2f334c08...2a9c

Indicators

File (4030)

Filename	Hash	Operations	Category	Severity
C:\Users\FD1HVy\Desktop\CUBE.EXE.exe	MD5: ff177bd454a19d15b9050448da3298c4 SHA1: 583226f826fcdb66aad87d0e43efb5897956c957 SHA256: 2f334c0802147aa0eee90ff0a2b0e1022325b5cba5cb5236ed3717a2b0582a9c SSDeep: 6144:AHIa49uBG/KG3Aaaqthhfr1xrEuPDgFbZig32i2r+W:Aoa4mGFA7qtPiAgGD3 ImpHash: f8ed24d0be31b8db693bfc84115608ec	Access	Sample File	Malicious
C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log	MD5: 47ee7b4ab20802d6dfc7290cb2892dfa SHA1: ba278daaadc05628d519c959f64f08d70b4d6abe SHA256: ece8d0cc2e7c4dde981807a9ee1ef9b6aea708f7edc548061c3f36a5165847f1 SSDeep: 12:XUPN2m65LLRHvHqDR6iTPLwx/Av4vyHuIMVlTDK0vlgaqT:XUj65/RChwFi4vyH0v ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	MD5: f37b6bf1fc1d8cd56940f16594100896 SHA1: ad281da8e795cd5b87c2fd257e68db1f909947fc SHA256: c8c18907fc447eed6871b89be948d66cc34fce1400cbe3f629512f580cb1fe2b SSDeep: 768:fvvqg+i0uEwvjWDMs5/+9zr3iPWZ34meRHHZGD3J3WhCSGkypMmtV3m8tUA4oa4L:fKg+BuVvjiMe/+dz14mInu3WE0tm7TtP ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	MD5: 97f2e390133cfb7cd5614318870411a9 SHA1: 5e732101747df887a85c11c34d3fe080e198db4b SHA256: 33790b7b3982b0ef487db71b7c1f3f6378de85c15c5db943076c5f642331559c SSDeep: 96:u2WpjS96c4fm+zUNIyybZCYYhhWiX/HrE7VzMhyR124Bdu1p/Jmda0G0NJ4/:2jwRs/bcYYhX/LiRfRjXM6U0z4/ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\$GetCurrent\SafeOS\GetCurrentRollback.ini	MD5: fc6a12c89f94b162e11deb4d5df358c4 SHA1: 3c41bccc7a244e7a5f161fe1856cc9ae9df6c1e1 SHA256: 3ee0d45ba44d6dca4ad0e4fe92588f9c09007fd5acea69a3ac4d1725999bb947 SSDeep: 12:ukA+xD5nP9mx5Uemx+3fkcYA3bKHqSdD2hBx0JEA:uD+xD5nPPO2A3b0qSdJJE ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd	MD5: e206d480c8a32218962d0fc331623137 SHA1: 197342b64152073053cdda034008373a18855853 SHA256: 5725977e070cea011591ab79d651fa7649cedc2747ffc6f39d3355460b47d3af SSDeep: 24:78yo67RpnhPS8RwxO6uZDsEjd6S4AvGm5NQot1CpCgTAR:7jo+PhPS8Z6uZoEpn4EhNp1CCg2 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\$GetCurrent\SafeOS\SetupComplete.cmd	MD5: dd4d2a40f5247cf7c63ed5d06c51ed91 SHA1: 47bf1af01ecddc4c946f21bdb5563694cfe81bcd SHA256: 8ae5b71fd2c5c1366cfc1f71e66c6fe70384fc712a14be869704818ff21a5e7f SSDeep: 24:++Th3yIrE7h2uLZNErzVJ9ogm1YuzjT6X:NC+E7YurQ3agIleX ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1025\LocalizedData.xml	MD5: 2c6e0dbe8d9bbfb4895d718f2c1f5363 SHA1: a6a9da5e021de37383944b16ed7483ce08e87d52 SHA256: 8b3d34774a93b6df8f6514debcd3f7c4c4156275c57541d87b4bd3053d7f4ba2 SSDeep: 1536:lJMMg3N4BbSMe/m+tdc8rQ50w0EWkQjlEbCrVqU/GF7/RL0u38kkywm:li3cbumGdg5ueQjlkCZqlB7vke ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1025\eula.rtf	MD5: 1c46ee6cfb8301a19f9d26a864ac736d SHA1: 6d1aeaf08a0e0e1f00b2b957f5048434a8c0795e SHA256: c73648ee882c8159f46a79b3caae69863174d099d1c17ad6653e7b50a45b8c47 SSDeep: 192:ubaw2cuFirK4d1Ccov1DSuNB3T1AfnoBUSzilkYJhXthYSklX:QCErGvtBZdeSOlkYnGJ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1028\LocalizedData.xml	MD5: dffdd2b1bafafe63626ec64fa77ead48 SHA1: ff3540e0dce083a1dc939efbf2979268e05739c1 SHA256: 61cdb638137b9f4a0c28a49f8ca80ec5e661f7c5c82f01d4e6cfb16bffa52cfd SSDeep: 1536:Q+Qo0A5SA62G6llHetrvr7gT0bInds9yFBAEiZj5ftY:Qlo0cSpKZeFgA82TNW ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1029\eula.rtf	MD5: 1e02c39c074c51840e77bd7aeea721c1 SHA1: c897b8713f279f2bc58c97b8b9c97e2d8d4cf279 SHA256: ede9bad5b11d2f51397964a6ba46b849832ebd9ad01b236773a7a4cb3e2e6eb2 SSDeep: 96:IhZe5/Oe8Y49MRq2BjR+QfOoGE0vqLMeBi8Ik5s:E4LVRx9+QfEEUUMew++ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1030\LocalizedData.xml	MD5: 4bd08f05325728bfaaac1ed9901be323 SHA1: d4adb236744af7e714b24d8798541d9919e3c05c SHA256: 20e96ff15407accba4d13e7737f0360253486c5579742e8177d07252eef425c3 SSDeep: 1536:yo1HimmworaJ3J3XEQo+VTntuLoRyQH7b308UEzTTtfsFCRtTL92gZq3O:hHiWzJnXJntuLiyC7b308UkTekvRoO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1030\eula.rtf	MD5: 9d11813e3d51befbfaea18fc20630db5 SHA1: 429748f9effe05fe6b49913c809b26ab629ff7e3 SHA256: 29ab4353f3aa4fe5e5418cbf52da5f6d510c8d120d93f94c6f968ec23b01e211 SSDeep: 96:TJNi4f1a5drxbOOCQGmhZpxaHs7I+/16tqVuN:ltfMrxbOjoF7JwqkN ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1031\LocalizedData.xml	MD5: 972b8dae7ba6e37bea00c993aaccd4c4 SHA1: 687a768cb1e6498e847259b23aaf6bee9a25d204 SHA256: 2af49c4d863850820be2d5738e245f9e2ff4b9246428c19f9c6dd299e07f4b9e SSDeep: 1536:m68HlcabDucPwYbC8Gvpiy6vadCTY9ESKCC49YWAKcPwRvPxYrWTjss4EvAVEvgF:L0DVIY3Opz6viCTWC4hAK+wRvPxYrW8B ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1031\eula.rtf	MD5: 41ad2f4faea6fe71c41f73b63c420a97 SHA1: 03366fdd1a11168d04bca1a054f297223289f755 SHA256: 136be476a3c37ec019d55e885be2f414c1944b4ed73401fa21a7b2326681db73 SSDeep: 96:Q3WIj0FXmb0K0iX/b2/rCtCSgtJqZRDpsDAAZXUKGSmDu:QRj0FXWWiPa/rrS1ZRDpsHk9SmDu ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1032\LocalizedData.xml	MD5: d582c57755e10cfb5c2e2bc39a373c6e SHA1: 4e00b49a853c0ea30c6cb80c1c9ebb7d807bfe73 SHA256: eb9237dcdd8a8a0eaf518ceb65a6e882044ada2eb8c3a1c05ec40ebeba4fcc19 SSDeep: 1536:7J4f+0gtZArv+NriVN6Wj8JRzMe6H0CSNUq0ite6GtWwsEWPutXfh:FFBGMGr67JRz9bNUMtzwAuxh ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1032\eula.rtf	MD5: e2a810c1f59bec1f524b5b002f5bb6fe SHA1: d6249f0f84f2fb70ecb7e47923742f00c4b0dc57 SHA256: 7a567b17b858dbd86a8468ee2364a10d49ab59a79df5edbf9bdcdf701854e042 SSDeep: 192:Qbm4BFt+GEHKW3OPnQi/3ugGgOvFyOPGPCCszsI8G1eF8NxPVb+Ql7uzRMK+:AbXNCKWePn/b1JO4CCZI8Gk8nxnH ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1033\LocalizedData.xml	MD5: 29bc6e91d7d7b2b5c8916aa19b4266d7 SHA1: e4e670762db6646e84efd8184ea68b2d1c31ce36 SHA256: 9ccf057f759b0c0a43e08fb412bdd2b73085e5fb10da2d00b4b57622136a2cfb SSDeep: 1536:DQjmkIjpfoDr9N/T4oZQ4I34ZKWb5Jrh9FmnyUdbY7nL9uTFL:DQjmkIjcLcO/I3G9brFxi2L9uTp ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1033\eula.rtf	MD5: ddd905b9223a3cab7a05131113b20120 SHA1: 5afc93761d2a1b70581a5914245be3dbba8226a1 SHA256: 05c26bfc694bccb039e70480831a9f3b1cef8b46e66f00a35a8afba7478a63bf SSDeep: 96:gT1aDtbHJ4g31QH5NIxZC9ikkOtBqgaVjQxXi:jz1sNIhkks8hs4 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1035\LocalizedData.xml	MD5: a2dd39507ea8c5206120e66aa2dd95d1 SHA1: e52cb4691fcc51b84ad278cd9de25a09b1db1712 SHA256: 8fee5999a1ce3ee0d090b0c00368cedac6303d27bd84d2d6ebb4be085865e84a SSDeep: 1536:s2U9efArgP6kJAF8ukFm/aarQLJFStEdYdMrP4J/4UYSSGE:sgfYgPpJAFIrSQLaxMrP4kt ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1036\LocalizedData.xml	MD5: dda53d25daf545e7a42ace7ddc434f8a SHA1: ea695aa50747e203be1f4cdaa53774d3353c48f4 SHA256: 905d87185e2fdfbed3d750478e6cc09b436b5c2364c66cb24e5489df0bba25ec SSDeep: 1536:klDRDFME6SwCFWGNtsb14GqPgqduxVwDBFAMlV7FAWq0T8/GY8POV:8tDFME94etoKoqdwABeMljA50TC ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1036\eula.rtf	MD5: da148b364aa95d9124e6cf4529cc2b91 SHA1: 380920675964d0e6ecc58b3acde8b9b575825310 SHA256: 2afa56afbec0c1541dc3dfa11f99ae7a3631e856c7755e916e23e4096367c402 SSDeep: 96:xurP9kwyGrj7bDJxq8JtZfWAmuG9W9JKa9Ng0nT3BAuf4o:3wDJEItZ+qG9wKCBzBAU4o ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1037\LocalizedData.xml	MD5: 1e5e9cf07b0bcac534d307e66fd20faa SHA1: ef0111fc1b96cb22fda4f8bb14a0fc168d00b773 SHA256: 1b4563000651316cfb9f6f39e8b82d78642109b2558a9b12c379d0549f2b987e SSDeep: 1536:wuNO9dDPPH+Tnxae9ICG66KhkuUnlmo5Uhj1Nbxb15gXIQ1M5:Vud2x/ICCKhYlmAUh5NbfQ1g ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1037\eula.rtf	MD5: c9443858868ff11ff4cbc044143b1f85 SHA1: 82e040afb9e3843042283eaee58ddd418d647a1b SHA256: 0820aced3bbff960c65104c7712f2d861f7478bdc3a40d9612d8349e44767b00 SSDeep: 192:LUMcSHe1Fre3uGQ6cJrmbKpEXx4MdUWOIMQ1k9gWdkDOxY:LxcXF63YlJrkYEXxpOPQGOH6+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1038\LocalizedData.xml	MD5: 52e01f551ac25be1f9cd3cc8fe8f0658 SHA1: 91c5d7af1614d295fe42a2b041d0627703b3f6d8 SHA256: b9ed74c8d11cbc057c5bc3f1b889b0b22567d728369711e5b309dcdc4da15ecc SSDeep: 1536:WamYTtiJZ5WXybagdV7fjixx9UgZAmffmJ1JNt/0jogZArOve8CwdbNir+:cYWM6/f7rixxvZHfmhHwMOvBCwl8+ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1038\eula.rtf	MD5: e46c3be715cb48a42de395b5da982b11 SHA1: 0f934bc1b2b8d6048b804f0b1f0ad41613fa0f1f SHA256: 761e075f181efbab5a37880313cb268eb75dba33c9caf292fd1268762a74350c SSDeep: 96:QvAuZudT4iYCwqRgUcizkl3qzMUrQ7P2xDaqF5k1UfDcJX3R0PtBGQ3qsqShEi:QnAh2CwqAVslZDaBUbcd8tlljb ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1040\LocalizedData.xml	MD5: 95e6317dee45bae94c76cc70951729a3 SHA1: acd7e3415f0e15873dfa5b402735b825c0371cb1 SHA256: 0f1614e1143d95c314c44952d8a72035780283e6e69c0beb70f8e78af82a86ae SSDeep: 1536:XDqsN3Tc6EV2uCi/OTFFPSSxAOyRmtO2BvqslCPV0:2sFT2V/7/OxFP3yRmA2Bno2 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1040\eula.rtf	MD5: 86dabb74ef68869994306a522a267bb3 SHA1: 6c335316ac9050233bf5a9cc2cfc00a00e2d1af3 SHA256: b381320764bb8f6cc76a1a3cde20e9117ced911331734a41f6ce140a4424e961 SSDeep: 96:nZHL95IJg8LB6C28TJOnc9ZLQrgKOHRAlRBYCH/E7Y5X6P3LQl:ZHv6gU6viJOc9ZL0gKOHRSPY57Yl6P3e ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1041\eula.rtf	MD5: 997093d706d904cfaaefc34723e02bb1 SHA1: 1ea7d1ccb10877fc09fa010096aa6e96724865fb SHA256: 8095166b2b5ce96c5129632f77ee86cc93f40e6b72fe7fca06e525e4a1c408b8 SSDeep: 192:s+kcbEWtOFEQxw7HcsRL02WqSj5d1u//fpaZPSlg3cb5DMakLIi:UcbgaQxQTP4z1uxa4lQK4LIi ImpHash: -	Access, Create, Delete, Write	Modified File	Unknown
C:\588bce7c90097ed212\1042\LocalizedData.xml	MD5: 3e90b0bcbdd57d7ce9cb294e1c7a5330 SHA1: ad849249b75d4062c58095cbb351bf500f4e569e SHA256: 294382d42ebb9eccf05730c295fb6198a0b7248955163922dbd4e17be0a884ff SSDeep: 1536:QlLAja19Wo7m3YmREMPG0yqGQ4mmDUMKVcLe+RePWXMama8:8ka19Wqm3Ym/G0RHcKQReWXM9J ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1042\eula.rtf	MD5: 1aa4df32fa75d57b693d56aa7bff224b SHA1: fec5daffe2ee72a380ce2290088e91b4b90b354f SHA256: bf5924aea8d2b52eaee4aa0b47ccbbed420144bef9ad3b857a2248d45828d540 SSDeep: 192:9vs7zXAKqA0ka4abn5M4petgNgwHaKtG6KYqkFOHC9yLBqc2hLd82K+OU62ZiMMX:B8ZqnbJpyk5KYFYC4LAdSmOUFQVzEq5 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1043\LocalizedData.xml	MD5: 1d3ff8337e1b6f24c68ab67c71e2ae42 SHA1: 1ccacf621c3e017d2d91a860a3ef20df1b13f300 SHA256: 8b1d25c1015c2aade3401e2ef6b015cbe79162eb0cbc1c165be884cbdff1f5a3 SSDeep: 1536:P8kcN/kc4J/exDUp+eBaOVCBAd+PKVGhVKR0yWuTm9P3RTt0Qb:JZc2/eF+ayiK0hVKayWsm9PRh0Qb ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1044\LocalizedData.xml	MD5: 9b0d29261d0532762d1bfbeddb5b1547 SHA1: 8597ac0ab5410ecbdfd86dd6b3a3b4cb9dab3ea7 SHA256: 5e9955939cca94ee75e0c7b437c816ba0f5d38d2f6d9da5e051ae55550b95752 SSDeep: 1536:laJzvTnM0rHFBg9mmjLzfFF3EaneJxnvLyN0/anPh9/i+eg9y7jtQK7US:4JzvTnLrlBKxfHU+N0iPhJi+erQK7US ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1044\eula.rtf	MD5: 2f626ac7a7b2e2e1f92c675301547df5 SHA1: f00a6db432069e9d783e3cee572023c03236d7bd SHA256: 1bf5c227da7e1d90070f34dbce67ba601e50187de2123f0f11d0360ea983a9dd SSDeep: 96:TgJwcIc6CrCOhlUBrlnMU/y+si7tBuObn1nRT57ku2:EJpzrv8r1MWAi+0n1hZku2 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1045\eula.rtf	MD5: ec41ae47136dc528517b3bd970289b8f SHA1: 62336cff4de6ae90eac03901a0984f435787dbbe SHA256: 6512c5d16cc84eafb09dd53806fbf786f5c1a4d091178b7e1207336d5a592b53 SSDeep: 96:XBDbVTfUpmKQ5L4BRnWn//80xrpMOrO+fDKvwCpX/jW2TTWnzA:XV1UpmKQ5ws/8+VrpKv7BHN ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1046\eula.rtf	MD5: 2ee3ad4de48013217f2ffa8fc3142187 SHA1: 29d23ebc506c21854a16c5ba389bf66d549e8564 SHA256: 547d3bf2ab72191fd38d2217f59313fe7e40426adeda39fe5773c1423900bc76 SSDeep: 96:UiVkPuEp9/+lFQgLk9skzSYxhs4/uZbzoHl/l/EiS2JPweX61:t6PuEp9/GLklOZ4WZ/yN/Y2JR+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1049\eula.rtf	MD5: 96196d909646c91d788aaa4a1050809b SHA1: e2b2e2aa5ea370c4f57be0fa38775329258e7f6c SHA256: 4df1de13b99380d0c6fdee5bab5b60cc83d2e83a2716cad8bdf70361114d0dfb SSDeep: 1536:tQXLNCI3egKnQm9I5v1c7HEOvRFGZLudRkObcf:tO5Cm6N9I5vAk4f7RLQf ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1053\eula.rtf	MD5: cb347d40e54500fc98a92fde8c450c97 SHA1: 033290fab45accc7771f6543f0f4e6c4f529d6df SHA256: c6f486297c9dfe9be2c8ae702769572752beeb935dc521aa05d8c20da6346e16 SSDeep: 96:5/m6uZAJRC6X41Wrh2ngo7Rw9XCJPIVMMrDQdtERMUSt:5/3S6I60Hw9XCJPIiMPQdt0e ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1055\LocalizedData.xml	MD5: a09fe96017b4f8a45fb6831de6b493db SHA1: 27356e7bb1b9a08e3448358c15e6fc4a6136d3a0 SHA256: 462539b34d0a2c1f7967213c4f353045a3d325f5f58ae9d57d21b6eefcdfa6d6 SSDeep: 1536:5h/7x10gAUsS8FV9kOftALwd3szB4yShifHJ+0asdA5yPnHk4pjs:5570gd8FNMu3szYUksdAMFo ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1055\eula.rtf	MD5: d7030d5078b8bd0b6ce4f46963371bc9 SHA1: 12a6fd35005bedd8b062bc1909762507f7a62afc SHA256: 899fc408e08713473c42f1e65398347bc5477c2e2e877becc1f565a0ea378efc SSDeep: 96:piO4SXury+FpqBiPL5Bg/p2B2kvfON58uO9CWtcjy9dLaKomDj0ywHEE:QT0mjPtBpYkvNPuG9dLim3jwl ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\2052\LocalizedData.xml	MD5: 3ebc3b69d5803ca0b7656d1268f3e0b2 SHA1: aa66086cad733118e990494cbf261cdb2495069b SHA256: 3931a1be0ab4fb130bf9552c4da193d22b26675b1f6083c56e0124a523a230f4 SSDeep: 1536:g+tvca/ok54z3Kt1feMbMQUk3Kr9ZZsrG/+Hhldm:gBaH4zat1NbMQUuKJsBldm ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\2070\LocalizedData.xml	MD5: 2e98b186a539e7d49ee1991ec7d5e104 SHA1: 8f8f424fd3afa1f0e15e0fcb0f3ed59bca97deae SHA256: 4852683edb9f240e7e35a4dacfb27d6d6c2a79083a6a8db01f8ade515b59e3a2 SSDeep: 1536:JhQCPSOcMA/rgPKm8vTMjZLL684Js/FOSHexYcsI12T5wu700PFX:Jr/f+rOcTMg8iI1+xYIi700PFX ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\2070\eula.rtf	MD5: 12c2f173a58bd97468b2a08d65adace1 SHA1: 97282f861ea43372092528114b18b8a38ac9f7ff SHA256: 98b76e374185adef71d26af8f96e05c590d2816756edee65ee8364e1a73159c4 SSDeep: 96:+5p8Rj7BGSYHPfKWBX6JbgD/gpf0OuEH9K9wyv21xGeUR7Uc:+bwXESyCqX6J9f0zEdKqonj ImpHash: -	Access, Create, Delete, Write	Dropped File	Unknown
C:\588bce7c90097ed212\3076\LocalizedData.xml	MD5: 0893abadcd09333694422201e8b088fa SHA1: f471789dcbb47978d791db34921cc43f910762aa SHA256: dce3afab95d9cd2b3d367f39552aa32c9675bf2c072bb68c494d94e6b8b39799 SSDeep: 1536:lWnmAQ32/WsI0x6z7qZwF+xHN5uHeAOR7TH/tcLuLUVKrQuTTDiPerQWBGAp:QvvusIM6hFwtYHeAORHbLUVKMOiGrrBf ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\3076\eula.rtf	MD5: 68664cbb4cbfc560df80e2960ee9bfa0 SHA1: 057a2e3d7251650e654a2d959cf022c749a10915 SHA256: e5b6f7c745de0f981dcea303ece0b2661fda84a2fb04cd17a1b5cfac9874c033 SSDeep: 192:fOTaddD1YtHdL3oK8hXmk8RBul8hFEd0w76D6F4:fOT+D1C4FRoBul8qB76D6q ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\3082\LocalizedData.xml	MD5: d6205c87f102f36472efe888264fe0ca SHA1: dba863fe0d47dd2f9abd098debf8462f4847bf4f SHA256: 2aa7bad69fa69d086ced0bd9ae4bc669580fd38629e3cabd910ae247202bcdf9 SSDeep: 1536:iLaPRGD2vnHkDheVKBK85F2/p94QKb09GCZg2onR+fgQ:4aPm2vcheVtyF27RKwz0gH ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\3082\eula.rtf	MD5: b0159df1241cbede224256ec48d97462 SHA1: e3f11a12dc97bb9b6d028b2acea9850b4fab0ab5 SHA256: 25bfc9f5dbe6a6203edb622bd9a94ecfc71d6fa78ae81c8f6f01d0e0d30e4a43 SSDeep: 96:izPsPLg+ONyf3RFNQE6sxPMwc818XEvn3Y0Ygml:izEPs+HfRFNWiPM/MwEvn3YFJ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Client\UiInfo.xml	MD5: 5542074c3be0091250d3ecc41d7df58f SHA1: 5de6dcfff558a761c31e1dea32c3457ba876fd0e SHA256: 7e220bbda7268a579f9aa08ea7c89543c695cbfae87afc54a8f46c864df3fd88 SSDeep: 768:dHI3eNBx5dC7etNQGydaG2RLclT8bF4mx3f6K/vWEYAP2y028CiNr+5AOcmX:do3e/x5dC7uGGMqimxX/VYi2QuF+bc6 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\DHtmlHeader.html	MD5: 1ae8910444587a42a2e967f6500e0c4f SHA1: 5e39fcff7aa3aff16dad64ec7c20ab0e48748ada SHA256: 60ce78e58b7aa51b04d369b62be8704449484434aacd3e8638c9f0b07cf615ef SSDeep: 384:jRGTv3sh2vOEepeHt1CZzxqClAgJTGMi8xyNrEDYId8ooiFFZQsN2D:9wv3FvOHps8xJGroDYI0iFFZ/Y ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Extended\UiInfo.xml	MD5: 5385fc3b1d88177ca02f7198fb5eece7 SHA1: 29df6a81a63795e4b4130bade7a85c3a34e8363d SHA256: 6d11d80fca3711b909f087058edeb2f790616257978287dc705c6314ea225e08 SSDeep: 768:rZ9pHqA+7xe329va1rqZY+9Duot5RbR8Au7apuF1Ech1e3u1:3pKACG2S2ZY+9Dn5XgyuF1Fe3y ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\Print.ico	MD5: 91f77505e4ea52a8399cb9028660f8f4 SHA1: aa5eb52121c1db6053a3435d15cbf9cbe3e2b320 SHA256: 6563090261bddccf2a6f54869fc454dbfcd2bfee7977b39861877462f9785476 SSDeep: 24:S48mqpYShIcwdH46F/uxkDQzAJfqK6NKq9Cv4Ap+xF8HDo2pJjrjMd4FG8tAa1:qmTBcohJ/DQUJyhUqyWGHsMlG8tAO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate1.ico	MD5: 08ac15ad3207f9ab9045028a826a4552 SHA1: b776b48ce1d144d04954672f2dab14ed1e05dcc3 SHA256: b7b8c3f83eaa3d4efa9a287fd13392fdece637da6aafa55f61aae2a269d68542 SSDeep: 24:vJ4KdTQuDH05CU8oroeT1VUk3f3ov2ZMJjtBPNYEhxGULHor5A61P/BGvBQTipD:x3TbG8InT1+sfogejtwEHeb/BnWpD ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate2.ico	MD5: 23d7973973f11a2c96c81bd5e6294653 SHA1: e3626d31a797b374b2692a35003c283afed2df61 SHA256: aef9ea69fb8b848ebb012f57e47605033688f0502f8c268b2779b6b933c17bb8 SSDeep: 24:X5JM+QC4eVvMBNBazY+CTIcXZHXiuMgLOwFJzVnt6LQ2ETeUzHUe+90t43ru0f5a:XTMfazY+CTdXZ3i6jFxttqJE6SHY0t4O ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate4.ico	MD5: a12597567d230ed4cb49166b7ed4dc3f SHA1: 21b5f20e9bd46c25b411f6cea4770fba30b8ce49 SHA256: 9eb22576e0eded683c30b82459b8483aabe1ba31b3bac3ce29f974e6854f391e SSDeep: 24:vhQVW1NkTyv/m9WpsG7jH5GalhJb9qH+OJ6SfzDvd30eud/CiqrR5CPRzJGPE6ox:ZzNyym9Wy+H0S9o5cGHR0eaheTC5Aox ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate6.ico	MD5: 4c1d9b493a147a3c0681d741aa67d7f0 SHA1: 233e038a0eeb3937d62ed606507c51cd25b960e9 SHA256: 899d60e4b4a95bf62edad2441624f1aa3286238e7c769a3cd01ed1ceba436a00 SSDeep: 24:p6Xrj+gvbwtVNBOols6O5dayKTYAEEqInmz3q8htSGfYpsvZF/hvMfQB:pc3+gcmoG6OfC5EEqInmu8qv6vZN ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate7.ico	MD5: 83f88412068e9d9e1fbee5a0fc070bb2 SHA1: e12ad440c9037f637a349785404472171d36b877 SHA256: c5e6501302e677c554c76467461690d7a567a54cdd7cc532dc7b35631d2e5eb4 SSDeep: 24:fFML1J8w2uvREckaX6yyfZJJj2xwR5sKZzhHSKkxbPmbkrsmuc4UIbFuBiiUn0aE:tTw2qycAJJi8BZVP8bZQmuxUIwEn5e75 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate8.ico	MD5: e156d7707fd68574d3d36d114290a8f4 SHA1: 5ff8e9775a1253567c65fbcb8ba2fe9bdc3bbe57 SHA256: aec0a6356a0846098eee688719424f0b30f9a02b37c1934998ae9b6b14d8817e SSDeep: 24:g8YMjkLke0ZUjfHaLQ8W0cANP5MtL/JDong9z+8Wqx3oXgM10G60jEugBaY8YO:gxMoLaQ0TW0715orJaKBW/B0iHgYp ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\Setup.ico	MD5: c26647f70a8fb556579c28818064462a SHA1: a00a7976afaf2b013ae3ac6661d2a9e60ddae64f SHA256: 8f2bb826bdb48938c2afa5b47fc278f1e69b6f30ec114ddd87c21466258f47dd SSDeep: 768:+p7KHhDziaj410FOVvBmc4SElMebqDq3SsyL8xpuiAEv:C7KdON0wH/52MuiqaLCuiAK ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\SysReqMet.ico	MD5: 533eb69a6ee22c55511653472977f767 SHA1: 251188b07582d092852c8f67b0a5fb3d32912412 SHA256: d9ebda6479d8cc0f10aed536b99eb621c6eb25aa0268914930ff8a92dba64d3b SSDeep: 48:nAHtNW/F6UgI3521M9Em2r3wJr8ivtqh0Vaq4l4fK:ctNWQUgeNEm+C8ivwOVAUK ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico	MD5: 3f5c3ef1215da68538d8dd330f57191f SHA1: 2279fc0880f8cf74858d8a0ac348616bf2c9af27 SHA256: d4e6ab8a5b68514073a28f41c082df2a75b59c573feca6026d960923e0f430e7 SSDeep: 24:TSgoyEadFWw3SXZIXuEahzqTJaF9AO1lELkVgIyXkvdDzJDgAp6KU//fjtC:T1zEan3SJIXG2TsJELkmRWFJDgI6jDA ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\stop.ico	MD5: 692a8a794303e472d7395e91da94f22c SHA1: 4888ba8d0b9e2ac5b33d53b1e17afb4bbab890d8 SHA256: 1138f398221fb6041506b8db1aa1e78f48663dc498f3f6c7542b77e861949db5 SSDeep: 192:65SgLpXTBW+ZAJIba1+Y7NYxOcBi8HFqVZUspRWLifGrs3m5hCtCCx:4XdW0Wpa9BfFm6oyifGrs3oWCCx ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\warn.ico	MD5: 6361bde5b48535b6b7f05687559a7d77 SHA1: 33473a5b71f20c4f7b4788b87c7a7bf36a560e0c SHA256: 9e5158ec89fca574c7389466b238f6fced7c287804e6f050ff149e2be07bb3cc SSDeep: 192:F/y0+h5mPCwA9iTddTWM3yLiFMvxfv33eocN8JDsoEHC/qPb5Qy:F/yRk/AadTWVLiOZ33eo68tWPb5 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\ParameterInfo.xml	MD5: 203aa3bbd36755eef3f787da78b4bb43 SHA1: 8cc4d2718caae70f5336fd6d907efb5eb18cb4f5 SHA256: de07394db83252ed3458d7aa1edd0d91eff1cf7e9f5f8b7c7aaa759700f57f9e SSDeep: 6144:IIrLoHPihgVbFG7qQLXhnH8dnB0F8u0MdpUpC4A95T:doH7FFCFtH8d5MdpUcT95T ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\RGB9RAST_x64.msi	MD5: 834944061c8956e1f3678dcda8220627 SHA1: 1c76e391a35a0099d991a1151e4bacaa789e7a8d SHA256: 28e54ad13081e2c358e8a58f4688ac0ebcfb582cb58cad2049bd449f0d20853c SSDeep: 3072:NRaO8nw1B3rRPBNGPJN3YyfkcHYZpY5E4bcGzfQ0+WJW5RfdjVeHDWJaSKGeJcnr:3aO8nWBPIP7Iys9piDzfQIJW5BVVyD4x ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\RGB9Rast_x86.msi	MD5: a58433df431c80fcb2d9ef300086b426 SHA1: 77af8827b3f099d15af872acddb5a90b655fb7c1 SHA256: 5a6d2c1d5e13c0a3d96b9885055cb9ab7b85f04d72b20ae40adaa2ae5f5fa2c3 SSDeep: 1536:dYNH9aePXmD9JBZ61LFuMeEKfVYk9EOSQT8SscIFUNJPvoDPeuwrxavyOVFe5hZa:dCPO9JBZsL5eEMVh6/I88+UsTkJwe5na ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\SetupUi.xsd	MD5: 6b2b8e99023b2a9611a9098536941d09 SHA1: 976f5fd373a815332ee20c4397cc651f81ec6dfa SHA256: 5507c4287c74ef63ad795bfba7a27b53f567c62a9912b738c3dd0b405bcc2e3c SSDeep: 768:AJMLqaWo/m100lYmk1JNBLNmt85z75r1DmNujJeGV8X:A2lWo/mGmMZ5mozR1DRJsX ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\SplashScreen.bmp	MD5: 53650daee35b82f02608056530cf2c13 SHA1: 629ee5a10678d753fc5684042469e05a0fb205b1 SHA256: b850ea1491088213be66cf770c8bfe957ed0b6d979fa183428d162858c63db13 SSDeep: 768:ErMn0aNK15TW5WCmWwBBbz3CoV3TUZWk9XktgydDJpp4fbvlFd697gAjPcxS:57KfT9S4zzVAZr6tgydDJp6fjlv697Xh ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Strings.xml	MD5: c46bccd7199a7a635d7966e669447070 SHA1: cb96b64d07cf6f7a4e82d180cdb37942b43ff053 SHA256: f031ab584c0100fef14af5141a9dae2a456cbe6a7b18729ad7963edbfb6bf214 SSDeep: 384:q235iFOf6aTh3nkmDXwdhbna01yZz50lRvClI:q235iFm6chHDXwds01yZVoOI ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu	MD5: 67458c8f4627a2e28236bdbb87532f15 SHA1: c063c85e4d1f3aa7780e3030f395c1f46b0af323 SHA256: 5f60976abfbf0da13e8d200d5b98466134426e801b4b6ab2eccaf8987fa9bfcb SSDeep: 98304:hPAeoVqNDA9wIsFhcHBGKI6hd/BwVC0aqQa1LfLtoAOaNl8ofIbC8sqfQWSY:h9PNDawIqc8QdIxQa5RoeqKX8 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu	MD5: 26e0579a6092da0c7f5b9ad409f48333 SHA1: 4ba8fb803725fa186d01f9bdb75b3b8400c87658 SHA256: bbd42630bb45acaa7461cfafd972696404c46780ac52ee5f7c218a168918cfdc SSDeep: 49152:fwdoSP/VMysD7z5WgpUB+bwfWbgX0v90+/es0YKnih2X:zSP/qZD7kmQWbh0+dKn02X ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu	MD5: 6a2d4e1835270f78948e8e10b2b4a4d4 SHA1: f7332d5ea807e36da9b1d5d80f604f7999501d95 SHA256: 226077ebc5df083e22627b420dc03cbefa43f649cb47f5f253564f3b0c518e14 SSDeep: 98304:sNYVeNHVnMHT/nG8BQNPp7MSWq3UGHjK1hE45iIQevi5:sN3GDG7NB7VWdGO1v5ilP5 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu	MD5: 93ceeee95a714abb1fd26f2119f05f56 SHA1: a0e6e00483d80bd105fde79d18bfe82ba98dbd15 SHA256: 66de2a11542182af0679174e73cb0baf08a893b36b9b10774cb5af6b2be237ad SSDeep: 49152:VpATLeQHjUQzTnWxALEGlUPT+hxsilPP7sMjC6wT5gWLmv2jVxh2r:UBHomTaV+3lHbwjTp4 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\header.bmp	MD5: 4a94be656c71eb140df2d3397c4a895c SHA1: cab481443e03eb198ecf3fd7002ee69a4e1ff3ee SHA256: 6501d42986fd1ea5b469d31194cbd23e7a324f15bed8a38d48d392c772c2dc87 SSDeep: 96:rE7Z/62GNGOIzPSkAylbaJmdvCbLSNMk0g4FXEsIAI:rUZ9GN/OPSkAyl7VCbLSNMbI ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\netfx_Core_x86.msi	MD5: e35db7213a49d6916c4b64fbf4410998 SHA1: 1a691077d97cd29a6e34cc99fa2028e18f6b3763 SHA256: c45fbd063c3f5240313855c326a83a430b952fcaea418df49798977d307c0fae SSDeep: 24576:08YT/cH+ln44pi1up1ZUkPze87v9eUgJMtDwPbSrFi11TZ/:Jg0Hs44SIHUkPf7VeUgKsPeF+T9 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\netfx_Extended_x64.msi	MD5: 24478dee48e76baae15606497b349f69 SHA1: a3744c3eb1c7b9c32456a27a9281f7ab655e12e5 SHA256: 0869a585c0936c803b8299e02b056ae85f14c024954926fa6ff8be5b6679b002 SSDeep: 24576:Q9c67QYnJPzkZ0Z4zQ1uU/zHMhFv+xoMFO/QJtDxe:k9zkZ07RzHiFv+WM+QJtI ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\netfx_Extended_x86.msi	MD5: 067bb3c9129e441618b321eda70978c6 SHA1: 437056455bcb95bff436f450adba3cb104654716 SHA256: 2a16b5bc7e207892d78311342311f334a0e5b5386b611afee9357d193b52f857 SSDeep: 12288:L8E30WSdmak5NlRoouhZupxKjwYFIgpzAgP/Aq6JQou2ejmP:wEk7YNNLodQYdpUgPjKQourjmP ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\watermark.bmp	MD5: 75cd56f80aff7cdfdc1e2d69417441dc SHA1: 72a113882ae4d68960fb4fa29eaadca014b666d8 SHA256: b9ce50d8cdad4b01eceb822cb4cb8a215caa5e11a44dd09fb76fc1729dae694e SSDeep: 1536:8M4MyMgyBWnOLF3qePqYfpM9xcAVWsY0Gt1yTQdhzhX2/GyR7/S02a8eMpNUKVc:N45QwqqcqYBM91WLyTGxyR7hz8eeSic ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\HOW_TO_DECRYPT.txt	MD5: 715dd8f95fa5833dd44e511dc501dca7 SHA1: f92cb7f6030a469d86d69f8b6e43249c2c2febb9 SHA256: 4ef80371d83426714e11460075e3c45de9405918f2542fb630f4ba57cf1e4179 SSDeep: 3:HMm:HV ImpHash: -	Access, Create, Read, Write	Dropped File	Unknown
C:\Logs\Application.evtx	MD5: a50afeea7857b2e2c5031e4501e78b05 SHA1: c3c7042bce7e7ec3839e751f1996b7f6eaa2299c SHA256: 295f43108b08f32f46236c4eb4909eaa59fc8219ef4946c394704be5f806125b SSDeep: 1536:/TlZ+9V1T7lHkD7ISd1QOjTmK3K/3/pJSxuye6qxkrH/:/T3+vdlH+7jFj3K/Ppgxuye6qsf ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\HardwareEvents.evtx	MD5: be4f8a69d8e8e07878f6ec8c5e85d151 SHA1: bfe4cd5723aca3a00a3190b3a6f7aa233f3b6dec SHA256: bc6f037c1b5065bcf5a2525a628afc34f828d347b590d028172c709537f15fde SSDeep: 1536:Uw3I/1BFCxrNlv8Dtw13sHsb2bmJNaGgJYf8teR+p:Uw3I/bFOrcXHsb2KbaGZf8t1 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Internet Explorer.evtx	MD5: 5d4c60f42d8f10218a008e68cc6671ba SHA1: 238526dc3e4574c9e786647b6a7d3267d625687d SHA256: 520a14f60e08706792cf85fd5deea65e2061eff73d36eea14c68b9953110f460 SSDeep: 1536:3NvMWBz+pOvFCm0jbZ3hWx9LXIveZs1DXHKd6OF0+oBATIWiyF0ft:uW8pA0m8ZExpXMeZsF3InoBAkByC ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Key Management Service.evtx	MD5: 27622175f0dcd47a7706c9d7f803442d SHA1: 66ef07c296582ea44f63f46067dfcd397363779e SHA256: cb1f592878bbbc641736d8cb05e86ec90f042ea142382aa626613055c50e81fa SSDeep: 1536:1y0Se/zBUedXT32z5PDyYZos85h0INoEmF5K72pzk:1tHbqedj32N5o+syPjpA ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	MD5: ca64e223df2f8425bf66a62560213d16 SHA1: 5b28657eea49e5e3efeaaaff48814d54ec488afa SHA256: 2ac7b8bf31adafaec8b53aaeacc90032e00b6dd8c3591e817fc0ff6d4d886821 SSDeep: 1536:d50ofSpX7HR/qbMd83sC2O2WURh3nu5+FqrN0yel3j2E3+Mp8:dtSpDXd+hp2WUv8Qnz2E3+g8 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx	MD5: af0a5b0e4290c0253f1e023326a58fb9 SHA1: d003326b17716fbbd6bef969efa0729d818f1dd1 SHA256: 0ae2690a4978ad899fab98a0ad78cc7829fcb02da4765eef6fa44e0381179557 SSDeep: 1536:SV00KIiriPevzjWZxCl6UIOlrVDOpYIDt5Ay8cTupkXE:VLIxPGzjWZxOJdq5n8c6pkXE ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx	MD5: 26a16e439dfb583fc22a5faf4fe66dd0 SHA1: 7eebf0cc9e5311d3137adf3c5e6e990fadb69086 SHA256: 14902c36362e1d625b846813198c2fd0c2a5e35bed39af17ff710426fd0e38d4 SSDeep: 1536:FhAwAPLDXKay+xbf/uz8Q3/3JdczraaSoxD/PNvUFxiK3:3AwAjDE+peHSraaSoxbVsFUA ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx	MD5: 621f03c4cf182493eb260cccff971433 SHA1: 11ddb6f021152bec6598b55c02806ea17b8f2995 SHA256: 2d1446cdbd0e5b83ad8284730300093ccddf0f3573d7309a38353eee4bc41456 SSDeep: 1536:LgRDa7JGcndzE6IpVEUQFJipEYbEpmW4cB6qewq:02tphE6nkEYQpmrWq ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx	MD5: bd4d65a211e790a5f8058dcf0c85aafd SHA1: 71f49b609d3d576cc3f38e765f00ad038fbc0e4d SHA256: 9e566665b5a8daf453a04f8c0b8aefa7e58b5c7e199264b57fca154d5deae258 SSDeep: 1536:t5P5OxcYbAGwgkoB7WVEaxa2MABz1Q7ZycPyIp8gIcj:L5ONb4gpBCVEaxafIpQFq+j ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx	MD5: f1bb8c7d1db688d96a1fc10606f42446 SHA1: bda80dce84d7d22d26e805951afffcc1d0b0701d SHA256: 02b005c2f6546966dda9728af9ede06ffb7574b390fd6953fc2869f95ae93f51 SSDeep: 1536:8RKhASZRqtHcgivwRkdImxe5EKlDcklCdWDB3YQ8fpfD4by:8IxqtHcDoRkdImIiKlDSIWhF ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx	MD5: 06591a548613a3d11cdd45e376ee1271 SHA1: 85142b77fc49815b073cf82bde503035c1befded SHA256: 58e79b56681ade8c72181e056bac6123b6ed476bfea96baf2e264bb008ff3c42 SSDeep: 24576:hsbJMeUSQZj0i7pyNwvrupqF98013D/XO9cGPV:h1RaN6apqFqyzX1wV ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx	MD5: ed9af96eb3d743905de491929065abb3 SHA1: d593126336bc47eb855973515693eacecf3ba50b SHA256: 8579f52a8f731175138d5bbc47a64f75e474af48d74f413c46ee9df5885d7126 SSDeep: 1536:4FiaFDEJ4qgakv2I9MetQL1TUaYq8RTYmcb19XKEE:4waq2akeKMaQRYq8/c/aEE ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx	MD5: 81341356b5f2138e5f0de130b4edbbb8 SHA1: cc0b58a317ddb4723a0c72ee003e33e28816af36 SHA256: 4bf58866c94ffb408559d3ab1c632d10e66b478d88b1e1195b71fd2d81ed0e68 SSDeep: 49152:FzKRSvSZtrN8vF3wVjCv5AbBq5b0yQ9yWtrFLFoXnh:xY4osv5AE5b0R95tJmXnh ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx	MD5: c68fb28a4baf4678d44a646f30201d12 SHA1: 6c6898ebad2a5541ca7c9a39e6096ff2cd2fa686 SHA256: dba27d0f1a8cbb5ba9aa8e7662ff4c9ece808de3927bfe237a0711c771e71619 SSDeep: 1536:+Q++Uk+Kwkg3BfK+27HPF/KXLQ1GPfv36qbwXtzfKcVyud1AVUl5ePOQTXR7J:j+s+Kwk4GPVKE1GXvDmzJdQU5nQt7J ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx	MD5: eb85fa070adcd9d83f28b38d54ed8de9 SHA1: da6a95db9dbd0bad478dad08f04702e7aa0904b6 SHA256: 58bbda71535f5c11f5ef3ccbb58603ac5d83d8a16dfec31030ddf0c6974417c3 SSDeep: 1536:H0kkzkj4akQAz/CQ6nPCFBxTYz2V0RGoAj2RWJ7uKsB:UgsXIPCmGoAj2RWJaK0 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx	MD5: e90650695ec11dadfff60ff8a9dcde30 SHA1: d9168df5d24d8b1269c9e83df9a964e380a9c762 SHA256: 81a9fbf5dfde9da27286c1d46790d38f7ad68d7b2efd76d7b4b2a3b8dcc0d498 SSDeep: 24576:BLVrvCHSkvGUsowVMxetLi3pikrGtqKWqE+H1nXe+Y/Na:BLB2ZvGRhVp+frGt7WqVpY/Na ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx	MD5: 50117d431b078ee206c03f988cceac99 SHA1: 4ccddd8daf1527d28b1458e79e0a9a79f174d1ee SHA256: 22c2eeda6a5422555c146e9a8fffd9442d2c148404e38f39230a2b7c852fa883 SSDeep: 1536:QL5fcbcKZtXWceO5jqeO6YwWJrRd4A+ttMg0su9x1IvQ:K5YzOOH8JHALJIs4 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx	MD5: 32adad044622002a670781c897137a5b SHA1: ac92cc391c22d941338218251a56747fbc40578e SHA256: 6a2db300f3694b85083f1a50b8eea27164f145957d2e18fee5aadcdff7878c8a SSDeep: 1536:LmnqaRYBEqV0AELJoZcjfHOKI7qVEZcluUtQ5AD1llLDgGvz6zGHb:yFOF0AEGZgO/quOuU6qrFDgGvz6zGHb ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx	MD5: 73f8cc64018b0e0940f2baaa96a2898d SHA1: 0a3a535ab9e9d88f912a3e80b8a1af4febee0ade SHA256: c2fec34bdbb3f295264fec3ba6e1e6022598aa36a151ed2b73a2fe1a1d0426bd SSDeep: 1536:wM6WV0kFXs71wNf+Qoc8fleiaE46cC1xvRmxFU:/Xs2+7cUpvpxvqFU ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx	MD5: cfc538d607ee8b438f093d320a08a3ea SHA1: 921a887e2f16daef83d56c4dc67e33a41503501e SHA256: 0edd7f3b422b0eac3dc72e4c295dbeea34a3811f0c18f3dda8c63ed22c63d571 SSDeep: 1536:Z1HkSfGcoeUQbDDP0HGSqZsxSng1Ok3DoIjl9xcbRqd9CDg0KICBLf0cR632:Z9klc/UQ3D+GSq6YmDoIZvckdwgjIKfP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx	MD5: ed644b9c727b61c58a5ec80ff48a71aa SHA1: 157bf709082ed7e8bc3df65657fed69f1fbf7b5b SHA256: a9ecddc4604b76e1f94c42da773178146f07fa418905901f0263abd074a1ae64 SSDeep: 1536:SW1fu3XiqCFGIxdUuqtD0JaeBzQxwPM+St7RL2OC:SOtAylenmzW5ldLc ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx	MD5: 1cdea1192cc616e75635c8d37e6cf1fb SHA1: 0954fc239ebb94df9217052c18a837094c54d4da SHA256: 28878e6fa18868252caaa47499619e9e2ad00cafbfd279d26812a2f7777e762f SSDeep: 1536:wFycbX79T8k0+wobfPJQUfX9ywv1aR4paHhgml8ajEhnzaU:g9Ik0cbfhQGywtuYaBzy5NuU ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx	MD5: 9833c67f7ddcc035ac96ba5fd0d3cc5b SHA1: 55a6f48a315745ffad24c8d70be2101042ea4f06 SHA256: ee3a46c2d22c6d8a9f43ad022a13a76756d53a9aeacb2a4f4cffe849958101de SSDeep: 1536:vcZE+eUZraJdSqJa5U0sA2XBCSPHpEd3z1CaRJUmc0uwR:vcTLZuJEaaGAEd0z1pJtcmR ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx	MD5: 069cb776ed4b871789d730df8249e9cc SHA1: 66198d2a03c43980579e0325adc4cd6057af48ee SHA256: fed530c0e84ca260ea72bd0086b041cd98335306ab3f603a059d612160eec482 SSDeep: 24576:gKvpmLNiM9xjaMJEE5TNmrbwNW7QgxtdNttMkX54r6:giO4M/OM+EqrQxgPdNY1r6 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx	MD5: 2868f262561ecc97298ccf7a730a51d8 SHA1: d02e1c7a747fc9d2aa2bcce132a09c4d2c52f7d1 SHA256: e88ded1cb129fc1219f5f0fa9f1623e5631edddbdbf1c40b1047618edec3a799 SSDeep: 1536:MMKPcAOV4FUNQMnE8rQ5gj2CcNvNf7s6Ha3hhfYaTaLPhCzWxSz4GVUX:/KEAC+UNQM8g2CuNf7XAHYaGkA ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx	MD5: ec1080be453d5badb230c233260438e9 SHA1: 79e28f19f2653ede7faec65d7c55c3790d00b20a SHA256: a826615114a139b259433b39b02de9ed85f001ef05249b4b5d43fab6b2cdbf12 SSDeep: 1536:0LPr+OlGuDorGlRgxkZk4CWYeGNf3VZzCBm/vB61vcw62:0LXlGucBokZWYBf3V8m/vc1vcw62 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx	MD5: 3872bd30a023537fff57ac26c0b86f79 SHA1: c3896b161f82f1e4409098582adab07dc991fc71 SHA256: e1ab81752aff7b432b683c1fe9c65c38450b7bebcd4595fa9d1a1af78280585a SSDeep: 1536:P9jN3q1Hvp2rtsSM6lYSZWunzaosSKdKaKhgDfjbe:VZ34HvpAu6lYSZWwRwCQe ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx	MD5: 3f220e24034e8d335e53c16691ae31f8 SHA1: be7770738f7159f85ceea479d67908a463bd7c83 SHA256: 6ba4dcd71f9a010b3f50b802246fa4c2963ba7e4391451ba39faa2c09e581d38 SSDeep: 1536:ldhxGbS0xKGGdF5/+5Fos1I9rU9qFl2GvGN9aiVpYklnNL8CPlc1b:LabS0xKNdn/Wqs1I9pFl2GvqxpRldPKV ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx	MD5: 0e93d241b3b7cbd185e762523ff81bb7 SHA1: bd26254deccf993af8c85f505c0b0f669f38b9bf SHA256: 873102a5b8e5a6caaf0022ee12f4364fe6b3ec8652b99a8070e84c9d14668693 SSDeep: 1536:xCpg7JpLqnDk0BVt2nQ9gZeNQvDEVdqnTtmfrQDxESznP8wjKdhRY:x7J5qnDk0BVtF9zNAGdqnKC/n04KdhRY ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx	MD5: 05b3093a5f9a2ed9f6c6be4beac9d549 SHA1: 42ea211d71740eb54338516d5d288f2cdf1aff35 SHA256: 1b06e0a7ba207fd0bfd4ef4d0e7d60c1fda8dae0f2fa9f2ed11604a4e2c5e4dc SSDeep: 1536:Yu202FgOJj8LB9CW9+cBJ1G9DoBE3/2bf7c3xIOL:ejFgOJ0TCWf1sDoBxjY3xfL ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx	MD5: 15c52444e5447d3df174db1d37dd6f71 SHA1: 51373aa4096f806fcc3217723769712122c2b685 SHA256: 903055453cd4455549efa797757288e84bd86baedf5214010edc50e5c98c597c SSDeep: 1536:M+Tx2wZNKOYEemnk+Yuk4nQYX4rKRKroHXlxN8OVPPMVmo0PdV:t3ZwmndYenQS1KrkXndXMUV ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-International%4Operational.evtx	MD5: ed8e7b53644cbf464497670288d7b5d3 SHA1: d79cb40c2219a16f5609503c61291cb9f04f05b7 SHA256: f502f2ea5e345ac37a96762e2be753087c1dcfef7309fe3f75ef72e8ded14648 SSDeep: 1536:CEmq07R9q44KAHTTMAsTAINbuMRTd4PKyHX11S3YC9i8/6gh6w:N07RAtKWs9dTdQHfud95/yw ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx	MD5: 29ee8ebe5eb31c3e978edd377575e1e5 SHA1: 27789afccc37e0b3dc3cb7d7ba54ac96aa61d1e3 SHA256: 870f070467933c6dc8186de69be3d00176dc684735a2b8fabddc6529f74126bc SSDeep: 1536:oOU5fiWp5Ifuu0BQ/eNo6ITTdm+6vK8GQi9qy0JWNx+Yv:+fNTuUoJTf6vcQry0J2x+Yv ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx	MD5: 26a986dc1e8a162e96b5dc82772edcc7 SHA1: a04b12cb71a788bb4bfc80b80b529b1b7a9095e1 SHA256: 0e20b5735aba908a269176291272acea1f7d59c85581b9fdbe244fc66c590a09 SSDeep: 1536:y4oxJgKnJQtuI9RCgyfa3JGqi1ChQNIDpGVWySgaFHGBCxyXpr4:JcARCgIa3JE1CMwpG4ySga65E ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx	MD5: 608d85c6c3aafd234679ea88653db2f0 SHA1: c7d03094de340b10d6d3436d7d0722ef4729d09a SHA256: 8cacbb8672ab9755bcb7950bf0a9ac2740b309a21d86b41ea4fb589c0d4b3345 SSDeep: 1536:DRxU6iy1/HK5MAe3I+3GcmwW6nK0BwQxNc7jncJCWCDmg9/i5p:DzUA1/w+38wrLBwQ07Fmq/in ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx	MD5: d8d9ab14dd0dac9252808dee95c00475 SHA1: a2fa7ab1e12b12e07fe051a00b416a6b47d8183f SHA256: 025c344e0cdad434069b90f45dc800c3d7474656f7ce67639de710fae8962696 SSDeep: 1536:G+vSdJHB7G9s6A2SHiWTXt39ZPGLeb1lPaZvBYNHFcgcJwEKP:G+Uo9s6v6RztGLaav2Bv5 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx	MD5: 34564ca8c90fc01011037894bee8fe61 SHA1: ff8c4e1cc1eba7e9c2d85087105bf13ea92c9d12 SHA256: 0cc886943e3311622d14b409d57f2d7942c2e52774c4c0999419b4f20daeb38b SSDeep: 1536:Wm528zflx2kSsHlMaKAWz0d1tNFwrgKyfpd/sA9P7ldVz:WvTklFMa9o+rNUgKyhdbzldVz ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Known Folders API Service.evtx	MD5: 6c0b711c2fc68d4c6bb49bf11ee16ab7 SHA1: 82f3f6143c43aa93e6d0f97858bb08f0ae4f3b5e SHA256: 98cfe3552d47ce5f3fb36b7770f53814409f516b17b61b51a43af1d4299bb4b1 SSDeep: 1536:9tqbH4OLbdsMj0gx7ICfqUhQW8ZcDRRQsb8QRreymxPru:GH4wdsGzCUhkmciCpFK ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-MUI%4Admin.evtx	MD5: 3eae944f97f3a169a5777edf57a0eb7a SHA1: a552d186d86e34ff1f781dd9833f704317250530 SHA256: dc78520acf586381d5b8ab84a66dbe4c28de2631e49de15ff11d9467bc7468f5 SSDeep: 1536:pPjVdhi/T7hsb2OVcH37uujjxWCYWdjN8APLlPIf0RmDgOkm:p7VO7hssXnjjxEQBTlQQsgOh ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-MUI%4Operational.evtx	MD5: 296b3e32e2d428e22e3cc4bdfd87cced SHA1: 6bf1d9ca51e46fe344e1a8c2438e9eb763865226 SHA256: bc181921c92fd9140c65e8a0bc60c0b9021ffb9d1dc9434013c1ce479a730a7d SSDeep: 1536:NQkO20ng9WwGkRKjaN/JUQt/vD03dSc3EeGJClZwqR9:NQke+HGkkKJUAI4c3b4y/ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx	MD5: 937b3e564faff6c057847c75f1bbb5f3 SHA1: b214d1cf58db726da11185eeb9aeb053fb2d4797 SHA256: 90ae95047e17b7b5f99194f4b870a1f629ecc26e4ead9cf4ba55c6bb7ad5daff SSDeep: 1536:4i37z+Zi2HKHNd2AJdEEWeAJF4zdF3EC2wDlpiVqVZL:4iH2qHNNLW5F0ltlpiVqV5 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx	MD5: c40211f4796745c2b3ba1897ff23b00b SHA1: 1c5bbbdc7e4628b159053ed327add80141b147d3 SHA256: a5209b3992a3dfd931d55954b8520606737e7f4913bc093258c1d72d174d383b SSDeep: 1536:OABiwhy9TXhLTyeg0NWc6NkLxyIk6dZ2p60U1zSTbj:OA2ZXhn+GYNkdbRd460MST/ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx	MD5: 3ed590fa11e6659e2f9345d41defc0e3 SHA1: 1d81589b21bd65256b88e8120d13a81beec3ea7f SHA256: 3161523abbd9718bf0144622df21c7a49d1f8ab196418b71d27cc3cddda18447 SSDeep: 1536:QVXkQks+2+a1qHNoN6IEpTYphadq9cVeoOMo2hQnLBWoS:QlR+YIHNG6IVkKV2Wn9S ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx	MD5: 948abf99f151a8fb27a639a6a6259168 SHA1: 4260d5fb68a5a13d380d5e325cd71efd08b1b15f SHA256: 3444723f0daa410e1585dae42094d151fe8e95ab0110b90f0b785e31ed75f7bd SSDeep: 1536:gkSvvMDIguWp1HRtEc8Nqd31xJa6VhpV4tM7/B:d0gJLRvs2bpV4m5 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx	MD5: 39ee75eaa0334a745d5e3f9436481e27 SHA1: 27d2f05125b98fb95bda071a6040187827b8924a SHA256: 49cc2db080bf6f46367e197a1e9f1e45ab393e24ce6d29efdf5482bd3db9c57d SSDeep: 1536:sXwT+IKx1PuAP1IxbgPzgf59qk1HFmaN44Om6cviSRHVKUt:sXhXx1PuUogGFHb5Ccvhdt ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx	MD5: 73f56d0ba6ca1697a9dbd9c3d91cf161 SHA1: f33a3287088540e7ed8208639cfa142d69abc6a9 SHA256: a34e7a26273c9af7b8b731182b3bca03532012d1ba3614a9bedeef8a1e67ba8b SSDeep: 1536:kfu+xqLj0RRZW6qN3WgbP0ki/W/gjq8evZfyspPNjOjpEv:kZxK0RDbqFWgbP0kPgj8vZfysDjOjpW ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx	MD5: dad4705a0816b04eef57eb949470584e SHA1: 2e9ba982ebdd2220ac9e026c2138f25a437f9ffc SHA256: 6982d77bfdbe2baf8e8966df84732db3658a648e84e43acd9a2232598c44532e SSDeep: 1536:8rJRhEx+Z9wLlLUjS12BhO/EPvluv52gqj4C8QlJ+NT:8s+ZmpYm12e/EP9BgqtnlJ8 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx	MD5: 011a34cbd32aa58ff96818f32726c186 SHA1: ab21f17aeba29d3f1bdd82e2abb23d6a1971de19 SHA256: 9ee3ed9d9a7949a415963725a0a8b42372d6b476e74aa12121a2596a1ddd23af SSDeep: 1536:/Ec9glUqDLENVVmWk5qj4T0XSp7AhyMMmnI5mDF4dhn5EozvojFAVqE4ByA://OlENVUWkUMICpchVxnrK5JzvoSVqNb ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx	MD5: 57c78b3d5d886553a23c07016edd4108 SHA1: fd159503664f4dadb035ae468ca4bed0883c604f SHA256: 7c7ad7fec5c887ab0ac85d951e035659565b91964623627cf42cf084985210be SSDeep: 1536:cPvgGOC7lb1fAcMPDpMk++vLZgndriw8ciR9yK53xPLYvo9eeQlT:6yi1wD6rCLZgdrd8civyK53Wvo9clT ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx	MD5: e7f4067b8a801517d2683dcaed0cd73e SHA1: 18ed9ad5bbf0f3eef9d3e17dc70ed251328636b6 SHA256: eb358f973ded4dfc09b1ab357d6f0a8b628d7c9d59b1e1acd0b45b62301380b2 SSDeep: 1536:Ch737395E8lqFrpKqRK2LNebs7b00k71OWHPFN:Ch7373/EZrp/UUjo7HPD ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx	MD5: fb2ffd85d66d5a999959e000af89048e SHA1: 3fefe1c1a756f643d372cdf7d323ea1277a1e33c SHA256: d5a024d7b611d7b8a032e9d0a06638d116e82cd5cf479d1d554beaa08a59a47b SSDeep: 24576:VN1ICnfgk12yBtUsZNCQW+B+iwl+rwsv+Wn/2d3A:V///1ttRZNCvCwl+8sjn/2hA ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx	MD5: 72080e6cd3df72480a04a23b2b2d4348 SHA1: 64aa430041d20bee24bab600b35c1b8e287ed420 SHA256: 1cc105a65f5e2c0f6437970edaab361ef20e20ffeae1611ee97499f9c32d75e1 SSDeep: 1536:eqFCsnmIRb+onlwlAZ5kqTQwmLOHH4Gs58mX:HFJmEb+MlwuZ5kWn4GslX ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx	MD5: 089ec0edf6f8deed5de0e520fa5b1f74 SHA1: fd662faf9f643d3576dae98e4a1b991419349129 SHA256: 98f1a7d6b2c3ce8bcde670ee2acb58932cc8e9de1165f5e6d056799d26062c71 SSDeep: 1536:yhCWgAOVmyoXXyMkY0Ssvq/gz7aNEFr0ZLSfun+LlW1uibC5:y7n1nqAsv7CuFrqUunYl1f5 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Store%4Operational.evtx	MD5: d4089e80f4c39e33a51f6b28b430a54e SHA1: 94e16fb6af9aa7b565054017586afabf51f6e25a SHA256: 96af636b916936539006ce4f7a4961562ecc8b229a9e33d5507332703f6c9e6a SSDeep: 1536:LCuvaZSddPf6XFyOzhWhu4J5dIVqPn3peTEE/DR7CcU7iN4:LCu7XCyO4hu4NIapeTEkC9i6 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx	MD5: 242af0fe3d0626870dc634122e12d990 SHA1: 0cab90c23d6c777b30fe69b92d5632ad67248eea SHA256: 2cca5e4c8e11df98a8cca6e103343381b82cd569e4ea94af79a9eb70063999aa SSDeep: 1536:PDG+SRUxZUY15Aljn3jjcWTMsM5iWGOrfF2ffrK3Q3ahqrf+nUdO:Pq+zZh1Y3j4W1+iWDrfM/3iqrGngO ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx	MD5: 840a737bca7100d5cc34605722b06fa9 SHA1: 79296bd8c673e3e0f3bde8ea10f08196a8e1e02e SHA256: 22c709e0b100af98f2bbb31854e3cfdda3fdba0482965c11af2a60780fc364d8 SSDeep: 1536:hwyUzSs7qOLivlMGbWUQH0xwaFSvzExkbqXrpDJ6xhSIM4:h7U7lLsMUWaxwxvYK+XrbM9v ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx	MD5: 41b25523d68291c18cd36ca12a8ff385 SHA1: 1af146062e3dd29f9bffe66a80e62a2a33052dcc SHA256: cf545811f11e3c29608b87aca58221c2d6a387030f74065579e32157e26b7a97 SSDeep: 1536:iSYfDkKJ8wYf47vfX55jvbIW4pqVvqIx1iygrPO7eNDH1l4yeD4RjMhWQ0U:ipxzYQ7XXvjvb/VvViy0O7eNDH1LklhZ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx	MD5: 71830e7d5cc8bdb018361964d0b7be65 SHA1: 64ff05a7563c4818836238c177e0ec99435107fe SHA256: d6ac5bbc8839587a95eed2ad0d5b9ba843bedd737eb1c746b8c05b151bce4763 SSDeep: 1536:Ylh32HY2hdY+NK4WuWm5pcrhQabKX71IblwRfxXs7:gYHYb+NxWMsQabKX71RXXs7 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx	MD5: d8e7bbfb1a011acf8ae7270564618c23 SHA1: 892412e9648cdf58d78f8e9f4e6d0d519221848d SHA256: 46e0f4f2fc6899ba87aaf185939d0a223c65c1d29c3899190bc88bd470fe00c2 SSDeep: 1536:ijN8lAnqSR66S7okVWqmxAOwoyYFtTFOTYwlSMfHG372ah:i2lApR+7okVW7An4FtJWXlSgS2ah ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx	MD5: 73ceade1dc8a8caa55c3b689c41566a4 SHA1: 65f9073f416987f5c8098656e6697692fdaf4351 SHA256: 63e32fe35c994726919edfb051bb3c78fb7dbce3fc852e29b47f6a099daa4acb SSDeep: 24576:/fgul1jBm2POD3uXJy9R954GXYhwJcwVkE8qn3RkrXfMA:XgA1B7mDAKR9tOQcwVkE8qBefH ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx	MD5: 71bf4de74e1b9040921ee14fc09bcea1 SHA1: 68c33df8e1038d1f015b85542106fda654a4a67b SHA256: 794fb729c534bece36a9678037a36ea002d9c377d60e74318d3c38f5c217f390 SSDeep: 1536:RggEwRtMCLS2UNvVtHVCk3Gv7ualFVVl8tmyt73Tanxf6:GGSPwQGv7P3CbOf6 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx	MD5: f5fd5e10b36a6e5838c2072516a02284 SHA1: ccbac2ddd44f97162797af8f424b8f3b505b5821 SHA256: 7bd96ec49650a6a1455cd982b8dfc190f207c0cc915f6233d9ccc10f0a87479a SSDeep: 1536:felXgB2sPSWfzKypf9ixQ1cU39HxRMI+yWBeF:felQB2dkzK+hX3RxRJKu ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx	MD5: e53828e90e8bda917fb31dec6ad8cf65 SHA1: 2ad2b98ea2d7d53ea3a03d562141350e79e8a8d1 SHA256: 78768492eeb2aff9b583b6a335f4d233417135a58d74f049c8b8198c07f421b0 SSDeep: 1536:TbOE1Sx+tVDXRIdMJkJTdrLWGrHIUxDeKBw1d4BobKWhs:TzKupX4rjTd6tmF ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx	MD5: d354c67dfa9afb4c9900f40f7406007e SHA1: 4a7d9c8cf634caebeee3309d78537675478b0ccb SHA256: 1281ac1ed0ecc3cb028c9c3d41959ff86d6301c67c308cd570d2dc6ce9b7e3d9 SSDeep: 1536:sYQ/xSt/x+IEzaB0+UFmHkanYAccKXajvoZluesBBpXQ:sLmJNBwmHkDN4rquDpXQ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx	MD5: 7c90d4fe756cc4936b33ceb2390658ff SHA1: 4c21c544943edabdcf6263557d78e4d08a8283b2 SHA256: ee90afdc199ee1686a998bfada7dc3e4a489158c909b8e925f00c79a771d1c68 SSDeep: 1536:PMLObvJFhduAnGGME1FHIsti03q8huA9O959ErQ0fgI4XB:uGx9RGGME1Foss4E95wQhIgB ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Security.evtx	MD5: 74c211ee465dcd0cb0a225964913724d SHA1: f4a78db1335865121ec56211ae2abc3c6ba90ed2 SHA256: b579692d2c981faf6ae0b4157fe3a9553526be2122493eca91160339c803f2a9 SSDeep: 24576:ZyA85oIsKOjDe9oDAieR+curDLv8ldKwSjjH6+7DD7+4qp:ZyMIsKWCW6+c8QKwUHbDDKTp ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Setup.evtx	MD5: f5017525ad22dca60263d00c1bd20896 SHA1: 0751f5fc343f951a1b6b20a7fad9b46c518e5f67 SHA256: c5143c1a1d927a799600d06926522a597cd30b06ad4496797266d337602bc1a9 SSDeep: 1536:FjS4JsmnHsOm+bMurOlLQ5ToYcx6zk8I1SksL:F+4H1J+VQDzyl2 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\System.evtx	MD5: 3534f79ddc8f08ea9bcb216fd20c7444 SHA1: a6ce1bd74e3a8f924543892fbd77055aefe36cca SHA256: c41f0b22a5cb9844a8539d71f18603a17a66d3f3e357b1daa23e310ccc008d27 SSDeep: 24576:K8Vg6Yf5T4yMo5Zy0FtvSxxK6TksuPgs/NUk+vZhEacQPs+Uyxwk:K9buy1FtqxUMdU/SkFws+Uyxwk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Windows PowerShell.evtx	MD5: d7155b1b5a88dd400f83eca7f18bcd18 SHA1: fcdd404092891ea34010b1327a374e739956db71 SHA256: 01f1aeb488a490d35494d98bd9773115c3d7badd9af9149de02e1c1bee5cfd92 SSDeep: 1536:5DEFZttTYuVGotdN6NsVfSyNRceR94N910L0M+R5E3cBvvY00:+v8u32sM01R94N/0OR58GAz ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml	MD5: 03ea3616602f4850e9cb29c85ce913ec SHA1: da49b80f9664db0d3db8fe4f6d340106d258c406 SHA256: e62690ac5f26ddfbb2a3593ab1b55a7fcec01fcb865a6a9b4386ba099467495b SSDeep: 384:TZadtCAY1NP6laOBntirdvBUo3rZchwbMAbUVzhtiyieIzNUPEloNR/Kf57xeR:TZadtzY1Niganbel8wwbVz6j5iEGNi50 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\s641033.hash	MD5: f1a4b06df48142dd7b624adaa00b6791 SHA1: 41cc80622003d5d59aac22b162c1282fb8e2c6c2 SHA256: c5485023b86bd4f38d6e78350828f206c7b95b6d6b5edcc09c76ff0eefe0d5c3 SSDeep: 12:k9+8C8UfnlIf2/4eALkFj1G1y7w+G3Kp1dD5zf6WjO2BqkBrPBxSfdt7rx2Zu:++xvwoALkVeiG+1dVr6oBrPuX7rgZu ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml	MD5: c43dc3c208300d937c752ccf09ba78a0 SHA1: 392958f82957ce53d8d369bd42e5364251f4f7e9 SHA256: 2f0b8be4cda056ebd56be7bd08fee5f1d50e1277ccac0e2075ff43537781dfb3 SSDeep: 384:bbS4NB3vbKP7gc+IJJkwJ2oQs9wtcyviBukvBDmO/Tdzrnja4OR:bvT3jEUWozXs9wtcya0WDh/5rjaJ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\s640.hash	MD5: 10834b8a59d87c3cadcedc9092c3825b SHA1: b7e0b29bb8df5e5da362a884d0d83b169c684569 SHA256: 72fd83aed8e291b99f8f5de752488d112d222c67ced6c82acb193e578b40e9f1 SSDeep: 12:KgUCGq9GBjVph3zHYUdGLo2OK1n6SX77zO/m1E/xyS80HWIi:K33k65H2MkLXLOByP02Ii ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\$GetCurrent\SafeOS\preoobe.cmd	MD5: 0124c8e6ae954286346257014e7fb2e7 SHA1: 561350656f575fb113224fdaff86a0c66ec82e10 SHA256: 4fcea9659ba6de3520dec1169686bcc860a61eedf608db7b3b37db53f105cdb6 SSDeep: 12:GQ/ZI/Hiy/iV3VOaV6iiTLguz7rnxSXI4GUngoPckAl/ZzlvArv5QxWqg4Z0j5C+:PaDc3VOaV6tIuc44RzPGzlvKO+1 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1028\eula.rtf	MD5: 50db48ab70728ab80f733218d8d29807 SHA1: 45a726b80d935b1930f9eb64c311195e9d999d71 SHA256: 786224067db992675674a11f1abb39806d99808395e687520bb6e4eb265d99c5 SSDeep: 192:uMoYS+qd/KW1w9AFjN1Y1s/9Qu5C4RMbWXeS:4v/d//BdN2s/PDMiXp ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1029\LocalizedData.xml	MD5: 8a230f1e976a6526152485fef3fb81c1 SHA1: e4061d21f7e1acbd8ea50b42fe84ef2688d20de8 SHA256: c002294aa4a3764a75fc7803c40a07b4bda012438ad4a7309b910ffe19efe0ad SSDeep: 1536:VzRCzmbbRTjC3nR34wMrlbHYejrABmd1xTn7/okofebk:10zmbbhuBINzjcBGb1E ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1035\eula.rtf	MD5: fc0e0dc308da357bb96934cdc2e17391 SHA1: a80a717faa767d21827c8aa7f0270cbf0d35cc14 SHA256: 1c575f918b360bf95c955edb5bde99c2c8eb9f0c02129a6c27a23f53b325f7d0 SSDeep: 96:CVQYIzV5N2wtjp9yjNK26gkgCX8U7PdJbg2v2ky/vbLoLCq9W:Can/N2wtLypK2Lk7vzbbg2v2/ks ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1041\LocalizedData.xml	MD5: e4bde9f8d9a6c932b80e7e6a8255ff84 SHA1: 4ced4f0a82ac363307c0f8840996bf93c8da4228 SHA256: 6055b13b80f8089a4660852385ca73868c4174e3fa5eecda427c841e6897cb8c SSDeep: 1536:YR4pmypNRrwXZZvTuz2ZTp4XGRTVG5dcaq4Y9JjdOscHm:oUjN9wXvvT4u3T8/c344dOscHm ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1043\eula.rtf	MD5: 26e3a05d95def40b379df74601df6a64 SHA1: c3d68c6f888d6394a3b8ebe5ba85f6163a37a1f6 SHA256: 4f77aee1a34e00ba27d5f45de673665adfbb2fc70a46955a516bffbbbfc0bd81 SSDeep: 96:sVZhhKkz0Jj42OMEpQvpnPNxSejwGpzs5SvXUobTTQDMXFfNj8:4AJj1OME4Hd75scvXUobTMgVfNw ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1045\LocalizedData.xml	MD5: b5bad686ccf64b8ab624ad26cdc2483e SHA1: cb7bee7131b72ca8a2386884047e22d0b3b83c86 SHA256: fba5eb43fbd395f2383355c24298f98f366d54ae93bf963b68a31dcb1445fc3e SSDeep: 1536:GFamOGmPCZcFjXWOJNU3RoIX0khmQybxKwrRzAee5nmd2N4IFNVP:GUmZmPrjGoNU3yIXYbr9Aee5nDvP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1046\LocalizedData.xml	MD5: bc295761237bae0ec482e492a9a5cbc2 SHA1: d659bf8bff0ee6cfe80e6a3763316b18a4529d2c SHA256: f70a9f9feb3fab8f020d466f5f8da1e31fd6a356d4332792c591894294101eed SSDeep: 1536:xFZP+3yB5iBLCratYEAb1pWcnAYHAlh2QQRkGYlOgc2bFJUTxK3BVhoybshMZh/Q:TZP+3yGL+3WcnQoQ+cOgphGHyxZh4 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1049\LocalizedData.xml	MD5: eab425426c0c29d5bcb62706c1ebc5eb SHA1: 59a0c20689a7bf9ccca62f1b21948dd4af15325c SHA256: e37ed58a584b7b2e6ef69bf382fecc8c499dbf67e2382c86f422c248e8faa0c2 SSDeep: 1536:53XcoyjWtLk4Va7lieHSPavqRPrqBoPXUmyhW1tklnw4N:5SYa5VqHukXUmuWUnN ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1053\LocalizedData.xml	MD5: a1184d0787c40c0f7da218fed3981c73 SHA1: 17e0bd436ea43e82361fdc2c67c022b444066364 SHA256: 7b023a2793d588b811e139026c24ee18b3e93ae4a56a3b262d703a46c341a3ac SSDeep: 1536:UIhXA8SKTMuo23yOaBOTdHEoOeHFppPoe/pawLm8gVbAHa/lW6Y6:UIhXho23ragNBOeFppL/EZRkHaRN ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\2052\eula.rtf	MD5: 5ba7f0138513054a69a8ad585127fe9f SHA1: 8b2dc521f921d5a30d61b2deb78a062d5d763850 SHA256: 8e80d7627111dfde7b6091f8e567ea601d36d3a9daad2825ec39e198c046765a SSDeep: 96:+qSkXLGg2w4HD5D/7slYc9+nyFbzvFiBT7gvsV6O1Zxb5:Rl6J9Ddz5yFbAxpV6WP5 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\Client\Parameterinfo.xml	MD5: eb849075ccf047e808ada72102a5b4bf SHA1: 85f5b376e3993a15e2b966b6f6fad3f12e1bdee8 SHA256: 4548102a368ed8ee4b4935d5c531e589327b27b57c2bca2a44b754497fb25af3 SSDeep: 3072:tEfj70LZqjGcUQkqD4fBjGW9XPh/ZHVEuT9Iz1YLYoeZktOwnuixUN0R8:ifsLZpcTMJjGW9XfVdaob9uGUN0R8 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\DisplayIcon.ico	MD5: 4595fe9cae231a64d4c25dc8bf6b12d1 SHA1: 45cd1644dd904723bb13b3beb7a1e235bf9562de SHA256: 837373f607dd9e277c17e2bb498f93ab87cbe95086f54d91654c63fdd2ea5db7 SSDeep: 1536:HA9liDEqxqI+Ui+lrmnWu2rRF2S00McpOHjtFDq1:6l2lg+i8MWuMRFzctFDy ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\Extended\Parameterinfo.xml	MD5: 2049a96e1c12e33c95a8e1666a736926 SHA1: 5b82e23c4a4fbc26a591d12d2e21489e4fe117fa SHA256: 298b952b57feb2f3f08b9c136c722bd3c87af11abb5a440886cb98d0478ffd47 SSDeep: 1536:b6trpnEpzGboYLKPnrr9dNmARnBqvOH3NsnyAP1zKH0V8eDZgjvaEdvGiqakc:9GbJsrr9d4UBqvQsTP8beDZg26vrq9c ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\Graphics\Rotate3.ico	MD5: 76a2e31245afbdd90d059029f9e2e88a SHA1: 50f642062445906bbc186b2f7f43f67405c680e6 SHA256: cc8b6d84b7ec5438d63dd2b0eda9e61584cb0689784e1fdc7ac25b2330489150 SSDeep: 24:ARd8bqQtosFD0GkLyzE5TGY2hh2yteAFt6Zj6p6Sl5Vxa32CBGzeuzoK6Z:O+9FFkLd5GJ29AFqlSlNamCBGzec6Z ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\Graphics\Rotate5.ico	MD5: 00043cb1886083262e8ba58c13e5d7bd SHA1: f89ea0817edc56e0bc3c88d61849f7d93f121471 SHA256: 7459c75bc210e60477ccc8289578af775dfcf1463513286352d6627cb6310faa SSDeep: 24:sUZiEvd5y4+Yfa5IBSkOgxKwDzNMFlzawhon4rXpWHRR63FCN7mmrpjOaEG1KXoj:NkEV44TfuQMwDziFPin4rZWT61KBMoKc ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\Graphics\Save.ico	MD5: f4637e6eda4808e8bded0efa9df1f885 SHA1: 5761a0ab266a8fc4a5116ad302075baa53afd388 SHA256: 75a544467237a17cbbf48b6d1901e9189900bc9fece9992158ddf676732b7c67 SSDeep: 48:QJbK6N1wnWXJZhYorWrsO3+1yXraE2cG4mgTSZ:CbdHZYqWwy+1yXr12cnmgTSZ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\UiInfo.xml	MD5: 3448b5a05b4b86f421d698a2ebedc01e SHA1: bf575ca72f821bced3996e4298337202a9e87ea1 SHA256: 7e45bdf4575433943f0dbfaf5e221a3bb4163250ff0e66c85860bfbeb2e1b4d1 SSDeep: 768:+2x+fGMEn4tIw9N5+ycPPqgTfKVJF6vMq5i/gRKVsEnvM9:+2NMgiIO5dcPPDTfKl82MOsEvi ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\netfx_Core_x64.msi	MD5: 289b17b4f83ab90841a792bb59a3ccf3 SHA1: dc739c2d691b7b8483239170aa0661a23792ab7a SHA256: badb6d2fb1489ba0bd7cc676fc8c20d13cacabbf5f8e17864a4c11a57e582973 SSDeep: 49152:1ZRvr/3xK5YJW35265Y6yenDNeNw2/rANyJIMd37b0V:7RTPI5YJah5OoDUNrUNIIMJ7O ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\BOOTNXT	MD5: 9b9c30cc5428f3633c61700908d2a9bf SHA1: 4955415c7f250e56722de925704e0e969831dc35 SHA256: 86dbd0c2cbaaeb3fc30fc1ef7c3c197b251e0666df77fa61661d239360f3cdc1 SSDeep: 12:xave1xohJ8dvyUNrmtcqPELpIpGqSJ1d6yHTHemjD9OAX5XubTX:YveeJFUi3YRnd6yHT+yDcAIvX ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\BOOTSECT.BAK	MD5: 3da8daa5533d1162b88d97767773d0cd SHA1: 546a59fe6c55bfba06859f787bf97befa995e445 SHA256: 2bddbbc531686e4481684be322372e9999a1cf68cdd78bc371b6c36c6a620775 SSDeep: 192:ekBRHKv6dc96vcBkH63fI/SRcD9y81rUvlWvIJcdWDY:vB66UOx6vI/SmE8FgovIJCWs ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx	MD5: db724414d56d49dbb3a73df61b4697fa SHA1: 272ea944cc81d1b9317bd4605c8c15600c165d55 SHA256: 2d4f9dbcb94b307099391545469bd7023b99af75b30c7884d872f09435601eb8 SSDeep: 1536:UmpJVeiHEFFwBlpbso32Nyf2quuG6sR8CqhvaBpAFSzc:UmpuuEFFwB/Io32AfJuuG6sR8CqVaBI/ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx	MD5: 9a524e3c2320be7ac661a6c3dce6df2d SHA1: 897893abfe881b8f9de43e6cf140c0fae585dabe SHA256: 9f73da24cdf2d5407d8e2dc37efbfa91b9a737288a9c50ed4acaf873b9067e09 SSDeep: 1536:QbI90TcZuavN6P7kUW8G9hrErw66XDSGIDmqr:gPgZR12kUW8YhrEro6r ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx	MD5: 9f8508969d5fcb8155c340348744633c SHA1: 4e144c60b0edbeee7ffc01e34f456b6ba444d8a1 SHA256: 946fa30c5d709ac696d40818f2393526121250902291fc7ffbe1fa67c29fab96 SSDeep: 1536:WT9cqmciDXapIr7gmkWBGzxThiqjPWm7eg6GfYd:Qec8KKAmkWBSTmUeg6GfYd ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx	MD5: 77d53dffa6fd07f869af43efbde8eec6 SHA1: e9f7a624324b02d521bb33fe5e0af69e2456cd05 SHA256: 1dbbbdde1a43a5f41c706d0dcd861e27778ce0c058d4636b8ffa0892eba4f75c SSDeep: 1536:+ygVpafYTnJFZo3jJelTB3M58IvrzB+1pHcm4WLdrgSB/9w1a:+ygVp2MJg31M13gpvr41p8mpdJ1 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx	MD5: 07062172368efa82012c5c3f8c67aa64 SHA1: c4596c2b1a1d0003bb5a9e1b136c1b95da1e848b SHA256: 2636be610d6c8b23513618e40be4bacd6901a1aea2cbdcee78f1cac8b0a61ce8 SSDeep: 24576:bGb7ji5XqpLn9tHSyAxMyhhQ8YnFCiQMDRUw+uJsiBtYQPHz:bN5sT9tyycM78AqMDREqBrvz ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx	MD5: 5e7643f7c98bc34c839ad894a02fdf15 SHA1: 4b8ff11554c76b6c5f4deb1af86b7dad4b69cd18 SHA256: 81bee13349bbfc0129bb86518631f5d08522ba15c1c8129230071f53959cc4c8 SSDeep: 1536:z+RCbnRLjR2p4gwBjBhwrxSEwr/zrpYe9ltmuf+tk:TbBV28BjkrGvr/9ltt+tk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx	MD5: ac9b4c86d4eddeff54b57b4002e74fe1 SHA1: 32c2e36b08c2a070e3a2f43641007d0ad252ed28 SHA256: cd07c21f60f8635fc2d3912359b2f1594f649147bbe8c694fd43c6ae1636b9f0 SSDeep: 1536:EfLHykk0NpOqqA/SxQCcIi2tK8KOoib/J23dbmh/q:E+jwGAqDcIi2tKm/kNaE ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx	MD5: 05df57dfb7d3ba18a961b426933cde86 SHA1: 6bd0786418436a62aac1a2339962641a36b88be7 SHA256: b7c7432f877fef290eaec2a4108e3052355a3d3af0c430feeb48285a567c5dee SSDeep: 1536:Rf7uSzTWrkHK1PH9vRs28R7aCa/Js1nmFrOISL3eReTzpu:RfKkNHoPBRs28R7mJsNmFKIEeRKNu ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx	MD5: 3f3f91f438e246edd50ad40bad5c4164 SHA1: 126120c89376dc28f577c633070b10bded4de836 SHA256: 075522501f76a628bdba914065e990aea77298d004b1387e327d152688b93852 SSDeep: 1536:u98Z050cWPnOpw+gWCgvV1CPxy0OG/u4b218A4mcSMaV5NU4bugtS:NZ80cWfawpyV1CM2jQ4mcS55W4bugtS ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx	MD5: 668e51c5f6a93a16066bfcf359061141 SHA1: 4e083639ba337fd388235c48d7784c5b8a3707ca SHA256: 5a1ca5d475219f05e15014171139525897339145d4f3bc737970ea05a296d99e SSDeep: 1536:IG69aWkVrb1OIM0OueDif+HLmyRR3+Z1So77HLZW/Rq:IGOnWIWOueMYCyRsX3oA ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx	MD5: 5ef9014b00cad5724e4ca0e3b17bb6f8 SHA1: 3112258ba5b0f26bab6e8233c06a953658afaebe SHA256: ef3d8699cf96e6617d00be9fe67301c317d9bbb3f74e3c003405360771c73d90 SSDeep: 1536:1e3o265ADdiDg96U7tShcy17WtcSI/Xz35Jr5MUtxICqJ1kGGb4T6x:1cP6ejShR1u9I/73r1WCVGAEu ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx	MD5: 4b622c752299697b613f93bbb69ee86b SHA1: ccd945e1b8e02552ec1c294733afa5cdd621675f SHA256: 2d0af9864f7fde3bde7eb43bf4ed6f846823a21471d784ec22cdc8f595153304 SSDeep: 1536:4KJMyBxVn/t7s5aZeutI6sM0n2bG+CyQisa9FHoBqw:4WMAPqFgsMo2iR3awqw ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx	MD5: 0e1097b5a1aaf7fdf77274e4f079d4e0 SHA1: 427f0981802645dcb2af5d875a69a18af7227816 SHA256: 97b267e307603d1ee3823b70c8a8e68a023043ee94c04b02d111920c2c584ff6 SSDeep: 1536:m934zfv6OnLXhpPqzY2CEsii6Ej6yQSDfjt8tdOdnDH0b8:m93eCOrzyU2PsB91DsdOhC8 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx	MD5: b7d76c95c553154ef216516a77dc0836 SHA1: 28f18dc363f03481aa4bff892f909d7df01405e7 SHA256: 0716a1e1546fb2da97205c8099f42ce7061a70dd3933063b5111da9f75faf55e SSDeep: 1536:j6RslYv3eXH+z+iUqFv7uWD8lO3zAHpCTM5YHRmN/Z0q:UhWXHyhUqFvMlO3zAHpKSYHRmBZj ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx	MD5: 9a49c285f519d95cde7a6d2725965b57 SHA1: f80f48e3dc8af9fd901a78f5196abfa6257ee885 SHA256: bc37148ac5fdc4788e25cfc62a8ded975675bfc850f0100e2653aca2aa51e52b SSDeep: 1536:MDb+vQkJgCfA55lHUKehDvS/e7wTimXMmP:60uBm35vS27Ics ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx	MD5: 6ff592d96396ecda07652798fbaa839d SHA1: 11b7e7d010da3982a50b791419a4401c7b0abba5 SHA256: f9b841fba8646eeee7a5ec3008a623ad4d054f4e8a74116d0e582b71786c1e75 SSDeep: 1536:/1ncXUQN+JZjmdopVzRX6rtZaSvB7vfngGk9D:qRNGqKpVzIzagdPgF9D ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx	MD5: 861fdaa68cc41de7fa03a38d0382fc34 SHA1: c02dcd7616f7aaed4579236d952f796a3b3bc4ee SHA256: b4d6c0db813bdd482010fe552c1fb1398e44630be5cab40b3b263a4621719992 SSDeep: 1536:TQd8VYwmBskfjwTNgpXodOG8cBAFdMFUbSahbdarRyk9Nh1wSUH:14FfkhpF8cBZy3hJarRLv1w7 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx	MD5: d441c850aea5a50c9351ba082e2ebd7d SHA1: 8328f3a32190a25fc4abc714aad9fc10456f369a SHA256: 6f151718e431b124c02c1178aef1398ccd736dcf15ff691f3c754a3057f6c09f SSDeep: 1536:H6kOoR/ctuG+gb/elW6FOzUdGr/VPy+edva8smj:a2ImBFOz04/VKnNapmj ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx	MD5: f4cb39b70803d20a7d7ef073faba03bf SHA1: e53d94ea4c613bc9996b85b90758365296000c20 SHA256: 9de7fd14bdf0b451b24bede75511d3b30a7522116d411a3ac7e39479ed5e1fb2 SSDeep: 24576:UY4ACBCXy58PJeEGd3plM8eeLlBri0D/3juk6dcv4+wInQ:8bcBP45zfri0rTx++wF ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\$Recycle.Bin	-	Access		Not Available
C:\$WINRE_BACKUP_PARTITION.MARKER	-	Access		Not Available
C:\588bce7c90097ed212\netfx_Core.mzz	-	Access, Delete, Read, Write		Not Available
C:\588bce7c90097ed212\netfx_Core.mzz.CONTI	-	Access, Create		Not Available
C:\588bce7c90097ed212\netfx_Extended.mzz	-	Access, Delete, Read, Write		Not Available
C:\588bce7c90097ed212\netfx_Extended.mzz.CONTI	-	Access, Create		Not Available
C:\Boot	-	Access		Not Available
C:\Documents and Settings\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\Program Files	-	Access		Not Available
C:\Program Files (x86)	-	Access		Not Available
C:\ProgramData\Application Data	-	Access		Not Available
C:\ProgramData\Desktop\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Documents\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft OneDrive\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft OneDrive\setup\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini	-	Access		Not Available
C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1	-	Access		Not Available
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\s641033.hash	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\s641033.hash.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\s640.hash	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\s640.hash.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\s641033.hash	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\s641033.hash.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\s321033.hash	-	Access, Delete, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\s321033.hash.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.hash	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.hash.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\s320.hash	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\s320.hash.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.hash	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.hash.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man	-	Access, Delete, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e8d761b7-8a68-4187-8c95-75a3788ac267	-	Access		Not Available
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-31f8f00f75ee43d4996762625b6917f2-ce77d96f-eec8-4063-a05a-09720f5bbf1b-7138.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\Events_CostDeferred.rbs	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\Events_Normal.rbs	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\Events_NormalCritical.rbs	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\Events_Realtime.rbs	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\HOW_TO_DECRYPT.txt	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\VortexSchemaRequests.dat	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\osver.txt	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\parse.dat	-	Access		Not Available
C:\ProgramData\Microsoft\IdentityCRL\production\temp	-	Access		Not Available
C:\ProgramData\Microsoft\MF\Active.GRL	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\MF\Active.GRL.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\MF\Pending.GRL	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\MF\Pending.GRL.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edb.chk	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edb.chk.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edb.log	-	Access		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db	-	Access		Not Available
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm	-	Access		Not Available
C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker	-	Access		Not Available
C:\ProgramData\Microsoft\Provisioning\countrytable.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\1__Power_Controls.provxml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\1__Power_Controls.provxml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\0__Power_Policy.provxml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\0__Power_Policy.provxml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\HOW_TO_DECRYPT.txt	-	Access, Create, Write		Not Available
For performance reasons, the remaining 3530 entries are omitted. The remaining entries can be found in ioc_export.txt or ioc_export.json .

Registry (20)

Registry Key Name	Operations
HKEY_CURRENT_USER\Software\Microsoft\Command Processor	Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32	Access
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer	Access
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network	Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar	Access, Read

Export to TXT Export to JSON

Remarks (1/1)

Indicators

Before

After