Built off the open source project Osquery
Description: Searches for a specific hash.
What The Data Shows: Looks for specific hash in the Users directories for files that are less than 50MB (osquery files size limitation.)
SQL:
SELECT path,sha256
FROM hash
WHERE path in
(SELECT path
FROM file
WHERE size < 50000000
AND path LIKE "\Users\%\Documents\%%")
AND sha256 = "16d28cd1d78b823c4f961a6da78d67a8975d66cde68581798778ed1f98a56d75";
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.