844cc255...0fa1

Indicators

File (3333)

Filename	Hash	Operations	Category	Severity
C:\Users\FD1HVy\Desktop\atddpg.exe	MD5: 196b1e6992650c003f550404f6b1109f SHA1: 6b1213966652f31cc333d9f1db64cb520c2256ec SHA256: 844cc2551f8bbfd505800bd3d135d93064600a55c45894f89f80b81fea3b0fa1 SSDeep: 384:yRcf5+y19sfna80LQiwvoh2fTuMl2t+JCeAxaBtmFU7qFFdjSfwaqkSTepQJb49Q:KcB+hClQ3vTLuMl2toIaCFIvROr ImpHash: 162f2345af9c76904a85f8d8bcd100ea		Sample File	Malicious
C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log	MD5: a8f1367de7a849b56eff9febec34776a SHA1: 166858f300df32fbe13582a41daf314dd9007768 SHA256: c6e1ba6057738cb472647c20437ad341f9c4535994af3bc37f9e441dcba8c551 SSDeep: 12:N66DA3hyz9hRDskHGi84IrjHzSndMrY/igDXmdrT:ky4hYjgkz84OMdj6gTmZT ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	MD5: 11b7f7c4c64b7adae8c40d335a566812 SHA1: fb7b7d5aef68f602c89c58297938a6cfceb10617 SHA256: 07ac06770725bb84efd3a7dab36a5fba1e09952051f40c5714350a0056ac8ffb SSDeep: 96:ZHxqu2BRQrR59k1eEN+2j61I9HnZvcAJqAbuOCr6hoAuKSIhIm8Co4zMClR:CPBR+z21T6y50nrAO/qMClR ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\$GetCurrent\SafeOS\SetupComplete.cmd	MD5: 474dc2e409620cd181aaa17a8dec65b7 SHA1: 70247cdca9ef9ff1cbf67799e4d6a8f1062182f6 SHA256: f77014d42953653213bf5aab56eb2882d240604a6f99f2b3ad9d1fe5cbd29e1f SSDeep: 24:Oanyy7tRepOX3iNnxOxDyNsX/5bP/7wotL44Pki:TnyitzX3XuNGh7/7ZZPki ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1028\LocalizedData.xml	MD5: 974ffb5c1bb97535e0048a303b24bcd1 SHA1: c70f739cbbfd5916b89da5de1c5a4fa7b17f5fbe SHA256: 10f6a27750fc084c50f86ed8cb996ae8c390c72fa24862d2735224b929abee37 SSDeep: 1536:VSa2D8s+9EAqSh9433IeJgc86qcACqa2LCtzlqk:VYD7+GAJ9vmgjSV2WF ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1029\eula.rtf	MD5: 9160255576b542f6edfa049a21aa5747 SHA1: 9d7b13f71f99241994c99380cc5e42a1c3d6d3b8 SHA256: a779cc9a2484cbb338f6493e2b950c613360ea443954b1860f9140bafd05d3f1 SSDeep: 96:2H38t5bZc9IPUvJXPFvMD8yF7bWbtgPJZQSVt4pFi2D8TaZRZAQddtsQhd:2X8e9gakDLF7bWbtaftYF4TmRndIQP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1030\LocalizedData.xml	MD5: 665a2dc8960a5ec875c492f88b7e6e0d SHA1: 62d62e15cdb7c19c6f492601ca81407d3dcf4701 SHA256: 802aa1989354f2a1e8b805310e962a531bce1d3c901c0e4386d340e747ebcc4c SSDeep: 1536:l4FnDCWwXgKl6WyW+tlzauil0RqHSfd2iP6VKSlZ2TidiHo:leDCWXAbElOrl0RqHSF3tSlkTidiHo ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1031\LocalizedData.xml	MD5: 63a23acaf87b339751d41daaa4b1cb21 SHA1: 8c7976f98ae1b261b9c8e9f46f947eafc957fd09 SHA256: 5e85ae077da65e68ee6674db5f32d797a86f04198c2ee840fe65fabb3a9a3b5e SSDeep: 1536:ZFvTe3IByMuQm+h1G/PiqNbL8AytLV3GaYVXrs0o:fTegyMorNbL8A0srsb ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1032\LocalizedData.xml	MD5: 933a37a171c0688c1d2739747e6ffea9 SHA1: 8940bd863b0a9898f7004e47a79fa36c34805dc1 SHA256: 0cae29ab155380367fc16884a2a396775fd921fcdc520868eb34710066d9d1dd SSDeep: 1536:ZFPZhJDoD+ss/uCYMmbtNXcynvBghuTjn3MvxXNlqU2BxIjqO:XZhJs6/lvCtNMynv4unWxdz2BxIjqO ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1032\eula.rtf	MD5: 08568b21884d9b97ba1703becc20c595 SHA1: 359e38523bd66a54f15d2e2c924c476b52afba69 SHA256: 9facf00c8658e37cd58e61d8f536d147d099e47c66cebb30a12b0df44b56339d SSDeep: 192:ZwFJc9XCICdAdset8a0K2PPWz2mgl+QIZhlrEXieX81ohA:ZwFytCfdAdCa0BP6gl+5ZhyJbhA ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1033\LocalizedData.xml	MD5: b1db539fe429c136f0da23e1262fed7f SHA1: 477b1f6a5e8d0116952cbd28634fea669ea8e3f0 SHA256: 87a77c901f257bbca1f885173130a97932bbf805e653028610c436d0925e56cd SSDeep: 1536:2cf9a3UAUr+zluvQ/+X5C/PGaNf3esj87rB35z4yGfaDijk4QLTed:2cVKGab/eaZAfAaDijkRLSd ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1033\eula.rtf	MD5: 85d325ef6e651216b8cdc9ed1a0ff764 SHA1: ef3a3653f470111039207815b3978456f59683a2 SHA256: a7db78e6382912bc3fbbf993b40b704143767b151df6426166e2ebf4e89d3497 SSDeep: 96:bClQb3/RxiAPrj1aBXmgnf4yTWECg2+Dn29gFQl2ZBih:bC6T31Yf4yTW7+j5F8h ImpHash: -	Access, Create, Delete, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1035\LocalizedData.xml	MD5: 9a413c36dff6978d75670409e254f97a SHA1: 4d4401f7c80b7bcc1720fccca69c3a49816c4af1 SHA256: a0f9954fa0f88e3f3642f164736d9d01ae410d01279aa8cfa11386fd37adcfea SSDeep: 1536:MS2wiF1/FSGfD4hh4Sr8fMFrFxhJDh2amYZCM1OTuiNp7Urr:12Hj/wGL4haSrSMZFxbM7YAgOygk ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1035\eula.rtf	MD5: af235f24f962c33c9763d0fda17631a9 SHA1: 4622c4d0e6e6949a030947215a30aaeda22fc97d SHA256: bc6db8387d2d42ae76dc1c7c0978166e3c7983d9471f22108b29e1b0f1d3001e SSDeep: 96:7DX3HJBIW6u6nZBr5YBgmrTeZXlYMnVm4n9ugFzSP42:7rZBMtBN82XlYpQ9uY2 ImpHash: -	Access, Create, Delete, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1036\eula.rtf	MD5: 5e4e2bae59808986fe7328b4cb06b5e9 SHA1: dbb3657c4a78d5c540c9d80612acea7cb6ba7e72 SHA256: dc83196bec15295793adfeaa97f60570c68addd85e789db6801c001e5baa4553 SSDeep: 96:4KHdSqRkpgLsq2IFd8PmPWpgfDNbagIc5zlkxeI/rMRMtv3Vk7:4KtKgLd2B4WcDhmc5zlkxemMRwVk7 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1037\LocalizedData.xml	MD5: f9c9418bf6ca142ed6ff49626b22a753 SHA1: 9a23a47abdfe9050f1eba37ce846c903cd1f5e2c SHA256: a032ff262de96a0beec90e646708e3f36656a1b4854349e4fc08782459b358b0 SSDeep: 1536:Rzg6ncjIhT9yfPanNWVQSWWgLgLxJ5ev+mAhvdwtRtiOKw:txeIhT9yanNWVWYLxqGDv+t4w ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1038\LocalizedData.xml	MD5: cc864fd13bd34af7666b61efaeb6eb7e SHA1: fa9609ed2b6ed540c201a8504b7d873e21159216 SHA256: a0069d85f48e16fbf06381bf9a5c8253dab0566e0b0343c82ac1a399c006094d SSDeep: 1536:uIw5uVeKFgwroD1AuTRhXYHns6c14/+zkidvyV5qN8axW:uH5uYqgwkAuTfFTu+ki6UGsW ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1040\LocalizedData.xml	MD5: 5e3bf189b0e2866c9a653021bdbf491c SHA1: da8e465e397063301b930d146448dadd0df9f787 SHA256: f0a1f2b79828317962c9ad95fc2eb45a610d71eab0a40d92f1d9b9608b7c3050 SSDeep: 1536:8GS1K0UlLBdMD6vT5gGc+NOh57R4b9+B/Q4o7GCjviDCJ+SDuRWEtFB0lcc:VS1KlL4m9gqOv2bjv+YE1Scc ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1040\eula.rtf	MD5: a1e50a84be9823da422abff8f655fa76 SHA1: 2f7ea44910c70a7a0be0e44eb10d9342b77f3cd9 SHA256: d87498f2310dc0a05a4ae9e278c2d177f9f87bdb7bec5f011afd923fa2342a53 SSDeep: 96:Qia//OaDJQKVWU0JAWJx22qmwIfRsBgXh2CG671vX1dKMMf:rAOa15WRucc2qmXpsBgXQCG6oMMf ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1041\LocalizedData.xml	MD5: a75a1aafbbdf84c036fdb0ed267dcc63 SHA1: 512b4d7c7a65f515d54af76791c55e10e58f3ddf SHA256: 60567821e32a8d8b920562de2d02534a190be3abb5566173f073e4bd0b1f4973 SSDeep: 1536:xqzJKwnFo98QCpE9F+k5r5pJ29/gsYnNutetZkvHsRkxZ:xwnFU8PpEKkX29/gtnUtw6dxZ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1043\LocalizedData.xml	MD5: ceb30803f7218c50602d2e611d774896 SHA1: f0037d1ddfb61170c66a4a317be4b9411334e1e9 SHA256: 885bab717d1656a2af230ba4977cf967a69be6b0ad844c3113c52b0bc94e369a SSDeep: 1536:PWRrG1oSaoXK4f0eoC0Apq3KHfH0GB3yRNgZ6yIrAosDaNes7RU8n:PWRyNtf0ehF7HfUIaNgsrAosEfy8n ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1043\eula.rtf	MD5: e6c294b981e766c0994b965e88c2dee5 SHA1: 160cb928e156e58b589fa9f2628e95b81097d778 SHA256: 769d4100d6e36f4a8faacda15d9c2d70104fa97923975e857863aa0b171da227 SSDeep: 96:yJMh3l5r1aB7l0ZdhQcOx3wBUmglX5eNckcLdpxclRpT:j3l5rQVl0KcOZwBbgbeNcjUl/ ImpHash: -	Access, Create, Delete, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1044\eula.rtf	MD5: 3a5c3400089d0e3cb35103f36798e214 SHA1: 2a9a5c6af16dfdaeaf7b6d1e7d9d01a0cd3394e2 SHA256: 2c3d34f6843e348c18a23393759d66167140e981a959d5a6ecf73dd0bf95023f SSDeep: 96:VlTPl9UsmXUurlsPNummZkjIa1kJgqJcTkf63XDfeBHN0eKqDI:Vpl9qXUuRuuJkEapqJZOTKHmR ImpHash: -	Access, Create, Delete, Write	Modified File	Unknown
C:\588bce7c90097ed212\1045\eula.rtf	MD5: 77d5cd58803f22b043a779904be54497 SHA1: 90925e37c4c8591998fa9703767f506538040d6a SHA256: 13ec3bba45dccf6a6da494f6d9fef26884153d0da455efc1e6cd8470eaf0ec69 SSDeep: 96:wHCcpLvNRm9rjyeYmpPS7IOaqUW+DOWowEh1uri1SYUSfX9SI1yoZ6t1:qCaZR4rjXQ7IJqTrWow0Im1SeNSI8HP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1046\LocalizedData.xml	MD5: 22fe4269f617cfc348724f6f3cfbde5c SHA1: 70fdb59c5366b0a33f7c0153ecfb50f3690f530e SHA256: 402b48757a5dba141695a0d5649e77f312b36783bdc4d2f3e94eef6f970dec20 SSDeep: 1536:CQclzBjZeIYaX5Fxbbhys9xWyr0a47nZikbcw1oF5VBehGzPHA:pc9HrYapFFtjZrdhw1oFdeUI ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1046\eula.rtf	MD5: b91c13e32ed341cb1fcf55b490e8582f SHA1: 03fd51a2f71adbcd2ffae5df2d073dfc9f64c4ca SHA256: b66fcb1930090dd4eed072557207dc75171928c5455beb476ae5c2d29c579acc SSDeep: 96:cU3GaQ/Sgce3tmglvNaiFOXCrcFNxN2tkPmlvaw+zsc2h2:cgGaQDPLoy0xNyAwSP2h2 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1049\LocalizedData.xml	MD5: 0a734b9fa81a9f67f88ed64727d6c106 SHA1: 5184ab7e9993fab150a9a5b691498234c1b3e2b2 SHA256: 24ef59d15e6375754483cfaa1dc7fb5bfa75aeb8067e9123b1563ecda57262f7 SSDeep: 1536:5dWz+S3c5GO59hCJivSc2ogBGFb1qCl0E7XWeLP42vMrawCP7Y3VMXR:5dIxs95zzp2nG2oFjWeU2nwCP7Y30R ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1049\eula.rtf	MD5: c4d6fbdc7e4863655f24600a571498e4 SHA1: 937968f49d9a295edaa8d72c743b8daecd2b6dd1 SHA256: 203786bfa34497896c4f9d839ad885b7b8a2c74e2abf86b5325c5dec92fe17f7 SSDeep: 1536:/Kz6Nz0ik6IMhOQ2u/b5lRCgb8C0NRuBhpEGwgjtI:/s6Nz0ikVBubxr8C0NRypPBI ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1053\LocalizedData.xml	MD5: 1ebc5ae0cbe8ab372a176c41cb249f48 SHA1: a1e7063e625515369162ed1b1788ad2bf116580b SHA256: 6565ca9fa9ac5b02971d0f900de8cd799e383986f81dae82c5eb0d41b518ca01 SSDeep: 1536:DckBOlGjazP+BiMbYC7iF/Cm0xHR8zgRlnWCx303WCBXkVGdsIL:1cxkiER9GQrYWCB+isIL ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\1053\eula.rtf	MD5: a8d38ad0ad43c8b22c2716b1251da777 SHA1: 506a6703770249b9056962fed276c6b05a620934 SHA256: aeeee063f015d05feabcb6a243559c718261680f18ad18795130f0b5c43b44fa SSDeep: 96:oj4+MC5fONYoKqYQRZ+nNz0AoKO2LEmAJh13ZDNV2f+Yzz3EfvPoG:oWcfONY1qFZ92O2L/AJr4z36oG ImpHash: -	Access, Create, Delete, Write	Dropped File	Unknown
C:\588bce7c90097ed212\1055\eula.rtf	MD5: 8e16ebde0a37f2292a111d4ab531d4d8 SHA1: cab34e64e559ec9eba447ccd3a125277752f999d SHA256: 1a8af8a66c230dcc2c7a1d21f8976ad001d4ff5f27f2009a7e85278db92472de SSDeep: 96:4qJin4gVI02tSA98JL6+dTbqHF4MearQ9TN57eBfo1Njq+zrq9zOY7Y4T5a:4BnF0oA98Je8TbqHGTar+5hFNzrq9CY8 ImpHash: -	Access, Create, Delete, Write	Modified File	Unknown
C:\588bce7c90097ed212\2052\LocalizedData.xml	MD5: 50baf291d38391142ccf81ad2c492aed SHA1: 1cff58739c9d9cbe3bff2e0395feb29c9b1846d7 SHA256: df285ed4bbc7e25c7448c960342068ea8c242db5f36f948616b1028c3de828cd SSDeep: 1536:hTkdLlJGthhihQvClfMvkbQAXg9qZc9DlUeoY6FJpLW66exw8:halJGth0WClEvcdXgwZ86pYuJpLWGxw8 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\2070\LocalizedData.xml	MD5: 59e6db186bd216b9363fcbef78bf6e1e SHA1: afc73f258833cb4faf8df0077ca40b2e64c86e13 SHA256: 0a4b0bfce37a7c20184edf1e36251f0bc596ee8b956f03646c7919c8509d7240 SSDeep: 1536:CHldrx5xNUtZZVUD1xVYgESvtL/AXGNTqOpaqJrnQbj2W/g33:CHrrrasx8m5I6TqtEnj ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\3076\LocalizedData.xml	MD5: 3ddc70288a723e6a9e8b21156a95415a SHA1: ba8668f59922d09beca60714a475cd7913a68f57 SHA256: 4f820b4d4c2e49da1ba5c8556a974e2bba90b3abc43fa18839d6ba32d4a58131 SSDeep: 1536:HUUV8Ju/tEz3q2DIAnqyiAG30miNiz0PQ2+TM:HUlJwC3q2DIAqyZdIIY4 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\3082\LocalizedData.xml	MD5: f5a22be7bc70b9f578f6fa881d7bf9b6 SHA1: 8af22dc12b9c935ed36c5d59865e4aa6ac89769f SHA256: 906a87567b9c1b8ef47c5a25701a6ceaa96af7bfb2319096af0d6378610db920 SSDeep: 1536:W+5HsKooKFviULwIo4U9aJRJ/0HooFBJ55tJeNQMlWcZNqHH:WEMKoosw6IsDxoFBttJKl5ZmH ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\3082\eula.rtf	MD5: eaf8f39c058f849bbfb18016e70b1172 SHA1: ff258c95fcb68a0393c01b35442dd6a9b05fa0e9 SHA256: f9d567a77531fbc7e710e9e5cab7e0771e16a305217502066758bc03d4176f35 SSDeep: 96:KfkvXiu9hO5H5WYWCmg6UoWNzarYCwlrKsg3XRx1T9ndoCg:K8XiWhO5WC4UotrRwlrDSRHU/ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\DHtmlHeader.html	MD5: d79ffa5f3ad423ae757168ca54aa72b4 SHA1: f980a2d1c2089a983c9f41d08687b08ad2da30c4 SHA256: 642c5284a45b015526469bdb22ca31aa02a01c9f762207b12f1292755f32e6a3 SSDeep: 384:OftaBEnD5AnLAQC+v4KwsZAVgHL4ukP3kCEcIXihMD0LwY:HBa5IDmsZ4wJCEcIXNxY ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\DisplayIcon.ico	MD5: f14367435f4d13292e088c02a2758715 SHA1: a83e8be90e0ac97b05db0ebd65e1ef8b17bbec42 SHA256: 1db1d2743f89c59124ee118753a1b6a41ba7bd80e8f2721164d7a9ed92fa6ff8 SSDeep: 1536:xPV6YXVV2/kE+DObSf80L0c5sR5TUdSRKZzs5mPuz+L5g0nilIku:x0kEaOWB49wERq0mPuzSW0au ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Extended\Parameterinfo.xml	MD5: 5b0629476ca07cf1a9609a651d9142ac SHA1: 8fa25f9c6e4f5252a6533946053682f68b512a5b SHA256: b8bf7a0ed07c200cf7405204a8f99138b1a34cb9d3557ee934aa75398433df37 SSDeep: 1536:nd7z+Qgvm9ipPqktF7hGacymLS0+zXFpCgsgAC6xUEoHnmGggezXsFJl0Lg5BgHq:d4vmkBqoZhGaJhsG8aHmdbzX+GaBg013 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Print.ico	MD5: d5f1f73b1be2a320d3387e8230d9ffa2 SHA1: 001dfce12cbc0d57d7866cb6bafafe5162dddf14 SHA256: e72d79675632150a3e4f695a8e56976c00798bb6d268be63b0be882e101110dd SSDeep: 48:fqJ7XgAX1NZjOYBEoseOmrAY0UDBlMYw99Oij9VI3VjBX+:iJ8AFN9RBqeOmrAYb1G3vl9VI3VjU ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate1.ico	MD5: 72573ea2980b6aba13fda74a21ce5224 SHA1: 526c7eb55f5e05b8735480300da3f36dc9520700 SHA256: bc4221b0a5a301ae20483b56799a8c37edc18eac74ff8fad975068d50eba9b46 SSDeep: 24:pjGTT6reCAlyuVPPvFm+KZig10TjNQtHRZqoBUn80OIuqoXiTOxAbmYn4KHzbv:kDMUPo+Dg10VUXRBU805roXJhY4KHzD ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate3.ico	MD5: da21d6d63dfc9d5c5e10664871e49438 SHA1: bf17719c070f271d091c052f58e73f046a728114 SHA256: 2161f1353ef88bf3c131b56527deb6cf7f29ac9d3839e37275b7ee834f8bbfdc SSDeep: 24:it7qDB6aU2XzaLAz1y/MN+5cbFF6xOKK05W8yYuOC8RuLZ4jbBjwC3EQpcaFDHyY:ituRJDEAz1yR1K05W8yYzRaejbBkC0Q/ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate4.ico	MD5: 88b0822a0c4ebaf913375c26785afaac SHA1: bbb7805253f1d79997978abd50b0a93b40816f9f SHA256: 052e58800fff320a79e8b291be63c391471fb616a9bd64f6429303f3a094c085 SSDeep: 24:7HWUexGC03qUEYUrpDB/nD4JnfCM4+lA5OwnRsHBdcrKFSG4RK2f:jWUexOfUdDNDOfCMH4OwnRsdSG4RKk ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate6.ico	MD5: 58a2f1fa572a87afc33ee03ca11fe99e SHA1: 66e60c539de10f2190f373d92d4c48a0293399e4 SHA256: d1988e11cae94ae54831f68b93667fcfb8c53e1a787cefa24cabebff3726cdab SSDeep: 24:PSPOEJXpbU3J3S7IvL54nz/0UFKZi2Ti2xwNMqEEiJQMdKIKLEP38KJ+osChL5ls:PSP1J543VkID54nDVFKHTi2KNpEEiJ/A ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate7.ico	MD5: 1754ff328eaea3023f381446d66222e8 SHA1: 57f962f118f03a8ce15fe4f819eb9eba643064ed SHA256: cf0524ba98cb1c8a2f4768257eb8c6f6fc7594f97c268489996eba60c39babcb SSDeep: 24:ZouJTFy52YsuY36gi+t0aIM3B/lidJn6hZUw63b7OCfSJctjffwZ4ca48AI5dVc:ZoiY83NiuIUB9WWm1vOkS8riaAidVc ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Rotate8.ico	MD5: 5eb2b5c1c6ace6b84cd4f6e9658530c8 SHA1: c22906d2e0a6661c4b9034d6a3fba617b3de6db2 SHA256: 5722a050e69629bac82b9305cf728ecc7fd25eb12821de1a6ee2a97645e95fc7 SSDeep: 24:q/4dL5j5jkEt7hHpZPIBVaEDA79KYmCkfeum28Tg00wmHW8qKxW:I4d5uEvpZPIBFDQ9KYmCZu8I28hW ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Save.ico	MD5: efba6f756cdd77ee6aee50728a4bc8f9 SHA1: 9c9bc48040970242efd8a89223ca90997288f7da SHA256: 5b6911556329dcd80e123341884fca782b910f28993101404aa71303256080ba SSDeep: 48:uCHtHi5FDml1hstKdFQiIVY73RMw14PrqZ:NtHi5FKDWtKdyVY73p1dZ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\Setup.ico	MD5: 67fbdf1f8c973032c95ac8079825e25e SHA1: 3bd296721623a7c4a2a1ca2f6ce6d8900fded399 SHA256: 73431172f92fa59edca3aed1411613be6e76a75bc2bb915ecb44454766731b86 SSDeep: 768:q7Ejx6NCcjfwWgU3+HtuxiUfDZQncvFsViD70QgQjdwn0eSxwq+i0:eEqrDgU3lxGFiqbexV+i0 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\SysReqMet.ico	MD5: ffc6f0b06c1325e2905755206993b35f SHA1: 657f5ea85bcdf5c8a09776e47c6330c2f8fb01be SHA256: 53ecd1437bae988c4021fcc5cb51e06ac3b171a28588f258dbe0eeeef6de1392 SSDeep: 48:YZb2gyJ/5GBz5ltXMqdLP6nJFQpyvhs8RwZjhnNHgyWp:Y52//5m5DXjdLSJFQyvhsDZjXAP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico	MD5: 6aef37c2b117c299a90bf0d856d7f49f SHA1: 6aed7917a996db9a55b5ca6b8eb467f2fe1bc715 SHA256: 02c2d5683b5ac1a103b9ad1ccac5a4b686fd51af0ea08ef35e89c992708d168e SSDeep: 48:c96Kb5ecwDUi9nefpWJEhhK/iyCBYNVawvLCBmUfo14RPdYpz:cjb5RwoMefpxiCBYLOmq1Yx ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Graphics\stop.ico	MD5: 8ed4105cd1172991d70abf5dafc8613d SHA1: e4e860f78b4213cd7750fe427a59c279f05c912e SHA256: a2db3789c9501143a23f82d7ba2de3f5f43ab66cda6debe0cf29da0ac9d07ac5 SSDeep: 192:ncOf59bDjsTx50xSq2yuA6cStUKGf8Pzrda60Mj5V9NJNrMfHJYQRrZK+he:ncOffbDMx5iuAiU0P/R0MjTFN4fJYMDe ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\ParameterInfo.xml	MD5: 486906f40b440cb87ca65b373ef7379c SHA1: a3e4cd780e7ec85ab432e2c77217db12e2a35545 SHA256: 07f6b695f3e994260582f6063a784a5e996430b3c36909062b388db09ac883d0 SSDeep: 6144:kN0wHQNBdku9+iHET0mgoypZ8TlwipiE6y+XF6JWjSR9zRw:fww5kuVHEw5B8Tl0jCFw ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\RGB9RAST_x64.msi	MD5: bc31e866cc274dc2b89586a79e2f58b7 SHA1: 2e4a9e0c528a6a6ef20d931e6955f3ad9a44704b SHA256: 7f9e615840ab1fe3592bfe03ffca28b68e68b8e58b5bdc6567e2d42bb5a445c5 SSDeep: 3072:/7Ohq/Q8B+uxbg8FwkoEMBtVrSNB3o3bgN2isM8bg2VGvOH66GEIMoz3kWb:/yhq/HjxE8K9NrigiSKGH6VEU37b ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\RGB9Rast_x86.msi	MD5: 08973d1822d05b35cbbe38dc8579c808 SHA1: dfc00cef428b566c6694362ff6c39cea05720a61 SHA256: 0e61af471ec2302a3952555a2d4cbcc47f932ce765d5daa3c48bcb7c17cda0c1 SSDeep: 1536:ctBLH2t5797dHPWqTtUIX60CMOdlY3xCsI0lqSHjpOrW5g20DhpBXBWfKLde:eBHk971WC60shClqEIzPBRWCLde ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\SplashScreen.bmp	MD5: f830a3a751f504dc5d982e075981c6d1 SHA1: e93b4ff671c79f0f39d6c1a454fd85d319716252 SHA256: 9b84a4a269b24a44088be26a52fffb62fe501c1ce40bc99b891b0ee802b71157 SSDeep: 768:0CfieIecP0wjSCkpmEBQlPnJOVRjolFwtV4n+r1eg+gMP9luj+0MJr6WICnQ0o:jle0wNkpjQlP89SaS+r1p+gMVlujpCrS ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Strings.xml	MD5: d1c3d5bee86b2876e5a950d80bcb74d9 SHA1: df5fe1793e9143f40174bfdff1f277cbc41c3b01 SHA256: ae8f57c485103f19deb20c1306a5acb90e5300afafb8714f1062b9cdf489cad3 SSDeep: 384:Zbh0a45YS8XEHliHDhdDR7ZRlG858FYZfA:b0aaYS8XHlZRkI4YK ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu	MD5: c767fe4d927448a71d20d559797d3462 SHA1: 4ee72c25d4496fbc3b89b229eb9e22cf6615ac3e SHA256: 2722a1fab896b56db2d220a45863597e67f5b6484e8eaf4c8d3195b77fb57a1d SSDeep: 98304:EPUDx0H6OIbYY80caj44PQUpqCOuqSYdTCD2OfSYD6qOPh/crp:TDx0HsbV80jcAQiOpSyCD5f1eqK/crp ImpHash: -	Access, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu	MD5: 7169ab946204ddb0ac58594f36e63e1b SHA1: 6e2ed4a9083bb41034e343b91d77c007b426631c SHA256: 85f0d55056f81697995e081d56bd4e258f5bd0e7e56f1743a1e55e88eae75570 SSDeep: 49152:+70aLMkzmb4CfOegCL8TTT7gKRPKy8xwDN72FQmsBT:bsXKb4Je3gvnRMiDNqFQmsBT ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\header.bmp	MD5: edd905ef35a4eda1a03f540aee4740a7 SHA1: 871cfcc4e7f48897b260380d547feafbfd99c5f2 SHA256: 374e42d4c04e9cc3b332531bbe62f62fb6c5dfd9dbc37d83ed1778fd080d09b7 SSDeep: 48:0Q/pwcGKvt2E9kfudMUbQQAgZOpBgKnHFXr23z9ojjH2knv2Ng8I4Iir0c7tGEDG:PbdgikWdMU3uBllXC3QjZSVrXtEjBH ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\588bce7c90097ed212\netfx_Core_x64.msi	MD5: c722bf84ccdc4a97d73c3353a6e612cf SHA1: d50d9dacb79dc5ecf898ac2f175a7047be54b057 SHA256: 5c10cfc9a4ff956938b007bd012ca777667a36b905f70d0268f8238ab30f1bfe SSDeep: 49152:ji1mhy9Tzv3IsJrHe0H/dLy2AkoSiWzc1:BMzvDRHey/dLJvojUc1 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\netfx_Core_x86.msi	MD5: 400c1af961fd902e230586403e2f2dad SHA1: 6800e6679395799b6b4517bf414e9c1ee159b4c4 SHA256: 2f86e0b0e7c28073afad72b092eb866f9f782e687905d255bd05cddecfa0010b SSDeep: 24576:ET9VYr9K10X091mJLdizl5AN6yl4CBVV913n+f0m9VjIos4g:57JLdizIdx3Xwp984g ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\588bce7c90097ed212\netfx_Extended_x86.msi	MD5: 71f9032e7882212572674f16aacab1f4 SHA1: ebfbb4bf59075db3285576920e30b1955496201b SHA256: c099fc23aa475ef83438695130e6578150a3c3e60d8958a86a6c4651e30a7462 SSDeep: 12288:bpx23//mnKW4TqTJM1zANdJikJjNj7r0uk6Jst5i+Uu:bpxY/W4GTcAnJh7rZ9+H ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\BOOTSECT.BAK	MD5: 03e85cb6f7eb79bdfbcf8397c9a0364c SHA1: 487653c86f60a9045baa5ca4a199cc98ef6294b4 SHA256: 21e8128e41b3533e829c99341332b4d77964cdf148b371f05ddc485e642d61c0 SSDeep: 192:lhskM6LJZ2fuYJTH0eJeZ+TgFzxYKY3x+829WbewX:lhNmxTH0eJa+uI3xMcbTX ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\CONTI_README.txt	MD5: 6fcfbe27c98e3ecae544c83790797eb3 SHA1: 9d04741c88e54680253482bc9f48f33eefbbad66 SHA256: b54e61308dfa5d69fd4c490674ab1a3b714071f237376e90088517bbfcaa5a68 SSDeep: 3:bB/g+xyglrgtErfoa5WMzCKq5MJ2GAr/RKL5MJ270Ru33FhXYCFDZK:NFctafrVCQ2Xr/s+270RuleCFDU ImpHash: -	Access, Create, Read, Write	Dropped File	Unknown
C:\Logs\Application.evtx	MD5: 3b705625dacc79897bc02ca3297d25de SHA1: 6496170c3b403fc5ad32fd4413571f286377438f SHA256: 1ae57fe90a39cfe6ee897ac80fb7dd051c4a84c09eae33f69e36a923ccf97f47 SSDeep: 1536:X144VO4NJE/ImDUqZRRvMJ1Ysv2zvj/9oWBf1NjbckhII26oS3J/jE:+/4NJEzYqNvMJT2/lo8rw/ILjE ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\HardwareEvents.evtx	MD5: 86fc61aff038a3afa0bdf4cfc2fb4034 SHA1: 13dbb34e4d83027a27a99d9f209466cdfa4a184a SHA256: bba15dc9be6f3248896feaa1b1d7495978c302f1fe77badb699e980d91a5e73e SSDeep: 1536:OMXjJwXsTMstTiDxHTpfM1DR3/XYqllW2KdGC8mYJJ/0sbe3E5:NXVMs8NHT5M5h/bsvst ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Internet Explorer.evtx	MD5: 7bb1134e6b0eb2a53e0576a628205ed2 SHA1: f932732577a6d5160632e9856715c57f1cd5132e SHA256: ad860f75478d4475bc7fcce48989d1b09fd2bc70a8fd73945343c41b88c47458 SSDeep: 1536:lUPq5zf+W7q86uIB5BhkvCqbX45JTUZDv+6ViF/T5QF/:cqhl7qjuIB5jSCqYUniF/T5G ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx	MD5: 6dcb29ef4be7e044aa5dea099c48717e SHA1: 3e11683b4a337fc548954ba8f166beb8a81e4b27 SHA256: 058fcc70b1026bbc35a6f8fb32a6d43d14eb1c626b52b987c4615f7ba2737f8a SSDeep: 1536:yHoGg9rp7nFXFveYBk/cHP3fpjcFnYU7Ap4+lnszgedZr14Mrnp:1Gg997FXteYBk/cHP3tynDAq8+Vbp ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx	MD5: b96c6bbd3cf6ae829097a4663e5e61b3 SHA1: f25e2189ff6132a7afd6edaf98ddb0d246c1ff43 SHA256: 6f9445d5f7d814f30e62f42e4a33829ccbedc159a3fb01c6ba9bc9c1efdabed0 SSDeep: 1536:ngDgL30wXJ+nzwQ/6IN5tiw6PgboWwdtBT4zzrN1tjoMo:g4kwXgn5Ce/iw6Paz5/jo9 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx	MD5: 34d6f169ab9cedfdc5337be49c284b6f SHA1: 4ec6dabce6a839037f5b7bc088e58e4b679db84d SHA256: 18546043126921a33808e4082f7a639c1ab25a88c56baee527c11acac10c906a SSDeep: 1536:GgGch6hCTusSFHhSXE2FfVUKPiTaVO8J/nkmZyIVdJ:nGk/TuphhSRFHiOVvJ/lYIVj ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx	MD5: 471c1347fc33771e703806c303a44224 SHA1: 6096b8faf77b920c1c3e5c4a63e9fe1d28f48845 SHA256: a978e647c87b87ddc631c9aa4befb09b63c9eb7d40976eed6431c4fc20737678 SSDeep: 1536:WyBD05VK95yu4JXtVQmEyBMSS4MGEzprBWrQLew5:Wyu5AQJXtyqBWGEzJUQLew5 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx	MD5: 460b309fe334ef1f904e4554590f2133 SHA1: 476a46d12bb6e76ca52f90cb0e330a678cbaabc6 SHA256: 41d5ea2c30d6b197ff186b09e97ea73112cc78fa0d599569a3a4cecb2a4bf002 SSDeep: 24576:9kcaZ66GUiy7tWZ+wHaiEzckXwBYpyTMZucq:2NGQtHOaiElXwBYpy2q ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx	MD5: 4ab3b3e84383a869aae514cc618bbdd1 SHA1: 6461c0044596b49a564903a12f810901e6f19645 SHA256: db70cc37dc15f5a301e21f3958fdf6453bf5e47013f4cce639686d03f5080718 SSDeep: 1536:kl1JhqEgNByB+ml6mCwWuOYfIYm+sUGlesJqF3M:kHFgNBQR6mCwdXQYuUGTYq ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx	MD5: e9eff4d1418c08c339475f012635aefd SHA1: 84a889d0439d44577a6e2b0e4afd705fd5733164 SHA256: ba434dcdfd0e5b51789036855d7ac71a2ea9910209d7914cb0ed421c47771a0a SSDeep: 1536:wMwohBnBI8BM5PxkJaX1Z489fGa3znfiWAZNDIai+RFKR8/O3:9hNGQMRxkUK8BnfiWuDLlR28/c ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx	MD5: aebc9feb000067f7b86eef578d1a924d SHA1: 012d30994fbf7ac4e6b505a9df600331ddcea55b SHA256: 56716b258f2c453bb781541d591ca08f2a4e8b98c9fc3d441f617c6bd92d431d SSDeep: 1536:9/iiD4vrsxOGgs9i6Q5zRmaHlC4pRiVlG7Qk8ZORVweGkI67:9/BIsx9lbQ7maHlCQ+lGsz4oE ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx	MD5: 73bc8f18ecaf1cdc08a3c0c0db36c646 SHA1: 03fa125f0d4afd14b37184d9c8b7301c7251290b SHA256: b611d17ce126af9f0f6a72f3c0d1721908d91aa8b1bd9084c0dc11d81b15ac27 SSDeep: 1536:gSfg8t4FyRPhaY/ksjQ1VKgRypv3MQWXBLHO2Sl6zjN8msskv9/ed2:ZFt4FcaY/ksj0KyYcBuP6zyma1i2 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx	MD5: 83de323900ed661874c61ba937558ad0 SHA1: 366e6984b81b4a36a68f3f2761a18178f96180df SHA256: 68e9c8566dde03d0856e41565b6cf298544bfbc86c571512ec8853337fc53b42 SSDeep: 1536:e0NEuFtcNM5AQBmtbxQNB4fdBRa0nB269y8UxdXM:ejuFtAs8xVl/nUi7+M ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx	MD5: 5139d925a47cbcd45c83ab8c921d6ce7 SHA1: 49350932fce6a622497e4e99e56dd060120a905d SHA256: 41bb0a0e4037d3d989acbe1bb80c1dcf5457d59038aee7cbe35bdaf5e0b4b945 SSDeep: 1536:rKJGoHouDcqBRKJ30uDvim5gZNiIyb5tWpB:rkGoHxDxi0uDINLf ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx	MD5: 8bfa84b43f948f001a2f3fb0f71be213 SHA1: fa8a12efba109be3fb87acd447fca1d8b6175c08 SHA256: 4c1fcd94ded5dc4914fbf16017f1b90615126207313df04811c607b88e9d5391 SSDeep: 1536:U230FaRhlq28TnDsf9eBa58/cIE02NCdADi/iKDb/RTsOD7:U230FaRDq28Tgl0XEIVdADirn/RTsOD7 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx	MD5: a98aa9c889eccf5d556cf0830b46c920 SHA1: 1a7ade618546ca61b850d2d3e5cc3f809a1aa323 SHA256: abe473ffc753c613ef29455451e6fa948ef5581a6f54561427dc437788873e4a SSDeep: 12288:5oQRIh/dZw1F3CJeC6EfVvqKTZdsXI+Wq2Bg2xvpo7tB4KzFqNRRjC2XjGAbcG:5oQRIhg1ITxfLXsXCq2+2x0qNTjJqG ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx	MD5: 3c87f32a07f00c54445dc66ac3d2e394 SHA1: 0016134a09bd20c0117010928973795ab09ce06b SHA256: 667414d7f2ae533f55ee70d608cdad5041587595d62efea186b7b5f0e861897e SSDeep: 1536:LtkcxU8HOsyzbIBUp3JgABOBgbxG6a8cOiZCDzJFQl250A:LHxlOlr36BgbxG6QOiZuF1 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx	MD5: 2712e077f4e9fcd6ae6ed9d780e55e1c SHA1: e7773f9597781d826dea91e4828fb8e46c1373af SHA256: 1ce6dd3da515174df44dd89be08574c5d21a55d468e86e12000e8150ff2c9bb7 SSDeep: 1536:z5s4wptYruoOj8CYVApTgYTRvAqyOFA0lhY/vAlpR/FCEEU0UQY1db9t3/Cd:NcYrujj8CFpp5A2a0PYglplKU0UQY1dO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx	MD5: b2e3d4fc03ad020f712e69b5dc72644d SHA1: bf2a4a562e229702f97b277044823e23daabfb1b SHA256: 4eeb73ba611d645ceb62446f505f9e96ac4e0e1bfe82db952f03e26d4f527c77 SSDeep: 1536:Q0+i1a/FKCkH7Ei+26VPnjIG/9QxzbT+lBIqayXDc80kYwKL/+qhvevX4u:3+i1gVkEnV/8Gl4DMXaYD90kYLL/+qR2 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx	MD5: b5ef74981cbe5e119d069352216f4ec2 SHA1: d97c94ec2b559c015c149c23e84979fc4e9fd60e SHA256: 26c901edc7f7129f7665705923437ecfc12d9f87a53015ce750ad79961a68339 SSDeep: 1536:/y5iBeFgqb/iQexZNVcMnA6WQ+tFf91TzsaLLxcbIlV:/6iBLqbq1X/j+tF/LblV ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx	MD5: 951279ff662c3c4500fb9a5e22874d8d SHA1: a0ea03385f855d2c7d3385eac84f44e03c1ee70f SHA256: 272129316e0f7603b0437842d0d7dfc79014622cece629efd54221c26fbbf8ce SSDeep: 1536:SS42xn1ZRr7gO8yRPyIR/LoWkvvLTcrQGQfUYnf:8ufQyRPyIRkvjTWgfLf ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-International%4Operational.evtx	MD5: 777eee88fa3fc28727ffaefa2ea28e56 SHA1: 7fa7b503370eb25466a06f9b09558dfb126eddef SHA256: f77d4966cf1b8650ff13607ac54722f524cfdfb3cb59ea3bc0449185fb999eca SSDeep: 1536:4Xu8zBfb0+hqY8DAi8DAgFeUZDCctZ4IPzeGqxG:4+8PsgsUJCc/iHxG ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx	MD5: ae74b25bf9563604cfd7c1a1b87442cc SHA1: 983dd676306ea7204760ca2383f8fd80a605074c SHA256: 063d84c212393274f2c01fb40626b09d4e6b470cb24adf9a3c3085bb81f21ef2 SSDeep: 1536:bimn+iciJFgbiktLOMUpozOewTopzykQyZ77sT6XxBoWPqNOGy9U2217p:b9oiJFELOMUW6cZnQQxBoQOOq7p ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx	MD5: d532d309b20231d8144406995202856b SHA1: a8d037740d0a4fb698a710867e7f747cbd710a06 SHA256: 4bb6ad16f6a232b1cf763c12a1333904e9c0ce2144c25012bca95c616a99fb43 SSDeep: 1536:RN5B4HZJcrXXYs/GTFtMFjrUvJnLHRCNGCnzBtNK:YJsXXOWMlwNGCnzk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx	MD5: fa6d2a51cf18f8d0c7064cc8d2476d8f SHA1: 81bc26fe91d9bbf9f4bf1e2ec8119910e1fdd87b SHA256: 5897af7f14948a7b277f436744db9aff64e2f7097522f43d44825a0b764608ad SSDeep: 1536:zMrH0Fs00ZE2dz1FSjYfoxozhJLw23us6vUrY9c+EOlaB6QwK9cikUouhhUs:zMLuZuz1FimfLw26UM9c5B6jKsNghUs ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx	MD5: 5efcfa61e2d88b79469796bde466d073 SHA1: 9e5723445730c83fa7665c40767a1a85a9e469c3 SHA256: 6285251fe46658f18da73610349eb4ed34d3de7a4a9cdc165f0b9659b4865d8c SSDeep: 1536:Se0Zge1SAt9M1sm0fPtUfSw0MZoHIp9dEbI6J2MuMOmd99LaUww0p+qLk:50ZJ1SAt9MSmsPtzwzZoojq/RPmUwwRv ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx	MD5: a497f97df731f035bf8b708de5645c4c SHA1: 9f1f2f0fa94a5cf9b318206a73ad2a9b303aaad2 SHA256: e2641e54348aa41637e3572f64aa386038dd7593d3aaa63555d5537be1b59d91 SSDeep: 1536:4W/7Gf7YMZ5w2WsvtEEBH9KnBHbLKSUS0tZ+4jtEmXFWzFDCOs5mJp:4sY9y2WsqEBH9kHSs94BEmV0COs5mJp ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Known Folders API Service.evtx	MD5: a7683397f81e60296a4c93f9ee021eb5 SHA1: 85107717151c7ae71bb13f846cdcb746b130cf87 SHA256: a6a9dddfff699637930e0757d318d899ad2a5e58bdb673aa1c5282e9947ab25e SSDeep: 1536:aY9zOi8QIACjah15thQHH8/VPlTBFZtsE8N4teCkPovSZDAq:jCiyACjwthQn8/1vFPskzSZDAq ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx	MD5: 4d73d506793bfd7d41dacb9251f8f49a SHA1: 974905ba71a2da201cd741a73232b35a7a28c09d SHA256: 2749a0598d887a19b8acfa917b8fb9cd81b1a8223cdbc09736fb25adde28559a SSDeep: 1536:K+le3GvhMUc7x1cwAo/8OsYbrpe5RcZHQEi1Ej8:PI3IeUcLcwAssYmswz1EA ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-MUI%4Admin.evtx	MD5: 66d051d7aff8755437cfa724603371a0 SHA1: 20a9b54b7c2d73527bed36e5d66f13b699cc927a SHA256: 0a3598a86d854c14eb50fec2dd521d8547b72a0d936dc852097051759794ea97 SSDeep: 1536:39WrkVwNM8+4xe+n29LsxSlofj+DaVkEjP61fcjvBESce:39QDqAxe+WqSlcj+DGVjPGsrce ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-MUI%4Operational.evtx	MD5: bf198c49c13ca6ddb12d0c033c49be37 SHA1: fe193b72210e6bff5dc3b06e89f4725fbd2433fa SHA256: 773e1488d772c2b35b61bbee3cfafc05ec36a158244818b7c87999879e6f9c4d SSDeep: 1536:GRlD30XzBRYE4l3DHppmFHh/X4Bgv7vIwHUSPgZz:el70XzKl3DHpp2Hh/XQo7QwZgZz ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx	MD5: 43a6d4e605058241c7d8289de5f3c6b2 SHA1: 635dffbfa26a152d1567b8fac98b73155b40f61a SHA256: 8b8cee5015f7f6f8ae6679b793cbfaee6f9904c64c7d9c60dc48756c9374b708 SSDeep: 1536:lW6jOmNrB41EMkGOwhbwdViyRPNe6sdowBICrQv:lW6j5B41ZkxswdVHP1sdoJCri ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx	MD5: b6c9539ab1b84d4cb89fc8706a49dc6b SHA1: 350c8259d4adffc94ac22b0cd0d224420da7889b SHA256: 8f37d771a24c167e93612402dd04544c833af833bbf2ec631b41ea271a370d73 SSDeep: 1536:MFEXwZKChp5tEhmGIwvVQ3fnEsXNNoJPjZkv0tF1Hcc8ByQj:Mggpe++VQrXroJrWvSbT8ByQj ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx	MD5: 6320b7a842564357dacf4e133548ba87 SHA1: 7d5b4331400b2f807ba7acb95b31cc1cb525453a SHA256: e77aaf199f93dd10cb39c5f8d78656a64eb6b7a17eb8dce122e49e1e4cec4858 SSDeep: 1536:CZisiAUq8dYIaarcsh9O89o8PoFY1kHAsy1PtQpyHp:CZiEyYIaa5hwAX1kHI1am ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx	MD5: 10f42915ce9ad54deb788612ec0800bb SHA1: 18cb89c70d05758fc500d3b540e65482e8749542 SHA256: 570a48b1a1b50000c57f8f278c35262605bd05600f5293b5a49f01705ac649db SSDeep: 1536:2P05gHsBepNdK0hDv8b3FdLPvZVOXvFFV7F1RCxX0oSiYSMqO+qYx:2PI8sBGd3v8LFZPgvhF5bMH ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx	MD5: 5e2cac56b3c5550d6554d9f4f6bfc8af SHA1: e97d5ea83be3649bd70f92435ed303ca9b85ab15 SHA256: 308cb2c5d6c1d77207b711171c620606f3f25f194d337cf178333d8229161443 SSDeep: 1536:cDWAIYB07IXB/rFLSYTgwoPUAD8dkAoB0Vh1DAcV5mlDXlOdaQXw:cDW7IR/ZVEh8dkzKScV5cpOMiw ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx	MD5: 43e11ae97799945a878dc47ce8994a6b SHA1: 7cde223aba748a97dffe8c3746d4bb6c6a170c3c SHA256: 2db4e69a92f60058c3ff79d8ec345df589383edd9076e4f3c1b0970c13347f38 SSDeep: 1536:xHUpgW7sENCQfYUbalsG8jBZVhkUPNtG7Obqi3IcgpZwnXwYH:xH+gIbNVJpjBZNfUObqi3IP/iXwe ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx	MD5: 9a104f6ff76b08280f6e1aac7c1c91fb SHA1: 73bf74f55cfd8f7f47dda29cec28d17f7b7d3099 SHA256: 65f3baa90eb494962cf3d6cd83aa4a1174673df66ace48952713d7141eeb67b3 SSDeep: 1536:C3BXUxv0vbEY0qOdp4c1aaniL9WI1Jcou9sPmgSEKIYIjZ:CVUxvvlf4c1aanO9W25wijZ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx	MD5: 88fccf0761ef853a31ce802c6e4da402 SHA1: 5e67e88c868fdd32aa557dbd0dd1c7cabe726c26 SHA256: 7913537a50b023eb9d1c8a0629495da772eddbd30849542d6556af4506ac7d5c SSDeep: 1536:02Uc89NC9yh1+lljuG/sbXuHBBq7jWlS7/++jsde:02z8/CAh1uMG/nL+jW8rjsde ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx	MD5: 3df4939f332b2574235c8010ddd8c8d0 SHA1: 0e023e68c83c2c753b7fae6d51cc8f85ba610dab SHA256: ac81c37f83e7645aacbb47273fc3adc49571a95b95ac3202a3a74374ca48e1d7 SSDeep: 24576:AfoCb5d7ehyE5As2sdpzAxAM1ZyF5I4vAmBFbxWn8jS0h9z1P9HXJ+q1:AQCb7qJ1pzAxAMkG4vpxRRz99HXJd1 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx	MD5: 55f10207f73434f76a493a6876935a4c SHA1: 40eebe4b91c60cabe7c2214feb2ae71b077774ab SHA256: 34894d31581f5299f5a27903bce176a8bd51e99c54534a30c2f37d37360159e3 SSDeep: 1536:Yyt2eH7fJbIfT/9bIAts9gj94zBRowLv1sSYcOZu6vxXbBlnmpYZIFt4:brH7hbglIAts9I4/vGSYRusbBFmpYZIw ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx	MD5: 2270a858ca0fe594675774343f0692be SHA1: 59c8a00e0907588d221d27a4d37fe550d1dd8362 SHA256: 154248bdf36cced25aab5e5ce08cb20b2d67c73639f85e028cabbbc768c31b19 SSDeep: 1536:NygFZpD89WoP4H71AbAiaBviaA+6rbVQCCSjBdx+QmxA6ELbKA:N//pA9+H+cpBw+6rbVQ+VdwQnbZ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx	MD5: 873b885cc4d6934da834f91bd2a5a334 SHA1: 6bb9fd615fe9c59b59003b3cb2f16b8602c54fe9 SHA256: 4cf690bd8a3e5ba0548cdfd9d96bf73bed7f169decae1a741a0bf34f2a7782d1 SSDeep: 1536:r+UHSkk90MMk3Os0MwmbbU40X0uc0nSdXyCT8AC+zSc3:r+UHSk3vQOsJw+UfEgS1yCT+Jw ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx	MD5: 6462480870076cb5b9292a7b6a22eb97 SHA1: f21e3ef42c21851647ef549390f2295b0aad9e0f SHA256: f2f81cb38b06f2f076a9a7612bc4aedf39a4dc413c17cae626a7524910ccaa32 SSDeep: 1536:ISQcN6krxnWxDNZeaE4y7zQzz2tWs95b1t81jzjHlaLO:9RN6kJWdqaE4y7zQzsWs9O1zHQLO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx	MD5: b01390e1b877a9a37567756c97482f60 SHA1: 519837aff516b3d217c10fa3846fac67c3873dce SHA256: 22c959a7d620ea88d43e4c86e557b7ba01700e654b0bb6c347a8694800741940 SSDeep: 1536:i38mp/gC5xgaiPXRh2RqxH2yMrS2Df0dBxqF/rExg:i9/V5xgaiPXRhGQMrS2DfgBxAExg ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx	MD5: 538d0e59e59a7ab6928bd45f8be110bc SHA1: 2e12d6498263d7278dee48960667734190326cc7 SHA256: 134840f75b3f2c2473b5f3f96ddfce0dd22121cc56370bae50d63b8fff06b46f SSDeep: 1536:SBWyKCZH4S9o6Qxz7bE7JMKXCMWp4dRa6xmtXVctfIb0/:QeCZH4nzFbE7JMKXWp4dRaRXVcD/ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx	MD5: 05f0c10bc48e4df3631ef4d0b68ee81c SHA1: c44009eb3248df315a0e01338134bb8f537ab4d5 SHA256: e31046e46fc3810148f7a5bbbd16e4826f68c300d04b09727f603776c84ed8cd SSDeep: 1536:+vfzpodj04VA5rHa9K/CKqDbr+dC/SYcy6PhNBSHX:+vfzpodwvHa9KaKqSdCT6Ph7i ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx	MD5: 98d77bfca36136a33e0296975c49ce04 SHA1: 5dd8e5f117db296add9bc545eb98dc500d671831 SHA256: aab8d74cbef482fba469f31b250d97d4c9b8c729c5cba28654ddda408421aef0 SSDeep: 1536:wKw5DJKcrcIJE9hBxllzJmf53o6xz1I33cikfV48sV1GyGoZtizlR:wKgJJJERFEf53NTAtJ8sVNGoWlR ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx	MD5: 7b7633411a75c44b6089553b3e149e6f SHA1: 4c349f7208247a28366204faecafe1154dc0bfc9 SHA256: e1d26204112d619cc24a7f28124e76ddee13d7b3e195331da0be27f3b83cca36 SSDeep: 1536:ZoCR1Kcg+Z+UE9aeR9o2XITqayhF8Ta0N4YV8UyNvYUGGAVmXHY:Zo+1KXavM+T0JjVUyNv1AVmXHY ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx	MD5: 67ecfc4f6951a79025c0aa55e6bb3c7f SHA1: 4958a8e2636646616b6b9f2be022b730da1d8528 SHA256: 6e724960fb323693b81952753c7a04c375fd7ae0ef30545279bd60dc97b5147c SSDeep: 1536:WWxIY3tYtJx8ApE4xfu92e2I7dDXcbv6OjbSofZ7AdPfj9:WWxrtYjx8wAX7fOj+o9AdPfj9 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx	MD5: 449aafb15e22bd5e2cef3de4167092a0 SHA1: bf5b7d6512b1c6ea598b4f4b38e428db7ac3a28d SHA256: 010a0ba37465ae01f79913bb887cc3f13508a97d7c5f4ca04aed4beb15845362 SSDeep: 24576:IXLujzSbNzXKWQly88vnk2KEDZai/qg16gDTv8L6:CujzSV/2SDIih26 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx	MD5: 43a3382852d2e70b74ea604e7833d4e6 SHA1: b0087d9d4931a99f2643d3540d57d7d82f133223 SHA256: 2c0209f0ac48e02b02b4899532254896b59ac56255929f43e63046673f87b66b SSDeep: 1536:aEJzQfOGeZTa/ziwvbCxTqM5woQGoRvi9ZCLD7aeJ0kO/UuF7/SN:xJAeZUzisb6qkwleZCn7tqkpuhc ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx	MD5: 9b3bd635704d46e0e879d0dbdf409716 SHA1: ebe18becdbe61d2d03701451a07ba4bc5067ec81 SHA256: c70b678cfd40f0b947121a371c2b1574fc5839317c3bcedd2315a8e76240e8e9 SSDeep: 1536:p9E6l2IgiPbn4EPGqG1o3uYB1RRtGsQ+ZL:p9E6lCiP73Fuo+wM+ZL ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx	MD5: 3bb8c6e5feea7a6cfd684347da9c775c SHA1: f678e08c27c57a64844ab8a1edf12982abadcd34 SHA256: 6f9580700f50a8d9e4acf7ea677caa7c14e5d343c8c92bde89b19308c07983f3 SSDeep: 1536:1l8v5OaZBpc+edX4TfPt53SH0+7RgGdsXgAujy3LAg6:Av5VBpc+UXifPz7Sd4gi3G ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx	MD5: bb37517bf33512a60c13ff784037497e SHA1: cee553170ebfcc6e19b02b04959c8356847765d0 SHA256: 78a64b0acc0050b0029568f1de1cbc20e37f9d9f6a8fff3fe65d37ca3e38744d SSDeep: 768:M2xWDjnEGQwkIevfQ8UYXGD17VmAhh1Z3r8Bz8jkquNuEp+fMNctkoto+LQ15bdX:aNcTUYswAhh3Cqu8io74/ttbLtZh ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Setup.evtx	MD5: fdf15284dd0911635e420a4b275a5344 SHA1: 865efdcdfe1a93232ce21d06f341919b93d53ff7 SHA256: 7ad043e67e0f51858baf670d790f2a97b0dc61d60eaae03747ddc3a0514bc581 SSDeep: 1536:tvR4GejaS6Gik++oOchAjuz3xXxqCIjPOk3515/ZvoiowjXQ4Uug:WaZGidjO493xXx9IjPL51oezg ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\Logs\System.evtx	MD5: 21fad6405d8717eb3ff2e9a388d44eb1 SHA1: e7055e486b2d760925ed60e835081851ed36e06d SHA256: 1453e893cb503bc7a3ef1d65680a012758b6cbd7e3f3776d98139354699aeef4 SSDeep: 24576:W4nlGvZnO1G1Q8OmzSrvqTbssAbuV9hJeG61ids/hZp5wiz3C:hYvVO1GS8O4SrvqPPAW3kUds/hFwwy ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Logs\Windows PowerShell.evtx	MD5: a9628d76412fd6aee38f941af24e8a0b SHA1: f550b00c0774455376e669f2aef117cabb792df6 SHA256: 9d542477e0a6824e549d9fccff7b9c2575b2a36c26e3c44184b73cbf49bd7212 SSDeep: 1536:ZaSp5WItlc/zpWh3qO5hajF7xYLE9tmw5YK+JAe3YN1mbas:4S2Ih3qP1GL6f57iBIHm+s ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\s641033.hash	MD5: 3890f495e305830c6f09b77a83149423 SHA1: 2a2a16e79821bfc116ff7829acaf25bd6a5f072c SHA256: d3dcb1f83b6b4c38ac64a79e05efe42606a7217c73c4e3ed37b08f9de11d9258 SSDeep: 12:hgQzxRGlgcR2+wb5KOmTllVwp4eLQmcsFpSt+7GYsdusSzTUGO:+nlgr+wOllSbEHsFpbsSzTm ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat	MD5: 698252c621ba8f48dc3d1b6d80970f6b SHA1: d317b2dd01d775b7ac18b8692cf5ba83bc92f4a0 SHA256: 4333bfd11ca8647f766f7322486784e347de419d4e7d67cb5045bdef32bd1652 SSDeep: 12288:jo0nD49mba2gOeZtwNGZoi5FY1/v6yJeb9EOsJ4WqTkvdILblU9yBXigsc9zesKl:jeqtgvnlFY1/v6yEpEUudILpKhsIZ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml	MD5: 5125d0df7dad2b87598b1070bc44a901 SHA1: b224e71dde47ff09cd9f6fce1b9197e70aa88116 SHA256: 77b8c8a214a82670215d5241230c4c85e4470631f60dd3003797241b74d346d4 SSDeep: 384:2KjpXb/TelhokDvqGcVDV8xn/LRNlqZ2EnjFsYkVvQJDg:FjoJcVEjPlIhnCJG0 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml	MD5: 959f65e83d11e3b464eba3cf0cfeefc9 SHA1: 7e783ec3e64ed6fe7438bb41966f9c2879c642cb SHA256: e39c26f9da41e0b857ec1c5f5dd2a2d01dc65b126a7430ea61ddbe60f0c9e6e7 SSDeep: 384:E/AVnUoG8BdtfL/Gj0rYJWeUw+bjul01wbanMicpxwC4XnMD+MDUKphcqO7mJ1nq:hVn7GorYkeURwmG14XqiqYu1nTxWR ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml	MD5: 6bae4f8dd39944729ba53498154e4d80 SHA1: d02d3ad68653da13e8d16dd5c6c023be959c509d SHA256: 72bb0c5760e44520162c4165d715b8de92f1e0ebc4a0c456417ca6b04139dfe4 SSDeep: 384:UzsYWeAQbtGOFr0BZ/l86ua/g6+Sc2OU0ONXzrF52o6ObpQ1vp5ZGQFRKzs:UzsH9QbtGOdmCObTmOtzrPNDq9G4RKg ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat	MD5: ccfed1cfd888031398b2f07915c51205 SHA1: 21bc08ecb6f6b97a5ba027c918272bcdb9857b01 SHA256: 1f9debd98cc30bb8fa1db811803f64570128050faaeb63541c858c1aa9e66161 SSDeep: 98304:RTx8KwNBsch5CidM8k3EWH/9w+Zf+ilbbp0:gK4HvY3EWHV7+iJG ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat	MD5: 6adffc37193077d5d5c4abf43fd13c92 SHA1: 0ec8529b5c54f7a736719545e1e6a52e00aa8a5b SHA256: 2c2eed2e0e03b51b3cc6e0efa223e7e5573419642658a44d8f0d5e06c64d5278 SSDeep: 24576:NFp518knVYJGcAZ8wNlZYXwzxQdRobs8nAAhWCD5WRv9V:h5YAZ8UY8xQd2TAAcM5WzV ImpHash: -	Access, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml	MD5: 46b4ef4eceb5db07a1beefe73ed3972d SHA1: 00856580c5e19774b729fad528e9a9a17905b715 SHA256: d4892cdb87e59af4ae10f731e04fa9efedae3cb058973d67137bb2280d3756bf SSDeep: 384:nbwoaFKVuHp//0F5muz9TMQB01Sbsf/dsMwuLXF1duViw74JIobXH5lOGQfD:nbUKMHpVuzpES41BwuLXjdtw7KIyZSD ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml	MD5: d169881753eab84446c7c559449c8bf9 SHA1: 341ff8d60352240a84c4a7ed9c9062f596a4fc37 SHA256: 584806aafbb8e9c75bd13c0e74357e96f529a79941f83eb5ab50631e53b3be95 SSDeep: 48:t0j6P59gW30N47az5sUvua1Fx9LbfZ59DwVK7jVNS56dn7RI5W37h4gOMu8:PP59ZkeK6UGAj9Lbf5kRY37hDOMu8 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml	MD5: cfa107d1e4617c40f09e025975e8031c SHA1: 29bb8435af0f8fde05404a855ada3a93ac48ce2c SHA256: 6185f6c63f7d0d4b250e8afa694799c66df67a43588d481e083425d6e1e3760d SSDeep: 48:oah5bPrhYfpe0gfuk+jCFKDf7jvgoDB8YchFS10bz3PneoVIFwyd3k1/O:oaXbP9WZkXCoenszDPnePmy3k1/O ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml	MD5: ca2bda3c5b493e2c7f9f13e0f35b7e99 SHA1: 06ec6a069348b76fe3aa300d97d2ae8bf6a10beb SHA256: 7f8700fd4567768bbf4176949c2a1409a0b98294e46a350cd5fe91f0643a89f0 SSDeep: 24:mpxZYXUzjyzi2Hfd6XWIAvHwK5IhnYYKL+zm1fLSkTl:m/ZwUz+zNF0WIAvwphnU66NHR ImpHash: -	Access, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml	MD5: ff119fac0f8b2e1d3d9843dee58a44fa SHA1: c924e0a52c41770ef72423e5600d38806df8bc28 SHA256: 79ffeb92cf3dafc77970d3a71c75563303ea49f2aae58eb4732bcc20970f141e SSDeep: 24:W5GnMvCX+TkchzwoLHIPJ/fQRU9ycO50eVSCheYDvDoRpGXBGbv:nn5X+AgzwoLHIPJ/YUEf0etBDvDoi4v ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml	MD5: 5e8bede5d78c843082d801901eb97be1 SHA1: 60e634848cfb055dff3fe181d498f37059a8d0f9 SHA256: 87ce2a1954410e86f8f7b47f34aa6affa4fc388766644c63c58e09fdefca854b SSDeep: 98304:hDaJE3shyYILHCRvcrEM8zYRNV6sf1V4liXF:hArWCRvdDzyN3fQl0F ImpHash: -	Access, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\s321033.hash	MD5: 79fef378815840c12d736134730f5b72 SHA1: bdca32f98bffb76febd372cd3cb678379b43f423 SHA256: b89057cb6d47af8aab4eab00b31415f72af52db4f21d738d8a3da6d7bb1f8d6c SSDeep: 12:wYyfEG5IVEnF7do/HfuB+qw6ZEFT1nQ6rmYJCljZaCXwQqmnk/epFUD:DGf5/dKfkw6Zo5zTCl5wQtk2jUD ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.hash	MD5: 332be1a0dab559efd809954f0bc10c6e SHA1: b264acef57dc9fe2329ab029d318ff553fb3a5b9 SHA256: 0f4c5efb86f1f2258c40025d19411a3d6155023babf4485072b13aefc68f8256 SSDeep: 12:ojRdU5WL681q9WnT9bRtb0M2OCPQpZNbA3+7QDXBsoNbwjt/FiQ8Be7RC1:NJ81qQTHtb1PCIXeu7QjaoNbyFiQ8BeE ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat	MD5: 5e157db92f9f896a9e988d294c8639f2 SHA1: 1202815822d0ba5193a4a215064882527f2feee2 SHA256: c73d3d3ff11e59b03a8af8b65ccf14772a06e21dc7e81f70ff39ac2e45ca03e0 SSDeep: 24576:TEevZzdiOq/3soYw9tuyRTyjwl213LQi2/yiotT:TZ0N/35Yw9H9yjMoLQ/lOT ImpHash: -	Access, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml	MD5: 478636a85f9bdcc434b1929aa69e2882 SHA1: 20603d62fc02ad84943eab09d3c02eb10f4cd569 SHA256: ae65a6da365e2f77e3086074c8d9cb573d60a6945c50e3e1344ae58e36069d96 SSDeep: 384:YZOlIlxxuqr7lUhk+jpeto1jwsJM0zAuHq5uMLnBv9X1hwE9g6rvj:GTxuqWhhpeto9w8zrHqYMJ9FhwEnvj ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\s320.hash	MD5: 2824ac55544dfb52c22a11ea39c065f9 SHA1: 679b87ae3ef13cf893a482649d892de290908f5a SHA256: b288f6115522021a6ac0ed474a8f2a7564c88a5b92d5025ee7eb9f7c757f4067 SSDeep: 12:RSB9p68dlybBH1NXiZL92uLFp17cDZQg3gkkBt4YirUxlCl/:GRlybBH19ifZfED3gkkBtVirUul ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml	MD5: b68870d167a18a0db838e383eed3c51a SHA1: 6985adfa16d3511de85cb8d881738659518cd14e SHA256: 872cdee16c7459996d585ca2c5f62178b604bb760f2796b7226c558dee0eff85 SSDeep: 98304:RCeNqbg5LX4d5EA8TZBMfcdf+e/FnjByvxULIu/AWQTwtq08ddbRp82bPkb/jNxE:RCmb8t8N75Z/PQa8dpRpBrkb3kQbHG ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.hash	MD5: 235188f42d083cc13f68df5f7386c070 SHA1: 33108a12adf9c70411012cb288f5c995bace2549 SHA256: 3b037e6968e69de8f623a61ee4c51f593bfdf18153b2397bfe20e0366f97fd90 SSDeep: 12:QeCXxQwRnaaKmUVMSinty9EMSgzqvLyVEXYm4yippzfZ/AzipodWdDsPDqSJWQoM:wXZImU+hY9bIoy4jr1AzfyDsPD9oM ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat	MD5: 5881befa9e8ec138ee53899916ce8787 SHA1: 8513bef8ef0382af3de65350276ca9e1b2d6b3b3 SHA256: c6aa0af34d086ddddc62a3341e36475c0203a282eabed819dfb665fffe6168e9 SSDeep: 98304:quEGpFh9Ciqos/stfJWimnk4acYaCY21BiZq63cii:nEGRQJos/sRJWicMda2mLMii ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man	MD5: a9ef7b83dac4b601445a8c6581954ac6 SHA1: bb57376752c26ada663ad20160daf84bec1cf782 SHA256: 896373d2d871f83102f278106940515f32b4bd4e76e3fd0c8171fdc5973e7fd9 SSDeep: 6144:6Xj7jmKIvhdbUT8wRYjHIvJ9Qb8y4TUta5HQQZra0OItt1:6Xj7E5doIwRYjeyb8yJGNJz1 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml	MD5: efc6643430141ad3d963a0cf6ac9e9ce SHA1: f4816d8853af56c1d4695fd2d66d6da32c205c6e SHA256: ce1ab0a875500fdbf5f38719e7f4b7e0f05addafe36a0600355e2906736fd6c1 SSDeep: 768:bSbvqnFuaFEgDj/i79GNfKSN73+kX/urQEdUkr7dBbEFyMrlM:xn7Fn/2G4SN731G8EWKdBSyQM ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml	MD5: a4e15d9158647600e85e49a3b212009d SHA1: f13ceef508615fa44e28a2b33171c97817ea9b62 SHA256: 0f356b111d19e2312884fb4405a129bbd109611ef93ae3e9b2455a5100832140 SSDeep: 6144:haxHCYLHPgQX4wc+ne80vutsaevmMyi6O++IDlMXuA+gV:cxHCYzgQX4D8avVyNMQgV ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml	MD5: f64991ee3015858a3a70ddd660baf64b SHA1: 16f65ba9c14832d9f3679f84e2a067bec4644470 SHA256: 390e3f1a13642c5c78e936521281aa8928fd8dffbf54ada81404e1214678d2b1 SSDeep: 768:wGh0VnYJSvN1A7NLffIOeC9oyH+nQQA+EtzG5QOBC71oS:wGyhLF1ofIOeKoLnO+Eta5XQSS ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml	MD5: 5d794b7736e4b6deeb9a6250d14d9458 SHA1: e04b9cc408e538294d9d30cf45be358aa2b3b894 SHA256: c000af7a258ce995fa8fff0722afae05706e3e351a10df31fef09830f26da7a1 SSDeep: 192:05JGKOpFjaMAO1zidXtdIPHyRTJoV9/Yni+M6Bd1o21Fj2+1ZsHmgoYwO:05Nsm/scX8PHwCwni+M6Lv3j2qsPv ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml	MD5: 8d3c6bec401820362ba5c1c5bbf59e06 SHA1: 6ca8f76d23502b252e09cc8e55d0d2fdf4ae6a29 SHA256: 307112f1901d0b8b28550b6c8c5f18d8d95add4fc49eb16244ce2a4db7e7ca32 SSDeep: 96:lPipscSk3IyNB8V4Vc/E2quFZcacWaDNIj/e8Y1Tc1UCNLaFZfQpeEFfX9HWswl:InSzyfG22XWaQ18Y12UaawpeEFfX8sk ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml	MD5: d08ce858e276e87ec0f0e6b885d38fcc SHA1: 6f2b170dab0cc90153bbe0b7fea4baaedc975841 SHA256: 8abe8493b73dfac09178d00b0cf4fa237f5f8ce8141081ffd711374996b16d03 SSDeep: 384:t4clgKcl0yK1gOWk7Ev2ScoqvvyH8sDfYKnAlm7fLsOu8G0B0NWi3zfDBrUY:tZgKclXK1xEvI9iHLf5NlfG0BSr3zNIY ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml	MD5: 45518e8e5f9545307287eb193d1a1968 SHA1: 69e159f702e08a069491be0ca446cec2a673c633 SHA256: 2d78c7c353b3451378928dbd5a1b9aac57ae255fbcb012371df5d2a5ee9ba893 SSDeep: 768:MgwVr8GSovslozc5P0USBiYMz7iatLz4t370Qi:C/S/6EBL60B ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml	MD5: 5a078e0b909860686a5212780e8588d4 SHA1: cb2f68074a200530edf3434f0192c4b2306e9dac SHA256: d06dbb9fdd410330c8ed8fc9139143c3ee65a36c61cb6a725ac3a0f9815b09ff SSDeep: 6144:OOX71YNmMJTOQz+uGhbqRb9Z2CrfLx+fJPqrHfe7pRJGYK+N9uPsvWHW:PaEaO+9GAnZ3+fJyrm7pGYK+NWW ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	MD5: 4aaa06dd2fa80179f62fcbda790dec79 SHA1: cbe5a3f8b00f1e7c37a7f7c609fffc056dd627f0 SHA256: 372b5cf3552b66d29693cc2d56de51f5e4cc683f22d180a11cc640a4f9e07d9b SSDeep: 768:hm5xe5fCg9Hn5PWq7pRLo/yik/4177sCg5mIypYE/kTy1aVZSo:hm5oUYHn7RLoIC79lIypYE/uyuz ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\$GetCurrent\SafeOS\GetCurrentRollback.ini	MD5: 956b7a62289750664da60ced2ddc8c23 SHA1: 26918d52080c9622836097bcabba1aaaededfe8a SHA256: 22c3584a299bb659d6d578a2fbb38007d97bab552b19152cfb4700024ca5745f SSDeep: 12:uKwQcg84CQmYJRMsOuF+KL3e/8Zt+tjatgmi9pSfR9bPCRVZxdQnfvqpJ:umcg8kmsOeDGSi9pSfjoxQi/ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd	MD5: 3795402a0f49f6d22c5806abc401e4ab SHA1: b771cc6322417c9b494b230283f1fa1295716b47 SHA256: 1489b5941f4cae373442c66b306284649d9d3475b6e467d0ccde4fb0ed6b2786 SSDeep: 24:2psl9pse2ffOihKzF+Hdz92GN46DhPO79V2:9pXEhQUHdz92B6Dgc ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\$GetCurrent\SafeOS\preoobe.cmd	MD5: ff52438fa258c4e421839dcc8a8c4aa3 SHA1: bd4a7dec361f4163a4181c93dee9acbc6b093703 SHA256: b1f95198707cc9c477b0d3de4f255028e120b87a5370dd5cb34d2d4c6eb76976 SSDeep: 12:18IqRcK5uv344b+cIF5AUVElpLBA7Chg3thWrtAuf320CdXt:mfRcK5G4bcIF5pY9BAOh8SAjX ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1025\LocalizedData.xml	MD5: 1142d4c4b4a80c32b0e41e07ba5f24d3 SHA1: e49ca49ca143af3a21a9521b59355acc89d476e7 SHA256: 0c64a905d92efea31efbb61dcbb4d3c947d6fbae04363e041abefaa2de4f6d83 SSDeep: 1536:3dokcYQjvtWgxsvX8jS7HDLF+C53og9h6kl0knrk7eu7LDA+C:3GNPWgxsv9jLRXskNnY7dC ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1025\eula.rtf	MD5: 893f4fd4f59edea40c354ab522590251 SHA1: e942df574282ba37d35b577b1f7748e7f66f8b37 SHA256: 529b1d210dca3ff8ddbea2fc688681f8d55d6c0f06193bc8b76a19d896aca076 SSDeep: 192:6kUmGWEyhMHVsMZps3eYwwi0IPn3TiaGSVC6:6PyQWh3epwi0IPn3TiaJVC6 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1028\eula.rtf	MD5: aa13064ee5615f79bdb4275a3442add9 SHA1: 5ff4018fcf9258974460fcce4e2808a6c1dc57bb SHA256: b5aa367431dfc020e738cc82eca50615086bdda997f0fcb070a1f2a600e6e3a7 SSDeep: 192:ppmk/ISdZSxygL0Dhbjc1ZYk+zQjjtD75AJFDO:ppm5QWt0DpcnYk+8fmS ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1029\LocalizedData.xml	MD5: 8fbc46a19c2993e4f62ce39c7ea0c54a SHA1: be5edd1d6f79fc31794dd61b90e7deb5343af33c SHA256: b8ccb64aa2ddf16102f61c24a01c7cd31b739b3f8e1aa28a25160436e00f5f4e SSDeep: 1536:Yd2DSi08+y1BfH8yXQUPUXb4M4Oe4v3ALTCHcjSGD2rogFBzw0IM1biEs:Yd2f08xBfH8o1oMF1cOA2D2MsJIMkEs ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1030\eula.rtf	MD5: 097ea9e388aaebc654c378210ba9e7b5 SHA1: 86227e796f952cd49869cf7112b83342b3d1e96f SHA256: fef636d5ba42f7d5f990bb2a203688748962ad52c2196b50d28a512cc9629b1c SSDeep: 96:fXu2rxZf3cNsm0tIfc/JJ3da5bFg3s+5uSh+l0VdVir6p9:fXu2rX/cg2fcjc55gR5uS9dpp9 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1031\eula.rtf	MD5: 81296ff372fd2aed7503144b22e6433f SHA1: 4d682b161ceecc1fb5f8f89dea63f08923174063 SHA256: 8be7a70549511aa412125898e4bfed4409349572df52337f5ce9c7c10acab8a6 SSDeep: 96:cjfZkJyzOFpfcF0Bj4A/7iMVfWb2c94i/WC:cjhQyaUF0Bj7zVWb2c94lC ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1036\LocalizedData.xml	MD5: e0773d3983da5fa8454eaa28d28f207f SHA1: 3f007a8678267086cdd5522afc2ebed5781db05e SHA256: 9840f773e3ac22d149f2ad987e204e1236291ccc229cd4d9ae58a7e845a6790d SSDeep: 1536:C5FKT8kFXGhoXExrgdnfK93CqVNlW2lh1VZIeEg/zp1R/sRvdYvOGU5EnlE0Autl:CWHF2aXExryy6EGd6zp1ts9dYmGUKluw ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1037\eula.rtf	MD5: e8585ecab219f2fcd65c49f20af5ad04 SHA1: 46b1696e4540e11f138aa9ffe817a2559d78b440 SHA256: a49bcc3832297b7ca4e7e67ac96ef648763eab83a573bd06c744cde1e2fc7911 SSDeep: 192:NUc3HVngFKSh4gijN3vtqShue2KYI0rOKuQDX1QfDbgd3LQhqsg+0:rjSjijVkST2zI0rxuQDFgDE9LZsgF ImpHash: -	Access, Create, Delete, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1038\eula.rtf	MD5: 0bb541c6b789014f6efa198126b18b27 SHA1: b90400ca6877d472f3f5329a166ef0641fbeea3b SHA256: 0feef0858440eb2853cab4553fabe0f641244600787a78172065df01c8489ab9 SSDeep: 96:wInkSTCZgFhDMARk68kf+fGQ1yRP2829sc4wT9oya+cj1xqUGo3UFIAp40J:1/uZWDMAy68h+LPPc4wBopcUp+IAp4C ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1041\eula.rtf	MD5: fb51e60a236cbaa231c2fbc9eb2ec241 SHA1: 0beda32bfbd0af87428d11baca9955eb4dffbe0c SHA256: 05e98e48fe5f4ad140cf5a61888f609658409f29d26d2cf27e84d1d13cb19012 SSDeep: 192:CWvAFnmTy+EF363hGMfes0QYVWPPue4ZpVp4rlwIRo2hf:CWsky+Eg3QbQYVQx4Jsl5S2hf ImpHash: -	Access, Create, Delete, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1042\LocalizedData.xml	MD5: 5cecca0374d5af90b3f703b51e0f4086 SHA1: 4376f3b920be5dcae2a12b0b968c9f4f79ab0484 SHA256: c70ec4dcc0a85167b0ff06d05645431b5f8a1b6450397402e6bee0d0d2e9359b SSDeep: 1536:t104YWhQRYX3p9jyeG7quEdOiGq+mrkaUVDIndGcH+/+lYSgN0espnTg4:tO4NhRX3LyeduEd7GyrjUhIY+OYwNWpn ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1042\eula.rtf	MD5: 89c5f469825f862972e24bbac6d53723 SHA1: 1743f9291c1273b85a8ad5c7ba56987f8e119401 SHA256: ecc428f1b27ea83a1cb4e2ddf13a2ac643560dc204c508878d324f3f851c32fe SSDeep: 384:4NhfhjJc0Rbum/qNEBoO+GL7xvfsO/0Ep:yvDbF7GO+UeO/0Ep ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1044\LocalizedData.xml	MD5: ad05f38252314fbea3f76421a29f2e5e SHA1: 031b482b54abedf04e25287ad47ecb11d7cb0c29 SHA256: 8a0b35923b4b343c5c8c6b15532948de313b87d145f5797210d4034d66d6f73c SSDeep: 1536:+bI2+dZiR3XtCOSvp8dx2LD86rsfj54kD+OL1EDV7QJJ2CobRohXXvK11DQ:KP+dZiR3dSvp3nMt46LL1q7QJUCo+FXZ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\1045\LocalizedData.xml	MD5: 4690fc0642a26f37ff4ed879be2fe747 SHA1: 0f781db7f2a3d6d4253f175d408f7e7ee5b882ca SHA256: 4d336ddaeac9003f40093cdadf98f89825b35e9380591ab4ed8b145acd825514 SSDeep: 1536:MNSbtG37SyODGdTMR7YaWiAEE1M6RWcXdaZqMi+HKTTYp/voSDA2xcyP1ObXEX:ntc7rOVtQEEyCacb+HJjyywb0X ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\1055\LocalizedData.xml	MD5: 0d7c7ddca13efb150fb45dc941db79b4 SHA1: f2c4122ef226cca229764b3aa828d1f32779fc06 SHA256: 5f8175828b41429822a933b4f10197d42ee713378aeb87ef0385fbb22b73f1a9 SSDeep: 1536:Ta41b/fLtKCZoS+2hMIif3oVcmOnq+odd2MmPW2m6bVShqDSN8f+Zpfj3t:TBbHpo8ifY6rqVdEMr7cgZprd ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\2052\eula.rtf	MD5: d825b25a49fdd91c334721fc752f6c85 SHA1: 9df8591eb4d2cc765bf961f1ce0e55af03b967fc SHA256: 821e2f7c556bae5a7433a824139818dc1cc3531a0285e0d30f632581ad712112 SSDeep: 192:ePfxqtjZOwHD5E1Jvk5X+V6DOM+In+KniK4K8:eBqt1OwHD54Jvk5uqn+K/b8 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\2070\eula.rtf	MD5: 276d58d2fc12f4994a9d88eb9005af1d SHA1: 2badf51ee6d0419d2d4a34eaaf72c05ed21c5e3c SHA256: 0e0a8f23ff139573e0051916da58f1780e4a54550650a0b02f46dcf85611ed6f SSDeep: 96:G3uzj16JwVBy+a+gvt/KH7GDOXnMBVmie3FnwGv4/Le6qWZl105w:euzwJwVUV7jgMBIiiwGQ/S6n65w ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\3076\eula.rtf	MD5: fc947e985960a751da9ce27caa2b2bc5 SHA1: 7cc213ff138a09dceedfba20800daa9bd1be7ec4 SHA256: bc275479dbecff011d298e25b88076a9155101c4be876423e864765e31294a65 SSDeep: 192:PMy4me16+UHx99De7itNRhpwZ+ncpR4gPl/yOPqHEru:P2zURLeWtNRhI+ccgPl/yOPqEu ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\Client\Parameterinfo.xml	MD5: bc017cff83a4d06420db2c1f56a157c8 SHA1: dc661db3a3b3ecd3686e68db8afad4d104842d04 SHA256: 86b1a2a62d9135af5f3e5b38436b8e635c0339b4bc71c82144109dbbdb0b2f73 SSDeep: 3072:YO98KI7wNn/MxMBRNTpA/SpHL4AwTJviWUnA5fvdQxu66E6vJsAQm3LTnD8:F9xPNnExYprUVKWU4Ck6uP3/o ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\Client\UiInfo.xml	MD5: d475a860e5988158ba08a53a0972c120 SHA1: c348a7b7e59674b896a219a7f266dec1dbce7167 SHA256: 67fa24ce6ceda68577ac207ca00c3ec6c5ed37718b33a21c7015045955390995 SSDeep: 768:mbBVLeLSdaN/h8GgESbJmpASsCNf8HpLMa4k/4Jzzim16Ji69PHVhLBjTXzu:CBtguM/VgtV4UHFMvi4hzimwl9f3Du ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\Extended\UiInfo.xml	MD5: 0ee66c502369d71d5365a678c149755b SHA1: 53a73eb6e99d1ca2bcaa68f308a96441077ff1cc SHA256: 2e7f7c0fc8898d6cd7ba3adb7703606b4c4fd217c0e8d06e42fb73893a68647f SSDeep: 768:9roLDzJlypNd/q9ejNipeGQQgx/jNZKdqRMyIPWgFsXMw7w3AsjAUVK4pLY+kgYR:9MLDdUqjpefCdq+O8Isrr4GY+HQ7 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\Graphics\Rotate2.ico	MD5: fcc3843629b17afa2b105d82b59871c9 SHA1: 7c5a1416089b3cc6a81c7db5e267c879bb9802f3 SHA256: 7b959abc21fca4d4f3b3ce4c79d902a10382c99e87e09a48c7a2690117b97d1b SSDeep: 24:M/NqbU4uqFYDuXWIE7QmFvH8LfFc34iR488EtKw34pZYiVjdaoeEgpaVzXT3:M/NaZu+YW+7Qy/8L9coii88e34nnVjdf ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\Graphics\Rotate5.ico	MD5: 19a0c900d50faa3b0bd4ec7a4b00adb2 SHA1: becb9e1aab94d205e6c18253f48258f2c39b7e9d SHA256: 7dc18a9743194bf5dac9addab66f464034f0c08c10aad8ac11c3b2e780ea06d7 SSDeep: 24:G4DvysoF5tTfbYbW/cpWsPEWyQy184//2j7wyIvKGayp55t960apcLM:G4+sAB6WUYTWyr84/sEyIvKVyp5/apcQ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\Graphics\warn.ico	MD5: ff367c53f15d111a4e6be186183a7954 SHA1: ca2cf9c476371ee762e0d3ce5b73669ea978b25a SHA256: 7e21182090330668b5897b25722efbe267e32aebde41e6028f28640207dd5294 SSDeep: 192:7XCtY7yhTU6/hhZ7FEbpUyREWaZemWEmOBXMAqyxrCKSaamj93P5jR:7XWhTU2h7y1UyWr8mW2/xroaaknjR ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\SetupUi.xsd	MD5: 75a7f06e9a9d8c1a4aa4a93399284e0a SHA1: befc501cb85af65ffa6e03c3a0e01a913bd1b7de SHA256: e3f8ab576c4fb2398f64819c46b242abcfd9c0012d47ca5a2db5dd9886d0bc87 SSDeep: 768:nEGBU+/IQ0l9DZwLnFRscenMD+D+KqLtyc6ZKdGbV:nFa+/IHbZwLnFRsPMD+vc622V ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\UiInfo.xml	MD5: 71e82d67a5e59be26507f5552135cf6b SHA1: 4c6ca48e942d7200225b038e8e40f87fb3f40d4c SHA256: 75a117ae29af3c451b2d5106dc2bd0b99ab3da314eccf4548488a795209e77a0 SSDeep: 768:WmcDYa5XMsJCyyF4adeoI8EylOQYVPjvtRMHr1jTkXMS3Gbb+v3IsXDG6ah/Xu5O:W3/58s2F4CIUlOZVPjvzeRkI2/XDG6at ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu	MD5: e1cdab47919f16bd88a0477615023a9f SHA1: 12bbf3991beefdebd8690800da6a62ffaa75f1c9 SHA256: 8fdcee06a95b95dd622c30bf9aa1f14bd06ffed0689681e4aa7d38b55db6f623 SSDeep: 49152:hkj+6Gyh0t0L+EppIfifvCvcwAK/hGqSHXcyHIbmEL+:hAENfifvCUwpG3HXcvT+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu	MD5: 625fdfb6f6f8d2ceb465a5d24455cf53 SHA1: a6ff48f577e294c0853cd0fbf47825f7e9389f41 SHA256: 5d0661f62171b08e0913917a6f9dd3c3a066c513de552cdc492bec6a476b7d74 SSDeep: 98304:FdPXmaiSV0ogj0OSfHp6/RFRTt0PHhNcaIQME9NpEGtxuNP5DM:FduaiSVjxOSfHp65Fxt0BqEFBOP5DM ImpHash: -	Access, Delete, Read, Write	Modified File	Not Queried
C:\588bce7c90097ed212\netfx_Extended_x64.msi	MD5: 82c4d81e83a3c12d1759cb7be15a65a0 SHA1: 3f863c1531c7563f0f858516cefc3ab786996820 SHA256: 81ecb3d802df594d1596c0b885e616c830f16d2924d49aaac8cf6ba21a034e28 SSDeep: 24576:x3RcF+6EkN5WT2M9+7BlnoZMR4CnPpHPjTtIiL3+/oh6:x3WMkbU2M9m4CPtt36ok ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\588bce7c90097ed212\watermark.bmp	MD5: c81469e0650287b622e43be543c78694 SHA1: e2c14e06c6ff508e61da627f3b5ff64de2714741 SHA256: 181b772de7f1566b45502af2fed9da65bccd44741dd1a1c9c0e0fa2e4ea14af7 SSDeep: 3072:SoT0xtueD58pRKEgpxEJU7P4il6dZIW2eB7Tf7/EGzTx:Stx7DGRMzH56dZIWB7j7/bTx ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\BOOTNXT	MD5: 3f9893278da73db6ef0641b54e29c008 SHA1: 5661a28c7a0a3bc6d7427fb6fbd15816f837c7b1 SHA256: bdea62f6dad99fd2036dfcdf803bd7154bff4badc7460d195f0f764c8aadccaf SSDeep: 12:5+qTGCjhkM2t16IkrI4q+P81Idhnkm+5tGYhwcAEv9OqGE1r0PFtiG7u:gAykT2Iwf5tFhDAgp1r0m ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Key Management Service.evtx	MD5: d7245bac0daddbbffcdc736d7d9168ef SHA1: 9a3ab36b54386a3727659776ce675d648dc5d7e6 SHA256: cb35110cc06835aca2b5a634bc7849fa26a7f34372fc1faabd494b074d57611f SSDeep: 1536:TcFyvqTxiR4Doy1y58Roq0BUXGX0zmG/py6KN9X2BU0TocP:TvWiR4D8Oqqw0z//pzKzmBU0tP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	MD5: b390f4f5dfe091068eb607e6af96b50f SHA1: 3bffe573d5355668c3f896a1b43dc81eb433c99b SHA256: 95f00e2fcadf5db68b1f135a6d0b0c50798b4a492ea679bfefd876c0551873cc SSDeep: 1536:A6szc0X5cih7gsnKei6HjGLOOA0Zmrvei8nRfc84S1Sv+iXv:A68nX5ca8sKsfZ0ZTM84r+iXv ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx	MD5: 762e7bba5a061f0f5529050844377f14 SHA1: 4f0c6597a9e3a906f50617d3ce9537bd7bcecdbf SHA256: 841751ba226e2017bf6562a4f72cdc20355d05f8d022ded5543cc17e60f1e965 SSDeep: 1536:J4RpuPlxlNIe6QV6A7/VevulIFzD5lpq5ZvvLSrMtz5:kgxNd6A7/IvulIxNlpq5ZnWr+ ImpHash: -	Access, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx	MD5: bf1f6010ac04741e6b003ae14059f148 SHA1: 5ce3459209cdb85203b22b571047aefe47900128 SHA256: 2a7d05b96ecf7a6a4e528dce5b3923bdfaed2dcc7871c3f2f1dde80078228903 SSDeep: 1536:vV2EUP36E8y5nUCVcOrIi+zs8M9vuOVFzC33fUzM:vV27zj5n3csIi+jMlDHCnfUzM ImpHash: -	Access, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx	MD5: 22dfa0656559da357856452f5199f5b5 SHA1: 16a95fe1ce26debaba94152ae0d88dad1a4b4d3e SHA256: 22bb100beebafac0c963000d5df93a52d95e964924c93da9541053e2503ab565 SSDeep: 1536:uIknAsRyz51L3rtIo5KZ4lhbZU7mFsDd0GZIK9xOjVE:BkAsRELL3rtTo0imFRGZH4pE ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx	MD5: 025022dc3d95631f4c2e137b1c9f7ff8 SHA1: 6a35987f9a49cb96a0d7cad02e08366e174dfad2 SHA256: ee25f91ecbc8968cf20ec69fa5bf481097c7f40d396b41b17cdd0e9ea125d2f3 SSDeep: 49152:k7QY9is4H1pkIUNF3Sn1NratCKxRYkbURiFaHI83z7H/Po:k7QFsUbaFbgKDYkbURiFwI8D7Ho ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx	MD5: ad6b2c5cbbaa8d62e21f600b8ae69c4b SHA1: deb12c7e47c6fd994729228aabf1f321e5f2e7bc SHA256: d00e6e62f0854098af2e34aee190446c32c52b7b31fd824a46950926809e8a32 SSDeep: 1536:7+BeZnYMNPnnk4MPVJSYJ9R+eN3Fzo4bJUcRgPQmvmK6XCr0+T6peK38dqR8:7XZ1hnBMP2q+S3FQksQmOnM6peaF8 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx	MD5: be2ac89204f15afe276bcd7f94c90bc7 SHA1: e509f3f94be801499c7ee13c36050f015000cbd8 SHA256: 05b874c6bf24230e2e42926dbeb49eab7424aa1f18fcb149d95e19756910c7cf SSDeep: 24576:IrvDUUsH69nbl5ZdGgFCStzGroZPrlx69Aa7v4SKDHrQVWS+:IjDjscp5ugFHtz/lU9AkgnfYWS+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx	MD5: 6ac6fcb17d7e450d2d28591e3cb184ee SHA1: 846222b626c2fe25b0e594f83156b10865b209a9 SHA256: c0f46093a620abbf0f9badf944bf5f0e9a9e6e87622b7e20c82b83f852d5cb7d SSDeep: 1536:aqJSaq64XB/Y9pZbWqvtUnkazlj3Ttew4eGWGOHW:z0tlY5WcIZjBew+xV ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx	MD5: a40abfc9c9f30a82ab93cdb9981e15b3 SHA1: b03e5320d118f1cfeaf9a69cab397b7e37bcf467 SHA256: 4951d7faa35136a189e864fb3b97bc39b1b1cbcf7332a9c78f53b7fdff0cc161 SSDeep: 1536:2lUSi0TRkeJ1llQp+mgs4r0lHn+idnt/m40JZkBwuvTQnL4Qv1:3SbTRNllJmZhJ5vwJyB9ALBv1 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx	MD5: 3dbd1fa7a7adc0e3b09ac6a6966e94f8 SHA1: 29d5eda45af91a265f29186b8a4a9817a1949d6c SHA256: b2dea797f54de05ef992d80c62838fa62a55cc7ddb0bc8871ebf323641420c25 SSDeep: 1536:3sm5f6aE/s6htges7v4wefDz+/8fRZ7DbP1a9eia:33XSs0t8L4tm037lEDa ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx	MD5: 4d1140a38e4de491984ea38d9af7453e SHA1: f67003a99fca279180d73f0102cd8a507e390c1a SHA256: 358beb07fc99f5b331b605eafdaf6f30113585abaf3159fce6ee566d24426d6a SSDeep: 1536:VfSE4Q+FUh3lsNl1dDgAHeEZo4ZkQYRwTnNQXtHqcT:VfSEPFcdDgAHeEuhQYANKqcT ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx	MD5: 4a4e952505e9a2e08ef6a4e9a5e27484 SHA1: 6077210a00389b8fc98f2655c4350fc1c7bc8d5d SHA256: 666949dd735d9601db95689b8c77065ad4fb3b43fc12b026b67f309978f01543 SSDeep: 1536:hcoa5sjhXsR0mjsBXOggVEJ/pFhn2c4sL7qlw:hcoIslXafj8sVghFF4syw ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx	MD5: f4c5c50ed838f4e4cb0439248a370977 SHA1: 940020bf397f2d5543465ab64716b734eef9911e SHA256: fb691b5f8e4ed62894980ea736da4da449717bda8f2216259706bbf3c4f92831 SSDeep: 24576:g1SLJcNhJZIFv6xoT7LAoojpTXZEAaXeaLt5oy0oaZgu4ChF57uLUjMt4xz2T5W:uSLJ6hJ9S7LAoojpr2eaLtCy/cVhF8L+ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx	MD5: a7be058738b5fa37c2a2ddca22ac6ce0 SHA1: 26e9df9c5c0229e8628018420dc439985acf26bc SHA256: 188068569b1cc3e679e08fc750ef9103ab238b768d17f1fa940df2f0b7ecd5e0 SSDeep: 1536:9U4hCQuSQzQ1LfvkQuZckwCaUBHJ2T6l91M:Fhum1zvNcckwCBRlg ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx	MD5: b4e6b9aec53ab8248780b47d17317ab0 SHA1: 6909444a8dfc2d55813ab6fd8e6a157456ae53f8 SHA256: 4bcb8369a37d48fd7ca4a03043139953079a913ab8e8192a37081230471d2fc6 SSDeep: 1536:ART/0UHumVcAQotrjtdV75H/ihVzwnD5/Zd:AR0UOmVI2r/V716hVsn1z ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx	MD5: e3595d51b0db8052792d4f3606b8b94e SHA1: b6df478f406767ba7883f31127b05107adcc72ad SHA256: ad227032017f2f1f705581c07debe412322b686ac11fe13f9bed82e06378d154 SSDeep: 1536:kotiwX0V0to+vhy/D7+F39TeMiYKnoe6IRtk7WWC9eXdOk0VZD:JYKTvYD7+OMAuIHkqWC9G0kmD ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx	MD5: 1c0b912e0992c96195e6231760b8e998 SHA1: 18b9c55b306f450fc144a5100431b50d15f83668 SHA256: 145202f3260bd7f1ee384ef23545a2a4123f58e808ebf6d5b9ba70ed049fd833 SSDeep: 1536:WosaL06qCcjFQy7JNFauv16jQKHl/u4OQdAs7rDJwfIzNRo:6gvchQy7kk168KF/uU7/uoRo ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx	MD5: 181e74dc0a218552d5ffe647eeedc1b4 SHA1: 8dd8c9e7ec64301982ba44ae695d66b61553c7f6 SHA256: 6301aa7f6ecf4478dccb8e09d0513a8d4e834054581104013f480b7259277d92 SSDeep: 1536:G2yuXiUdYcgRJYY1XUcCkZG+yi0RZqWCd7CSgJum4bLK:G2yuYNRJxl9Co0yWSiJuR6 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx	MD5: 72fe079f723fedadb72ecee34e4d612b SHA1: 4c91ae5bd7e9d029769785ab21af29e1efcb809b SHA256: 38092f47764c18cb5f8ce8bca7a47ef27e5867f70451cc6fab438da7aceb83bc SSDeep: 1536:7L8YnWUCsqRxNGfq6y72MXsiDzfdv5cnxuPQX61OuaZN4+Rorjz:7Q6WUexNqhy1XsiHcxuPQX6CZN4QSjz ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx	MD5: 4808dbaf72b7adc82cfd760d1a63ba2e SHA1: ccfa5238847f9a59e1e5ee2e700585eff9fc3376 SHA256: 734e4e774bbccad8951ba35d66134985a9a9722c7f981c8b265f702c7dde1e86 SSDeep: 1536:7ZoSW3QhlG22qUxpVnGbii7TMl+Z76KrOcj+nv9:hW36lG2O8MMZ7LrI9 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx	MD5: b9bf074839191ed5633efbf60c8c55e9 SHA1: 5f83b5cd2f517c4561748bdb2d33c4046b2ca963 SHA256: 909481f5812d1e14c7a723e1768508cae31d3e63855f744f68fe05cf368416c2 SSDeep: 1536:KboHYk9oNLRMblQwNRZhKXm6MNjFRABOGj6AXzu6V+pPjnAOungUir0:KboHYkuFRMFRZhKXJMNxRAQGjTzu6Iu1 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Store%4Operational.evtx	MD5: c1d08c1c979d2fbc922109e45b1ef7a0 SHA1: ceffa4b98db00d87239d44afea4e75013fc24958 SHA256: d57a7456d22877e938cab7540990802c8e9e92ea746eb003e907010bdbfaa58b SSDeep: 1536:dw4X4xFCZON1ia3SVxzWQcjj9qh6ZXeXYj6chykWfkM0YV:dw4XIQObhSVxLcjj9V7j3qktm ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx	MD5: 6688a0831ad7e97682cc2abad57b68b0 SHA1: 47e9bf4964b7cc18cdff496f8c5fd24c68f9b332 SHA256: 5d4ed5e8f3d1a0c18b037d332677af760a004dd407a8aed9f1c4c97515f45830 SSDeep: 1536:6BwbKIuzQkBN+0B9XpR7AqMel3slTya8fmRlsZMp8S:6BwAha0B9ZR7AqMeqMaBsZs ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx	MD5: 8887db6587a6474541c9ef6633f8fd8f SHA1: 13ccb6568d6bd4cde28f17e00559df8a4059f49e SHA256: e1ee06ace4ae5d2a984afb11d4abde5933d7147c672b4299753e5c5be447b8c3 SSDeep: 1536:wuMFPg+OYuLW5+kgiSgRJD6WT3ntVmgybvK6LPXYGOW6ZdAnnfOZvNq:wRg+1u7gRVdnugybvKowW6vanf+q ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx	MD5: 686774d0191ac6808be6db1b56f718a8 SHA1: 5b6481bf7f35c535024d533592b2dcc14c912da7 SHA256: b7808b1a95d4d65d84c4d51ba5cc51e86e617cdcbde7e3ef9742ca472cd40ec8 SSDeep: 1536:P0SJ9IGVWv+oJY7trTdVtwQpsenW+bcHv7YgmpL:MJGMWoJ+GAs6YkvZ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx	MD5: 38429137066c724491c188f4ecd59013 SHA1: e6cd596b254d9975c688c90809eb1e54a985bd9d SHA256: 071ebca8c77fb940631a290c57b45e034b9d24d78ae830c57fa9b304df050d78 SSDeep: 1536:Nghz7YlmZ5m1TJtJxCBhHml0bottGFF/5DrODZiZ42y:NOz7kmZE1TJbxEbnRaT2y ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx	MD5: 697980a3bfd257c13a3dfe60882155bc SHA1: 16e532c5e731cdf623086082a9cebb12a35c251a SHA256: c38d0dfbdad022780278bb5e8f6e430e9926043f77385751ae75b6a2d1adecf5 SSDeep: 24576:aRERc8zQTS5PkRum2HR5wEC7uiNySnRRmULG4T9WDcvBtrpy8Y:a6zzqhRFERmECai39LGe9dBLy8Y ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx	MD5: 64844eb6315731cfc4ee698d5a449b77 SHA1: d9443d288caee4316c7ceacb17efd2b27de48840 SHA256: 5f0979bf648c84084f5d670552be60981b1c8ac4a5a118f285278755a1cbf954 SSDeep: 1536:YOdIYMcOXPDAdEVxwZMIB17tsjpZNAE9lpr4GOx8:YOGfKEz5AyNAYSNG ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\Logs\Security.evtx	MD5: a847dba81aea70c8defff822461d1bd9 SHA1: 5bcb11ffddccd5c521f68bd90849253beee2411f SHA256: ac4d4ee3bc8aace23a43e523d09132a351cbdd62031aff1a673437699e85daf6 SSDeep: 24576:PjvXUEUUmPyaXGsWbdvW/90HysFqK5u0PAxcyQJKRTCCIqe9V2Brz1neGYE:bP5UJzWsWb8uHysBuwAP/1eVE ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml	MD5: ff9d7171c36b728a73f1cdfde0442b01 SHA1: ff48a658454a22e2d39b969e79ac5a3842f8a76d SHA256: 7c992c829660acd27cb913353668c06f4ab65d33c8654359c44010152aa7c26a SSDeep: 384:t09XVHOzrNfZEoVSjxp5nHW6qA1mCDFv85EYgyUP4On7:W9AzXVCTqHCO5Og6 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\s640.hash	MD5: 06c88f1a801371317ef071cecc27fc18 SHA1: 4f7e8cbcfe7cbf353cf3fdd4ba6f1964de6c5889 SHA256: a3a8a361e65b8237b0b7b4a0e285697def550fa2484ab6418fc6c77902a8f09e SSDeep: 12:fuMUG4U7GLKiKM+RAbRSfTsTe9kOqkmQLDB49hIuz/J/MD2y3q2T:fuA4U7i0MSAg3WOUQLDS9hxNkpq ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat	MD5: c815706300e3fe3f5288b0d24fae1366 SHA1: aeddcd4d037f9d0808b57709101a5da853c85cc3 SHA256: b79931f7a2a8dba1b4497a25f950f221ffcd31aeb1f9b73652b165ea21f1666b SSDeep: 98304:4RbnHf2Rz0b3En7WE5iL8P8Rd9/l+Nem53+mF2AicYxtuPScyT:4pHfG0Ana0iL8P879dfmn2b3uPa ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\s641033.hash	MD5: 3e5dc0138dcf1c0df205194627cb0b7f SHA1: 1c3712fb5759471b9b1e06c82f4a9ad1a288bc8b SHA256: ddeef4180c0fdb0c962af7ff47365e20592e30475344dc7f3ac037696ef649fe SSDeep: 12:MzAFVOzh0W+o6SoDT7fIxgialF0YzLtQlecRUdYGENRP2q7S4nbgZORxwc79h4:M8qzhJpWIeNT51Q0cReYxjOqG4nE+wcM ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat	MD5: 039983d8dadacd49a18406e591e0dbe3 SHA1: 0192a0625c7586ddb7bad68c1f71bdd81202be85 SHA256: 9ddbe9304e56e0ff03b3cb24e5113350443722544d60670f549259e92eb18b92 SSDeep: 24576:/1SjtwvelDUQ868YYB9CfYimcJzlD77uD6GGpT:dS+p6wbniZ46GGpT ImpHash: -	Access, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\s640.hash	MD5: ca852e7a9e54dfd20a87feb145aa8e10 SHA1: f70be7a799b444a7b45732d6fd4ee1a6d7dd335d SHA256: 349586b45530172d1089849bd3574da5dec1cc2f566490b99b12e9b883be2c88 SSDeep: 12:klhUSTgm2E3qRB/7cXAbMWX5aPfJIZU1bnwxldl/cBOVbm9:A/0m2Aq/mAM05OfeZURqd9cBOVbm ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml	MD5: 4531279157154c9d065f36e9679575a3 SHA1: 83c4af513545b0ff2fe23a3c64ac8f9d6b99664b SHA256: af08981cd67948e099b9090a68b0ab5cf71ecfb1860ef4a25e14ed0f0af09b86 SSDeep: 384:hmdYaGCJNgwqgDFdK4etUX03dF+TPzsQNgM0aM81EvdmJ/wBrx81:hmoCT9FdWO03SL3V0aiESm ImpHash: -	Access, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\s641033.hash	MD5: a8cce0ebb105dff71eb04241cf351d60 SHA1: f3169b7c52ea8397e7441be55f7ccc6172fe72a4 SHA256: 06ac2242aad1a8a9873eac3d0431d637b6ad6a9eeaaf735d7c0eb33b1fa0f03d SSDeep: 12:MaaTuZxqkoscfxyGAivwyVj4hHWCUCufIabg7WNTvs99wdqKbx2B:UqZN5c85wCL2bgyvuAPS ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash	MD5: 53cbfcb9731425ced93c79a793624bd8 SHA1: bdeb709ff25acde7cd2c2c493219db3b6bd6f60e SHA256: 50689ab67ee6c2b2c56f3202a38a61cdea7239aa01de1c9da112b83bd93cf124 SSDeep: 12:F5mQQOKzaqTRl/rMqkOnEmfq7C/L25WsTGbkz7mu/DyiDFWzQ3vI1a+Jc+6b9eUz:F5mQQOKtTRl/rM0N0msqef/rJ5Q1X2+M ImpHash: -	Access, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml	MD5: 84813bff6c9ed38f92171b3e3cb3c73b SHA1: 301dfb2e48b2607b321fdbe0612cb43d901b6369 SHA256: 119e49b61251445d6f83bd6b24663e86774985658efb03e3bdc07689e3a504cf SSDeep: 48:E2+l33lXLnTcfavX3AabF454iNnAlxK0DX1TUPIC:6Bl8fORyKw8K0DFoPz ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml	MD5: 3c8da3fc51d926335c9235dca237dc37 SHA1: 2f6e26623368c2e02ac2149e22da1637165364c9 SHA256: 6ed07ec6a044e6f9eda53a3c0f1d51bcf0058a68a7eb8f0858197fa006d947fd SSDeep: 98304:HTvc6irWKBzmQ9NvB8PcXJgSdiJSpplsOTPpedG5ajKvyDx8Fa+AbfXUmg+pz/:Tc6aWyz5rpX5ESvlsOFedqRvyD2Fa+69 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml	MD5: 1172f8601f60f66d3a75dded5a9e6e7e SHA1: d144f5de52cc07eeb77a57a4b9b69e7421e8c106 SHA256: c598528b869d34d3e5aa4665041e34fa516a57da8340a0cb3915148cced79306 SSDeep: 384:AMJ5LDvqPFXHTJN7fAly3em5Lhs6SVI3dPwWUGujrmNCfcoCg2Bwax2EC3+:A25YzJZIly3em5y6SiPwWUpnmachgo ImpHash: -	Access, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml	MD5: 4a2018ae976558c6bd3c4aacf49518c6 SHA1: 9760e313e6394ecea94521515aafefbd4bc34efd SHA256: 794ed95da7cd55eccf7c165c2f05a77b62113de9f85cff97486c53a52c276760 SSDeep: 49152:A9McW1orpUdf+0qCjg1m720uKmmcwBiJXmD62p22+:jd7M1mPDY4im9p4 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat	MD5: d38ae2d65fde7e8bf12b3749bdb5741b SHA1: 11afe27ad5ba65f9cbdf94da8a4201736571de4c SHA256: 75fb8d13e996b0a0d51bf4402ab474bb357adbfb4bb1c60795452027235a33c8 SSDeep: 98304:PIKtEfTlCZsoEnwe0xG2wnuqusq7wbWtBGs3xO:/tshQsoEn0xG2wefcbWt5BO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat	MD5: 8202f6cd0c5ee1e369cc47e3a084c487 SHA1: 680daf8cb023f3849819c565e875d60b74032337 SHA256: eb9fba1007026ed14a05f4c5945c8e3e91c5c801dbf473fc2d68bbb0d89f2c65 SSDeep: 24576:x49ZsLRkwhB68lwxuYqCfJ4SoAMm8TyqVWHMhSISwOCbZTn:y7sNnWPlfmSfMuMhNXnVTn ImpHash: -	Access, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml	MD5: 697d1226219e54af98b76dae1f955fa8 SHA1: b12bafae591a8c4990f0a71181fb00cd5e53168c SHA256: 3b6d4963a876064bdcda6f00ceb66f52e359e0784f82d2cfc6fc26d7160c49f7 SSDeep: 384:VLspFJxi3ti/j3O2BznPsxqSZJ4S5pMckFRj0k00:VYpg3tY3TBLPsxzZmckvj0kb ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml	MD5: 5e2894b8789b5d31bbe558af0aaf99d0 SHA1: ec3b3272dea43135578999ef6bb76fa3f2507e9c SHA256: a2f97b03e3a0efbe793d889a4ae85c25ccf380d4750f897016bfa5ed26a0d021 SSDeep: 1536:Z/CdWG4RTOJY40qXmVXfRSjuALSnWgYcCTX7M8C3:ZKdW1K3zO5XAdgYcmX7M8C3 ImpHash: -	Access, Delete, Read, Write	Modified File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml	MD5: 9ce62af06d1065a1fb325723cbf99596 SHA1: 1355919c5b86b138fcddf4fdfbde320470c9f07e SHA256: f8fff9c3c2326f8f62aba9558f3e1c9da2122735b6e3fc200c3d2b066fe93767 SSDeep: 48:3bfmHWmTr0CSC1UGAUlQb5Cs7Tb2Ykyv8dOSei/wbkHiq3z:3bO2IIP/XOe5CSTbtNv8d5YbkH33z ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml	MD5: b48d30dcd879a3f950b29010f44eb0a7 SHA1: 9af9d0f1d7a4e45cc2aca2e95691aa0e2567ec83 SHA256: 0d9e6ca10e6d8cbcb0f15049568ae17ab1d15931b4d053712faee351d815c7bf SSDeep: 48:F23oKw6WcGfD8aRnhqEwqzE2Owr+pANjX++xfB+pQhZoPNNcM131BUk0:F23wcfadc6z9nju+hBd4PJr10 ImpHash: -	Access, Create, Delete, Write	Dropped File	Not Queried
C:\$Recycle.Bin	-	Access		Not Available
C:\$WINRE_BACKUP_PARTITION.MARKER	-	Access		Not Available
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.CONTI	-	Access, Create		Not Available
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.CONTI	-	Access, Create		Not Available
C:\588bce7c90097ed212\netfx_Core.mzz	-	Access, Read, Write		Not Available
C:\588bce7c90097ed212\netfx_Extended.mzz	-	Access, Delete, Read, Write		Not Available
C:\588bce7c90097ed212\netfx_Extended.mzz.CONTI	-	Access, Create		Not Available
C:\Boot	-	Access		Not Available
C:\Documents and Settings\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.CONTI	-	Access, Create		Not Available
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.CONTI	-	Access, Create		Not Available
C:\Program Files	-	Access		Not Available
C:\Program Files (x86)	-	Access		Not Available
C:\ProgramData\Application Data	-	Access		Not Available
C:\ProgramData\Desktop\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Documents\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini	-	Access		Not Available
C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1	-	Access		Not Available
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Crypto\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\DSS\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\Keys\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\PCPKSP\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\RSA\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e8d761b7-8a68-4187-8c95-75a3788ac267	-	Access		Not Available
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Crypto\SystemKeys\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\DRM\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\DRM\Server\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\DataMart\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\DataMart\PaidWiFi\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico	-	Access		Not Available
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml	-	Access		Not Available
C:\ProgramData\Microsoft\DeviceSync\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\AsimovUploader\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-31f8f00f75ee43d4996762625b6917f2-ce77d96f-eec8-4063-a05a-09720f5bbf1b-7138.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\Events_CostDeferred.rbs	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\Events_Normal.rbs	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\Events_NormalCritical.rbs	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\Events_Realtime.rbs	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\LocalTraceStore\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\Sideload\CONTI_README.txt	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\Siufloc\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLandingStage\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_show.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\CONTI_README.txt	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Diagnosis\VortexSchemaRequests.dat	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\osver.txt	-	Access		Not Available
C:\ProgramData\Microsoft\Diagnosis\parse.dat	-	Access		Not Available
C:\ProgramData\Microsoft\Event Viewer\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Event Viewer\Views\ApplicationViewsRootNode\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Event Viewer\Views\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\IdentityCRL\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\IdentityCRL\INT\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\IdentityCRL\production\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\IdentityCRL\production\temp	-	Access		Not Available
C:\ProgramData\Microsoft\MF\Active.GRL	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\MF\Active.GRL.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\MF\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\MF\Pending.GRL	-	Access, Delete, Write		Not Available
C:\ProgramData\Microsoft\MF\Pending.GRL.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\MapData\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\CONTI_README.txt	-	Access, Create, Read, Write		Not Available
C:\ProgramData\Microsoft\NetFramework\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Network\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Network\Connections\CM_old\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Network\Connections\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Network\Connections\Cm\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edb.chk	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edb.chk.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edb.log	-	Access		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db	-	Access		Not Available
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm	-	Access		Not Available
C:\ProgramData\Microsoft\Office\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker	-	Access, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\countrytable.xml	-	Access		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml	-	Access, Delete		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml	-	Access, Delete		Not Available
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\CONTI_README.txt	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\CONTI_README.txt	-	Access, Create, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml	-	Access, Delete, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\1__Power_Controls.provxml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\1__Power_Controls.provxml.CONTI	-	Access, Create		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\CONTI_README.txt	-	Access, Create, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml	-	Access, Delete, Read, Write		Not Available
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.CONTI	-	Access, Create		Not Available
For performance reasons, the remaining 2833 entries are omitted. The remaining entries can be found in ioc_export.txt or ioc_export.json .

Registry (17)

Registry Key Name	Operations
HKEY_CURRENT_USER\Software\Microsoft\Command Processor	Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions	Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar	Access, Read
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions	Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar	Access, Read

Export to TXT Export to JSON

Indicators

Before

After