c94471a7...4b7b

Indicators

File (2756)

Filename	Hash	Operations	Category	Severity
C:\Users\FD1HVy\Desktop\xyhlyb.exe	MD5: 81a9e5efe6579c7a3dc4805cf6673bbf SHA1: 1dda2c001ddebc587b3f4dccc833b46788da4f84 SHA256: c94471a7b64afb625e27c9475a7bcb3ff659fb31052bb51b042e8a14df6a4b7b SSDeep: 12288:nQ06YXH+OeO+OeNhBBhhBBRsQVoqvc2jzbAVTTAPlbPxIMxjHNivhFmFo:nQ06mstfzQAPlbqMxjSm ImpHash: 90cf8aa2cfe36763db62cf676165e193	Access	Sample File	Malicious
\\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log	MD5: 8a4417a3c0c5b20e890cfcb633a03c2e SHA1: f93a85194f71bd0ddc2e242f1bed45acbd8f392e SHA256: 64df132957499dbf7cf2d2b0d9b82003a9c2da98793556214977cea13d7872b9 SSDeep: 12:CXNaO1lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFkelvk7BiFc9y:CXNaO1lJfP7FNaJH6abrj0oVFke1k6sy ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	MD5: ad7be2e0099ced9aa51d2154b6ed0269 SHA1: dcaa11ac2a0946dc0dd49ab7d57dae3ff3a8047f SHA256: 38532126e0c3cd471e19f8b8b43f6bcc3cd3d892822662948218fdca8636eefe SSDeep: 768:8FmPm6+hfn34vLB5nq4MrJmCVir3DZMzFcx4zJQqrICghGOo/OvYk:Lmf3a/nqVJAdMzSqGklR/WL ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini	MD5: f3374359e3ae3c0292a9027eefd39187 SHA1: 144a2d9935c87340397d6dbfa86dd41e8fd366ef SHA256: 205676acbab40fc23f034f3d361a9c67ffcd84e48e5cd51a7635a467a4c9b458 SSDeep: 12:hyMFEtpK0lP5d401K2WkrT4fHZ1lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFke1:4M0phP5W01nWLf51lJfP7FNaJH6abrjz ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini	MD5: 981b4537adaea026743008e96753c5fe SHA1: 6b13b16baea5fc1ae6a1eae1019bfd42f54f80ee SHA256: 6916031d7196d968db02c8ef45caeba2174bebf8e5bc0314d8c34f6f972b0164 SSDeep: 12:oEXOtdjSB0ZATn1lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFkelvk7BiFc9y:oEmGB0ZA71lJfP7FNaJH6abrj0oVFke1 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini	MD5: 87c349ebbd7cf4736287add204b39a52 SHA1: 079af901c562314452221250cf1f0fde39810a2e SHA256: 423afa4ecf296c02b75e86dac1a41ea50e00249bbfead9570895f8e1535892e9 SSDeep: 12:Ok2tuCCnCl1lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFkelvk7BiFc9y:Op1lJfP7FNaJH6abrj0oVFke1k6sy ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\$WINRE_BACKUP_PARTITION.MARKER	MD5: eee936822c84bd32da371bd071932615 SHA1: 671d4d975fe87fc9c88a27e9e398be4176994df7 SHA256: 34a29d140d0fdc831a7442b2b6ffb77c52d734d3ea75cf0c7a491f5f00ddca03 SSDeep: 12:O21lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFkelvk7BiFc9y:N1lJfP7FNaJH6abrj0oVFke1k6sy ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1025\LocalizedData.xml	MD5: 01346473d0d515b6fdf1c553c1abdc34 SHA1: 2f3ad4151517a330476e07fa9f3f3bf0376ead8f SHA256: 9335a0117a4fd0d9f2e0b775a7d2cb38dc5fa8a04ba0f23dbe1f53bf9469c5d2 SSDeep: 1536:N24w/VlXcEMs3va5fQdChbXVR0ac5z1/P3+BlUOeLHHj4PY:NNMbnMs3C5fPR0aM1/2BCDv4PY ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1025\eula.rtf	MD5: f173f66b3e5cbc4be823aff5df75faf6 SHA1: 961905c84347938cbfe14c7bf73988c2eb1636af SHA256: a56eaa185e400878588bd52f3b9f9936b98f1a8f96c9169c826e45aff27ab078 SSDeep: 192:D2HHVwSeI0OhV+k2BBxxm6T1k3zh1kE+s7qJq0k:anKSeZOhV+V3m6T1kTzqdk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1028\LocalizedData.xml	MD5: 5135872efcaf3dcc46047b6367744ee4 SHA1: 00b7a244fdb29bfaaf15e670c37b53a79275dd1a SHA256: 47ff8a17457c6eb297fc8795facadf4e1cee46252196b500088c36f59b785035 SSDeep: 1536:btdqgLZj/SvB+EHu3WG5zLTu5yMb+vFEwJ4a5V3J:FcZHub5zLaRb+vFhd5RJ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1028\eula.rtf	MD5: fc959335cb77753d1c2c58cf48ba96ab SHA1: ab5f9bcf903ee478b97571a9b8692b564477b042 SHA256: 5f2012f030c2929609052cd0f2a1ea9c604e3fae63129a7590527d5780bf4606 SSDeep: 192:aJLC61BWZShpyb/iAwNUGllPe+rp/l2izH0k:wCjZqyb/iAGm+rpt2mUk ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1029\LocalizedData.xml	MD5: 024fe6fd1a344cc03195ac246e72f15a SHA1: d9146d893d2c503569450bed5064a329a90830f7 SHA256: 23c25f1bc37d4bd6142b56c91a5a4d87ba5dd3606e26ccae4908abd5b5f0750c SSDeep: 1536:BJtSvDNikFsWXlhxiJ+Lf5FJRRRCifR0KI1eCemmjFuW1Pqqj6o4mBY:Bzi/rXlh4y7bfRx79Th8qj6JD ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1030\LocalizedData.xml	MD5: 21358d74d3edd0446c621b8c4f4a47d8 SHA1: 45a9cfdd8146e0c151ff8ac52c5e79c453091fce SHA256: 7ce84bd7f7b7de5df18ea81c4de741a35f0b25334fc538cf990c01657b38be38 SSDeep: 1536:iu9rzgmCYH/AxpcRO8Q2ivv9J2h38p4EbecRuCicyjbHuKTHxdOL00iYalK8v:iag9YH+cd4vv2hsp/RuC2j7uKNd400iJ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1030\eula.rtf	MD5: d4ee35c301a02d39bda1d664050098d9 SHA1: 587df13787fec764ef6ac066762dd30e6e616908 SHA256: 6bd1eddd44f3aee06c8fa4e9ceea8d1838083c2673702c96aec45ff23b8e6e02 SSDeep: 96:CJS6UvP23PSBsK2M8pqISoAUGpBtlOJZUty:C8Dvd4SoIpTA0k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1031\LocalizedData.xml	MD5: 84c912f821b27d66629cdcbc3173e82d SHA1: 779782b32e5b859010ddddc99604f81ba34e115f SHA256: 3e4a208ab6fb07500c7a74c8bf9bf71684508c226aa0dfa879f83de6fc586ce0 SSDeep: 1536:T/c52cMqaPRL4xrpwx54Q2N6GVHkytthhrtOzF5NoJCcHO8z+1:TC6Jqrp+5J0VvtV25Nos8z+1 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1032\LocalizedData.xml	MD5: 47e6810afe1670564112799c6add49ba SHA1: e2f70f5c25afb37491106dc2d1bd4e7b642e0c60 SHA256: 6cdefd9f1cb47c801e80dcabde087a69c7637968d9cc9a78820eb92f15508002 SSDeep: 1536:qeVMzPIWD0aRQ5ke5BctvX059Ax4H+/Xrz6hB2N/JXcmSe0RrSJXysiJhx:qeODzh23A4Kv6hgzXcBERZip ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1032\eula.rtf	MD5: a4f0d23af9df62af9a2708dbfd04a4d0 SHA1: b71b0156c05951a88410f92bda48b1247e416912 SHA256: e8237fd28b9cbbaa0f2c0cbe3ecc99138d093b92099d316bd71946f763da0836 SSDeep: 192:HfRVT1G4/v/6EZJhqkVY5GuoJJmyKC7a6Er+epbz8Cn2IoOw0k:HfXT1TiE3NY5QJNT/epbz8egOlk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1033\eula.rtf	MD5: 115f23b5d40e7aba10f9712f186baee9 SHA1: 724684b13dc86e14479ae3062e3abf76c3407843 SHA256: d353fa554c14363c5503d1475224d361418b5666f4d25e627be74002f97e53f5 SSDeep: 96:bjxU8WutBw9dXiUPA0+SEUhvbtM4eLOJZUty:a8Rs9sVAhvbWDi0k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1035\LocalizedData.xml	MD5: 0c5e36819af4c8c515bc22795989dc6b SHA1: 3f201ccccc295dada42b8daf62e5e7ce154733b7 SHA256: 8e473d86b65e878fb98d62c5d90b6c6fc7340af15917326a4a0f9d67d439471f SSDeep: 1536:XxMNWvtU9s+dRZrhueD+xgv9PJdW1P4zeoegDBNsvmTjG7jGP3wmQA6:BMNUeO8LQ0+aJJs1P4z48NslCL6 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1035\eula.rtf	MD5: 343a4f51a3f22e68a7fb3c4b2c84a51c SHA1: be64d1a2fd0ded0fcbcfe5227cc6e51040d129d0 SHA256: efce18c11621bd39b78c73e01d385f882be7c12468dbf0730d967159972d48b3 SSDeep: 96:IHsyvJ5vrlg6vrTEHV6eaqOXba0s1L8XgQliUjT8gcdeJnOJZUty:IHjB5vrlHcQ3Xml8wQliCT8gCeo0k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1036\LocalizedData.xml	MD5: bba36a3e6704486c514b2ecc4d1b3918 SHA1: 5dd9892b7490ccb19d7012ee0b70bea47c4d0784 SHA256: fdfbc0990d5e6eacfb44ccffcb112a027f9e04743b5c44e3696935b100c57cd2 SSDeep: 1536:Np4ocD1FcUGCVaQD/D9olLZALUXyHpN/W0CfZ2izLt1+l18wyYK8vgvyb/p5:NzceW/WdIUc0Z2AHYjIab/p5 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1036\eula.rtf	MD5: 0ddd4f6eeb93ce57dfc8214449df2fe5 SHA1: d4f9d5160a48e2599e88e0bd21d68e4679088332 SHA256: f9f928da80baffefce7286f05c365a7c686b9c6e1ae969ff5bad6742accea467 SSDeep: 96:EnCVgagfSe29MMJ+3KkWdtW2xBdj0ixcMsS10jwePBBOJZUty:UFMs3/W22hFMa0jXO0k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1037\eula.rtf	MD5: a1d255f5955dd6e762c15e49774b8fb8 SHA1: 9aa84d5c810b9e51c59b1de5f38b13c7b6a54464 SHA256: 5293387d30301fc0d227010a05fbfd2e4ed8052d27d878f285ca7456f20b05a5 SSDeep: 96:nNqPG2N63V0GiB9U2QE/bZHKUphNTc5iFFa0OHMJKbhfe+v9OkLqoqYyhNi1OJZX:nkx7Gg2wHKCw0FhMMYjV/JqYk0k ImpHash: -	Access, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1038\LocalizedData.xml	MD5: ea33f6ca387841801039cbc1c49c5eda SHA1: 6ecb1dcd0ea62c741f2043695bae85f1ae960502 SHA256: 0cd5e53bf7a78b27fb0f0789403d6b61ccae684fce9f904e89c75486020dfc3e SSDeep: 1536:PEOpoKmChrwqrEdn8PN/DmkoUSezVL9Dx6A6fOsHFzbhfww8oHefeU7ze3tcSB7s:Py8hrw+Ed8V/DmCSezVLC3xn8o+nSB4 ImpHash: -	Access, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1038\eula.rtf	MD5: 8d4a171e564636f77eac44aa20c79102 SHA1: 4e8b75520a7d069dcd8652e9e6b3cc96c8e26b6f SHA256: c7d79a8e5b85e3c0a7b9c31ed4f1fd189caa7051dc7a9317fa86ff40fcdcfb31 SSDeep: 96:FPPmn9J91EQ55uA6fk1czmUlWCWUFXMfiXKDUf2JftyrV0pSXl9SOJZUty:BPkJ9l5uA6ZlW/OMbUf2JFMkel10k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1040\LocalizedData.xml	MD5: 37ea48749a5c9031f6fe2a6aa82f6eb0 SHA1: d0bf7cec7086819116a568adc9ae5dd52ec72227 SHA256: 1046885169cc0ae0e4988c86fec70ad8cc1d5c78097c7e1afdf82777e68cd176 SSDeep: 1536:khLzKEgE/2rjoINbpn14rUaWxZcTKMu0732NizU5qitbp1f5g:khP4EQr5pn1QU9DDoLzU9t1f5g ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1040\eula.rtf	MD5: a4dacc08da0fb6584634cc36a4e3c6ce SHA1: da4b01dc9e35b0ea1f2a6ea2758932e1969e6b65 SHA256: c48cf640180f7bd8b17545e8b70d57141189855c8b3f08daf911b258d15a4ada SSDeep: 96:jZIPALDrn9Q1cioPsXcYzYjBQmxcGHbNv/yT9TxOJZUty:P/9Q1PoghbGHZnKM0k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1042\LocalizedData.xml	MD5: af996bb81b7cc74616e3b483c47302b7 SHA1: a2fd0cd5b1025e317ab51eec36468520a3754510 SHA256: ea8b893e31014b015de89b5c56d1bfc0e6753bebaa4c882e2d5ccdc3d652a108 SSDeep: 1536:FfZ8Yg5wIfSUq7QutCaIntRlO05mEzEkly6wa+30YYaTxw:FfSwIaUT8Ca9ELLpcVw ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1042\eula.rtf	MD5: 180ebf3a05a4cfad0fa99b920c144fe4 SHA1: 49546fc7a245e0a03f1f52b5946a369b95118084 SHA256: ac203a621c7a94af2e4262766d90a2e24707ea744b10c6cd737b0670fc7477dc SSDeep: 384:z2R9MB64ghxmUYzvdha6fo+6Y/TsAYgMwConsOR7nk:qjMPsQLfa26CGBEBnk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1043\LocalizedData.xml	MD5: 89c1e07cf60b563852cea57e181e178f SHA1: 2fa98c897967c157b266e703985e393ae53ca8b1 SHA256: 1c27e40a3ec87cd9b75190f225d75819d0d684a4036791bfe3007c9b2413d04d SSDeep: 1536:W3WPzSrR+zx+LEw3VzfcCoUFp7a9sXas71f6cQPx8nd1r3UrZAiBlPI:W3Wrz0LE6Vzfcy3bXas7kRunf32PHPI ImpHash: -	Access, Create, Delete	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1043\eula.rtf	MD5: dd7781e75b8b04ace8dfc460536e328b SHA1: 9a639ca8f7f891244cc877e2c227696ae4b6255c SHA256: 01930d9a303927997399723f2d7d6b60f1e7b71c63528039b8952451027ee5b8 SSDeep: 96:WlvCbWbonBz9w0ObVOpbBTCc3mx2eWL7CdkfeBhZCOJZUty:WAbWiDObYbD3i2eW3WkfeBhZD0k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1044\LocalizedData.xml	MD5: bed0b98fa97adf3a5ac446d15ae1e8db SHA1: 0ccb63b2928bd2b9224cd3353464f65d73ae5216 SHA256: af31883d78429c27b787233a63ab7075b3733e609591f9c21871b13576747fd2 SSDeep: 1536:6n1luDox4t0zaifQAfraXAeqAL9k/TxGU5JFbiMcWrrKCPTpYuLdCU/W:6n1luDArzhW9qJJF3rdbLUU/W ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1045\LocalizedData.xml	MD5: 931644918fa118e09b29e3a2858865f4 SHA1: fd9d809de668546afa82300d8bada1556ed2b2b5 SHA256: 42c10abc4800e0195e924135b8dcb0b4b13b9af5d3b246739a962e5a84d6d479 SSDeep: 1536:11NbjK6tNKU5+JqpypY7l0OFPb9Efqxjx/NOQ8ItYcWzX75mk+iD9tH:11NbjbtNK856Y7l0OFPOfqxBNOQ8ItYR ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1045\eula.rtf	MD5: 0ef4865210f7fc91d56eff473cf92f1f SHA1: cb9aa3990fd48169a176be285e3d5acd162e9ce7 SHA256: dde4f79e27f5589aa600b033c94dd7388328e9c7deee7e39268cb290936427dd SSDeep: 96:QIjCxZPAdEu+EjKpAfs9ocxeOMRtNchLlS3No9SOJZUty:hWA+uSb9oLRNcKNUT0k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1046\LocalizedData.xml	MD5: c203904e78e02be7b4d1b982b5b5916b SHA1: d59a0c0bda5959d9428ced602280ea88e03c93eb SHA256: 746f6a84fc78a7f3f5b4e16814fc96c683e96abd679cdb7ff789e4b91350e5fb SSDeep: 1536:4yS6NQMWuZwJdmKGglc8FEWQq2y+aQhYYh4443K3Lw75koNPwFUwbh:1SEWG8dyglcXdaVYoUw75kqiUwbh ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1046\eula.rtf	MD5: fcf47856db3ba49a5a5fe9b3a2bd342d SHA1: 1cc0a0bf651c5df501034153c224a7511b7775b4 SHA256: 9e1a2cf04a680e9e512a4ef6deb3e34eca4ca86a148a4feef10e9cdcf20ca77c SSDeep: 96:lN4f5vLWwTcrotsI8W8NwRe56Lm38OiAzFWBK+Vgm9WwROJZUty:lCTcrcsIsCRe5um38OieYBhysWws0k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1049\LocalizedData.xml	MD5: 6da3ea0c3bbe2e10912b48b548192626 SHA1: ada19bd5c7d623d111394d475cdf5efaaa4e2fc5 SHA256: 210abf34559cd3c59a5aa07af33fbe9361ef449512dc86088534edc001e56464 SSDeep: 1536:+ZUI7SGrEZhQ0xsOrZTnu+dXfc6xlFoQEHvOVlL7f5Gn4hw:qoZe0xsIZK+NdfCTHvOVlBGn/ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\1049\eula.rtf	MD5: f5ae7474159bf282add71801d42928ad SHA1: 29766f33bb4dbde7ec856348b25e51725d1ccab8 SHA256: c6144b627e40c954fb3a2b4d0dd3327be77d17c2a6ebc4fbdf676c9d71993992 SSDeep: 1536:JNQGDYKp7iLTjN/VRWwDlgrW2U1QOYqEGs:/QGXpu3xVRWwDlL1IYs ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1053\LocalizedData.xml	MD5: a3769938e12a34a34e794eac34f5f979 SHA1: 43675c3cac4a460e1d4d1d4377e25008e048308b SHA256: 31cc2138fb69b24224fffb706a0d450cada8f5363a2781ecedf0897e59e7505d SSDeep: 1536:1dOOKcn2ZoWJcUwH7eu+wntkT+BrlaFkHG+zSbPXZFlJHX/21TCFqakep/A7:1cO6PcIlCrlai1IhHX/rAepy ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1053\eula.rtf	MD5: 081e7e4152459526dbc11f5303f162ca SHA1: 7e1281efd8ad3d60cd88078ae7dcaf084e96f6e0 SHA256: a3fe2e6003aec5c1dd2be6a7e159ea515bc989e6eac6b57eb575094cec8baf46 SSDeep: 96:E0gDQRDynX5i+GTGeaPFbyjfYC6LdAKz9HJefxC6BfvflPpgTK9/oOJZUty:E5M546TmYgCGZzVIfx3BfHrgTC10k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1055\LocalizedData.xml	MD5: d65b28f11a0221c5e07ef2e0d0b9e19e SHA1: 5588fbb329ce768b218f0909b1e8570d9709ceec SHA256: 3fc71324feecc920d1b42d48205ab7672753516f749ed5ea5e1e6fd9ef6b7d01 SSDeep: 1536:m7B7nF6Q9nDQrN0vjfpWsGbZZAJMzoNJJOjm03g7qpSollh:Ob4Q9Ur6rpWsGtZAyzoNijm4Sojh ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\1055\eula.rtf	MD5: 44084a1b0ea53b1b3da28e5cf17fa6cb SHA1: 4ccd19be03231877e6565d9acb8d0e8ca9edf268 SHA256: 65d67508e829e9ad4c177fa759d022ea9fe30c6c7f7c6b868079e6fa63db5f99 SSDeep: 96:sYeVjAGT4ocl3Yf1qr7w3oS4XiFjmeuYFOJZUty:sYeZAk4n3Yfg/w3ohXivuYg0k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\2070\LocalizedData.xml	MD5: 49179085cefaeb4ee17adcaf364fb14a SHA1: eb5170c9e8a5a51987ed4452d29819952001dc82 SHA256: 5f7b2c074b4a8b185db8a61ce83d55d23c87640dd6b6708e595981becf5c10d2 SSDeep: 1536:phlnn/Amc9CmB5oBkAc78W32zzB6dRs7U32Elznoob9xSYlVSPkvp:p/nRc9CuoBZcYo2zdwl2ERooUP8p ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\2070\eula.rtf	MD5: 096c2e136ed8c6bc32901fa3b3daacfb SHA1: 574408a871d5b6f8c66243ed75b686188b24e527 SHA256: 0e6701366eb6e8b80e04cb6a5ac715ab0159d8a515d7f9b69b47c43eaf11ab6d SSDeep: 96:y23bZPUPtktScNG02UOy3Lqjagmtxw/hT+RXhMUdqWah1zIFOJZUty:HoPcNaU53/m/h2hRsZ0g0k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\3076\LocalizedData.xml	MD5: ecf564a96f12b154ab60c0b6b5f4aba4 SHA1: f21a2605e2a81a81725c25f0ba360eea3ef59250 SHA256: 5ebec23890157a48ce1e64e8202e7d3017b402555d9ecfd29c01a145b5703afd SSDeep: 1536:Rln2dQzsoCqilfMgfnj65mGZWQUIIifRkvVhdZBgZqUva2zKhY:/nfs0ilkgfn25/ZRjppy4qUi2z1 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\3076\eula.rtf	MD5: 69bf7c2c32bf622cdb8644efed6c7f28 SHA1: 90ef2f4444498598ed01c885232c58bd63bfd5d1 SHA256: 4bb1850703a63c8a5c6bcd6a12011227fca48313b3ab797e8b8bed06fc865035 SSDeep: 192:5w5X7yWyiDlW34Pnhz8/xGl8s99aim5Wp0k:5WOWyixe4P98/ACC9a5Wyk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\3082\LocalizedData.xml	MD5: bc19180cd97a1b4af888bd99722d1818 SHA1: 887211f737ced9e3a0e6f52b08031d2515681191 SHA256: 392971191cf10dddd6a564669356fd11214dd7fa8a3d645941379d4e21ddfc73 SSDeep: 1536:R1ebAgpL2lLOUqM7c2vuNi40lvtKBNnO8OtMir5Xfm7CK68eN1pWf9qijwwMwkZD:R1eMgpyagcMuNixLWnOzfm7lehoqEwbD ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\3082\eula.rtf	MD5: 82bd40a397136ef1a39a38be319ca618 SHA1: 8c4d2457deb1b0cac104803c9acde2e82742ef04 SHA256: b318e2b0d6ff13d1793e320344635843ca628ed5d98d270ef3feb34bd96dc269 SSDeep: 96:ZuZJneVEIlvM0dUBlIETVFdaAuRVkTtlv3xOJZUty:WJnKlk0dUbxJ7MRVUtl00k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml	MD5: f7e933e6ab7439371ec384f7544b7d02 SHA1: ac75ee54a17055a5bcb85f5b352eb09f9ef9a618 SHA256: 0b25ea82a8f16a1ac74ef7c17c52834c0d568adf18833f214035371fe47676c3 SSDeep: 3072:LKPevYCPNUlxH9KPPsfwFnIxTVPopwndPMI6:2jCPUxHhwFIxT6adPe ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Client\UiInfo.xml	MD5: 91f5ca687346d37067dc2489ab52415f SHA1: 22a79b152c2dcf9f6a5bb53ca647fdb1d02eab43 SHA256: 945a7d124fa822ee36827a942d76f937b032baf92152bb2490c793703979b6d6 SSDeep: 768:M9e/9GSCO4pEBKR2Lwd0KaLKDDKc3OI/SkLFZZFAPaZbSa489WjnVbgD3mk:M9e/9ngzR57tSkLFPayZBPupgDB ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\DHtmlHeader.html	MD5: e7fcab2ef8289944725092a7562d86c5 SHA1: c6de183873e6290d709ba6bbacbbfa9a7a08f839 SHA256: 039b1957ad0f99a686e97e597bd5acdc4ddf0f4d783423a85ff568cdde9db467 SSDeep: 384:IxotZYREM4QY5DgruLzTOL1i0DySyuoLLm0nl7qzIwk:zLYREvQOD1HTOL1i0MuoLaSl2hk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\DisplayIcon.ico	MD5: f1d98a84fad348d2f5bdac0b65f712df SHA1: 83c54c3cf9d4496d595816d11b81c61f69864fc7 SHA256: d6e4d5a81b4ae446921096aa15459247f8ca050c103ae7ce8b90a21571e1a7b6 SSDeep: 1536:KGVj5gnOVTRofZrLdfdReT09T2aOCRYEpAoWLO5kMuGaOiRjgLThLK2IZBq6169:KyNgOboBrRlC0dnOCzAobuJjx2IC61i ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml	MD5: e9ea6c791be2f9518c46a40212d8dbce SHA1: dcc4fe2a80efe6da9c215611e422dcd6cc5ec76c SHA256: 10984482afd471c1f30a434b8a84931b551fe7b36875bbfcc2da12672b5a052e SSDeep: 1536:fBB1uigHRf3oWWl/h/jRV7ivWlmHmPOaKQFh/nx397HWfoR0HM9FnEgMf5/+j:fBDubRJW1nYWlmGu4P397HWQ19BP0q ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Extended\UiInfo.xml	MD5: f97c82e18d0541101b4c5f7048914b21 SHA1: a70fd8a659a23e4594c3b520ca94d3719eee7dad SHA256: 7c055fc8c1e5613be5260ca1bccd39ec89d1dd9c41f17ee2b45d340cb5b67145 SSDeep: 768:86TOLslalE7K/9cSLr5HIx2D5cRMjJK+f2HDziH0fb1N9TSoNk:86CLsopDtHG0JJqziH3o6 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Graphics\Print.ico	MD5: 33838d66c5b6d1273dfc4332062ff2fb SHA1: d7c32ad418d9d88d059d1847ec84623be13cf3cc SHA256: 6a52884f314f0a8aa9ba6f91eecafcf27962a44d2bb2794694c72260dd471d61 SSDeep: 24:i9i3eb+/SB4u4+lo7COclr2CMtq1W/Q1lJfP7FNaJH6abrj0oVFke1k6sy:i9iRSB4X+l9JWIfjFMJZXkty ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico	MD5: 3f8841c02b115cff2a226215f2433e80 SHA1: 9ddd749de185723b8de7ad537b3d5aebc1ecb99f SHA256: ebd05e67eca5de9fb167a630f0075e1c857b3dde9c94502c8ead2b1658690141 SSDeep: 24:bgJ9qqfSqVI9W9LOPubM3UKdwTA1uupmL1pFxUq9A9z/khL21lJfP7FNaJH6abrP:bgJIxqVIc9LCKMr2E1k5pd66LGfjFMJ9 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico	MD5: 9c773ba1f91fedbaf9fbb3180a4ec02d SHA1: 946fae3786c20cbad3c9e27e59e62118e51af15c SHA256: 7325809944d94f1ca0dfcb87f9a8bede5243a5df6a3129c8c6a2d93b9732cc51 SSDeep: 24:kX0cszPHYYI6U7m835zY/Dr1aYpIGlo/MvwKXX6/1lJfP7FNaJH6abrj0oVFke1n:kX/szAY47Lpc/Drw7soYwKXK9fjFMJZX ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico	MD5: 7fd9a7d0172144704410bfd95a5c3bc8 SHA1: b9fced8836894d79832722d7775fef3467f0f3d8 SHA256: 38b64662f4deaf530ad0ec8a24aa2725986c9c7a591f9e441f17a3608df882c8 SSDeep: 24:/u4DAHdSzFvpiu/feEsSOKXCUS8W6P6I8s1lJfP7FNaJH6abrj0oVFke1k6sy:/jkszyGWbSXXCUhW6P6hkfjFMJZXkty ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico	MD5: 181c5e1732215f8828f6dad0fdb94188 SHA1: 2280e38794d27e20d7b2455325f6505b76c5779c SHA256: f48e4dba60c745518643076307c08fcfb5dbfaba0eed23ee2bbbdc784f3e28a6 SSDeep: 24:ZWXq6W+vLJC0s11+kAQ8uNLrnum0f2h4A0Mr1lJfP7FNaJH6abrj0oVFke1k6sy:Lv+v9CL/+M8uV7um0f26khfjFMJZXkty ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\Graphics\Setup.ico	MD5: 6423bc3e51cf0af0251e27aac5c6395d SHA1: 32bf0a3a9e8f9a82ce7d5b81252d1e0db4c0c3e3 SHA256: 1338cfce8903a3ef102f1d64352a7253dabb22e1ab7660fa0fd53a09e8e2e471 SSDeep: 768:08ooSxrSl/2K8s+orhhR+ikp/bRzUwOWye2GJaFxAC/bDHu6ngyeNk:08oosSl/29+PRUJO7Ao/ZngyZ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico	MD5: ee2706bc6c8d303232c208646482faef SHA1: 298389e59dfaf097a0b8cb00920909452e3e91aa SHA256: 5f0a6a0f9a37fc4e36ea1b34a4aadafd469a9fa82a389337e73bb048e8f4c102 SSDeep: 48:VAPXxl8F6oXVmz6vU2oqFQry6YjfjFMJZXkty:6PX5oXVM6vwqOyOJZUty ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico	MD5: 7aea6b758ce2a9f77b7bbbc76dd1939e SHA1: 9e5f26f211c32f22769c9b38f1980f9b6c9223db SHA256: 2a510cba5c67e30d87edc3277d8a16c1d343fa1666f7175e5d0bc4b06223b760 SSDeep: 48:/e+AHOGYOwTuyFEATE0P2kgyrJ5B1fjFMJZXkty:GfavWuKxMJ7xOJZUty ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Graphics\warn.ico	MD5: 02fad98bc5fbe8fcb83c7134a3e5850a SHA1: 3ddebb3b03137605ce0271de44ba7121b2fe7eeb SHA256: bec8d72ae689d405f217cc537d4211bbbd622de54a9ec60e0f616dc0b0424dda SSDeep: 192:X1QqHYGQ1Tc+RqXwAWdbq2ASVRiqca/vfqF8AUfHZ2NSimaarnweTLCui0k:X1QvCCIw/bq2ASfrqF8AUf5FqaMyLhTk ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\ParameterInfo.xml	MD5: 1f72a708fe38cbf7a30f339256a36266 SHA1: 028b5fec5aafe7ebbbb47b9a776e5828b9dadb92 SHA256: bc4bb30522574b936797e2a9b75500cf1aba4a8a2632c89bbdcd7a4d15200368 SSDeep: 3072:B6MXjC8hStcJhKJSm5NLYW1Zx7M4fFhgFlqvddhaZIW:B6ZqNhKJScNLYoZx7nhclqldhaZ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\Setup.exe	MD5: 40a7d351fbcfba681a712e2ab7b1ed35 SHA1: 92e34d2649721a91e5aca3ae80a537c71276366b SHA256: 66afc9ab2f31d8c6ffebd64e4b4e6080f072b47c4696488b289cfcd94fe4b6a1 SSDeep: 1536:5RiUXq2VHwXXDJFpc5QZFAWQUtfJbVjXEiAP+9fFPu8Yg7WS6w:KUX1hwDxcebd9FhUiXtPJf7nF ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\SetupUi.xsd	MD5: b6c3dc39c5059eb5af55ad986672b46c SHA1: bd98ca5fb9ced902e4b22857eef5904b802c8d84 SHA256: e3a782631cbe1aaafc58fcf6e2ed1a0098773c7e7b38581429e64f68c0b4ff58 SSDeep: 768:yOJKOUJhGC3DUFomP8g1h6o8K9zY5du6dGIJXJ+gAk:yS/mwFo9g1h/hzYr5dJTj ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\SetupUtility.exe	MD5: 7d5b8631b5a82c7ff860bdc81033236c SHA1: 3d16209abc84ebf649baa1e957084becd01662f1 SHA256: d9995c8261bf6a526f99c05d2cd8a7653cfea40c50eaf6d701429a876082b392 SSDeep: 1536:JHub27cJ7NCFtfAe+s6Ke36n+h3yKHkze+GkxjfR81X4hw/U96:8b274DsG6+YKHk6pkxjjU ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\SplashScreen.bmp	MD5: 7a203e3a43fa8e5ad5892a046c06e192 SHA1: 400d27e1a7c5eed40fb25ae652d263bcdc1bdc3a SHA256: 1578b00184323eda7999518e132e8e50ea4f34d738a4d183aeacc8fea5baedae SSDeep: 768:kU2xPbKoSszcjx8XUI7EoGjIrReT8HgMY18EfpxenXedCg2z1sYRk:twbPQjx/rcre8C2U6Bp+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu	MD5: f58ccb1fb4c6f757643f115810d33aaa SHA1: 95f2140f8431afa8b6625c5c45b28f38d4a522f2 SHA256: 02b497f5d7e884363a2767063b7c467cf5cdd77f82df6de230637b463c17bb3e SSDeep: 98304:CVQf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCr:D7BBHTK8KXZ4UuY1kB1iKFKmc ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\header.bmp	MD5: c06cfb668593a9351159550a3de20651 SHA1: 59c304ef4f2d8cdb1c8328e40d370c97e4594eab SHA256: d4f132c3d94ffe12dc460ecefc761232c6a2789011a466db63a0f564d2db8f79 SSDeep: 96:be+52u25Qm5v86TdJeJT24b6kOv/LFP5uZAnFDOSOJZUty:be+gc65J8TdbfOvzFP5uWFE0k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\netfx_Core.mzz	MD5: 92ab8990ec2dea3b2093cb420fafcc1e SHA1: 113259dc9ee72b67d444678da4551c236336753d SHA256: 6378e6355d425d6e12543340f6b97fa73e124d837d7a78bb819525bef53c618a SSDeep: 196608:MXV04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:H4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\588bce7c90097ed212\netfx_Core_x86.msi	MD5: bbd17a09a79784d239c3ea781da606b8 SHA1: be96345316729dda1893ade78ae10132e327b8d3 SHA256: a2aec348af40d26e7b637e0adc93f9cb970c1af38efceca9517024a7768dd90c SSDeep: 12288:R5d5ruzKgB0XP6sEsNH7QXcFdZ+VkjabDTnxTR8QFqwSOTcnu9ikfdt6TJ6PuX3k:R5j56dsNbQXcUwabPx9bswH/fd6pxrS ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\netfx_Extended.mzz	MD5: d9e4fc441870f5d86e3c5dd43e670e82 SHA1: 880473d8dbb5949a565818bf791d125f7d59a942 SHA256: 266525df3469ac27b16ff76c3fd0e86d39d5c0c1123de4aa9c356988633ce0b4 SSDeep: 49152:gkVzA7xpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwR:pV8/tZKH2mALErq2nt7rvfI+vZpfQ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi	MD5: a4f5f21b4f545692a6751135ba361863 SHA1: 845be2794af56c8dd8852bb169b883ecc3d59be6 SHA256: 4176c9a9b56c1aba4b10a251c48f655407004c84159fc62de0e96c1023242cef SSDeep: 6144:6E0YRb4QUV72MO4lrh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBQ0sd:67k4RFFfX6sEsNz7QXcFxZ+VhjErm ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\588bce7c90097ed212\watermark.bmp	MD5: 2819cf0256cb8367db81b7be9a662223 SHA1: 0060af02c806a8a7e5f51ba90d91d8b62228de49 SHA256: 8832742e93a9c21b8c3f62a4f7bef4a0a6d8b3cbf0a57d0f96c619b742f6cbc9 SSDeep: 3072:BaT1+Tjk8o0UsrE0WJoUyimfMpkvTPV3CuMOnM:BaT1/8o0U5gU5mrT9DnM ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Boot\BCD.LOG1	MD5: e1fa65454823a6c40e1d8e301f683c6e SHA1: c28f3ffd2ef4c4c5666692efac32c475b8af0a7f SHA256: 62f93be0cbf259a4a0113c8f5ed442a346aef2071eab534323789a3aad2d8819 SSDeep: 12:I1lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFkelvk7BiFc9y:I1lJfP7FNaJH6abrj0oVFke1k6sy ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Boot\BCD.LOG2	MD5: 215ac784071cb387ff6f36d8f0890100 SHA1: 7979d784b3cb65efc9ba1e5a2c566b14a78deb31 SHA256: 07f2d58f452011e137edd3c0d785c067b391e9b484fb5232869716361952d568 SSDeep: 12:0H1lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFkelvk7BiFc9y:0H1lJfP7FNaJH6abrj0oVFke1k6sy ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Boot\BOOTSTAT.DAT	MD5: 9569c7c891ea20d4abc9800b2109b56c SHA1: 838ef1f887f7eb01f2f2c6bfe666341285f9a9fd SHA256: a22dee1aeed0e4d6c6a489fb632719ff7814f8122c7b912d099dd8f832b95856 SSDeep: 1536:f98b3nkIStbwS7ZMglWU/Q4x28Y7PtHJ0JLP0vBRaa2aKU2:f98LkIStbwwawWU/Q4utYEBGZU2 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Application.evtx	MD5: 6d99bec2da9d378e2e0f22959acca17e SHA1: e3c5f8d8779378f67dcf698aa0df160e6b59ee9f SHA256: ebc823c5209200c650ce46aa9ce5994f90fe1b0f13368806673104e43e768839 SSDeep: 1536:9/tJeltrrvQI55y1HsJrKLpmhlUK4vNmHVCvP8x:JeLEO5ULmgvACsx ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\HardwareEvents.evtx	MD5: 29721bd20e9334c0facca42d1ebfd8a4 SHA1: e83075a8708ca0055bc01c66a8382af1e949b721 SHA256: e29b2241ff06fbc7876321a70d20ba5612373fcbb985b9cf1cfde2aea3d65d4a SSDeep: 1536:4rKUEloZGSKUvq4R/psFziMZD2SAKqus8xPtp9C/fAfsFxyWA3I:4mlloZsJ4RRmZVAKqun9oAxFI ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Internet Explorer.evtx	MD5: 3684a019af25cdc8e5c4afc34732830c SHA1: 1e65da5e38e4119bfcbac3dc2fe63e5597f94c77 SHA256: a47d9053df6b18464f64f323f6871ef35e89b17448a58c822201a10aa8e29a14 SSDeep: 1536:/KFgytZPg/pNs6nmd7mjfleXbtK2Wrlo5TOILK4RmyWYu:/wgy8RNsLt+9KbU2b5ag5o ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Key Management Service.evtx	MD5: e0cbdb5ed8815f89fc9e11af4692d5c9 SHA1: e6b7eb006fc11afd19d62ea6fe5b7beeec7c01ac SHA256: 930bb2e49021cf70fc294bd4d6a4862caa9a7b561e43e44e7c89138dbd95b19a SSDeep: 1536:tjt8tJ2PXrVL5G/iE7Oy7XXa0y2KpK77K/14FTcQnxCPiXyE:tWtJ2frDG7OeXlqKvi4FTc/qXv ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	MD5: f7255e604091daa853b52876f72761d8 SHA1: 9442f1340f4798fc920dc8057bb2422d2e683f47 SHA256: 377f580b29fe161c6f5a38a7d8667c9a7c51f648676b93ee767f7b570f1fa2e9 SSDeep: 1536:S8p3Og4fKXppAY3sno0iMxla0DKz/1ycJLkbfChEFayGcS:SFg4fKXrooZN5Lk6ncS ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx	MD5: 3ffa7bba8c74c01d8bf776537322c806 SHA1: 129c2d1c24c106fbe803de4528bec4878f667291 SHA256: 86c144cb814e20e7a6cff84ae3ee217b819f87df1bdba81dbf7ef7dd638ea9d2 SSDeep: 1536:oYH9ABunUPphfybRKpd1n0/Ckkx8ZyjMG5Ox3E/krrCPqXTxra4:oqAP9ybAv/xyyjMmOx3E/kvCCjw4 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx	MD5: c673abb94aaad523fb6e49a8d2f82473 SHA1: 34fa793444cbbedc040d942ea0bc7acb9b04b630 SHA256: 74d8ef7256b74ba4a2a5a05934154cbf5d4c20b0f6e2b24444fbbb66ff42215b SSDeep: 1536:VJb2yXWzNsmsXm+0+lemsK50sGRxswMXBGcupuMldbh:CO6Nsmzt+lHFWwwCQrfh ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx	MD5: c633abe9b69460096a240a2afcaaa89f SHA1: 5dea000287b1c22af14f0ff63c89c2d3d1666cc2 SHA256: 0f1c2f0bef6700e020b52e267534adefbc653329f57e2fa5a235e79502f48168 SSDeep: 1536:9WisGq/1KPppvqwA/wp7kRMADPBhuSKA+NBNBTsLa6l1Jm22ExjKv0f:9Wipq8PbvLA/wpoRpPBa5ol1MnO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx	MD5: 9efa7abdf25cca01e624a111ae0a7d1f SHA1: e8137b2c8c635ada5b5ea02f76f41f153886273d SHA256: 1d309c0edb15f4c654f00f7dee8f92f0f7f9c0918b5965c78d638101d2b743cd SSDeep: 1536:c0whcbFgCJw7BU3+Zv+JSDe8Vmv8r/Lib2hxDV:JwhchFJQv+ANY0r/LibixZ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx	MD5: a0eacc74db7c40aac29b8aefd3287d83 SHA1: e449a99eb64d15f1734a7cbbabdab2bfe5dd7053 SHA256: c555304f22eb9d9a84722ba7ed61810d244dce613bfb0e71337ac92672e2cdcd SSDeep: 1536:4rycdTlgdulY9hfIGsQLmuMInG2c7l/0JhbD2gAA:4LCdkY/IAwvl/07nlAA ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx	MD5: 129204060af524d20fc2fc7e7cd8b4cf SHA1: 44e31c25271986a4df761b393528b43fb1a08771 SHA256: c20810101107879a5a6e8566fc46c2e6ac517beb23e923f269de4a7caad6f7d0 SSDeep: 3072:lyblv7LBNbbOgwuMQ/VQMijR1To9bKV0yivBDSf/zHm/:0bJRNOoj/GzDTo9ZezHm/ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx	MD5: 0fa9803d3c82eda09ae9191a41a3bd93 SHA1: 6b8bb5e95c3d6f42b43a3ae06e402638e169b4ad SHA256: 7273d610a139b0d1a3d7f6aecdd9b26b7a0ac258ac450502ef0e2f59ff720ae7 SSDeep: 1536:Y/+8LoMvxCTBbhypJIeFNub8zsu6hZ8p5OXBHfDE6CR1M+9:YmLMZAh0Jlubesu2K5Ox7ZCf/ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx	MD5: 9c3bec5b59809e1a793ce135a6db0ef2 SHA1: 842e7c09d0345c4cdba0e4eaf405a902cb2e847c SHA256: 5191ae68327f971cf0b6b62298d01be5ee342bde5c6562b1ae621915fc7ff6bb SSDeep: 3072:6zmHzGaBbL8SH2jwHkPwUpABWuSx7i80+E4WYxbo/6SizJCANS7ebOKXQbwkqBYi:hTGWbkK8Bls4TM/6X7cPT+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx	MD5: 64e1a483d072d5a376625d3b54421df4 SHA1: cd0c2801ab6743fffddc49e8d962371184c59661 SHA256: 09c84eeaaa6723f1103308b6ad08601a6b38ee962786d47fb6c8cf9237d30d6d SSDeep: 1536:yu4cUrFdv+t/gwr6zJe6MMCwTnUCUsj+PniNyxZjFdZqRi5C8v/foYaPE:yHpetIwkBMMCItnj+PlxZjFdgg5C8v/h ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx	MD5: 810c53b733adbd4451e540779abbf0bb SHA1: 04ffd5f2cff9878b715eed6aca9c7ea6922f73e2 SHA256: 701f9e04e33c0e5e89e5afe48d3621357e21dcb51cae24545ece958c80567588 SSDeep: 1536:ICbFF/QomJ8FNIcsJZ6muIzTa1t9IVi+p6HNYgWJs+PRKmBk94Cg:7bFF/Q15TJ4mugQci+p6H3WsLU ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx	MD5: d39375344d903ffcf89d7c4cf9feedff SHA1: 9d40dc2361606e31a2817af5b6684fc068fab14e SHA256: c2665f6a4dd8de0339752e59d0ed97d4fbb7c30ad682a901d3c4b516f1ef26d1 SSDeep: 1536:N9oANTAjlLPwpPUBVPGREVYi0Miru7/FoB+aTcZmvw7:NOj+pPlGVYi0Macm4aTimvw7 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx	MD5: 16c773c499b77d08a4af897f7a7642bb SHA1: 41877e17fd72b914b22991198a911a959b7e8d33 SHA256: 6f4a41e7b98fcca582034705c7f810c70c3b8437a4d45ff1a5c288cef5c732e5 SSDeep: 1536:qH1fokVnLRkqAnBMl/N4q/LeE/kTqNpJCWAbJHa2MgxbtvodR2J1v9q4a:qHxok5VkBBwV4qaE/VNzMbVM4Az2nv90 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx	MD5: 07f5cffa7c710a0893ef778a34e5ebb5 SHA1: b1450c1f822756f27c43cc0cc3e3b83e02b37a42 SHA256: e0153a8920e9b3832b8895ff656841e76f0a2b2e3172369f53bc41d1df6b2c33 SSDeep: 1536:5ReRrciEJhOOqMpfzSXN94ffc3M4lr/fTXUUtUYZW:/eRZ45fK4fkDlr/fttjE ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx	MD5: 082a0eeb22f8050ab54f5599d3998cff SHA1: 3aa38fdb3cbbde6bbbf1b6486e2a39d08d469ce1 SHA256: b3c7c5fb69360b66711dec98879429c2eb42755e36f2203cfe8622d42746da91 SSDeep: 1536:9caljmLJKb7Ko2jWBWe4ZtZ6A8LTTylXbyf3Rsx:9BRM87Ko0b9ZtZcp+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx	MD5: 3cef2636589e03f6aa81bcbafaba219e SHA1: 87be5de42686ef06dd48ca95cc4525036dc8c99c SHA256: 304c32cafa2d8c11c36531936fce0e5d83507d5dc682f4262f0261cbf3968ec9 SSDeep: 1536:YaOVVdrqX+xgEjnn+a1qHOWiHJ6PbG4c/LPp2mdJlW:VOVesnx0uDCbzcjEm7lW ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx	MD5: 336fdb8daa0013a5325e705914f10b77 SHA1: 4a01c42502c13fd16f0ec02ec2caf329caaea428 SHA256: 4f07e17be57b6e9fb93c905f27880093df740556fe69c1588fc9d54171217f5a SSDeep: 1536:3aBP+7fwu4VvHHXvrhRO+V3kK/thkJSF4rgJxstfTKhPIL0JSXcVP:uPsfuVvHTbOFctSJK14ePIBXch ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx	MD5: 664ad63b5bf5cf84be14936a9c01d4dc SHA1: 94a7566f713bfdeef91670385300918dee67018e SHA256: 54284df673a0bdfea61d4d269ca52fe679acd6ae38257ff17b19f0cd944e4ed4 SSDeep: 1536:9bR154iv7aFFM7cbG5XqXcL1wtXOPOCPx77j8CrALI9ftCoF:9bRVLJX1+Wnx77Mk9f5 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx	MD5: 9722f90eca27623821f0bf4ab7b883ee SHA1: c3558e2da50e2d29bab504f0c6cc8d35ebd9ffd3 SHA256: 8df5171601183a0045ef0dcc92d9241551445b0fb62a63e016bf5aa1f9b58a49 SSDeep: 1536:Xen4OrFQLqTHykbdgN4ixo8DQ6dfN/4FSkQzHcRts:XtOJQLqTSkRtixo8rtF4FSkU8Rq ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx	MD5: 53fa8b5d8b34bf5544c6e042ff0988e7 SHA1: 2064a6dcc7bc59308f589b04aac137a0f245f03c SHA256: b1ae06210fb456d2cfbfb0728bcd4abac4115425a687231db55d2f80c6cbfc09 SSDeep: 1536:6aWIbJ0JHq65idXsCkTfB00jMUoOPLQuKrNd1Fxwh1Uh:6MGJHq64d/kTfi0jMUoOPLQTrNd1FxwO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx	MD5: 1c537ac4d5dac0b029079e237847c4f9 SHA1: b27019699f397f5389f57be20e6e45e480b081ba SHA256: d2e2845028d774d69aacea00e7bd0e32c53a5d3dfa788e47423b697d268e4860 SSDeep: 1536:rNhO+qsNh2e/hYvggrf5wKmF4kmqbdw76/VHpORwKX5SYp3Qf:rph2uhYvb+d4F2tHpOSUSEc ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx	MD5: 256dd505c70fb53a8f447cc17102b961 SHA1: fcb47d52470f36fd49e29d977c9af41ee9cae0d3 SHA256: 62a22b389910c7005bfe72004cdec28bf629ead78a7789111f37485a0e1165b9 SSDeep: 1536:0x0XYzlRgy7XH1AHXGU9R6skOug6MRgshu2N8nRa1gn4rvY:a0CRggC2sR6fOHFS6NUA1W4rQ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx	MD5: 1ee325d081cb5d0885ad131995dca317 SHA1: 7789a8c9c898c525260bcb643a46a117d21e041a SHA256: 43262df405a825041704522a45ca44b28b3891b532787694fe711d4bca4dca39 SSDeep: 1536:Utpe/rcnFLA6a4OUv8in+rmtshwnqcaJeXW6mic8DBWYeBQuojk:wpcYVoGGmtuhtSW6NVeBVojk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx	MD5: c7a2f73249843a4e8fd75b75f27b681f SHA1: c1aa5bbf1c5cc8f393d1368934829671ebacdadf SHA256: 733e99a24661671f9eb6c72c1ed0a08788ecfe790e451b1c3d44993a378501fe SSDeep: 3072:X3wBZjztraJR8RKUX1ktuckqeCL2om8tuTYOvQ2:XA71rajUX1k00LRm8s0Ovd ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx	MD5: 4c8a619ac42f2df3cee6898437bdd8f7 SHA1: 0999f3a49a88169aa4a5acadf7dd382b390c66d5 SHA256: fb2068186d35f7ae2599b69c4bba7fda482258c49af35b990b1127e47fd9209b SSDeep: 768:gjWEZt6vnelE0poI+J263wMpC2tyxZ5XHQgrZqu/iUoBFkj4moR0SF2PLzbzPrRt:CZx60poIXUwMFA/XHQg1h/3Uydt ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx	MD5: 636812c0df20ff5081c11dc179d0527a SHA1: 334d6588920a36d8de646d0bc3da6c6d93c2d76d SHA256: 8e6d4e3a5c85247772dd51ca93dcd8a7fd33e40f8db073f8695c32745e2f8666 SSDeep: 1536:Yed3zJXm9o3l1O/+Bma4Be5ZjjBmRPtEHauUzEK+ROHYowwX4:T3M9gOBOZjj8RVpwwM ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx	MD5: bee07b2881e4770a1d5adbdb49e9c5cd SHA1: f1eb5b377cb85557ed465585fb3427639b1489fa SHA256: e92e6c1fd2b7eb291d818b42b77d401c55ae627fc8c4d9f04f76d37b60f12f90 SSDeep: 1536:5oVF5anFW8YaOzvD6+NwUnsSz86XOXsUPw70Cx:46s5a076+rnsQX4PzE ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx	MD5: f7189657242de5f7984e7cc0b58c96a3 SHA1: af4e60737bf57e205eebbddfdf4a1933065a2b16 SHA256: 3ff11de9b54472c3e9e821af0313b85d4eb20ef382befcf5ee1f75bf19ad1ed6 SSDeep: 1536:jX2bDet4gH1gwf2NXnEJ/JI/PK+Joml5LBx8zBAUm2abbXKU:jGDeWgH1g5tEJ/N+z5oAtBn9 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx	MD5: cfbb3ce321e7596274f5562462f151f1 SHA1: 8b4a0a88a6865e8c3208da7f41b66166ba042f2d SHA256: 1fdec9d9528110aa3cd79a4d5a4b1b4b61b8efed5cfc396dfa4e0d00a713ead7 SSDeep: 1536:AZYEqSNiGNkViaZTfitBS9KI44GQZQG1HEEH4AaLey9sR+Y0:AZYEqSNi4kHZTqDS9J9GQZDtxY579b ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx	MD5: 1e0fafaeb60317f51fd55c9b15006c1c SHA1: 835cc40df70b4335ac861f58a4cd53b43966aab7 SHA256: aff943e7b8933c8a5241fdc70c44997234ee432ec7ea624422b6cc46da4dc9e0 SSDeep: 1536:jWqUeI/WWYaqL4xF0B6c8XcZ8aY/OkowsdMzfXTLthJtv:jhWYFL4xF0Yc89aYVowcMzfXTBh/ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx	MD5: dec5eb916fa3994ce4f13f16e31e39f1 SHA1: 1f423b9de3540ebacdc9459195eea605fc9b0461 SHA256: 2a0631549f0fe0523123cbd7e2e6a1e7aeddc6963600d6a9ff7a375b5957b346 SSDeep: 1536:p95DQiJZkABb9Ki4zhJyAjCLH5NZPhx19Lfd4eVUdx2gmL:LXkA9N4zhYAWD5PnfTdvanE ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx	MD5: 1035bfd4e89962a5de8f2d2d7b8d16ba SHA1: 292792ad8371c286e513da3d80e6b74e58ae5b9f SHA256: a74d5813c945ab9a011d773b53f088f54618f0fb770503931d3e107607679dea SSDeep: 1536:5zFYhhizlAx5JxNmzwc1cSyVI/v56PnkN6+5zsZAXUWgyD:5hYhhiqbIzwAoIwP9OsZY1 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx	MD5: 8fdaa834cc6602f01fca80e834a61775 SHA1: 4e83390eda95f401ab4abac67a4701cffd07ac22 SHA256: 79b4794ef0394b9edc8dedd9b01efd194a0aebb43621dd71192bc10b245c5cf1 SSDeep: 1536:sFFDw6MMUBBKOB81aUMTXnyI4HEY/INhAQpzo6:sFFDFKB6a3ny/Hfc95o6 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx	MD5: 65de7d26deed4de3ff2143629b001a50 SHA1: a37c1e165a13811e23b0106309328278f2d37b43 SHA256: 94fb8d4a7106fd5d5b750520297fb01bea47e0ef673efad4a9ff0bb3fc94d5b8 SSDeep: 1536:MGCA0x0KWD3FVEIfmIUYKhgD6O5Z54chI7V9Cb:MGC3x071i3IHKhvU27V9k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx	MD5: bc2641346f77ba90fbbbbbfccfd23848 SHA1: d70117ca4586a463ee7343c5a288328edbd99715 SHA256: 1ffecf10f7fee900e2a0cb8e489aefc33c36f3da89889fc9c33a48096cc026bb SSDeep: 1536:LyDJgrPPNjsvue4CzaiMpqQeEyKxZ1hJE1I9i5wUsHvF5epvw:a0PPuGe4Czv9EyKxZ1sI9i5wUsHLeNw ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx	MD5: 2aa702777aa918289e33f056fc2fa7d1 SHA1: fd56cd6d50dbc9fd63b7a99fbd948a96d9f2646a SHA256: d189afc46c167ace3175247e7a557fca220d7686c4b545cd88e9e94543d996ba SSDeep: 1536:oxz6+w1NCrZnafbk0NUADCpj7amaMIWCr6IN2PX/YaM8n7:izDwGNaJN1mf/cWIN2HYDk7 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx	MD5: 531b5011019609852f7ce7ce1202962b SHA1: 2ca691cfea7d30fb08956193f95dab728f63bea5 SHA256: e137458fc995edcb334b038f4f4a079b2ef9fb0eb98c5b9dee3c1d52effe46ce SSDeep: 1536:3nw99ktgeqITaw1ZxJk0b3TuAYm3bhMV/luPX+foidEZ/ZcJgk67mCp:kkueqITawnxJk+3TvliYPuAidEZui5p ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx	MD5: 6822bd02d704a024e79005e64deadf7b SHA1: 3c7b5da4f086782e1714c32677a1730660cba4f4 SHA256: bdf1f89e3f958cb8e1fedf0d82effe492467cf305bd58e2485bcbb36ff3eab04 SSDeep: 1536:LrW56tvJVQDX9jeJA/0+Vxs0CM9jonJpKhT:vW2JVQDX9jyM1xsOjon/KhT ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx	MD5: 1ff65cd32d82889cacb14652c9b6645c SHA1: 8093e4300f98efeab9c09f644213f80b91e3ac65 SHA256: a34d93c6ea472c6be1999807fe1be6e1cc2921f27e82fe3a95e299c0a819c71f SSDeep: 1536:CUgeNBZP/sfEUbLi8Y7Vta2Nu5NXxvL/ijX1N8bcq//BF9V+c4:BDN3scmwVta2Nu5DvTiTUH/RV+c4 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx	MD5: d4b97f754a8d9dbe9e46fc3e8451d3d7 SHA1: b96f8f70ec41a2de9703848b54bfe65ee72544ee SHA256: 350232e23d63f4bfa89897abea7589f9a097f699c0710308dd138beb4c31af2c SSDeep: 1536:v98XMkJ/yUTBpJlkvWUFSGhcY0UccGSucjdM87XMAVUxjyUo69C:vaXMkJ//Dl9i6Y0dzSucJMKXhVPkC ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx	MD5: ff126439726958e2475b2d858a27f4d5 SHA1: 15be79e6675a6a84542096b788499be916558a45 SHA256: 3bdcf2a13740de9895225301f3360b53514f8ca4b9d50c2859f977ef9721706f SSDeep: 1536:pKHhXYUbE1MNHIFMuOKi6u8/zcrlRq+O9r28f28xoWik0XLvQX:OhXMFpODHMcrlRqXd28XNVSIX ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx	MD5: 798bb758e1ff0dd94723e241b8c28d35 SHA1: 9d0cfd3eb44761d728b9af19fb2434848411ced4 SHA256: 4539067759584e6b417ed66beeadd438fabb4346e5844d33f98ef07b6a54d66e SSDeep: 1536:L/h5R66l8oJhoXsFtxa42PP67ETfAj810BJp1A/:L/hBl8oLTyHdTfAj/BJvw ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx	MD5: 419adaf983fc2a5b2093825361132684 SHA1: a46d950be2fa460146091a469693b1a45af31f86 SHA256: a5e8cee9736eb1f979ebb2bff3a7e51aa6433e6a379e8b7ec1a112ed0d4998ba SSDeep: 1536:etgWbuCSPNLzn/Xwise1wKOcQ/PQiCKTaryEAsckJcib0:etg6Y9sFpPQiCkaryyi3 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx	MD5: 6d59340acc2ec5a018c3da3eb31c8cc8 SHA1: fd8a872f1d4e26ed73205c76c7f00832efadd44d SHA256: bd9a3a137c21b68dc697b615f31bfddc9f85d4bcc09e66706dda6a074da36dea SSDeep: 1536:K7pMkfAf+67DZChmNJj2btm0eCIJdbsh8T8DXkkEufd2Wfl:K6l7Dgt/eCmHekEUql ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx	MD5: 26b2a820217cd65819676eb6985e4eee SHA1: 3b31a004b1ea6d827734a7dd94460608ab6f4e4b SHA256: a6dfd69623dd9beef7c38cff8b558d28ea8749ea27124016bfa0d77eb1cbc320 SSDeep: 1536:t9wblWDutSijIDBaUSNkfCYYJDEJmhWqmMVycTLJkmIkgk0:t9puSi8DwJNO4JDEWAgdHF0 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx	MD5: 20599265229358cd214cc06ec68a7916 SHA1: 2ed761e9a59b2e583457257361e0680ff244c339 SHA256: d2bae8f1318c6db76c66d87a92fab1d6a849091250d0be4eb55f8ce5397ac744 SSDeep: 1536:zvAvHVHU36vAtMMQej+VuBHl3kNwT1h99kYqrEx88:zo/jAtKem+HlT1h99PJx ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx	MD5: 1edd4353392e06c7b5a43d32d55d6d1d SHA1: 5ae25194e758262cbacdffe266871205c94d2643 SHA256: 4c625ca181edb87c3858883fb5c5746972eb32a56fc223eac92b1d31c4b29997 SSDeep: 1536:7MBtxWoogWA8T87+attzZoYy94pKQ9KLInQTEIpvw77qsWS3:7MBPMgWA8TIVziYVb9KMnGPRwHqsWS3 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx	MD5: 3679a3e95e8b1e9a5a439088a7283ff8 SHA1: ed76b9ca0a76a58f92f7c9f9786d35f475401ea0 SHA256: 364611a9669b631b970217566418947351820e095428d30fafe95a320a2a4207 SSDeep: 1536:hgwsoB7cNphlvRRz4ST/G750KtZlcDJFFKThGGDv4IYYjWyxOnEK:hvsBNpDRl40KylFObDv4IYYjWWOnEK ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx	MD5: e10254c380bf81736fb2fef2f0e43dad SHA1: 6f049fb68b8c617485fe0de06aa06f9b370651e2 SHA256: e430595ccfcd19e202bbd34a2362c0a035df4fdef1645fe44b4e60fe173ac43e SSDeep: 1536:0Ov4pKsClzDAB0ZNGPiwz/ALkTYEmojKUjmIKCtaJL4Zy9:0Ov4kziENdYYEmlUyetaz ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx	MD5: 99bc78350787c38d4a3a36ad1feb689d SHA1: ccd2a2b176921c16d81ff639db7f54f679293e56 SHA256: a443c5f6f8608a925e14fb261faa341654cc8bc8ffe89f1d07b366b96efab542 SSDeep: 1536:aj5Ti+ZVcp3I3wFnGw9Kc9b+lM+CTVuUorFmzgwPNulvN/kW4x:a1TiClgT9bWJF0evN/kX ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx	MD5: 2d12ff5b0c8f6f994bc4c94df8981d22 SHA1: 37cad4267aec5b4405fec853931f02f5055a08b4 SHA256: 2cf27351953dc8f6b301f0fcc3f45520aef22b35bc98e45bc6877b66c05d1401 SSDeep: 1536:dLF0r+axuwlzLZWEtSvYrOf+ybjWhRropZgvln7qr+:NF0r+axFlIEGCOR2PkpZs7qr+ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx	MD5: ef203956012e79efd27feeb3cf7bd818 SHA1: 29fd9e33627724cff2142db6a5d6bfb76e1382cc SHA256: 04b1bb49ae180f8c0be56347cf3d7c7612be5cc9591b39f9fba9dbfc291271a1 SSDeep: 1536:/tm1MiHX+Byz0uGiaFKydiciXCRs6fccdtehGx/DHp:iMi3+wuguiciXCRhfccdgh8/DJ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx	MD5: d8c28ceaf09c76b493d35dd39277f4bc SHA1: 1a8253df30346b5368e822059bed55214d8cc032 SHA256: f4cd1bbf3829ab913940f7e30f231cc1052de4e37d7e7bff0f7ee35bc8d61323 SSDeep: 1536:PzFUUN9pPLJoFCj+g8wuAOx9bQlAaX13MM/XXM9ihF2qoFmDt0tdW:7GUN9pLiFG8xkjKOHMAH2HFm50jW ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx	MD5: 197964f26fdfa8ddedc5936d5ef0ec7d SHA1: dc3df2d087ca62432c4442328d9c2e969d4c4ed7 SHA256: dda139760e1efc1546b4a9a68d0df60d5682161235ba190f9086d5cdfe1195a4 SSDeep: 1536:xslAd//y7//kriPIvLX6gFSzukvXXDeABQ4wjoYDw4Kuff:xsmd/83pPIv+ASCcjeAudjoYDwBuff ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx	MD5: a0e2622be5004239522b391426938c63 SHA1: 837c30440a1ccc69699d6860cf7d9c3490b91510 SHA256: 36493e11431066d2db3f408f8204e75e63aac4271ec8288d933ed786c5aca27a SSDeep: 1536:PkyEVCep+UfhWL9HIB+SLo1QpaE9mqAfnKHhnM:PWNpwy+SLo1cacif6i ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx	MD5: 8a68c8753042ad2a9b01022a6d87c3c9 SHA1: 24e80428126dd5227ed1a20b348c5670616e5748 SHA256: aa56bfe81de5656bcf88abb7961df412f9b0e011e018fd6729d4fc867fe72fb7 SSDeep: 1536:zuD/Bl6Pi1DTCavJcdxgjbrb4vZebbzpT8q17PMJZAycE+EYvCIyHgFqfoZ8Wpxe:ze6GCYOdGH8U32q1IvzHgE48WpY0qz ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx	MD5: 32d90d6a2c0f7861de1159912eb6e536 SHA1: c46c7c652787191b70388d37e6f7031f5ebe3260 SHA256: 56712616c091f1c7e0db0688bc4d47fbf41e87e3db7064d11e274d56cae526d4 SSDeep: 1536:AWyX5ZogKS/aFdGWs1RwAs+wSs3yZPYsPpxL9QqslL1ZfvH9zL:A9XMlHtsnq+Jc/s/zslZZfvH9 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Logs\Security.evtx	MD5: 9c54fe38b8eaae915cf2a47ef7cd80d8 SHA1: f50841103d9a01a6d4af72466b62809109a2cd0f SHA256: e43e6aabb0fc42140e1ce7cc68ca3d583bc74ef185fc6874bd18c57984a2ae02 SSDeep: 3072:OX52WrvU/0hRhKGLT2YtE178ZpQkOJDnTqI6vj+fAnsxfZ1mpc3Q5R:EUWXZN2Ye1gZpQkMDnTqIc ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Setup.evtx	MD5: 24338e11ea130661ffd43c10b86731cd SHA1: dfc74049ae28d0d8b3a3cce252c9775ab2ba9bd6 SHA256: 6d352070c30065aa0bfcc7124fd60fe8cccc1a6592dd170692d4805717625101 SSDeep: 1536:urTecfDC66zQJPf7opinbUNxAv1V5kgQlUi+ueUd03QApO8F:xPzQhIinb7iNllgUc1F ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Logs\Windows PowerShell.evtx	MD5: 309bc0c611887583b0564c5c65105cb7 SHA1: 96ff5fb5b87499069cb0ea4065f29d88bc0318ef SHA256: 9d0f6bec82208b06b22c0c5f4dc97cdf1edae4dd4661525bc527f180ebfe55f9 SSDeep: 1536:PWGbMrteBz8e8NW/tBP07MIo2STpvhHR+bedu1FP39d6Q9ew:fMr4z82ILo2SThhHR+bOiFvVQw ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	MD5: 0140057c2a475bea5c5b6d2544257641 SHA1: 749b417e3e1a1edde2734fa15ebe46aecf35360c SHA256: 5becc34a42ef9a0c5b1e93a6ee7d808608d362f6cc13015ab4e5e3ae5d28bbb1 SSDeep: 384:VUyVqAvJ9dTgMnuEkB2Scc9zSGhm+y0GN0MBk:VvVDfh0EkoS1tY0ak ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	MD5: ff716e76267add1506005ceae3937ea5 SHA1: 6c5930e63d7b8b6537ddaf675a380f365b7135ba SHA256: d39e95b9967e77306492375bd279aa1e3fa0f01e97de359effeed65f6fe5794b SSDeep: 6144:pCr5DYptxbfHG+bZW0LW5NU6ITLTkVd4QOhgUE675:U5DYptxbu+gx5NUbTvSUxN ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	MD5: b26c2e7b70e8cc40a262b989eee5f7e9 SHA1: ca7d30a79674fb141de6c79dd7b49c26799d6375 SHA256: 1aa2032e5d9a0e63c319cc08bf92796c9fc46ec4c6bb9760631f394ffa849bbd SSDeep: 96:7coFj+7aMcx1yq1lT4VV4FT2kKuW1oyjmO9fMo4OJZUty:wF7aM6p4OqkKuWn/G00k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	MD5: f620d1ca2d0ac3d2cf8a82df028297ca SHA1: 00d71f5319aa916a9771dc7b48225d4514f8d42a SHA256: 12827ced688be251ae65d484f64315c86dcd84ba909e82ac67fb58903ab11855 SSDeep: 12288:BkFW2wl/q62klTf4quXJlG3+gAvDh5EUeDSR4/RYh:culCqlTyBDh5EU8S1 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	MD5: dbddf7ad67c8d753d350bcc710136aa3 SHA1: a4aa1e00865a7483a83175aa4d0317542f1f18e2 SHA256: 47eca3c19ae46e2d87c009db6c763d7d3d6f9923c8b3e25dfdb29d23b77f088a SSDeep: 24576:TCGe1fmChKMRBc9b6xjOkUgs8Rvi6w3y85:TChwySbDkUJy85 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml	MD5: 666bb0abd51e001078294403fd39a3a8 SHA1: fe0e36cbac94acc437f2dfa3a99c438d037eca92 SHA256: 887e6a06b6fd4dbe8e6cab67d6ec4c8c502d0b13c968a2f76f6c42bac13aef1c SSDeep: 96:ZqBnsoqTOBFhtxkYrz6MNwsfjopP19Vz9sSVgIjNM8iXSraaOJZUty:ZMswB8YrJacopxz3xM7Sr20k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	MD5: 04ee1d0a70838a7bb3062e0ebc787938 SHA1: a1eea7f1ae7a65add8842a920ad5f8c9196b9e79 SHA256: 3d92a0b8d6f87c098b34a20e27a4a9c8cb943dbe77f689735ed304caa22447ef SSDeep: 96:TzwQr+9AFnctqI9nJe4zPRu/1hKLJdnRmUHLCd6ifndJrH/GOJZUty:PVr+C5I93PRj1qLfdJrH/H0k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Unknown
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	MD5: e0c41a2a2577b3db568a6dbd0b9f16c1 SHA1: 7d9ae46e107c69de7ef31026033c3ba0f64b27c7 SHA256: cbd5f9287fecddc4783568b5f8e80f08ca67dc36b6ac901330099fff270c9d00 SSDeep: 24576:JTvzwrqyMz2az24uRh4AF7vfjOGayiuBBa/MDexVUA8t831+y:JTvQaoOAFjDfiia/fxVz8tRy ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	MD5: a8de607eac6c75024b02530692033bf6 SHA1: f6ed1f450e11c26e3c731225e07ae0186e99a018 SHA256: 054e993e414a974568fffa3ea7a65399cef30835e5abe840a29434df42d692ad SSDeep: 12:p/NSC6OEEK1lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFkelvk7BiFc9y:p4C671lJfP7FNaJH6abrj0oVFke1k6sy ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Unknown
C:\Users\FD1HVy\Desktop\ReadMe.txt	MD5: ac04e0791a37034aaa7d890272f15ac8 SHA1: 673b3a320eb9dbd9496760977a31a032d5ee9932 SHA256: 152f245bb1c8a3627205753bd02db2e655d8d677eca39ff0680117bdbaab8f9e SSDeep: 6:0ehlK+uo6Vob6H7+xSm5ykHSlAuZKTDTqWRlAsXQ3/EhuzdA4EhIFMIEFUl:rYKb6b+xMJAJ1lAjcSdA4PMbFUl ImpHash: -	Access, Create, Read, Write	Dropped File	Not Queried
\\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	MD5: fbe48eec97f6366b3b8d1e962aa79a39 SHA1: 1a296b02438328449e8e2ededb6803b6ca2120d5 SHA256: 8c367ed13525d797b4bca11864594e940fd3b32ded12a275905608046d955406 SSDeep: 192:cHcVfftmRQNupFTRmXdcgpf/F3JIK/e+YY0k:Z4RQNYFlmJj/etk ImpHash: -	Access, Create, Delete	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\1029\eula.rtf	MD5: 77feddf5e84b265b75898f43687b8771 SHA1: b43984c474acedd2c99eb1e16a3bc863a3b768ff SHA256: 6e33ea18afc6c71e55de795c153afc32bdf5ef3453013bec1c8ad266131c45f5 SSDeep: 96:qudrpujsecnC5uM9RHPawZA9sGxm9FOJZUty:qXst0uuRHPpCm9g0k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\1031\eula.rtf	MD5: 9742b9eb258b44c8735cbeab34f8e078 SHA1: 5048faaf6cbf9ca7ffcaf8cb25241262bce316a8 SHA256: 95bae18d777b9fe2d51956bd10bb9047f95b285f97b078445d8ec39cf915d49b SSDeep: 96:pybpURAgYU3V7U0Q4YcXTWxqSGEHrxr1vlCQEHvkJNeOJZUty:UURAgYU3RXQXcXA/vrN1vlavk70k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\1033\LocalizedData.xml	MD5: 01be9109252e915dc363e1ee64af0e2c SHA1: b830b7bae5ac56a678934057d27f8f10fefa7782 SHA256: e5a61818f42c016dea4700dd3d6563ceca1c1b8df9407eb2142466a10a47abdc SSDeep: 1536:40tHsQN3mOIb6/m7/5uKCC0whwuVP1omdTxcRQwgCkBbD/aegzaE6VKC:xtHpg5b6+lnyRQwgbBSvOvVx ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\1037\LocalizedData.xml	MD5: e9fed97de8bf5566b76bbb66769585a9 SHA1: 7be445e13577de9f65527a051c1ec4a837609b91 SHA256: bab089656a320064acae184cfeec9515dbb3d1d9dc870230e6e99aeb3cef26ef SSDeep: 1536:vNkOSKw8pWH7A2/q0BeHuEAJQHDQYMgWef0I4pW28s1wbacx:F2Kw8p87h/q0shFhhf0I4o28p ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\1041\LocalizedData.xml	MD5: 490b46ee716a8b95f4a84c0e0ff60eba SHA1: 9f1d8508cbddd6139e7d5b95672fdd6f3d87062a SHA256: 7b84e6794c25bf71624f3cc01da14ecae0b35a80624567ee78185bbaf2fdf353 SSDeep: 1536:XMqpYjd20duzWkqs+9G3ZjB1eiOIhuwQPBWwT:XMq2g6kCG3VPei5huwQPA+ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\1041\eula.rtf	MD5: cebf539650a4da8045b3cef6576b1a11 SHA1: 30c374dbb00a84b2066a2309bf6582f483d100bc SHA256: 2737e23211a7099f7bbc5348d6a373d052225b81475401333ec662d7174c2eca SSDeep: 192:4QygI5oFnknBptDJ6Ki+0XvxmSBuzZcw0qciLSwBEpTG00ylO99XyXlFkom4BGl7:105yGztDJ6LX5miuzW7qrBEhG003Mz1M ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\1044\eula.rtf	MD5: 5f6db24b0547d922e70afc07147db3ee SHA1: 5a32769691554b93e0226f1340597c2907507329 SHA256: 0918bd81228b7669bf8a92ec21ddfdd6f8dfb2ba6b3f5e2b7cd6b754e3dee2bf SSDeep: 96:72r/BDblyqmCUpa8v2utWjj+7Iz53BXs/UNOJZUty:7CVJy5p3v2sRmDs/d0k ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\2052\LocalizedData.xml	MD5: 11be9564953d98ce2717ee772fe1a0a8 SHA1: c18c86c1d05273e86d9bf2b591fff2d2a08be11b SHA256: 22e7d6353400a6290cb00834e5a4d15433d6b3d39d4c669c5f06bde337e1b023 SSDeep: 1536:ZZaMmZgf4hmei0L+Rf1dldq1FoDHoAB/fwFUTIz80Znrf8Q:ZIMUQUmeRuBQ1iEU/fFw8Srf8Q ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\2052\eula.rtf	MD5: c6e56c32827526ff261e81170cb6778e SHA1: fae004fec095473f413270376d5329d80c4c1c23 SHA256: d5dea5deaf7e7401c79d421e3ff0bdd9bb145b57ad7527cd91f3af101b3eac58 SSDeep: 96:RUYHgNl3mK1q6X1JuHxgQty8p2+bAVd207QYtwSJdChoeelBOJZUty:+iSl2WqyPuHxg8p2+Er/NwS9Blc0k ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico	MD5: dfdefd06a0f9f6255dfdfaabff5140ca SHA1: e7d7af0f1688bdfc32483438f8a99a8564ef11b9 SHA256: 1063a310eb8638b9bf0ff705f0a212fdd3e4aa3060a19d67224638257db58755 SSDeep: 24:RTrNzRLCxjp4vOsCZnZyQzAJcGWHsDT0PF1lJfP7FNaJH6abrj0oVFke1k6sy:78R03CZnkQzA+ADTmzfjFMJZXkty ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico	MD5: 248396c4712b9a4c88b8afb17c79fda2 SHA1: a75a443102500df375d1bd59f6b62ec1a4a78171 SHA256: 5de1d766cc51ce87721413badba848f0824c2fb20f74cfea000c828eba7a1e8d SSDeep: 24:xN4O5WdQVhF19szrKwD3jNmFNVB2H7vmOm3WFn41lJfP7FNaJH6abrj0oVFke1kk:DB5ea9sSI8FvB662OfjFMJZXkty ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico	MD5: 45cc29013bfb79fa00d61b9807e1f5af SHA1: 24d03f137aac32e6b49d6955478452a66bd83ab8 SHA256: 624416aa2013d3ac93acb8cc6c3832d796ed699b1ce4b4484f859bf2b7f34819 SSDeep: 24:X5lGZiK5cSg/VztNQBVDn07JKbXuf3/+zFVxBi1lJfP7FNaJH6abrj0oVFke1k6H:eZix/VwBl0MbXuf3/oVSfjFMJZXkty ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico	MD5: 00155beaebf920177c82128a69c644a4 SHA1: 99e5e972d0652addf5429b7a4b0c835ef9b5f052 SHA256: 4b094fa3a156f8a6cd82cdd37bdb9e45cc84f0935563e4154ead387d171386e3 SSDeep: 24:IhjHYBCb26eVKAglwf2DYBJhwtuIXlGisy2em7Z1lJfP7FNaJH6abrj0oVFke1kk:STrb2lVKhGODMYXlGiTMDfjFMJZXkty ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\Graphics\Save.ico	MD5: beafce216f2266f4705ddff445b6b8dc SHA1: 1b12053ba0a9dd82b025822aad819ea8ed19cd3f SHA256: 595e9831233ff16858034998bc16a9262b1e171e39a5ddf2f2cd425576c042a6 SSDeep: 48:0Ndf73j5DE73mD/wLPn9n3rDr1ffjFMJZXkty:eD3jG73Rf9n/r5OJZUty ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\Graphics\stop.ico	MD5: c47b8b8edc72c47eb14334da4e3bccae SHA1: d07e11265cd8030a094b89236197ade690137831 SHA256: 1c63f4bd7576612e304fd09bb88f3d310c068f167bf2c58a92775a73ca1e4aac SSDeep: 192:jxS5SiVqyhLqscieD8vMxkBtIKu2INiL5MojHcXWozIolNd0k:VS5SiVzWIo8vzIjkdcdok ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi	MD5: 563a12160266ba87fdae75dd4dcf9d78 SHA1: 4bf91512656579ed9651073c7cd066a476506166 SHA256: b5669b12c137fa17593930731004683f1640dcab4181b8c14a6af33deb5b70b6 SSDeep: 3072:uelPT9wZe8Al7r1ZQms8KLoNdCShdkadwUVQzB7m09g47aEqPNWZKq5uXp0+:uelPJwZe8Al3QdJoCGx6uE99gVEqiB56 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi	MD5: ac8743d20c71a88e584e1bef9e6f255b SHA1: 036af87a32a1c7d69fc264eb63c67b826d6ad496 SHA256: 24856d0db91bc3a0caa64df5d7c0d3217d01914f77ac62b64989adf03e33b7e5 SSDeep: 1536:2DaqI0nQYlCPB1V63+NRMmOdB2+pfuy6OLKKaxmvzC+YwNy42mYxX4qOwhDwlZSx:2D8Wl6suND4NOmvOJwNy4JYh4Q1wawO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\Strings.xml	MD5: db6e2fd2ee9eb8c492342864c74cb4d5 SHA1: fe7c0f3fdc7f8f6c710121d800db663010191046 SHA256: 01e9bd796174dc49c59dda63da9f57d25348d8c0783ed1c905f84ca708737880 SSDeep: 384:ay/RYHXqSD+Fffb5tw9LluwXEzjP9ZFN6IoJ1k:95YHaSeFwLIXzjP9ZqLk ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\UiInfo.xml	MD5: fbc1f4f35075d2fec28270f8a5c24872 SHA1: cc0c5554566ce23ff9ad8cdc6c1306c1bd7b5b6d SHA256: d88b69e45ee113a1573ddaf533869777876e491b3c40c53cbd38d2d5244f7f7f SSDeep: 768:H11ZhP7qwAz//G09aykgxdCeHwf6mbNwi/9k:vL7lu/umayXdCeH21q ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu	MD5: 31a8216b9003758c886863e5817a99de SHA1: 2d4f0e55079877df49bbd605cfe485058f9bad3a SHA256: 94b7b3d7a8f3495109b44dd04a7c63d5539cdcfac8c4ade1d473934fdb366e17 SSDeep: 98304:ZHvuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlh:B3ZBkOK2Knq45mY4H5OMKkKzlh ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu	MD5: d32daff2b72d33f847d1b4e1a8855504 SHA1: cc558024bc056b0ad083cd25126b4212dfa94a34 SHA256: a4903c67b4f6e16d5ebff6753ea0c10e8c2b11562143e27dd2d4d257222fc12c SSDeep: 49152:fZHK17Tb7T6YV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0eG:fZH+V4YakTo1PAdXZzKUYxs3pKZnKxfV ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu	MD5: 8ed7d01e2844141deaca2f0d88f50aec SHA1: d4f87544eb8b6bb470a0aa7647d2ef60a0677b7b SHA256: 30bd8b04c5f91d10096999a006ebccdc676383e46c976299a4c86e639b94dab7 SSDeep: 49152:5kYePP4UJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNS:KVPP4UJneDGnRau84KUYcs31KfFKzdNS ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\588bce7c90097ed212\netfx_Core_x64.msi	MD5: 6edfd99682ae5ca789e6ce977ee50563 SHA1: 08963a7b7995d4f9a830ae4807db922342a7c099 SHA256: 7ab934dda99cffb8901200d3ea7220f937715d687c088725770b92c252dbcc31 SSDeep: 24576:z0YFUSykZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0b:zt/6tuQpcxisfQf2M6FGoMLQ ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi	MD5: 0cf57090014fcf374a11f03f655e6b21 SHA1: 41829073889b9569066ca900a6330fe3ddb78677 SHA256: 51afa0031d7ca610104de0af023c468f01809cbf3d0eb3a92239fcfdea97e84c SSDeep: 24576:KgKxInTq96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SVr:KjIni6dKQlc4Fc216XmS5 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\BOOTNXT	MD5: ed1a2f293395ab5c1b1f3ecbeed262e3 SHA1: ed705f5f96834bda654dd2afb7414aa13cd322f1 SHA256: acdc5a1a369e5d00490d616ce054baa47a297a0cd26bb05b5c34ed1621a06e2c SSDeep: 12:en1lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFkelvk7BiFc9y:41lJfP7FNaJH6abrj0oVFke1k6sy ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx	MD5: bba97e9dae378138ce00ef3aea5b8aa2 SHA1: 87e3ae1d85ec76aef71ec9148aba7cf5f45d3793 SHA256: 895109c179fdaa49cd7845654f4cf2c7050484d1b7f6dd8c3c0cf4ecaefa91d4 SSDeep: 1536:e5PB1iRpEvojoVB402hbrttej/TZKbp1cJOUEviEHos9JGz:eVbiR7OBUhbrtteD6coUEqEZGz ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx	MD5: 679ceda0df7a11c2caa39e541939e41e SHA1: 2b16474a1439f426a0336b9411839a02dd7ee19b SHA256: cc4c1a5cc912ff260620f8fb0c58f6a4ff462f134c2648997af042e140aa596f SSDeep: 1536:1FJBhZ8DNZFQOD5UJ1bxVGAbn/ek6Bz6k/cK1AK6UYTDmuASQ:1TBhWHF55UJ1NVGAbmkgVTA6YTDmuASQ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx	MD5: 8ad434474bed4752a055b44d49492f2e SHA1: 2ef8f2f00bb4e6ff82f33f44ae68424aa227282f SHA256: c57e95b1877ea1bcd8cddc164c5067d1586607b780550b0592b79aa1487b6256 SSDeep: 3072:9S/77V5aDZ3h0e/HIV+AzmJFw9MbCF+0QIOTZKPJ5r+5CJn/X3dlvwrTzt5AXqtQ:9SHVKZR0eymJFw2bt0Q75G9 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx	MD5: 3a9ea7846265fcdc2c4243e694c2998c SHA1: f9a6a29fc7434218c662701577268097785de046 SHA256: dd082c3598c1818496dff97facff8af33c1e8d356ad37f9ad681d63d4ded153a SSDeep: 1536:3hEz7HCjnuQHqmIBfiY3E5BoRvC6HiEUvn4DBfbmaM:WDC6QPWf73E5OF1HTUvWBM ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx	MD5: 8f033f2a1ce725f238f91f74dfbb8e06 SHA1: 1a3f718db5f0b33b7a7a835e7154b3e34f85369c SHA256: 53d0c7661042592783e22b2512f9c388c5402aad4c99bef649d7c13afe6cf7bd SSDeep: 1536:7tnrcqaW9ZGX3cmFeJMuy3FgJKb5Ktwi6zsd5P0BU3iK3oKmB:7xrRSMFM9Gujlzsz0K3ng ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx	MD5: 893aa800a95873e166a0dee35ce74328 SHA1: e38ef5375551c19cd88b9e57260650a0e05e4b9a SHA256: 47bdfdc90aa9fcddd9361331e41e4a27eaca10fd0a8182db68c52d97a91638b4 SSDeep: 1536:XPZKbTpU0YVedjscm6z29sTJv4c0ePr1RldFRxj:XPZKbTFUe2AzE2tjB3 ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx	MD5: 103153f984724e77570f7e364a6c8661 SHA1: 0e3318ca08a40529bd5e572d1447667b41afce00 SHA256: 0a2799bdb7a30110dffccd4ac6b76d9144fc6b29268ef0964c149df877f20b85 SSDeep: 3072:KTMFBsaTkutc/gVZHhWbZHv28wMHsqitqdLoH1:KTwLBtcY7HApwMni841 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx	MD5: 778637f5fdf8d21977d50c00e2b6898e SHA1: 4b845d7e061e1a30b9b8e3687ddf49afbcde38bb SHA256: ad6ef6c5708a04324017da2e6b628b23f40dd6dbbd4a8eaa03de6c0549f73d94 SSDeep: 1536:WmNfrsgqzYQtcGqAX9G8Kea8DYhoZGvWhSRyrvyWeqMRb9QSSB6PC9H:WSfrB0mGt1KeaEjObZWGb9QP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx	MD5: 3980672e9aa978b9c026430eade80a71 SHA1: eb778cd5f5a0af18ff4ae0c79d4f7004495daf81 SHA256: cda9d17c9f15c45aba5ac78f21e6e731a2b2b2b19f10bce9d3b9d43f8b725533 SSDeep: 1536:/Tv3oHpxIsdpy9xBWqm8vhmkRIEzr+v9cSH4GjmcSG:EJpfrqm8vhmkTv+ZYGCcSG ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx	MD5: 12f86a823577b29a0c467f50c97c3d01 SHA1: 6695d2726340051cb248fc4037aaea2249fc0b32 SHA256: 49a7a89f0e55ca5c7ceb374d0228fabeb9287f4e8aa3b925444186c6a5c5456b SSDeep: 1536:nmvs0LjaCkS9bsTGoF2Co/e7AvLJaiYLEheRKyWlYlF9ENnl:mjfaj6boHoCA9aiY44RKyWe96l ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx	MD5: 920889570ca77066f3371ea06308d022 SHA1: 5cbd309d29319685ab30b8ffbc769b7c0384f0f3 SHA256: 4ff7e4fa8e17f4b92b6b2ea8cdf04ce20e71872f65cf9358ab93c1d2cb05784d SSDeep: 1536:hmsj1ZNJZWUz0C5FyYjBoGoYGSzcuavLau7wa2AE2j82VvUZtX2GuXTC:hms/NJDz0CKYieaj7WAZdAtKC ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx	MD5: a844f52b900de85bbe668e354b4bdea2 SHA1: 6828ad929dde8f6d781700708882d33fbddaad51 SHA256: 1be709b5781c88b14221620c1ee059d5694039ab6e4b2df6559b99435fc928c2 SSDeep: 1536:fE2C6sPHMLRhaqcD88kwTnkQC3/bSw02jm6wNM7ofsXpbdm7:f/FsiHzcDMMk1O6jLXFd8 ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx	MD5: 3d58edac26d1ddc309a56835c93ff023 SHA1: 15be43eaf182383377416291d5b5eef03fe60ffb SHA256: 2c96000d629fca48e9bd0ddde3aeeae77479c0b796afce51bf00a2994359bbc4 SSDeep: 1536:7xwAun5vlj00KSfekul4OtYfl5xMfb705McsT76d8CGThh8vCxK:7GAunBCkA5tg5GfNcWWd8CGhoD ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx	MD5: d3d03a9b50cbafbd7a4d33a0f981da95 SHA1: 84b38daa6049b2aee54f8ed153a0ae10e1bfea31 SHA256: c262545335cab744f3a2bd9a417478553217cbc147be8c65ef3d8e08c90ae8fe SSDeep: 1536:6LG2jQCJjKfrQFwtspTONuaV5tvuXR081BzMzDjFDEBM6:6LRjFMUEWCNu+n++81kJDy ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx	MD5: 0a1d4210ffb176bcb8530becc9ea9300 SHA1: 98d5693ad70c9b929a5c35f76fb97ca6b1a877cb SHA256: d9e58dd15f4c55fceb7f02a66fc49cfc59eef42f9dab09c1a8ced5eb0e9751e6 SSDeep: 1536:3VLj2oMGx7DgxeYhpDLb8zGrutrjY7/pKg8ATc4m:3IoMG5uZf8irutA7Rr8+m ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx	MD5: 628307526cc214246b9245d0f63276a3 SHA1: 3b859c08ed8671651c0eb3ce4147bf45f438ad13 SHA256: 49479db6fcd9d8e107cb31360ef419f29a3abcd074cacb4e94d8426322be8bb1 SSDeep: 1536:Xq45dt2TLh/aLLzV859gAh0bnmLUlHbUPcfdq/LM1kLhbVA//zEWN3T68yXQhyyy:RZSdOLR859ImgloPcfddOLve/zEmjTyP ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx	MD5: aacf6451cc0fef3447a3fafe54f1648d SHA1: d88f4b98b3cb13f45e3e4ef555212ea797b6ba51 SHA256: 0aea6f9f7f24e4f17cbced6ee2665f56d9f0ea4c7b524d8b3e6aee7c165ac78a SSDeep: 1536:EBC886GJWnLDNlmBv8MlL2+gp9Atfaqj2D7sLB25qxwxtLR0MM+C:EBiY/HqlLRgTAxaYt8j90MM+C ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx	MD5: c6e2bb44415690a15a4abaae84152c80 SHA1: 1415ac52ccdddfdb77f860607f047d56c5e34212 SHA256: 1988eb9c82a343c2905f02c7500b502ec8ecdc25a66b82f420ab4ff7d1dc59af SSDeep: 1536:VW7cpua6Qhm2FlnIGzUW9BTpAXF3moLfIJ94NiUIdZ3PNsUhbGx7k/9yBjK:VW7HaVmVnaBTiYocJy2NsUtgo/wO ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx	MD5: 0ef0cdfaf13e4fb041fc78f22adf8911 SHA1: bd12bd73e5fc7777bb4996bb934d0cfb4e9561e9 SHA256: f618944e1ba670066a83b2471274a76bace559a7d6e766d9a4c5d305483e76ac SSDeep: 1536:81VgV8xDJ4wstUg2Z3apEQbZ2aRcE89s+Eh24BuJlr8mRlsaIIbv9M/mfSrRruUC:EOexDJ4NUgZbcVbIOhFbv9MufGJuUJFe ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx	MD5: a392e4ce64a22f80456a94f0befd996a SHA1: 0f2acbfddb72b334fa58c7012a6d61b946f2ede9 SHA256: a070d6c38e2a0b5c3539535216d78a16c376507295e4f431d01b51a83f48ebed SSDeep: 1536:fc2HGinBFWjCMSDRywSYhH4Zz3gxiIXMlsC9/fqBYtOTXs:rHdnjWjuywvhH4Zz3gxi3x/fqBYtOY ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx	MD5: 770aeb47da61bd1d2453bf2cfbeaa6bd SHA1: 0b85627d204dc7a01355ebe7c77fba2c82fe48cd SHA256: b03a8b3b261ecfffb0738f74b6f32a817b5f497f67c1e12ff806809279e0cfd4 SSDeep: 1536:LNizFS5OJ3yGdmu8JInJV+XSn1k8dBhnkaZPL1U4t9FNpVw+eQ2D:LNipS0JCHoMXS1Ldrnk6D1tt9RVwi2D ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx	MD5: 661a4ffd2196af40729ad992608b8ace SHA1: 940479b6686388ae1fa0479ec15ad153a15ed212 SHA256: 26001ecf13c68f30ef8fa32b08ac0f8d1f2e11bebdf605cfabf095ec27361570 SSDeep: 3072:9HDi+HlxViSlXbxPyWGooE0yWih6JA5LuzlxS:hB8SJbQWF0yQySzHS ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx	MD5: fdd87919a8dbf8e893bb1f94ad38d506 SHA1: 3c4cf5a54552fe09551ee524cafe5ab63e652489 SHA256: 92ec1f528dd3578fee54457c8e87ba74ac226a508fd03b28383397515668bbab SSDeep: 1536:z4y/mfEMZ0WS/DrIXsDpSV/7A2rGTgtVo77YyM6HVZneL2F:zCNCRDpSV0e4gtVo7hDP ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\Logs\System.evtx	MD5: 209e1c8f79419201e6d7e997a67e70a6 SHA1: b56fce563ffef4d8aa8b6e6aa342cd743693e34a SHA256: 367db961e8fdff26bd71e247ef4404b688af546c277407be702729feb27386ff SSDeep: 3072:pQGOSyIBULg/w9BQP/REo1O4lYAjsGZc2:JBULg/w96OIXeAjPZ ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	MD5: 2eaf6743a3fb376055acbf8260177c21 SHA1: 6fa4872da86ff706ed6449105d75269904271629 SHA256: c6d7aa96bce3fe586d4407ba38cf0653b8f616dc47600fe084420d132b05a215 SSDeep: 6144:z0AnTkisfYAPB91cgjgLt1NGRgUUCmmt0fSoD78FA1XB:fTkgA1c1tw1UDmt0LDQ2XB ImpHash: -	Access, Create, Delete, Read, Write	Dropped File	Not Queried
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash	MD5: 964b021f0aa1401009a776a9d481d427 SHA1: fa78bf9b1b501a572d4541c7b8954f90c4e9fa39 SHA256: 997fffa2aad1d26eae158aa08d26d541c570b246b46d851dd8657ef3cf74e567 SSDeep: 12:7I+AknLF1lAWfuA71WC6yMvaCLtH4Es0xbrR0Y0otHFkelvk7BiFc9y:7HPJ1lJfP7FNaJH6abrj0oVFke1k6sy ImpHash: -	Access, Create, Delete, Read, Write	Modified File	Not Queried
\\?\C:\$GetCurrent\.	-	Access		Not Available
\\?\C:\$GetCurrent\..	-	Access		Not Available
\\?\C:\$Recycle.Bin\.	-	Access		Not Available
\\?\C:\$Recycle.Bin\S-1-5-18\.	-	Access		Not Available
\\?\C:\$Recycle.Bin\S-1-5-18\..	-	Access		Not Available
\\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\.	-	Access		Not Available
\\?\C:\588bce7c90097ed212\1037\eula.rtf.xHIlEgqxx	-	Access, Create		Not Available
\\?\C:\588bce7c90097ed212\1038\LocalizedData.xml.xHIlEgqxx	-	Access, Create		Not Available
\\?\C:\BOOTSECT.BAK	-	Access		Not Available
\\?\C:\Boot\.	-	Access		Not Available
\\?\C:\Boot\BCD	-	Access		Not Available
\\?\C:\Boot\BCD.LOG	-	Access		Not Available
\\?\C:\Boot\Fonts\chs_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\cht_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\jpn_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\kor_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\malgun_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\malgunn_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\meiryo_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\meiryon_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\msjh_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\msjhn_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\msyh_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\msyhn_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\segmono_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\segoe_slboot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\segoen_slboot.ttf	-	Access		Not Available
\\?\C:\Boot\Fonts\wgl4_boot.ttf	-	Access		Not Available
\\?\C:\Boot\Resources\en-US\bootres.dll.mui	-	Access		Not Available
\\?\C:\Boot\bg-BG\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\cs-CZ\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\cs-CZ\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\da-DK\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\da-DK\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\de-DE\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\de-DE\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\el-GR\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\el-GR\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\en-GB\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\en-US\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\en-US\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\es-ES\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\es-ES\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\es-MX\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\et-EE\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\fi-FI\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\fi-FI\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\fr-CA\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\fr-FR\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\fr-FR\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\hr-HR\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\hu-HU\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\hu-HU\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\it-IT\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\it-IT\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\ja-JP\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\ja-JP\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\ko-KR\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\ko-KR\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\lt-LT\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\lv-LV\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\memtest.exe	-	Access		Not Available
\\?\C:\Boot\nb-NO\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\nb-NO\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\nl-NL\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\nl-NL\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\pl-PL\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\pl-PL\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\pt-BR\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\pt-BR\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\pt-PT\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\pt-PT\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\qps-ploc\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\qps-ploc\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\ro-RO\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\ru-RU\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\ru-RU\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\sk-SK\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\sl-SI\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\sr-Latn-CS\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\sv-SE\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\sv-SE\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\tr-TR\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\tr-TR\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\uk-UA\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\updaterevokesipolicy.p7b	-	Access		Not Available
\\?\C:\Boot\zh-CN\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\zh-CN\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\zh-HK\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\zh-HK\memtest.exe.mui	-	Access		Not Available
\\?\C:\Boot\zh-TW\bootmgr.exe.mui	-	Access		Not Available
\\?\C:\Boot\zh-TW\memtest.exe.mui	-	Access		Not Available
\\?\C:\Program Files\.	-	Access		Not Available
\\?\C:\Program Files\Common Files\DESIGNER\.	-	Access		Not Available
\\?\C:\Program Files\Common Files\DESIGNER\..	-	Access		Not Available
\\?\C:\Program Files\Common Files\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\Services\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\Services\verisign.bmp	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.rll	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\System\ado\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\System\ado\adojavas.inc	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\adovbs.inc	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\en-US\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msado20.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msado21.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msado25.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msado26.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msado27.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msado28.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msado60.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msador28.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\ado\msadox28.tlb	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\en-US\ReadMe.txt	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\msadc\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\msadc\en-US\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\.	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\ReadMe.txt	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	-	Access, Delete, Read, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.xHIlEgqxx	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\.	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\..	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	-	Access, Delete, Read, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.xHIlEgqxx	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	-	Access, Delete, Read, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.xHIlEgqxx	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Source Engine\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini	-	Access, Delete, Read, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.xHIlEgqxx	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\ReadMe.txt	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\TextConv\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\TextConv\en-US\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Triedit\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\Triedit\en-US\ReadMe.txt	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VC\.	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VC\..	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VC\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VGX\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	-	Access, Delete, Read, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.xHIlEgqxx	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	-	Access, Delete, Read, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.xHIlEgqxx	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	-	Access, Delete, Read		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.xHIlEgqxx	-	Access, Create		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\Content.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ReadMe.txt	-	Access, Create, Write		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\FlickLearningWizard.exe.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	-	Access		Not Available
\\?\C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	-	Access		Not Available
For performance reasons, the remaining 2256 entries are omitted. The remaining entries can be found in ioc_export.txt or ioc_export.json .

Export to TXT Export to JSON

Indicators

Before

After