3b05793aee21926 SSDeep: 768:wFVq6OFUf0lf6k5GVqnNiT5hNVUh4/hp+7fYs/btvJIecp1jqJaB:wFV/YM0lVGxNd/hp+TTcLqO ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\DHtmlHeader.html	MD5: 238afca52d35fc050d35edd394972cb3 SHA1: 8334ab219df6d47c83eaf1b20453cb4693603bf1 SHA256: 6407c5eaa57861c4b9760b3fe32a4317b4a656b8b54a3fbd3c9d6e4dcc5f7bec SSDeep: 384:EkstruZ1mKamYSwxYbGO/tG1zgr3ucNbgtZvmwJzfoEF:kuzmKWmGXcJgJJzDF ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\DisplayIcon.ico	MD5: 6998beebadb424d4cff594b19d0e58f8 SHA1: cd78bba9aef7794f2be397ff7ff7b9761698d806 SHA256: 99253e5045bb3844c4ee691fa8272243a33e51492f6803656885f2d62619a829 SSDeep: 1536:VWhSXX2dk1BwJLyOv6yMBWpxFqzufesjOlr+6qi6zdHt+Kr2pKBbagMKSkfBah1d:VWAn2dk7whFCM5IuWsjOlr+4ctvr2pOW ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\Extended\Parameterinfo.xml	MD5: 88e1b5a3b4a1ccd1feb391f87a1eea97 SHA1: 96aadc99d76ae03c3c54f73907920b8b20b3aa73 SHA256: 40bab076c32226fa2fd0d54347a15adc70b5cc24c7f8a4dfada06fa9d807817e SSDeep: 1536:FLqT7bLvvrXsdWqCqyVuWRDkIIrNkfCoVZ9qdGhrtHQ2DpklG:FGHzsdWqHuRIxkfCoVDHr5Q2p ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\Extended\UiInfo.xml	MD5: f6e2ac68e3125fe3e96929c3af393e95 SHA1: 159fcf2afc9a53b2a0e72647757eccd0951df07f SHA256: 8f6a7ac260dcf3b79c8466b92e8989ffc5086e4f5550788d42ee5d9a4f308a19 SSDeep: 768:wF6oNpVDuwUrWpLFTiARpw+AxQKF744APUr0orrDSxcIgfPmZ7PXQ6Z:wF6opVSwUrWpJTiARCjF7q8GsfOhPgU ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\Graphics\Print.ico	MD5: ae8fd32061d3439e459868271d3d7056 SHA1: 5d721fe5d23cc28a504cf92dfdede18e327458c9 SHA256: 567eff8b78b6a197d80f9cd9ec22a8fee57e9d39845e60d4831d7a4ae7e6ac79 SSDeep: 192:2nbdgyrYi/BZlEkXCUqpON/xngA8HWg0r4TwuVsUz0JaLRsSoDsfcFXfPE3FD:2nRgkYi7lEkXtqpW1opTwRUzsaL6nDsh ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\Graphics\Rotate1.ico	MD5: 6be5a4114f4d7d1f502d8c2383a74ae6 SHA1: 77f90cef7cbb6a145f4717c9c10c70058ec1a135 SHA256: b4f835bfa5847e742b9e3858171f054b5c8a7388ba6e355b5f8e97a7c7b64975 SSDeep: 192:pY4zROqSvlY1x0mY1Vx+IHBSvJ2FDChNPtaM9IQNrcoe/E3FU:mK2lY12mc6Ihy2FDChGM9IYe/EO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\Graphics\Rotate2.ico	MD5: d1456ee7a826b2ed4b5e6938882fad86 SHA1: 263933af2fc4bb74e190aabc6b668cd7c657fd50 SHA256: 69201e12d8fb2e70bf80d5868844b20a17d120129384b8bb5006cbe5067e8292 SSDeep: 192:pCHg1Vcg6ywDk5q02JPLxCUcvadBVBctylwVRqIueoSnE3FU:rncHywDk5GRxCvvad3uUeoSnEO ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\Graphics\Rotate3.ico	MD5: 8afb4fa8951845301176d025cbf168fe SHA1: 58cda38f82ed0166e274e0e86545ab9e8faf10e8 SHA256: d20addace964d3f702f7de6e95554bb1aaac5ae92e472c471fa7439e59e7fcd1 SSDeep: 192:plkxnj3glwNi5Nnb0t1SratFpALOECg31F0KGZ5T+9l1aUE3FU:AwlwWNQtpbpSwtKc00UEO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\Graphics\Rotate5.ico	MD5: ac07865fece1dabbc1e99b7ce59bd1a7 SHA1: 027089ba2d7a3ddf44b0bdb0ad0a89e09e4b7970 SHA256: 3f0475c156c1ec1c159f364958044ac93c7e70e1f4126b17bcef17a2cbd98c8a SSDeep: 192:pf+mo07AI8gfTJFHkVl61u1g3Q5OotE3FU:xB7ug7THsEQptEO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\Graphics\Rotate7.ico	MD5: 75953944bcd7b7028250abcf5a804eca SHA1: b36c8280c766acf7c2d6c9aa810f9c5ae5576c53 SHA256: c5841e197377c61a4c446e06261b4538efff66f0005384ef3de64abe82ef74a9 SSDeep: 192:pmjKJuP722pyMRHyjDYagC+zoOMeQNkXjrVeQ7SK0yC6uPYznOQE3FU:Y2JuP75HyQagVMkXjlOK0yC4OQEO ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\Graphics\Rotate8.ico	MD5: 526213e3643ce501e849b374eb21161e SHA1: 010d5e8bc6e5c378c652cc53191983e7394aa297 SHA256: d916c0a6d4ba7ab835797b89cc2b321bf159470251987c18f1768904cddd122c SSDeep: 192:pZY8lPhz2zgTbXtgyCOAvUcjwfMRVggG3gSVYtEuE3FU:E8l5z205CUcjyMRVgHgI0EuEO ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\Graphics\Save.ico	MD5: 66e95e8bffa455dc97cb7c8adc8f0cb5 SHA1: 553637b4c569ca4ef427134a326e526e6bf19223 SHA256: bf1a2f8061d6eff4771addbe3de68ce7129fc2bce1c52a3964a349bb210c0996 SSDeep: 192:2ix7wfp2ErdTSWuYki3XY2960TEg/LEL0xD9/i20aC4NAlSYE3FD:2idwfQiBSPWr9HT0w/idkmdEh ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\Graphics\Setup.ico	MD5: a35a5721601c92fda9bd73049887c990 SHA1: db99c39119ff7d7e75f3bf12d056a4f4360368ca SHA256: 3709c29c0e7e5288189b3ea5c79a09ad4d99192376a09b03b9f25fd00a29c3c6 SSDeep: 768:0SS4/M5Ocq5fCSXDRQik3BQ3sMwXw8CwFZOIDS/a2remULxzTC:u4/MAcqAwReQ8r/fZOIOC2amQxzG ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\Graphics\SysReqMet.ico	MD5: 0a363686c53673e555f23d879bfc4ec5 SHA1: 01c45bb4bd6c989bc771581a39f75bb6e609515a SHA256: a376eb47b671b96f18149b8280d14ebac6ce07518086f08701cfaff7add5fa09 SSDeep: 192:1PqSktrWB3rmAHp2xkuUjYkiFj3vNlyKr0JCSp4+yQ+XE3FD:8trm3KAHExH3pEy0JP47XEh ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\Graphics\SysReqNotMet.ico	MD5: ebc386bb6b828c25289aaa38afaf4974 SHA1: 43f90c66566cd529cca9df64696fee0b8a8b1c7a SHA256: 8816dc53d8ec5e76836d7e2a42f060483f0d075b0bceae7e7c5692185c7ebfc2 SSDeep: 192:F6vFwkhUoMWV854jpfhODwEFb5HTQdCorLd8XXnE3FD:WFGoM954RnEFhT2Xd8nEh ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\Graphics\warn.ico	MD5: 5ba5e9edf5cbdb5608dceb1c0ddab348 SHA1: 81aca922e56fb5411f94e48bdf74528035f8a97f SHA256: abf8c3f583973898876fb3f808645668858777481fffff6138fccd1b1bc709f3 SSDeep: 384:Zrf8XkJqXO4ewP+7sU9DgzNsNjxP0fqe1zSwAxsmrk4q4Fdj/DEa:jJ343PGZJNjxPABzSick4BLIa ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\ParameterInfo.xml	MD5: 5ab0221c642f4bbb0514c1b1b899844c SHA1: 8a050cf8400977b23255c71c8ec3ded3f0a80bd5 SHA256: 0dc5a0a9b495eaf307a9efbdb618dfce6491cecb7b04fb5490ef0b765026f877 SSDeep: 6144:WRSTzf5lAIUzq53T1Os8iQbzVxE4ui9+ZhpBxY2dLJJ3eK6xdJVxbWAYXm:WRgf5d3T1O9iQdxiHBxYEbeK6xd1/YXm ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\RGB9RAST_x64.msi	MD5: 2d36a2331bb34146edd89f905d5b7efc SHA1: 28baeff83286c03d5b80758fa27283e4aa99fddd SHA256: 81b5f4484dd9363ce8cc3fd45c04caeda2c7088858bae28087888c309e1f8a8e SSDeep: 3072:o4fZFqC8vEJ75YZhstMr+b1EEVrbOywKRwsh1GC2Mkbzjtj15B7:pxFq9MJ7qhsSr+b1vqKmI1JbEPtj15B7 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\RGB9Rast_x86.msi	MD5: e3a2571a467f54c510e3f9a095bfcdc2 SHA1: 1d0fc3cd47d3b9af0f461c698f19ab89db8cf678 SHA256: 47202e197bec1be2e236bc9a0fd39a4bddee60ea117c169a6a9c420701ea0d37 SSDeep: 1536:S2eDvGrKmgL9Myt0NXrtRoLaIzZeWVziq3U68xXK++W+YAvirDmY+AQIm0BvAQQG:S2eDuE9p0XR8xH8Q9BiD8A+iKjWi8 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\SetupUi.xsd	MD5: 4fbe68c55642eea5599acddafb8db980 SHA1: 565ec1818f3268120cbe4d7bb1ba6031b0c2aeb7 SHA256: e4f5c1cbb0701846336c023cd2aa2c943741e26a8e4dbf7d9a5d35a597bb8ffd SSDeep: 768:p0QnSaBKZTWy2JUengW2nGE5QJTQZjYIYqQeaSPODI:p0W9UebgGE5QeZjBSyO8 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\Strings.xml	MD5: e23e4f03a8e6ef136f9742110cff7cca SHA1: 66ac0d96a5ad25922e60ecc1f407a50d70447d43 SHA256: ca6c02dd7c403ccc14dbaf6f3ded7a98db69b06138d51c81194a16097be99633 SSDeep: 384:2XgMZmRTZ9nx8cC5xpeZVGql5ZrVu8lK4ZkvEl9vNbpHlk6tEy:CgFTZ9x8UvZr5tkv+lnk6Wy ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\UiInfo.xml	MD5: a09f685c32a6f19268f167e5e935032f SHA1: 56c1d47279965dfa91b1dd744040d596b8be6d3c SHA256: d4f7aa903f144a987d27232014bdceff44de3e6ba6ec4ed794a3719c1a2cad93 SSDeep: 768:wFIts1ra1qSZK+dabU3csDQI7elU6BMfcJEnKNf67Nu/sqowon3Yn5KIHIg:wFLra1XdPLQaKU6BOcJzf67gUvYZj ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\header.bmp	MD5: 96c8d1e4630392351348a4c455e3d685 SHA1: a119580f56b713494fceadae8e885cbb7459f9ad SHA256: 881c49fd3f23e72213c7414f9aa59ddc6e39e61018481402380ce9a89e5769f1 SSDeep: 192:l7YER5Abiq2p0wZdCTOlEeDGzZMhYIcEae3E3Fl:l7Y8yWp06OO+uGVcCe3Ev ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\netfx_Core.mzz	MD5: 025a97de2c36400d2ecd49bcd4889961 SHA1: 7722ed3e104db3390166d27c84dcbfe56b3a44ba SHA256: 7874480ed350013caabd9ec3a02095d3d36956b2df5f2ae1a27abe347556a618 SSDeep: 196608:wSO3DS11p04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:PT124Y7qZ3CwFISoT46ooP8Zyz+hm6Mp ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\netfx_Core_x64.msi	MD5: 7a3984e8a7dbc5ac740a0d758c13bc90 SHA1: 6b08641514d5f5a5d3d80f79b1013d830bcc7157 SHA256: 41a91b5f64e491a0274037bea5dd212e9f83cc12b6408be374521c94122d3d14 SSDeep: 24576:hLgDjVhD/x1iQK6VKYYyGbqDtpFwc0SZrDpp2Mb6fjhOGxZWxw0p:cjrbx11KmzTKFSjb6LC ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\netfx_Core_x86.msi	MD5: 1d1a06f63ece3bde381702117709f3e5 SHA1: 35d16ce8b630265f026fe93b18e3be55b9a1b78f SHA256: 106651d9d51239a80d747ed6e18c5d360bde60e87f0c185aa11a291337ecc256 SSDeep: 24576:w8IrwDzqiMdeZYNmwSFvnY1bAmI4Lo3bJiK9wlN9mFFUxri:JIrAqiMYuAqbkUK9wlzmFr ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\netfx_Extended.mzz	MD5: ad7e49be807fe898ff8afc7708a79712 SHA1: b543eda1fbb333139adf6ab1eac47226226f43e0 SHA256: 18cd988f317f6a7704e7bd4ec0dd7480cf7e9eb5c3d5bb03d9ef09938f40f307 SSDeep: 98304:vJvkTt8BiAHfTp+/c+EfKH2mALErq2nt7rvfI+vZpfQ:vqTATH7gNIa2mAL2q6NTwgZpfQ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\588bce7c90097ed212\netfx_Extended_x64.msi	MD5: 0fd30fe097175bd87275a3ac627d5012 SHA1: 22bbc323141e7610178f7fe11339106bcd8faaaf SHA256: 0a41e1b910cdd025511506078aba82a04a7dcc0314c9b6780cd6c468634b64dc SSDeep: 24576:g67/1BINa2IvZRVo/T/h2CnMyj6Y+xQo6j:n7/1uAZvohZMw1o6j ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\netfx_Extended_x86.msi	MD5: f61e5ebc612b7e8e9a6c0cde38d20189 SHA1: ac06ec83b69e0e506a61ba544054b2531edff5d2 SHA256: 5f075d12ff54bdbb50167c1fba1e09d82312189f0f1f46dee3a669ce98654077 SSDeep: 12288:ikGaNEPT96HpN0QxavlVzQsjnlySPLRNpXmMl9J9P:6aNEPBANaLj4SPjpXDf ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\588bce7c90097ed212\watermark.bmp	MD5: 38ab8b26921b5102001a4d256c9d90d8 SHA1: 182e526f958e696767939e7aec7796ae50e6e8ed SHA256: 50cc04bd25a037bfba6efb6b21ae004585cea972782c9c10eb69550c2f793ddb SSDeep: 3072:EZkjNX1OeDJ+fZokf/X70+Fi9XAxCT/I/qEhhDVvIC:Eij5LUn3X7ga8+X9T ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Logs\Application.evtx	MD5: 544573988401f58bb7eff7212f947237 SHA1: 51850a0de82eaaab850bcf89526b526515c3f202 SHA256: 9351d510617ee4047c607e1ef09489684aece2a378c6aacba07952e2a74adfbe SSDeep: 1536:RklslffXDoH2tyjSixY3DfAVgBJYAbMSKIx8/7QqYiJmZBgY:RW+zoHcmEMVWJYOMmjDoIT ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Logs\HardwareEvents.evtx	MD5: 8a7797eb24dda8c7860f80be0c27e104 SHA1: 65ec79e99f418fbd551c9b747ac825eb93363310 SHA256: c4129a3965c6010a9c4d286598c5bb484a31cf8deba5b3d614e3d7c0b3a18841 SSDeep: 1536:OMvB8Brt8BHovrJfOyZt6mhJqCyfFmHP0KiahqznnpdPfUxU4qm+:XumBHUJ1v3EfE0ZJnnpWLe ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Logs\Internet Explorer.evtx	MD5: f8a8e684da3d38d98d73696918c5d822 SHA1: fc5aaf20baebfac73dcb881fe5573cca7c77b1c0 SHA256: 491bceaa14b6644f15fe1d61566f0271ccf384547fea778e5ffb518847c59ebd SSDeep: 1536:OMvB8Brt8BHovrJfOyZt6mhJqCyfFmHP0KiahqznnpdPfUxU4qmy:XumBHUJ1v3EfE0ZJnnpWLS ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Logs\Key Management Service.evtx	MD5: 3dcd23daa7d17f19c89d7a7579fad77a SHA1: 583f7b1685f2c588a7c9ab944896a65fe97ac7fb SHA256: 1f6362d82e6cd66d2f179c32d7347b408785de88aeeab0584f707e4abbe98b59 SSDeep: 1536:OMvB8Brt8BHovrJfOyZt6mhJqCyfFmHP0KiahqznnpdPfUxU4qm+:XumBHUJ1v3EfE0ZJnnpWLe ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	MD5: f062cf71ddcf6bd252e510adb323d3a6 SHA1: 5ebd4dd7bbbb30e7d64c1d46892165a0f871a12d SHA256: d37d2aaa9c8b58497baedf30e446d444b4bf1697ef6cefef097391da5cbcc8a3 SSDeep: 1536:UWNyP/ekhGZ3IduEBCXiMG+LQ8gxOQ1KO8GL2kD+5i0mq:NlN3IIhMOQ8gxOQKO8vP5DT ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Logs\Security.evtx	MD5: 0553535850e7c5e03ad14ab01e3a2aff SHA1: cedd5bc968170734208093e7ddafed99ed7b6ec2 SHA256: f626eb93979abde0499b164007ab791369fd1e6d1e181627357d09d9743e32a3 SSDeep: 12288:OlaJ/LIDDlsH5zgI723PSosTO2IXMp+Kco3u50LXhSuuxNiVdIHRtbOh1Qi7D49O:OmL6YHcjsRwsSzvFCk+APMsYzx2G ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Logs\Setup.evtx	MD5: caff10c27a67c7dccc49665a4f74b036 SHA1: 7d713ca87ada7797bd33d9c3f4ec89056d073539 SHA256: 713c1983c431808635aabae84c12903ab94524909e16a6b4f859daf091b9147b SSDeep: 1536:yF/g8EF8VrS+hKQaPUVJI638+sTNK22QDD8bJnanrY:A4nilSKKQaPYiDvNKu8oE ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Logs\System.evtx	MD5: 1d34825f85597d6e8a5dcc4c8c9c16bc SHA1: cf19ae673515baed73ff8aa719d968b469d9ca5e SHA256: 42deaf0b96544a4ade3ecb5a368ccee3cb18429339794699ea6ca34c9fe89da1 SSDeep: 24576:fZMFRTcWTo6ZcP1mQRXpaiYcX/Q06vMb/waYcf/2:fZMzTcoo6WdmQRXpnYNHO/wCfu ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\1laj5ge0T05eqQ.gif	MD5: c3e59cc03ad31f5b2f1b21ae0fe180fe SHA1: 4c56eae8e3f7fce9c340f5355b79d1032dbdea4c SHA256: 6cabc66f0407942093bdb3a787738beb1de6a4b84546dc1451f8fa8b697df813 SSDeep: 768:536+XBOpTCB5z51t0u0vFsFuQ1OE56UUb5k4Ty3aQ9N/iZesCA7l6sIg+Dn0P74I:5H84v514sP65EaGN/i3lv+Dm74gVq6Aq ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\2ikc.ppt	MD5: 4e61eb4997d0d67a412d04b48a040707 SHA1: f4eaa721796960f1985c6f5d314df86363ec2e7b SHA256: 54d1edc37d9df4e2702aca32e3c4fd2112eb5554d691ea4315070fb3568deb55 SSDeep: 1536:BRu+WuVcpabKUHuTNv2kuQnHort9hl1Z7r+wQpOn31aO2chwfEluFIcNxmnxFTvQ:BvajUHINkQIrxt7xFaO2A4FI2Azbp+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\5-XCtAHSzjo61V0.mp3	MD5: 825b612172df7fc7c1240967fa448e3d SHA1: dd44a5f393a78ad4a9091ece8d0090573866eaac SHA256: 9e5a5c681f92ed6a3f404427728dffa05b1d404d6f93801749cbcc11e864c4e1 SSDeep: 768:0HEDHEmHu0n48BZHH8CReyF+Jjy/SU+XuJqRG:06EmHu0LvEWUj6SU+8j ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\CDWdMLxFO070Z.m4a	MD5: 319497cfe27265c04d100ebb8ac6e33c SHA1: 18ee2fb684b3882f5a09bddecd6b238c6d10f4b8 SHA256: 6028cad7f232c231f66235b56c3fc5b3038aa5f69f838d15a070393022d84589 SSDeep: 1536:KQaYir+tV7uG8p5A9gssgmoqbvest8z5wSDeJ/xYP:KUirqVSgSs7mrbvhGNwsqCP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\F0dKiYmc.flv	MD5: 451394981af7dbf0b2ccafbdb81e8656 SHA1: dd63c0193bc5a8494334fb6e0f67f879b3c39263 SHA256: 960b059808fd396627eda454c08041bb46e957c2114e937c5fbbc421da631cd5 SSDeep: 1536:Y6YKxfrSDy8kGcnrBkTeKSyKD7ZS1i+MFWqz/:YvYfoyp5rBkCG0tS1UUqz/ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\Fgsj.gif	MD5: bf8fa9ab1f1539876dc6a60b5fd99c6e SHA1: b8e023eadc3693a34fe87a16e3c7fdac31596c99 SHA256: dfbf20c919df8644aab65ce83468350decf5cdcc87a8595a258ee17aba351b9b SSDeep: 1536:uXS35b5C3KeyH1zpHwiK4RBt6qvpYfCdQx4+/lPGweN:uXm5UKeyH1zpQt4ft6qRYg+lPGweN ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\G0L551vH69pHEL2.m4a	MD5: 71f7243ca753d705546e157f4e9a8933 SHA1: 7b145ff45f52a85e13b99508978aea871f5e6f96 SHA256: 767727cf5ef992a014ec7aee4b72ea4ac82c289e447fa55e0ff271f60fbb00df SSDeep: 192:+B7uN7G6V5lmCC5qQ/7SivDo8Pcgt7W9575VoGEGdE3Fi:+hc7tmCCU8rBPcgtW5VoG1dEc ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\IQjPf.mp4	MD5: 1386107808e2a2a1c9b2c87bb348efe1 SHA1: 72891591090c436096b852a3abc5c039df4007e5 SHA256: baf0b486ed8bb0c74fd91471a360ca19f40ea56426ddd7531a877cf242ca4039 SSDeep: 1536:cvsvvY9L5owXJhZ5u0uHLNslGenkOktUUYFX:vvffnHL+lnhkG ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\LN9D0_ldwVTJCFAOwu.mkv	MD5: 52dffc57cb274cad6b564b60312d06fc SHA1: 8369a11d9ee2db3a23bf2155d05fb64bf9e80eb9 SHA256: 4c57695f5596d846c35c5c04c83dcd33e566b183f48dbb508f3b7407967f2726 SSDeep: 1536:krWIUEkHbyMChkRVoUz2dcAsVKU1ZHiW/OpMX:kq7EkOvkl2epVKU1ZHFmpMX ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\NBSBZP0O.wav	MD5: 187bb1f1cc4f5b8c912c772dd5be30b9 SHA1: 79d09ba9a6ba763459418c121d9b4cd81213279d SHA256: 46f46f9037dfd2b06f4a79b9fe212a8a5768666965ff9d6e04014cafd7375164 SSDeep: 384:n3olI3WSkeLAEwnNPsErM+SFFEDozEefQeEI:YgkyAEwz2FaEIgOI ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\PIC123174.jpg.js.avdn	MD5: 72956ffc52dd315b23a4e6b21775c1f2 SHA1: d635206d6cf51b2e5c0c395c1964ab93f8ebba38 SHA256: d610caf3fdc8b2dec3af6b38fc83350983615ae3353c1cbbbf7a96138b837554 SSDeep: 192:P806hKyGFW/xvWKppHwvgswLHXtJqawZdf5DRut/BXSLhE3FY:P80AZqGlpNIwLH9AvZdfytpCLhEC ImpHash: -	Access, Create	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\PjNBWbRfMIra aEV7tFT.rtf	MD5: 341b59f5212a6a778b0e4fbdacfaafc9 SHA1: b1465aa7d518516d8b6cffdc3a8d6288d73e222a SHA256: fbfd9211d8793c357b4ed294a69b0516f52e2bcfced43a76b1770de6d2ef4d5e SSDeep: 1536:9e5Ef1Vj4kymVRUSJa4cb3Qu/UjBPPFDXzXgQbCXZXcrTU:8+L+zSIEu/+XF3gbqU ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\RdECcm.gif	MD5: 313eaf858cee27913bd150a25b5b25b1 SHA1: 703b22f82b1d6b5c86e800f57a846310adf02778 SHA256: efe99b774d68fb379dd932e8f04e54226f8d25631871e623ab27b22eced4ced5 SSDeep: 1536:wwn3tU4daE/djrr0RwQWLJAFYryxLQ/WPZ4DpDS6xFR1E:T3tddaE/drmpwmFQyxLKWPSEmR1E ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\RzVskgvbGEwrfJzecuWU.gif	MD5: 705eba806a8a3f71c3902d39feb86cdd SHA1: 3ff663832968c08e522cfcbd221e0ead118740a3 SHA256: 5d7f014b3df67dd2a3afd49a6ee27fe705fb083643ab9fe53e16218c954b30d5 SSDeep: 1536:Ld3QqJ0BODD7j+19rUBO1tIZQRjDQh+PnKknzcHM1x3697Uejuy+sZ:5QqvwmBstICjK+voI36auuyB ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\TWmITQQ9KmDeuciJO_P.gif	MD5: cef6d33b7baac4eeaae3a02703613ad1 SHA1: 3a2d5cf91b1add773a2c3c9d8e30606a88962153 SHA256: 38742ef05c266194b2008c5892858046b0a4656eb53de8fd79b06dfa89816211 SSDeep: 1536:12xAA7lx4lW8A5D3vw7S7HNXCKrMYlDWPVPgc78GsXJHt3yyU:1yxoW8KfFhr1l0tmtCz ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\UZGe-A2N7.avi	MD5: 3ed2b5daa7150a774d8caf9515414431 SHA1: f34d351bd05b1a7d80a57b812c0071c12547dce8 SHA256: 9f46d3e3a2f875f498739cb917335f7ad329ead2f7d660f9510cbc1437085955 SSDeep: 192:4DdgXMSLJsCljJ+v2T0vtcQCmG/vZpITWTVSdVtQK8TVkKE3FH:4Ix2CVUv2sVTS8wVSTWJEJ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\U_R2iPr.m4a	MD5: 995377597a51abdae26a2936216cc3ac SHA1: cde488172703983892b171142ecb08fd045f6c75 SHA256: ef85b4e75cc0422fc5880a8d9e87d4b5b866ccadbc138cb6d8401e18f72c907c SSDeep: 1536:SL05CEC1S7Kzb/U/c/8yexCBpythgk4giYjHBpCAieLF9Sa3/7Fi:SL0kECUGzb8EUxCBMjpvjHbv9SKBi ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\VTuXUy.mp3	MD5: 6ef03394f722d2c05c5dd855492274f6 SHA1: 7404906b6472396dd8bb29b395bcccbaa084de92 SHA256: e78c7415e42b2e7eb50c5e87aab8aa53283635c508e09ad6dacbe63fa8c51651 SSDeep: 768:ZogyrYTALUP9h4A2WtSNlnEeePhk53jwg9yv2JuXPcmgS2bUNlOG/9xLP6E:GlRL8h4dxDsyzwU0UmYAHp ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\WFtt71YhJYkRaNq7oqX.mp3	MD5: 605e6f2ec066e340a25ebd2bc05505d7 SHA1: f64ddb65f9c09ea2ffd932ba76eda604207e8e6a SHA256: 973ad9231950d0ead83ea98c47e8dbc174895addcee3e14db443bbe8f05528a4 SSDeep: 1536:cU/PRh43n1r5et+2t6WXbHUikmmf+yHut:9P72etLtBXb0Xf+iut ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\XH rJ9LK4gHxAOkxI.pptx	MD5: 3baf6a280cbf57e377d1b94dc5058e02 SHA1: 5a99e8c869daefda2c89dfc401eb02a723164dc7 SHA256: f7042cafcc8f48c4ca49a9626dad4db7dc73fd7886ad29ce05e8c06ed876e466 SSDeep: 1536:xM7oxRo42yZ1SgKjs+/qbb7T3fJvCB0P9CgxaglpGSo1Oyghm/AwjCA:xM0xJC1oVPrfVCwMgxagfGSohQ4AwOA ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\Z13ehe5CaR.ods	MD5: 1750e5ab5b34d5f08ed33a875137b44b SHA1: 64f57247abaa5cd73fe3f2f34c8086fc615350fc SHA256: 6bf4a871517b48570581bf36e8ce2eaca4fecf7aabcbec7143734d77f97e872a SSDeep: 1536:ElaAJhinoV6N7cJlcnhLe3s/aR9XdioVvqx7:6ioV+7cyhy3maQiqx7 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\_g7yq_JXw.flv	MD5: 98b291eced2a5dbc1e524463dc6b28c8 SHA1: 56eb7739c42c1f9c40cf33303f23df453f5c3b63 SHA256: 963d4b177ffcc5d94132554e5e098a202ceea840ca04f12a6271575a864f20e8 SSDeep: 384:89NkwAEhwTF6YiG13fXpBz75N6YhdiWOiOmvcwWBTv9yO0CEg:jwtKlp13fXrGYVOibcDBTVwBg ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\aADw0D4h.rtf	MD5: dee42b8c3e8bc1bdee72c37897b56c64 SHA1: 8865d7d9bebdbf8b5c5b3e33b2535f55b38e2bc3 SHA256: e297dc76ce7137dba48bf03f338dca3bf3c02ffcbcc42f6dfca4f6ca4402cd0c SSDeep: 768:mJ4+zDzzN91dsDQCQ4cUnzp2Js0BS5+a63R04d:9QF91SQCQEzo05nK7 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\axGuz5WzBcrXS.m4a	MD5: 7716e78731b94678e24007758ac11e78 SHA1: 7f74cab90b4459338c922dba4a09ee202449236d SHA256: 43e5fb68ca5160083e75e8d961dd82ea694b0da362db6442ce168c06f1e707cd SSDeep: 768:+pSgUJ8RaxQRLmPQFAjcb9Dt3qDY6vwcWoneuZpmQLq6CvoWKDgf24PBbyHBiZ:lgUJeckdFAjcb9x6U6vw/YvhLqTMQ3PP ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\bd-_6K7Bjrjo6wZ.mkv	MD5: fc767837da6c1eb96b932a99ac09b62f SHA1: 2d52ee0bda71489f3b943fd39d605e0ea64153e9 SHA256: 25c18ab40fab373c7a053f21c9b6a05490c4c0bb80d720b9a07a85d7293dd419 SSDeep: 1536:3wS5RmjyHHtxsV2TA/vUw79YJcBnFA06YhctR5Y46VNEuKxmM2srovDV8s:3h0KtyVsxenFAOetR50EAM2JvWs ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\dZHkh-d.gif	MD5: 32ccf668de87666c091fe35134169c58 SHA1: 9ba9f83a1112821483472e7a728b97183177f4bb SHA256: 166409973bc7bea5ae3d3fb6dcc7d3c43fdc2de652b0fcdf566344a3c224c8c4 SSDeep: 1536:BiZmF9UP0kW30V5nEKYKC2NsocyHCFc+bADeeY5rY:IIF9pb303EtEsocUCFcsfeY5rY ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\dw6ms.bmp	MD5: 7c29fcedbf51f4a113a57407ad3bc2a4 SHA1: 02117a581de868b0f995308a1a860fcb065321d9 SHA256: 3fdf0f452793801b9a03c489d826971cd634a816989c1435a9362e85fd0b4bce SSDeep: 3072:QoxLxcVv1JHsNgAse17xiiEzTC36OWG0RByGD6+K6CTzG4:QoxWVvnH7AsC7xJEz+36ZtfyO92vG4 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\eV96P3TvpJgDZJ_krXc9.wav	MD5: 481f83eeb48b66398d595bff74f7bbec SHA1: 23f2f72b53251aef402238daa749ddc03937082d SHA256: a897265865902e98eef3f6c1f6c1d8910935d580a3f905022f810e5a5b4e5f31 SSDeep: 768:E0UaDRK8ssRRaZppN6WZVyWZAo5NFlYVvVOgNfAHbDSvW3x:E7aDPssRohsOV/ZX5Nw/O3/QWB ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\h48IGAOeonqt.ods	MD5: 99eaf8cbdc00c9a1c3ae70e6cc0df019 SHA1: 7344b2f9625b0be73b53d05d6484fd0fc3231675 SHA256: ea445e972a2645c1e50fe0076113e420be6e231bf74405b37f322a7349afb074 SSDeep: 768:ejuTabzO8yztKCZv+7gtlIiccOKr92UIP:bTQNyxjtlAQ92U8 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\1k7OF5q U.wav	MD5: 77cc1b7408baa364dd1a2ce7a14fbc1a SHA1: 76c95779756b98217f0301710a3e3aa0a43c8c10 SHA256: 6f03a7c1f4fe79a6221cda1a00c15105f135c8daaa8e1b4f74d1ce8cebccd644 SSDeep: 768:cqLiWkIFCkTbe7I7IteScQkLmlEGCW9Fu81vEmwpP1w6sOghSOj6XS//aBA3SZLr:JJkI7TbeDt1iW7sRllgU+4tg8kJ4f ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\4BhodG-i--dW5vO.odt	MD5: d1be9b33648e9d4b2ced78f80e5a226e SHA1: 50ec1a4ed1dc4486db72199c7bb4584c7ff97352 SHA256: 4f89257c9040dd230aaf19ce6e154cc58812c18b35e7edcadc6f403f8ae8bdce SSDeep: 3072:i234UK799KgqihQ8DkAK2gncXB/+WvOdxkym:iUPQdQ8DkRbcXBmcOUym ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\4NEZjFTB7FonTCEpY7ky.gif	MD5: e04fbb3c68b8799f3dd941157f4b56d0 SHA1: 33378b9e1566ef03eaa66124e0725c7ec1212bd8 SHA256: 20f019ba196d6570be6201791dd7599da9580ea80f08f8316cc8353af4a13726 SSDeep: 1536:fEJ1qUQt0YYxZBQin+6WHFEEHpdSuEY/HqB2XSMksj31fJymnEyjni8VBuQX:anQuh/Qin+1HFEEJdSK/MdMksjBTj3xX ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\6odWc8rKR6fAQPW2J.gif	MD5: 09da8e9736297bb49dd98c50273589ab SHA1: 152beb3be78a75f4099c4921128494e42ce80c00 SHA256: b60818247f4f673b25c0840c99e3b82d57b918211fc1d40aa71e824085f58c16 SSDeep: 384:UO+vkCTS/d52HL8Pp8H/6wdj1GThsKSZnRQxUvXuN48RHZJRWdpue1/qd8vDEJ:h2kCu//M//lKSdCe8RfRWpue1qd8vAJ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\CG WeZgUTQ6U.wav	MD5: ca9978b63b0725cafd404ed097318af3 SHA1: 0757a57899f83a54e1932c034e80eee67bdd554f SHA256: 6f2fd7ba47b173b59c147e4db80bb1ad4019778cb16f220dfcbb70a069413617 SSDeep: 3072:cn/Kd7AGARfdfYLz4era21ilKeODX53/TL5I:oKdstfdgLdra2cge85PTL+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\Gpl9kg8Pze0yz CjYEuY.mp3	MD5: c3839d765b0aed6abcf35bf20105e033 SHA1: dcf4f052a8125ea0ba527e4e755d5918251c05d2 SHA256: 5d10f4a3567b4598a92e545e62bf2f4ff47d48593cdd523a271e2d67277d8d0b SSDeep: 1536:Y1BQn0panrYCH9jbF4kKPQT/8EGCyTNfoqp3t6a7qPpxwsdp0xZP71Xky0q1VgcV:uQ0pArrdt4kuQT8Bbnt6a7swsdOV7y49 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\Jp3vlO.mp4	MD5: 5dd84e7a0ae5260e3f1313faafdf02fa SHA1: c4e2f08f8c95ae96b2327a40b8dd39f19b06d7ff SHA256: c3df4cc338144507877b9b1f9c374db570be65709c5d4bde0f15a3a1a6ec44ad SSDeep: 1536:Q7ehP5H4+txwm/sK6UwtkoZF3i6cPBGxJeKK+2CNeQjKOTe:7hHdxw6sK637FylQxJXK+DHKH ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\WBZhs5uk8zbcY.flv	MD5: 1a2a833db220a61abbf82fae3f40a493 SHA1: ba82cbc312c78f5a01338f70e213b59d46f70618 SHA256: 5c8a34d6e8cc13d02703822fa74ba628d77192b3997e22f939e245ad278a067d SSDeep: 768:+e405bdq/RYJ6Z/v30SJNML6936WlG3lh4rviiOSqVV+2vFhDkq0ebrxecHduo/4:+w5BoRYJ6Z5J1936cGTSiAqP+2v7JX/y ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\jep4Z.png	MD5: fc80e65a5d088caa4fd62e01e2188aaa SHA1: e059a8e1068049b986034440eede28e3360d87e6 SHA256: aa1b6bc674e818465711fd5eed88345544076ad6a3ce13fcb4f90bde9acccf15 SSDeep: 192:rh7dPPTMdOUdcYkfsiAuYhGLHRlDKYSvTBx4gUwwOU+3S0kRXXTLDE3FE:rFyFPuDVKYATBxgOo0kJEa ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\uXFg.jpg	MD5: 219bb31a216807ed841f6a024de79abf SHA1: b143737cdd9be3c2b818444710edab50d08ebe92 SHA256: 2150b32b922c8aee4a3bbb262d20c7aa29da9999f30ae95623e5f5b0d2b1f7f4 SSDeep: 3072:nE5XtXFyV94ky3xIQDM85+UuN+TULCXF6dxDv:EI74k2CWTzM ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\wla3GRnr.jpg	MD5: 33a20ce632256a3f44d2a5ad79746c21 SHA1: 50feeb5288ff19aecce5e43507d2a9affff0415c SHA256: 56701ec02b1a00c5afa4d92c04903753cf3d64ae809fe5cd762b1181eddd53c0 SSDeep: 1536:aRGMvdgTxDeSnB+o8jwiDqOL3gLBbgjyiGzRZ38Dw5l/s7giRlj0aTIE2LQ8bY:7aCASnBojLDqOLoaDw5l/Cz3022LQSY ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\i8r4W_pFGeGAI\zg4La75Zm9u2LDC.png	MD5: 94f5d7dfcada00ef036a9bee0efc4754 SHA1: 7d716e9c186e2ae34fd100626486a3e80efd90f8 SHA256: f91b8995dea4bcd35e9476867d8082cd5577efb1836ce7e8e164b17c9b777942 SSDeep: 1536:Q9niCCeTilX216wX06SW2ELWtGQp+T+D8WCIx:Gz6wXhSWvNQQTSGU ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\kXSWpwY_UJZDb6qOu.wav	MD5: ba704fd1507e8eec98a95d87df69e637 SHA1: 41ac1d47323fc9a7b007a7dc8c7461f0b74cda59 SHA256: caa12f53d4ccc9f4117c9931451e33cbc1fb3e849b592dc6eed86b4cd62ea6d3 SSDeep: 1536:YxJMvSKOf6dakgvivjA47AjD3pe+z+dSNgAL2mZa65KF0EK:Y4qK7vM47CbCd4gZoEK ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Desktop\uu_6OLfJ.xlsx	MD5: 15ec10d5898d1a826c0915229af6350f SHA1: f60b4b4091978ad347fc9f759eaddc7f52f3ecd9 SHA256: 6bbbca543643cfffd3c5191c63a66fdb1a4390ffc4c51b32364b03a93c9669ed SSDeep: 1536:w5w9GO4v9Ko7Cy2eD3gL6yXmL9v55oLfsFaqJH4KBkl:wq9iv9KoGeD3UAvgLfIaqi ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Desktop\xHJLMZXRw.avi	MD5: ee4cadac71edf679231cc325f8c02260 SHA1: a98c9e56ef2286b4c17846403765446cb3e55c0a SHA256: 11a2182fdcde6fd10affd1f5ff06134dab3268c199f50239a1548ddf302d695b SSDeep: 1536:zDKVVLE27uVwKQpe4yTvpiQxG1w1XQlcxAuTqA32k/bi5ipn1KPMdLamPXoQpZ:zGx79KR4ydiQYlOqAGT5Cn1KPytN ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Documents\1gmDqs.docx	MD5: f106a11554734337c1d6d10cca228caf SHA1: 35f474c3adc1cd8325a72244e6a970e0152444ee SHA256: 139fa2070d616f9d556a6cca7699dcab1731ca538f200ec184787a7361b019f2 SSDeep: 1536:1BHeFyBeRYmQBxgoydYit/GpP/L+ABTs67:1FZeR7VR2pP/KABTn ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Documents\254WaYIyUfAuM0.ods	MD5: 3bea4e252a2d5e4cd2961ba7cddfb843 SHA1: e16daff3d2982a644de31bc80b8f88bf2b51e67d SHA256: 328eaf78729ecb5dde8574ed5466154afa3d69b374cdb40fe3a309f40662fea1 SSDeep: 1536:+qBXkf6e0lAY39R16RtngsBHOUNTTWiLcjwPYG:X26plPonAwTWNwgG ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Documents\3Lreh\Kxz2.ppt	MD5: edce17909156759e7d81945e22139e37 SHA1: 8f98c8a209f340eb48ee1e847dd9292cad1a9f1e SHA256: b71df309cebd50d1b12274c91693de2c39bfd0ddf25b6d5c69c04fb1270c5ee7 SSDeep: 1536:ON4l1faNjXSlcMP1C4HAN1ixhrHgp4vrWjqcE3Hp7uNqeqrY:ON4llcj0b1C4gNwape6JEZ4qrY ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Documents\3Lreh\iBBojeIWrLJB3.xlsx	MD5: d00c20930e7184f556f38b3024379c09 SHA1: 51ecece16838450453da5dbea24aae8be05c4e0e SHA256: 92e54857ca7dccc6de41d3f876eecbee683b4fa3dc80639f78ddb5cfda31c726 SSDeep: 192:4Z1jvSvTJc1LNT/B5WFIwibE47oN3vxKkQkQptuE3FS:+SrJc1Lt/B5WWUNxKkQkCMEY ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Documents\3Lreh\s3q9Ck.odp	MD5: fa6f343a76ca01e7da3252399ad5ea1c SHA1: a18cc370e2966f80bb411fd59c15b40f88ca4fa2 SHA256: 1f122341ea95724f9e261db5509394049b1581eefabe487e975a77aae61df3c9 SSDeep: 192:Dfr2wxlTnRh09LnnKCmBBGhVm6XP7lr0nRHsNMG2E3FO:P24lTRhiKCgBym07lk3EU ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Documents\3Lreh\uHJVbdBEKlmCmomQ.pps	MD5: d4487e454a4248cb05c39c0fc0f4e113 SHA1: 9f7589f7eae17f840a5b0bb7d1ba96db77745eb8 SHA256: d7360c9e7c24a8fbb9be419ffc11340cd8b8057679bee0e5ae25756018931fc1 SSDeep: 192:vpM5wka5CrRqk5GuUt4rP16/UJGWcyqVX2vJZ8xp+6FrmUKzS2afE3F2:vnkazUwtS1vqH2xGakrxnEw ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Documents\3Lreh\x9c-IgMcJY6.odp	MD5: 11380dfdee69631d904516459628053a SHA1: c36bc9c70c4476a2a73839517c04a2023c5a7c42 SHA256: 9fc1b4df9aa30f0710d214884fdf5815335acb0f962f04312e49d9a581b61ad6 SSDeep: 1536:hQYYYnVOlgrJJFYcP4m6ccgOo9tPOBKA3vzwDNVQbOxREDWBt8A:r3OlMQgcgOSt1gvsbQbOQ4 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Documents\5cAT62qHmb.xlsx	MD5: 0ef610f655e761ae5e9d4a15637c47c3 SHA1: e38b8a1ee7f701499d82258315e695fa4870b6be SHA256: 3a637d3ac205e7090f5f293c02a29fa91d3bf03d7a38ce159830219c4ebe1faa SSDeep: 1536:jPtMa5SKoh6auUuZb6M1DWsV+DG854LQe6aM2xwBV4j5lHW:xXpoh6a14mMB+B4keljWija ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Documents\6Av HdZONLftD.pptx	MD5: baef8ef79edaee03a099f5766f94fa65 SHA1: 984c0a8ac7d8c448cefae51e93032d379bc1d510 SHA256: 328e7f66f3d5a629d4ffc8806d35ddf44de9aaa012b10637763c8cf8aa1e520d SSDeep: 768:RqlzGRTEx8O6KiZI7kDL4yEiw6I5F1g9P2ayUmsnE6fOHBXb3wV3:MlzGRk3h42kDLrwxF+9bk/gOHR3wx ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Documents\7lNasNkOlKrq0C13.docx	MD5: 54b8c819e0e370bdbd89a0e957006b45 SHA1: 5e07fab9af6a99bbcee3adc5106a0ac35cac6826 SHA256: 2f3a9bd859dbbfa8e4da800501141caae450a7d9fab57b20d1de10cfe66d664b SSDeep: 192:8Kha5pwWuyPtlllX9O2Fo05CmncolPPRE3F3:taqWuEtPlX9O10bcgpEp ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Documents\C3FXpx06RKpNCa7QN6.docx	MD5: b66cf4f65c580ab626f92c8763b029ed SHA1: a2f8581a262ab4561ada1d5bd482e39004ce9428 SHA256: faa62eedd419616ed1f14c7ddcdb55059ffce2c87bbfa6eb61636a5f3da187b3 SSDeep: 768:hXdq4fbqUNJE/R6tFppsLp+6CQGn58TXjwp7dw1Og6jsMb/xvQxn6tChs:hgs0/R6tFDn5QG58w1dImjsaFQ6tp ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Documents\Cx-cZYQBhUF_kYoWvT\bI-F29yNKXNncQs3Z-W_\FGB7nkxGRwbYSR7w.pps	MD5: c0dc42965f5907a82213e159a3028384 SHA1: d068daff2cc4760ffe4d1824dbab31c46e015df3 SHA256: 9e426493fb59f8666eaccf3a2aaf2f9cf3b5fc2058221159917313043e78d94d SSDeep: 768:1J5EuWFkAkh947TyTMdivc4INlswERSILdUfPUMwopH+x7J9Dn/kV:FEZ2AkFgivegSq5MwoFSj/i ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Documents\Cx-cZYQBhUF_kYoWvT\bI-F29yNKXNncQs3Z-W_\TGOl09_tsOBnfT.csv	MD5: abbb5b4822cc1597f9de4c58091628d5 SHA1: 90fee71b02cb875f5a256c473023da32fda612ea SHA256: ec61b53eaf672b4ed65a09193763be2b7415c182f76ec6c477d2e607a38e4f0d SSDeep: 192:OoQzuifn6T16jXtwx3QfNjShhUHoNFPrRKvE3FL:ONnfn6h6xwx3asYOPuE5 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Documents\Cx-cZYQBhUF_kYoWvT\bI-F29yNKXNncQs3Z-W_\pWG7LwDirSOyfw_2FVd.xls	MD5: 2d9f18d9250cda8adf992100b7354662 SHA1: ae6c9d937bd3cbef080e1020bd234b2b07c61ad9 SHA256: 43292b0c811d5a6cbd2f1635cbe227758606c1fd4379e63854b0cb5fff7c83e8 SSDeep: 384:ZdueOrN+K+STE7v+vI3w5mw9ZBfT6fBA6CQzEr+gxPmPfFnElcylyKZK6qzDwRkF:LwUB7v+AA5nBR6CSSzPKDYfuERJa ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Documents\Cx-cZYQBhUF_kYoWvT\bI-F29yNKXNncQs3Z-W_\z5zCMkhCx9VPeNSS8.odp	MD5: 01c74477e669c28bfa09126e14b2de33 SHA1: 082839e5eae6a87c0ea3e6d422e79d90f3622c51 SHA256: e7e53c40beb11e47d4b6d5543d972d1f567a525c2e71941894a2508959a6ff77 SSDeep: 768:lp8pu9OVYOIhBduSQ+V+nzx/IL1+D2oA9KN8FZAKh0jEHLAh:ljOV7IhBoTnzIsVrUZAKejV ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\Users\FD1HVy\Documents\Cx-cZYQBhUF_kYoWvT\bro9F0k9ugQ.docx	MD5: 7c1034785cb34b04783ad83fdd3fbbf8 SHA1: edb0c260d63e76d99bfe0317bfb070f1944b0854 SHA256: e74804729d171b85b325925b69a0d5e977931c9544d26f774db0893af27488a3 SSDeep: 3072:V0hhYXXBoR5Dbhbca94Yg0QQogUc6S+KJWXql:VqYXRoR5DbJcaU7bcX3WXql ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\\Users\FD1HVy\Documents\a VrSWYaQTyzT.xlsx	MD5: 3a227a58751fd7a433f0e46d6273adb0 SHA1: 5a728a77bc8fcdcd0414e6e5d3cd39f6fadf282c SHA256: 77d3803132326248e390bdf824bfb58132346d88a660e7e93d7a31c7c8178b46 SSDeep: 768:bUw1HktO8XH4TclyKhGmsUroqe7bKbd8bUoeHV:31Hajbxpeabd8bUV ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\\$GetCurrent\SafeOS\SetupComplete.cmd	MD5: 3676a07f71a001363fc72c4588f1ef55 SHA1: 645a36af81fe256aa40458f125659c00cffbb882 SHA256: 07ab806150a646158577fc756b7819ee62b2145377e8bc45dbb69b2fb708e403 SSDeep: 192:/u61Kw15Q+l9BhwBvy6BymMwMKXKbjjuRmUBs67DE3F1:z04p9jIK6gza8juRnHEz ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\588bce7c90097ed212\1029\eula.rtf	MD5: e6ee8d6002f8101e514ac91cca4df9c7 SHA1: ebee5f45e27a79e8cdbda374e51c7e2024c01700 SHA256: 0c9adf1e031c7d40260ebdbab8f54beeb49cf27ab525f1c4dd9673b1c2b05dd7 SSDeep: 192:G/WNo52t8EXVp0CwQyCVS2ZnOzSFBpBsgKUQfMoxqE3Fd:FooCsFpyCg2ZkSdtQFxqEX ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\588bce7c90097ed212\1030\eula.rtf	MD5: 8477f3477943ecffd6c4beee64bdbd8a SHA1: 91bf30b63f41a2d0de0d919a83c935e00f4cf5af SHA256: 4559d7948fd2c84600e5d87141fb4188c8ae488eadec2d4ede43165c5b7c4e98 SSDeep: 192:EFT7DUqbY9wMswHP2fAw+Tp26ZH4PtlQruDTA4RvaPghcfdQOREFE3Fv:EFTBQwMs+2B+3MT04RXORqEN ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\588bce7c90097ed212\1037\eula.rtf	MD5: 3a3623f45f694554ad3cb8bd380bf3a1 SHA1: 9b90aaff09fee42fa35f96d5cfd75c978de71a08 SHA256: 404c12a366ccdad4a8169be2f787cf5e916b4c477a78e7ffc10ba8f4e4789d48 SSDeep: 192:AhE5ZUS35y4oHnoiceix5hImmonVHbPaKoyg4MDE2UvuQHAYzE3Fu:A+1y44oiMxEKoT4UwvRgYzEo ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\588bce7c90097ed212\1040\eula.rtf	MD5: 1693805643d7e8a11c75502dfe3a374f SHA1: 60d18d752bef6a0c0fc8b40f04bad55c4d12e8af SHA256: 3b44c5ef2e7b88ed32d646d11e11b507340d4f3d2875a5f55d42ab329b4a869e SSDeep: 192:nuOxxXg/Lp+lVEedG6UuAmy7ng1JruUwh9q92fMOxKSE3Fq:/XC1+lVTG6K1zgv6szeKSE0 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\588bce7c90097ed212\2052\LocalizedData.xml	MD5: ea3af4a48f406a19316987962b7a89ea SHA1: 2ae67442c6c350f4c4d8617332cf9832d14f94af SHA256: bbc73e321dd7364d71336aacf29f034acd961a59eb1198aa71dce4eaa0325fea SSDeep: 1536:kTF0bgq1oQnB0Zm20YNs5oQNs6KfMFXoH3MuOnVPVw++Sxq:kRPkKZJs06dSXMuCPWBKq ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\588bce7c90097ed212\Client\Parameterinfo.xml	MD5: 0afa1f18149138094a5837450a6dfb0b SHA1: ec902902f74d971c36a46eafe4d3df6bb5bfe1af SHA256: dcc84558f69abf2d9a3245247eca84690c97a058b2f11b0c89e548a9ded3eb28 SSDeep: 3072:GdGEUJKAQJ6Pu8MFcdgaZVJ3kBmwEZOMnl3l+edodM1BtCV/kCulwBYcnp3Yj8:FJPuDferq2ZOGhdOM1BtEPnej8 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\\588bce7c90097ed212\Graphics\Rotate4.ico	MD5: c35c29c17fa4ca30eff803d85a0d32fd SHA1: ba3f2f47e58032e60e40c94c11a1c14b5797d764 SHA256: 0d0e14e863e9ed8df3d134e0925b29c9e75db345471ac3403698f164f75576cc SSDeep: 192:p6oPGQoUZaAEq0JY5SXzCUNnNv/2LrKcUWgJszqFNHZqE3FU:NJEqSYwDbNN2XK4g/ngEO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\\588bce7c90097ed212\Graphics\Rotate6.ico	MD5: f637b38af26ab8cacd10049b15701eee SHA1: 67a292d764556393d679713f4f172f53c505ecd9 SHA256: 07755ec7d5bcce34f8e5ef143450d3551c8473fcf3d14585a25720f88b768317 SSDeep: 192:pD3FKYnvJMhArq7JSiVGhYXKjoh6izIasVlbtlEJdLFE3FU:53YYvq7JrdKA0mTREO ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\588bce7c90097ed212\Graphics\stop.ico	MD5: eaae5321d409054b49bca242ea9f117a SHA1: fd72e1cf67d85fb67eec1755fbde81d51fa259bd SHA256: 146642d6072c8ad35b599578853a88bfb4f3dc30c9bfcccc657f24c7d82d59e2 SSDeep: 384:e1wVNKiHdAZEUmdhE3WEZcuOrIdjdRpka3K9L6l5lg1z8CJEa:e18sadAbWJEkrIDRiL6blgN8ta ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\588bce7c90097ed212\SplashScreen.bmp	MD5: 1da2c43f668eee27352333a156af7e76 SHA1: 6593317a313819c5e3c1173596c64b6d8e083a3d SHA256: 0a70ad0b5dd9d6a3c4035136848506f9357f295eca4f381cd872396e551557b9 SSDeep: 768:KBNMDOqA61yrvPgMPJF7wMtjZtY1UPua+nudno2c2lk9E43lf5BUuNnZX+Jp:kM0+u5bwgiUrqudFkn3RrNn5i ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\Users\FD1HVy\Desktop\3WDLVhgvy2x2u82_S.mp4	MD5: 9fcff05b6fda56917a3e7a12299ec766 SHA1: cbcd2d2970e4bfd4e51eb2294b344b8b44bc6c77 SHA256: caef365c8fb2a6b419b919d5912d9ea20fcc7d18b4ccf2497bd94b5c14ce356e SSDeep: 384:hbDnSorZ3lqFKq+sT4FGW6ZdUYxhmW4k3IcRdo2JGOVE9:hb7SewrTPW68ym9/S7JGV9 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\Users\FD1HVy\Desktop\Aq6ARFB.mp3	MD5: 002de14e4b1d1637f3c2e10ea98e0d14 SHA1: e48ed5fd9840cdf81369a06d4560154cde1569df SHA256: 6fa88f464d6d1299a95c1c54e5d550ee578ff226c5f0ab672815cba22db71713 SSDeep: 1536:3LrQbcJQySO8kEvL4R4gNIxbDA4B1x5nz1bKp:bbShk8O2ZB1xlz1bc ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\\Users\FD1HVy\Desktop\GOAPDRn- rzR.bmp	MD5: ea2cb4d2ff647a3280ae0af319d33177 SHA1: d723ac28ad58dbc9ebfcc230830f25c24e7bfad0 SHA256: fe63efab1dfa0f5907fae80cedee50cd8a47b679111b774fca6b533e16889295 SSDeep: 1536:RlwM4z4aYcNHxGT3zoM8U0RZXD9rPWH2c4dTgOsrAaQjO243YtsTrK28Hq10APgs:Q7zd0Tzd3+ZT9TWWH0P8aQiZ3YtshOVs ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\\Users\FD1HVy\Desktop\UxqG0prHA6c7ICh.avi	MD5: 3e9975999d46ad7aeebc2a2e5afdac2c SHA1: 10afc9c6210d8aad38a0db12cbdac47c83134baf SHA256: 9e43fb04775d80b602382d0483464c560de39f8ded9f258af5ce87adcf5cff8e SSDeep: 768:EVWAU/q32sHAZ2WVnJM/Z9WBh9bkRWs1U:Eiq1WPVnJOZ9WBh1T ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\\Users\FD1HVy\Desktop\WJ0U.flv	MD5: 4e242617f1055c8001dbdc91efbf3a4f SHA1: dc8db0d66099dda35a688f538f38ebb86748e4dc SHA256: 50a40fd198ba107583be46595724d77c0054770ca1f635448b105004d6e77ef3 SSDeep: 3072:UHtLlBtWFg3JonbvZRcg5UiZ5B9XlhJWcTjyr:eW+5onbvZRcg5VfvXkCc ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\\Users\FD1HVy\Desktop\fNBkWg.mp3	MD5: 72f8345b4b71ffbbd5fbc34576b3ce06 SHA1: f24b6ef1b758cdd7566058505ced9a8a064ef434 SHA256: b229b11f4d4a899edf0881c68684541460145d549a0cdc244e5b2496c9e6bf76 SSDeep: 768:dI2aRJw4IIb4jVegCxRRlImKCNNy9XDDLcsupSYAYS6KDU573wGkTtZWcxeiW:dI2cw3LBegUVOs6DXxYAWKDE73wTPm ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\\Users\FD1HVy\Documents\Cx-cZYQBhUF_kYoWvT\4C NwxgTL913AUmIz.odt	MD5: 470f381ac92544dd5442dfd023e69e49 SHA1: c8811fc922b32b69af5ef0ccb4fd9bf80b0ddfe5 SHA256: 0bbb5f394816df57f5f0a5e7566ad02d393b28b3b52bdb5b6c2fb603c87f05b7 SSDeep: 1536:YvVInQTzop/Is7mRjt8tu/WV8rYuKZb/WMOP0MKuMr3Tc+q6pxsd7S:qwQQaRj6o/6aKhWRg5rD0hS ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_by5erdwm.y5l.ps1	MD5: c4ca4238a0b923820dcc509a6f75849b SHA1: 356a192b7913b04c54574d18c28d46e6395428ab SHA256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b SSDeep: 3:U:U ImpHash: -	Access, Create, Delete, Write	Dropped File	Whitelisted
C:\	-	Access		Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1	-	Access		Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1	-	Access		Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	-	Access		Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psm1	-	Access		Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1	-	Access		Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psm1	-	Access		Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1	-	Access		Not Available
C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.cdxml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.ni.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.xaml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.cdxml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.ni.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Modules.xaml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadLine.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\PSReadLine.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\PSReadline.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.cdxml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.ni.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.xaml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.cdxml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.ni.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.xaml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.cdxml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.ni.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.xaml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.cdxml	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.ni.dll	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psm1	-	Access		Not Available
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.xaml	-	Access		Not Available
C:\ProgramData\Oracle\Java\javapath	-	Access		Not Available
C:\Users\FD1HVy	-	Access		Not Available
C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps	-	Access		Not Available
C:\Users\FD1HVy\AppData\Local\Microsoft\Windows\PowerShell	-	Access		Not Available
C:\Users\FD1HVy\AppData\Local\Temp\	-	Access		Not Available
C:\Users\FD1HVy\AppData\Roaming\Microsoft\05750050.exe	-	Access, Create		Not Available
C:\Users\FD1HVy\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1	-	Access		Not Available
C:\Users\FD1HVy\Documents\WindowsPowerShell\Modules	-	Access		Not Available
C:\Users\FD1HVy\Documents\WindowsPowerShell\profile.ps1	-	Access		Not Available
C:\WINDOWS	-	Access		Not Available
C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	-	Access		Not Available
C:\WINDOWS\System32\CScript.exe	-	Access		Not Available
C:\WINDOWS\System32\Wbem	-	Access		Not Available
C:\WINDOWS\System32\WindowsPowerShell\v1.0\	-	Access		Not Available
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe	-	Access		Not Available
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe.config	-	Access		Not Available
C:\WINDOWS\system32	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppBackgroundTask	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppLocker	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppLocker\AppLocker.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppvClient	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppvClient\AppvClient.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Appx	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Appx\Appx.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AssignedAccess	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BranchCache	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCache.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\CimCmdlets	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\CimCmdlets\CimCmdlets.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ConfigCI	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Defender	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DeliveryOptimization	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Dism	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Dism\Dism.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DnsClient	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DnsClient\DnsClient.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\EventTracingManagement	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\EventTracingManagement\EventTracingManagement.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ISE	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ISE\ISE.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\International	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\International\International.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Kds	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Kds\Kds.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MMAgent	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MSMQ	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host\Microsoft.PowerShell.Host.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll\Microsoft.PowerShell.Commands.Management.dll	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1	-	Access, Read		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\PSGetModuleInfo.xml	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\en-US\Microsoft.PowerShell.Management.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\en\Microsoft.PowerShell.Management.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll\Microsoft.PowerShell.Commands.Utility.dll	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1	-	Access, Read		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\PSGetModuleInfo.xml	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\en-US\Microsoft.PowerShell.Utility.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\en\Microsoft.PowerShell.Utility.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\Microsoft.WSMan.Management.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.cdxml	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.dll	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.ni.dll	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.psm1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.xaml	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MsDtc	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MsDtc\MsDtc.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetAdapter	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetAdapter\NetAdapter.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetConnection	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetConnection\NetConnection.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture\NetEventPacketCapture.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetLbfo	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetLbfo\NetLbfo.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetNat	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetNat\NetNat.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetQos	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetQos\NetQos.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSecurity	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetSecurity.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSwitchTeam	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSwitchTeam\NetSwitchTeam.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP\NetTCPIP.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\NetworkConnectivityStatus.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkSwitchManager	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkTransition	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkTransition\NetworkTransition.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PKI	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PKI\PKI.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDiagnostics	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\PSScheduledJob.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSWorkflow	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSWorkflowUtility	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PcsvDevice	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PnpDevice	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PnpDevice\PnpDevice.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PrintManagement	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\PrintManagement.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Provisioning	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ScheduledTasks	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ScheduledTasks.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SecureBoot	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SecureBoot\SecureBoot.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbWitness	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\StartLayout	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Storage	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Storage\Storage.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TLS	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TLS\TLS.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TroubleshootingPack	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\TroubleshootingPack.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\TrustedPlatformModule.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\UEV	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\UEV\UEV.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\VpnClient	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\VpnClient\VpnClient.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Wdac	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Wdac\Wdac.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense\WindowsDeveloperLicense.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psm1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsSearch	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsUpdate	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsUpdate\WindowsUpdate.psd1	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\iSCSI	-	Access		Not Available
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\iSCSI\iSCSI.psd1	-	Access		Not Available
C:\WINDOWS\system32\wldp.dll	-	Access		Not Available
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config	-	Access, Read		Not Available
C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1	-	Access		Not Available
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1	-	Access, Read		Not Available
C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1	-	Access		Not Available
C:\Windows\System32\cmd.exe	-	Access		Not Available
C:\\$GetCurrent\Logs\PartnerSetupCompleteResult.log	-	Access		Not Available
C:\\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	-	Access		Not Available
C:\\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	-	Access		Not Available
C:\\$GetCurrent\SafeOS\PartnerSetupComplete.cmd	-	Access		Not Available
C:\\$GetCurrent\SafeOS\SetupComplete.cmd	-	Access		Not Available
C:\\$GetCurrent\SafeOS\preoobe.cmd	-	Access		Not Available
C:\\$WINRE_BACKUP_PARTITION.MARKER	-	Access		Not Available
C:\\588bce7c90097ed212\1025\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1025\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1028\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1028\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1029\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1029\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1030\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1030\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1031\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1031\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1032\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1032\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1033\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1033\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1035\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1035\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1036\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1036\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1037\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1037\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1038\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1038\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1040\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1040\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1041\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1041\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1042\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1042\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1043\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1043\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1044\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1044\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1045\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1045\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1046\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1046\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1049\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1049\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1053\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1053\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\1055\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\1055\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\2052\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\2052\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\2070\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\2070\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\3076\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\3076\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\3082\LocalizedData.xml	-	Access		Not Available
C:\\588bce7c90097ed212\3082\eula.rtf	-	Access		Not Available
C:\\588bce7c90097ed212\Client\Parameterinfo.xml	-	Access		Not Available
C:\\588bce7c90097ed212\Client\UiInfo.xml	-	Access		Not Available
C:\\588bce7c90097ed212\DHtmlHeader.html	-	Access		Not Available
C:\\588bce7c90097ed212\DisplayIcon.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Extended\Parameterinfo.xml	-	Access		Not Available
C:\\588bce7c90097ed212\Extended\UiInfo.xml	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Print.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Rotate1.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Rotate2.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Rotate3.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Rotate4.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Rotate5.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Rotate6.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Rotate7.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Rotate8.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Save.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\Setup.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\SysReqMet.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\SysReqNotMet.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\stop.ico	-	Access		Not Available
C:\\588bce7c90097ed212\Graphics\warn.ico	-	Access		Not Available
C:\\588bce7c90097ed212\ParameterInfo.xml	-	Access		Not Available
C:\\588bce7c90097ed212\RGB9RAST_x64.msi	-	Access		Not Available
C:\\588bce7c90097ed212\RGB9Rast_x86.msi	-	Access		Not Available
C:\\588bce7c90097ed212\SetupUi.xsd	-	Access		Not Available
C:\\588bce7c90097ed212\SplashScreen.bmp	-	Access		Not Available
C:\\588bce7c90097ed212\Strings.xml	-	Access		Not Available
C:\\588bce7c90097ed212\UiInfo.xml	-	Access		Not Available
C:\\588bce7c90097ed212\header.bmp	-	Access		Not Available
C:\\588bce7c90097ed212\netfx_Core.mzz	-	Access		Not Available
C:\\588bce7c90097ed212\netfx_Core_x64.msi	-	Access		Not Available
C:\\588bce7c90097ed212\netfx_Core_x86.msi	-	Access		Not Available
C:\\588bce7c90097ed212\netfx_Extended.mzz	-	Access		Not Available
C:\\588bce7c90097ed212\netfx_Extended_x64.msi	-	Access		Not Available
C:\\588bce7c90097ed212\netfx_Extended_x86.msi	-	Access		Not Available
C:\\588bce7c90097ed212\watermark.bmp	-	Access		Not Available
C:\\Logs\Application.evtx	-	Access		Not Available
For performance reasons, the remaining 352 entries are omitted. The remaining entries can be found in ioc_export.txt or ioc_export.json .

Registry (101)

»

Registry Key Name	Operations
HKEY_CLASSES_ROOT\.js	Access, Read
HKEY_CLASSES_ROOT\JSFile\ScriptEngine	Access, Read
HKEY_CURRENT_USER	Access
HKEY_CURRENT_USER\Environment	Access
HKEY_CURRENT_USER\Environment\PSMODULEPATH	Access, Read
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings	Access
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\AmsiEnable	Access, Read
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor	Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings	Access, Create
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\DisplayLogo	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Enabled	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Timeout	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\TrustPolicy	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER	Access, Read
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ConsoleSessionConfiguration	Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging	Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging	Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\Transcription	Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	Access
HKEY_LOCAL_MACHINE	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport	Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB	Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size	Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging	Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory	Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display	Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt	Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std	Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI	Access, Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin	Access, Write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Access, Write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections	Access, Write
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\PowerShell	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	Access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\COM+Enabled	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine\ApplicationBase	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\InstallationType	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	Access, Create
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\DisplayLogo	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Enabled	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\IgnoreUserSettings	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Timeout	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\TrustPolicy	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WSMAN	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WSMAN\ServiceStackVersion	Access, Read
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ConsoleSessionConfiguration	Access
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging	Access
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging	Access
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription	Access
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Winevt\Publishers\{816ebd75-f7ab-59c0-e2f0-bddfeed66ac2}	Access
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	Access
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PSMODULEPATH	Access, Read
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\__PSLockdownPolicy	Access, Read
HKEY_PERFORMANCE_DATA	Access

Mutex (1)

»

Mutex Name	Operations
{ACFC17C7-C5E2-4989-BF03-2ECE0B76CEC2}	Access

Domain (3)

»

Domain	Sources	Severity
api.myip.com	Function Log	Unknown
nqdpde	Function Log	Unknown
www.torproject.org	Embedded in File	Not Queried

URL (3)

»

URL	Operations	Category	Severity
https://www.torproject.org/	GET	Extracted	Suspicious
api.myip.com/	GET	Contacted	Unknown
http://217.8.117.63/tspm.exe	GET	Contacted	Unknown

IP (3)

»

IP	Protocols	Sources
104.31.66.68	HTTPS, TCP	PCAP, Function Log
192.168.0.157	DNS	Function Log
217.8.117.63	HTTP, TCP	PCAP, Function Log

Indicators

Before

After