63b541a1...67e5 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Ransomware

63b541a11d8389b13c634665ba72437270cd8bbbbc3df7dc43acfe201a5a67e5 (SHA256)

BooM Ransomeware.exe

Windows Exe (x86-32)

Created at 2019-01-04 20:42:00

Notifications (2/3)

Could not parse sample file: 'Invalid e_lfanew value, probably not a PE file'

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x474 Analysis Target High (Elevated) boom ransomeware.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BooM Ransomeware.exe" -
#2 0x7dc Child Process High (Elevated) tempsvchost.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempsvchost.exe" #1
#3 0x5e8 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome #1
#5 0x784 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:14337 #3
#7 0x860 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:14340 #3
#8 0x8bc Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79876 #3
#9 0x954 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79881 #3
#10 0xa0c Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79886 #3
#11 0xab0 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:145412 #3
#12 0xb34 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:210955 #3
#13 0xbb4 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:145422 #3
#14 0x85c Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:210957 #3
#15 0xba4 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79897 #3
#16 0xc10 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:276485 #3
#17 0xca8 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79910 #3
#18 0xd44 Child Process High (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79920 #3

Behavior Information - Grouped by Category

Process #1: boom ransomeware.exe
3024 0
»
Information Value
ID #1
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\boom ransomeware.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BooM Ransomeware.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:20, Reason: Analysis Target
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:04:00
OS Process Information
»
Information Value
PID 0x474
Parent PID 0x458 (Unknown)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 244
0x 2D0
0x 1C4
0x 0
0x 5E0
0x 7C4
0x 188
0x 640
0x 778
0x 7E8
0x 6BC
0x 518
0x 6F0
0x 6F0
0x F0
0x 820
0x 828
0x 840
0x 844
0x 85C
0x 8B8
0x 928
0x 940
0x 950
0x 9B0
0x 9BC
0x A08
0x A3C
0x A94
0x AAC
0x B14
0x B24
0x B30
0x B9C
0x BA4
0x BAC
0x BE0
0x BE8
0x 660
0x 844
0x AA8
0x 9F0
0x 9D4
0x B0C
0x 654
0x 660
0x AA8
0x 814
0x 830
0x C0C
0x C40
0x C44
0x C88
0x C9C
0x CA4
0x CF8
0x D18
0x D20
0x D34
0x D40
0x D94
0x E18
0x E3C
0x E4C
0x E60
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
private_0x00000000000c0000 0x000c0000 0x000c0fff Private Memory rw True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e2fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000000f0000 0x000f0000 0x000f0fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000100000 0x00100000 0x00100fff Pagefile Backed Memory rw True False False -
private_0x0000000000110000 0x00110000 0x0020ffff Private Memory rw True False False -
l_intl.nls 0x00210000 0x00212fff Memory Mapped File r False False False -
private_0x0000000000220000 0x00220000 0x0023ffff Private Memory - True False False -
pagefile_0x0000000000240000 0x00240000 0x00240fff Pagefile Backed Memory r True False False -
private_0x0000000000250000 0x00250000 0x0025ffff Private Memory rw True False False -
private_0x0000000000260000 0x00260000 0x0026ffff Private Memory rw True False False -
private_0x0000000000270000 0x00270000 0x0027ffff Private Memory rw True False False -
private_0x0000000000280000 0x00280000 0x0028ffff Private Memory rw True False False -
sorttbls.nlp 0x00280000 0x00284fff Memory Mapped File r False False False -
private_0x0000000000290000 0x00290000 0x0029ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002affff Private Memory rw True False False -
private_0x00000000002b0000 0x002b0000 0x002bffff Private Memory rw True False False -
private_0x00000000002c0000 0x002c0000 0x002cffff Private Memory rw True False False -
private_0x00000000002d0000 0x002d0000 0x0034ffff Private Memory rw True False False -
private_0x0000000000350000 0x00350000 0x0044ffff Private Memory rw True False False -
rpcss.dll 0x00450000 0x004ccfff Memory Mapped File r False False False -
private_0x0000000000450000 0x00450000 0x0045ffff Private Memory rw True False False -
private_0x0000000000460000 0x00460000 0x0046ffff Private Memory rw True False False -
pagefile_0x0000000000460000 0x00460000 0x00460fff Pagefile Backed Memory r True False False -
private_0x0000000000460000 0x00460000 0x00460fff Private Memory rw True False False -
private_0x0000000000470000 0x00470000 0x0047ffff Private Memory rw True False False -
pagefile_0x0000000000480000 0x00480000 0x00490fff Pagefile Backed Memory rw True False False -
private_0x00000000004a0000 0x004a0000 0x004affff Private Memory rw True False False -
private_0x00000000004b0000 0x004b0000 0x004effff Private Memory rw True False False -
private_0x00000000004f0000 0x004f0000 0x004f0fff Private Memory rw True False False -
private_0x0000000000500000 0x00500000 0x0050ffff Private Memory rw True False False -
private_0x0000000000510000 0x00510000 0x00510fff Private Memory rw True False False -
private_0x0000000000520000 0x00520000 0x0052ffff Private Memory rw True False False -
pagefile_0x0000000000530000 0x00530000 0x0060efff Pagefile Backed Memory r True False False -
pagefile_0x0000000000610000 0x00610000 0x00616fff Pagefile Backed Memory r True False False -
private_0x0000000000620000 0x00620000 0x0069ffff Private Memory rwx True False False -
private_0x00000000006a0000 0x006a0000 0x0079ffff Private Memory rw True False False -
pagefile_0x00000000007a0000 0x007a0000 0x00927fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000930000 0x00930000 0x00ab0fff Pagefile Backed Memory r True False False -
gdipfontcachev1.dat 0x00ac0000 0x00adafff Memory Mapped File rw True True False
tahoma.ttf 0x00ac0000 0x00b6afff Memory Mapped File r False False False -
micross.ttf 0x00ac0000 0x00b5ffff Memory Mapped File r False False False -
segoeui.ttf 0x00ac0000 0x00b3efff Memory Mapped File r False False False -
tahomabd.ttf 0x00ac0000 0x00b5efff Memory Mapped File r False False False -
rsaenh.dll 0x00ac0000 0x00b04fff Memory Mapped File r False False False -
sortkey.nlp 0x00ac0000 0x00b00fff Memory Mapped File r False False False -
mscorrc.dll 0x00b10000 0x00b63fff Memory Mapped File r True False False -
pagefile_0x0000000000b70000 0x00b70000 0x00b71fff Pagefile Backed Memory rw True False False -
private_0x0000000000b80000 0x00b80000 0x00b8ffff Private Memory rw True False False -
private_0x0000000000b90000 0x00b90000 0x00b9ffff Private Memory rw True False False -
private_0x0000000000ba0000 0x00ba0000 0x00c1ffff Private Memory rwx True False False -
boom ransomeware.exe 0x00cb0000 0x00ce3fff Memory Mapped File rwx True True False
pagefile_0x0000000000cf0000 0x00cf0000 0x020effff Pagefile Backed Memory r True False False -
private_0x00000000020f0000 0x020f0000 0x021effff Private Memory rw True False False -
private_0x0000000002250000 0x02250000 0x0234ffff Private Memory rw True False False -
sortdefault.nls 0x02350000 0x0261efff Memory Mapped File r False False False -
private_0x0000000002620000 0x02620000 0x1a61ffff Private Memory rw True False False -
private_0x000000001a620000 0x1a620000 0x1aceffff Private Memory rw True False False -
private_0x000000001acf0000 0x1acf0000 0x1adf0fff Private Memory rw True False False -
private_0x000000001aee0000 0x1aee0000 0x1afdffff Private Memory rw True False False -
private_0x000000001afe0000 0x1afe0000 0x1b19ffff Private Memory rw True False False -
private_0x000000001afe0000 0x1afe0000 0x1b0dffff Private Memory rw True False False -
private_0x000000001b120000 0x1b120000 0x1b19ffff Private Memory rw True False False -
private_0x000000001b1a0000 0x1b1a0000 0x1b39ffff Private Memory rw True False False -
private_0x000000001b1a0000 0x1b1a0000 0x1b29ffff Private Memory rw True False False -
private_0x000000001b390000 0x1b390000 0x1b39ffff Private Memory rw True False False -
private_0x000000001b3a0000 0x1b3a0000 0x1b49ffff Private Memory rw True False False -
msjh.ttf 0x1b4a0000 0x1c948fff Memory Mapped File r False False False -
msyh.ttf 0x1b4a0000 0x1c962fff Memory Mapped File r False False False -
malgun.ttf 0x1b4a0000 0x1b8c2fff Memory Mapped File r False False False -
private_0x000000001b560000 0x1b560000 0x1b65ffff Private Memory rw True False False -
private_0x000000001b6e0000 0x1b6e0000 0x1b7dffff Private Memory rw True False False -
private_0x000000001b8d0000 0x1b8d0000 0x1bacffff Private Memory rw True False False -
private_0x000000001bb10000 0x1bb10000 0x1bc0ffff Private Memory rw True False False -
private_0x000000001bc70000 0x1bc70000 0x1bd6ffff Private Memory rw True False False -
private_0x000000001bd70000 0x1bd70000 0x1be6ffff Private Memory rw True False False -
private_0x000000001be70000 0x1be70000 0x1bf8dfff Private Memory rw True False False -
private_0x000000001bf90000 0x1bf90000 0x1c11ffff Private Memory rw True False False -
staticcache.dat 0x1c120000 0x1ca4ffff Memory Mapped File r False False False -
pagefile_0x000000001ca50000 0x1ca50000 0x1ce42fff Pagefile Backed Memory r True False False -
msvcr80.dll 0x751d0000 0x75298fff Memory Mapped File rwx False False False -
user32.dll 0x77450000 0x77549fff Memory Mapped File rwx False False False -
kernel32.dll 0x77550000 0x7766efff Memory Mapped File rwx False False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
culture.dll 0x642ff4a0000 0x642ff4a9fff Memory Mapped File rwx True False False -
microsoft.visualbasic.ni.dll 0x7fef0a60000 0x7fef0c6cfff Memory Mapped File rwx True False False -
mscorjit.dll 0x7fef0c70000 0x7fef0df3fff Memory Mapped File rwx True False False -
system.windows.forms.ni.dll 0x7fef0e00000 0x7fef1e95fff Memory Mapped File rwx True False False -
system.drawing.ni.dll 0x7fef1ea0000 0x7fef20d6fff Memory Mapped File rwx True False False -
system.ni.dll 0x7fef20e0000 0x7fef2b02fff Memory Mapped File rwx True False False -
mscorlib.ni.dll 0x7fef2b10000 0x7fef39ebfff Memory Mapped File rwx True False False -
mscorwks.dll 0x7fef39f0000 0x7fef438cfff Memory Mapped File rwx True False False -
mscoreei.dll 0x7fef4390000 0x7fef4428fff Memory Mapped File rwx True False False -
mscoree.dll 0x7fef4790000 0x7fef47fefff Memory Mapped File rwx True False False -
windowscodecs.dll 0x7fefb970000 0x7fefba99fff Memory Mapped File rwx False False False -
dwmapi.dll 0x7fefbae0000 0x7fefbaf7fff Memory Mapped File rwx False False False -
gdiplus.dll 0x7fefbcf0000 0x7fefbf04fff Memory Mapped File rwx False False False -
uxtheme.dll 0x7fefbf10000 0x7fefbf65fff Memory Mapped File rwx False False False -
version.dll 0x7fefc780000 0x7fefc78bfff Memory Mapped File rwx False False False -
rsaenh.dll 0x7fefcbb0000 0x7fefcbf6fff Memory Mapped File rwx False False False -
cryptsp.dll 0x7fefceb0000 0x7fefcec6fff Memory Mapped File rwx False False False -
cryptbase.dll 0x7fefd4b0000 0x7fefd4befff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x7fefd5a0000 0x7fefd5b3fff Memory Mapped File rwx False False False -
profapi.dll 0x7fefd5c0000 0x7fefd5cefff Memory Mapped File rwx False False False -
kernelbase.dll 0x7fefd920000 0x7fefd98afff Memory Mapped File rwx False False False -
msvcrt.dll 0x7fefdb10000 0x7fefdbaefff Memory Mapped File rwx False False False -
oleaut32.dll 0x7fefdbb0000 0x7fefdc86fff Memory Mapped File rwx False False False -
gdi32.dll 0x7fefdc90000 0x7fefdcf6fff Memory Mapped File rwx False False False -
usp10.dll 0x7fefdd00000 0x7fefddc8fff Memory Mapped File rwx False False False -
ole32.dll 0x7fefddf0000 0x7fefdff2fff Memory Mapped File rwx False False False -
msctf.dll 0x7fefe0a0000 0x7fefe1a8fff Memory Mapped File rwx False False False -
sechost.dll 0x7fefe330000 0x7fefe34efff Memory Mapped File rwx False False False -
lpk.dll 0x7fefe350000 0x7fefe35dfff Memory Mapped File rwx False False False -
shell32.dll 0x7fefe360000 0x7feff0e7fff Memory Mapped File rwx False False False -
shlwapi.dll 0x7feff2e0000 0x7feff350fff Memory Mapped File rwx False False False -
advapi32.dll 0x7feff740000 0x7feff81afff Memory Mapped File rwx False False False -
rpcrt4.dll 0x7feff820000 0x7feff94cfff Memory Mapped File rwx False False False -
imm32.dll 0x7feff950000 0x7feff97dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x7feff990000 0x7feff990fff Memory Mapped File rwx False False False -
private_0x000007ff00010000 0x7ff00010000 0x7ff0001ffff Private Memory - True False False -
private_0x000007ff00020000 0x7ff00020000 0x7ff0002ffff Private Memory - True False False -
private_0x000007ff00030000 0x7ff00030000 0x7ff000cffff Private Memory - True False False -
private_0x000007ff000d0000 0x7ff000d0000 0x7ff000dffff Private Memory - True False False -
private_0x000007ff000e0000 0x7ff000e0000 0x7ff0014ffff Private Memory - True False False -
private_0x000007ff00150000 0x7ff00150000 0x7ff0015ffff Private Memory - True False False -
private_0x000007ff00160000 0x7ff00160000 0x7ff0019ffff Private Memory - True False False -
private_0x000007ff001a0000 0x7ff001a0000 0x7ff001affff Private Memory - True False False -
private_0x000007ff001b0000 0x7ff001b0000 0x7ff001bffff Private Memory - True False False -
private_0x000007fffff0a000 0x7fffff0a000 0x7fffff0bfff Private Memory rw True False False -
private_0x000007fffff0c000 0x7fffff0c000 0x7fffff0dfff Private Memory rw True False False -
private_0x000007fffff0e000 0x7fffff0e000 0x7fffff0ffff Private Memory rw True False False -
private_0x000007fffff10000 0x7fffff10000 0x7fffff1ffff Private Memory rwx True False False -
private_0x000007fffff20000 0x7fffff20000 0x7fffffaffff Private Memory rwx True False False -
pagefile_0x000007fffffb0000 0x7fffffb0000 0x7fffffd2fff Pagefile Backed Memory r True False False -
private_0x000007fffffd4000 0x7fffffd4000 0x7fffffd5fff Private Memory rw True False False -
private_0x000007fffffd6000 0x7fffffd6000 0x7fffffd7fff Private Memory rw True False False -
private_0x000007fffffd8000 0x7fffffd8000 0x7fffffd9fff Private Memory rw True False False -
private_0x000007fffffda000 0x7fffffda000 0x7fffffdbfff Private Memory rw True False False -
private_0x000007fffffdc000 0x7fffffdc000 0x7fffffddfff Private Memory rw True False False -
private_0x000007fffffde000 0x7fffffde000 0x7fffffdefff Private Memory rw True False False -
For performance reasons, the remaining 93 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempsvchost.exe 19.50 KB MD5: e40c6c092f093bd84544c46b75136212
SHA1: 4e572fb842cbe318f6387d254741045f7bf5b230
SHA256: 0eff6a71d9bd1549d4c12bc984ed722b9139f75615d4adcb49f9ec240afe9d7d
SSDeep: 384:/beRWGOUNBkIcfdLLL9Oh3vDuqlU/6H6WWCsjVFrS47zHjjGB4wB:DyPOUNKIcfdLLL8h3w/bCSlnH8
False
Modified Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\gdipfontcachev1.dat 106.27 KB MD5: 92e128dcb152d05f07faf5da64bd1c91
SHA1: 2174814ca563fc2b9679fffbf1b40bdf3ac9abec
SHA256: 11437a99f5f9c0a6df09c64abc8828ad3ecd8cf4fa601340ded86b8945edff43
SSDeep: 768:i8HrbdvVyZHgTl7ho5sZWN/Ys9byFRQ+AwqGuGyZoVyOF7rrlqTIyMnm:/pVyZHgTl7h6tKR7AwqlGyZQVO1Mnm
False
Host Behavior
File (7)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempsvchost.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BooM Ransomeware.config type = file_attributes False 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp type = file_attributes True 2
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempsvchost.exe type = file_type True 2
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempsvchost.exe size = 19968 True 1
Fn
Data
Registry (8)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_CURRENT_USER\Software\VB and VBA Program Settings\A\0 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\VB and VBA Program Settings\A\0 - False 2
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework value_name = DbgJITDebugLaunchSetting, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework value_name = DbgManagedDebugger, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\VB and VBA Program Settings\A\0 value_name = RunCount, type = REG_NONE False 1
Fn
Write Value HKEY_CURRENT_USER\Software\VB and VBA Program Settings\A\0 value_name = RunCount, data = 1, size = 4, type = REG_SZ True 1
Fn
Process (54)
»
Operation Process Additional Information Success Count Logfile
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempsvchost.exe show_window = SW_SHOWNORMAL True 1
Fn
Create https://www.facebook.com/profile.php?id=100027091457754 show_window = SW_SHOWNORMAL True 15
Fn
Create https://www.facebook.com/profile.php?id=100027091457754 show_window = SW_SHOWNORMAL False 30
Fn
Create https://www.facebook.com/profile.php?id=100027091457754 show_window = SW_SHOWNORMAL False 8
Fn
Module (670)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\user32.dll base_address = 0x77450000 True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\desktop\boom ransomeware.exe base_address = 0xcb0000 True 31
Fn
Get Handle comctl32.dll base_address = 0x7fef48a0000 True 127
Fn
Get Address c:\windows\system32\user32.dll function = DefWindowProcW, address_out = 0x7769b0ac True 1
Fn
Get Address Unknown module name function = ImageList_WriteEx, address_out = 0x0 False 510
Fn
Window (25)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = WindowsForms10.Window.8.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create .NET-BroadcastEventWindow.2.0.0.0.378734a.0 class_name = .NET-BroadcastEventWindow.2.0.0.0.378734a.0, wndproc_parameter = 0 True 1
Fn
Create Boom Ransomeware class_name = WindowsForms10.Window.8.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.Window.0.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Warning Do not try to turn off the computer more than 10 times Because you will lose files forever class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Get PIN class_name = WindowsForms10.BUTTON.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create You class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Welcome class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Extract now class_name = WindowsForms10.BUTTON.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Enter the pin to extract the password class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Oooooooops All your Files have Been Encrypted To Decrypt the Encryption enter PIN We will Extract your password on your Desktop class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.EDIT.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create in BooM Ransomeware class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.Window.8.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Boom Ransomeware To Get PIN class_name = WindowsForms10.Window.8.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.Window.0.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Back class_name = WindowsForms10.BUTTON.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Open in the browser class_name = WindowsForms10.BUTTON.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create 100027091457754 class_name = WindowsForms10.EDIT.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create my ID = class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Mohamed Naser Ahmed class_name = WindowsForms10.EDIT.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create My name = class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Search in Facebook class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create Boom Ransomeware class_name = WindowsForms10.STATIC.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.Window.8.app.0.378734a, wndproc_parameter = 0 True 1
Fn
Keyboard (2222)
»
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 25
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 0 True 107
Fn
Read virtual_key_code = VK_RBUTTON, result_out = 0 True 433
Fn
Read virtual_key_code = VK_MBUTTON, result_out = 0 True 431
Fn
Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 431
Fn
Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 430
Fn
Read virtual_key_code = VK_SHIFT, result_out = 0 True 13
Fn
Read virtual_key_code = VK_CONTROL, result_out = 0 True 13
Fn
Read virtual_key_code = VK_MENU, result_out = 18446744073709551489 True 4
Fn
Read virtual_key_code = VK_MENU, result_out = 1 True 4
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 18446744073709551489 True 21
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 1 True 284
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 18446744073709551488 True 21
Fn
Read virtual_key_code = VK_MENU, result_out = 18446744073709551488 True 3
Fn
Read virtual_key_code = VK_MENU, result_out = 0 True 2
Fn
System (12)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Get Cursor x_out = 685, y_out = 817 True 4
Fn
Get Cursor x_out = 485, y_out = 634 True 4
Fn
Get Info type = Operating System True 3
Fn
Process #2: tempsvchost.exe
12690 0
»
Information Value
ID #2
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\tempsvchost.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempsvchost.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:34, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:03:46
OS Process Information
»
Information Value
PID 0x7dc
Parent PID 0x474 (c:\users\5p5nrgjn0js halpmcxz\desktop\boom ransomeware.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 7CC
0x 690
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00030fff Private Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
private_0x0000000000090000 0x00090000 0x0018ffff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00193fff Pagefile Backed Memory r True False False -
locale.nls 0x001a0000 0x00206fff Memory Mapped File r False False False -
private_0x0000000000210000 0x00210000 0x0024ffff Private Memory rw True False False -
pagefile_0x0000000000210000 0x00210000 0x00210fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000220000 0x00220000 0x00226fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000230000 0x00230000 0x00231fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000240000 0x00240000 0x00241fff Pagefile Backed Memory r True False False -
msctf.dll.mui 0x00240000 0x00240fff Memory Mapped File rw False False False -
pagefile_0x0000000000250000 0x00250000 0x00251fff Pagefile Backed Memory r True False False -
private_0x0000000000250000 0x00250000 0x002cffff Private Memory rw True False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e0fff Pagefile Backed Memory r True False False -
private_0x0000000000300000 0x00300000 0x0030ffff Private Memory rw True False False -
private_0x0000000000340000 0x00340000 0x003bffff Private Memory rw True False False -
tempsvchost.exe 0x00400000 0x006f5fff Memory Mapped File rwx True True False
pagefile_0x0000000000700000 0x00700000 0x00887fff Pagefile Backed Memory r True False False -
private_0x00000000008a0000 0x008a0000 0x0099ffff Private Memory rw True False False -
pagefile_0x00000000009a0000 0x009a0000 0x00b20fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000b30000 0x00b30000 0x01f2ffff Pagefile Backed Memory r True False False -
private_0x0000000001f30000 0x01f30000 0x0202ffff Private Memory rw True False False -
pagefile_0x0000000001f30000 0x01f30000 0x0200efff Pagefile Backed Memory r True False False -
private_0x0000000002090000 0x02090000 0x0209ffff Private Memory rw True False False -
private_0x00000000020a0000 0x020a0000 0x02215fff Private Memory rw True False False -
sortdefault.nls 0x02220000 0x024eefff Memory Mapped File r False False False -
pagefile_0x00000000024f0000 0x024f0000 0x028e2fff Pagefile Backed Memory r True False False -
private_0x00000000028f0000 0x028f0000 0x02acffff Private Memory rw True False False -
staticcache.dat 0x02ad0000 0x033fffff Memory Mapped File r False False False -
private_0x0000000003400000 0x03400000 0x0361ffff Private Memory rw True False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
comctl32.dll 0x75140000 0x751c3fff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF 6.82 KB MD5: c2dd69158274d793bba30224ad58d207
SHA1: 2c88d7282efc879f84c51719c227c67de566c873
SHA256: 14f9788492fbee641599f4fb3d7e2544af0392be5ac459968d9608935ce71175
SSDeep: 96:U6zMva+RLKG8ZM//lwagJbP///YW9Do3mjRRB07yiQhVva+7:U66Rl8ZCNwagJD39DoeVeyiQhN7
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG 16.35 KB MD5: 1651b875adda5c0dabcb00ae6d130771
SHA1: 3e308f5f0b6009b979f6235bc3f3ecb98d2642fb
SHA256: aab761e5f62695e6c0e3b3a10efdbb07d352c39d36b10b587eae2acb0fd6440d
SSDeep: 384:3motFXFpUMf6Mrk/41Gzbn+FpAUhYAOUJpEK3TRPxp8AEMA5QnTOTpAQ:3ff1pUMf6b//gXhsueW15ChST6AQ
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF 5.49 KB MD5: f3d931e0ed87f24e5ed2eafc12ba8912
SHA1: c34c2a0a01a4d3af02232885daf8246539f94753
SHA256: 2bcfc6ac1471fb8bb21a6056b352e9500add2ed74126b07093fc510eda111784
SSDeep: 96:vOk2gzrucoKkUU+OEKWaioDszp8iWRplMvSeeDRsYm8ouVmuP8Sc/INM:vO3gzruvKkUUXBYd9h7eljN9Dc/wM
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF 2.37 KB MD5: e47048fcf39cf1d262750c7df017e9fc
SHA1: 57fba8f2ba3bf3889c29512514d19ddb6c8c7e8e
SHA256: 65149a5c6c2977b8f484b59213e1e59dc1548cc6b25d92b8d8f7aefe3a986470
SSDeep: 48:2OnUqcW3gHKvCkdKAhpR9i0z08cVGJvA01wOfF+95apz/xqP8srLGl:2Ok2gHKJIAdIhoJ51ww+9Y9UPtPGl
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG 46.99 KB MD5: 1929756cdd1f6ea5245b25c1b3f2ad1e
SHA1: cfc1823236dd997387fa822eb85ce65217bba0a7
SHA256: 854e4e14b5cc79b8f472a2121d577caf9b3f089f7c3a8c4b810a4ff266c5879e
SSDeep: 768:tUmq5FmOyUzqDXjKbnnUH4MF96vUVCgsft9/ZoFaEG7To1B2yk5xUzs7SijvXLWc:emq5sO5Wi7nLQ96vUVC/ftJKUN7ToWTz
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF 1.64 KB MD5: 7e793a99b0aa31669c713fc40a52925b
SHA1: 92ea3cbe436e3912860f5d520d75b436dee363df
SHA256: 19a44adf7bc5ec71f1b465172354586c1383bda40d19756bec82d4430b6ec4f9
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQnZuyLN24Jb2Z21L/TUVIwMhn74GknB:EAOpFu5jvr2Mk3juyLI4JSZ4LQEkB
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF 0.75 KB MD5: 6901c88c04c2e33d444aef6006b7bcf2
SHA1: 28d27d4470cf95ddc0ecf941f6c33a430c977d73
SHA256: 725a5b2d97ce1f499583eb2254f3befa2ab335558d7e312ac8eb5ad927ecc159
SSDeep: 12:dXTAjD+QxDJwTEpew3kh/C4gCXPZWa58z0Z71TCtvM6rdqp52NYdGRPg6q5B2f29:Key4EA+k9C4gwPZv58z0Z718Mcdk2wz9
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF 6.87 KB MD5: 719705c2dfdf032f488d36f9faadf116
SHA1: 64df24803651f701bf8d6b6c4faedf1d9fa71a79
SHA256: 94a0318905c1803ba3b7f5592a133b2ec6e15171d7b88db3f37233033e1ba752
SSDeep: 192:bLEPC9vYDXrCiDlVEPo5bw4KqTzw6l+MpYGZNkewD5NluH3dnij:bVQDXrColVbVwq/wfMpYGYegrENij
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF 3.07 KB MD5: 6aa28565db5ecb60b63820d2f62050fb
SHA1: 45923d52d13aaeb8817847c11dde12cbd77e007f
SHA256: 1ef7641639cef1d8a62aebd0133c8fa7fb1b3dfad2d00a59957fcfb5a769bda3
SSDeep: 96:3WeC9OtiaHOrO11xZRPnUE50Pbg5y3rrwTja7aTp:3WeC9OYYOrO13fUE5kbgE3rgp
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF 1.32 KB MD5: 423d2e2aaf0e79f47a445b43178dfdd7
SHA1: 14df6b8b0c140563ea5f6288037ac99e37b50429
SHA256: 453f5d839f81116112929fe765757b76b65c3dd0b7796cc7d92b031c509d0d7b
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3oFs96XjJlCebRsyrz1IJ08pGO9k/hYGHkq:EAOpFu5jvr2Mk3in3RsU+OekpYGHyM
False
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe 170.35 KB MD5: d664e40ae53c5a2e4aa978068cdb3546
SHA1: 016c3a46b8ffae5af9c7b682180f5d4f7b2fc17b
SHA256: 48b0471b22141e7a2504dd7c7ca43d3327b143dfcc6414bdda0af7ebb697bc6d
SSDeep: 3072:pZHNa1L0OpjOFFyejsafB1nl318Alebo6kdmPcifjmp4EQCQvpBizXcrIfeM0S8V:r0Fpa2ejsafR318Fo6kdm0ifr/LibcsK
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF 1.42 KB MD5: af9049084a7185dea2eb95587382e9fa
SHA1: ccc88dce84d93208a1267d18516fd49aac1cb379
SHA256: d4b99649b88bed69d4ed76ebf5ec729f4e0dcbd43d642c50abe2ea63c81672d2
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQEC4nLpg0RIvZRlK/dcAWX71BKnitkc:EAOpFu5jvr2Mk3+pNgcILlecAWX7bKnk
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG 19.03 KB MD5: a84ed82c4d7545f637928a44354084e2
SHA1: 3c1b740ff7ed1cdff66a2e03a41269a3846eb90f
SHA256: d20fef1034f4e89a11058b64854adaa1b868956c4ef41e3fd9babc31de70877e
SSDeep: 384:Fu+BpjxDCTXn9UTN/VbrjpKRYB6Rsppo4z0cbll0enF:FuYxDCxU/bXpKeBME/z0QxF
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG 15.37 KB MD5: 557bf5a5df5bf4aeddb416d95a3bb762
SHA1: 17002c6190f7dd7424527e086e2c615334b2ba56
SHA256: 9a9493fcd8f6dea6a98bd9676c2b849e4a5e403e0718d97cf3c492afcb326997
SSDeep: 384:WmwyfsxfmbFvtjKmpblIXTawLoYb5zOKOpRZQ+ek0iY:WmPUQbFvtjK2mXNoy5zWpzQ7kHY
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF 2.26 KB MD5: 8d4bc05318f712d405cfcfa92bf5c33c
SHA1: 96c1ae67c99885f42ddb79433a5a9b5dbeba5c89
SHA256: f96fc652e4cf2a2bf3dd9a97ecf1017c74646a999bca4bbf1fbc33917c5e1bd5
SSDeep: 48:kOnUqO9+0ieGc/2cxOQkDp+/0gEmuRNqDceXru:kOIZXGcucMQkDk0gcRIAt
False
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 530.57 KB MD5: 0a583b1dfe415fac214579ab0ae65ab3
SHA1: a68d4a8b4a4be25900973ff37a06b57ef62ef487
SHA256: 7e072d6ac26bbab597228ee58ee871f7d32c946ab9b87f4ddeffb4f7ec54694b
SSDeep: 12288:jmZ5yE/34ueknA0/gVl1IvcA/yCc3vR6mNlec0jhmFII/OzWrm8ikVA5jk3:U34ubnAGgJ8cACI9jhJOKy
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF 4.84 KB MD5: f900518244f4a28c5d234540d5e26afe
SHA1: 5b6fa83358ec3fbb37affe838ad6d86de848c424
SHA256: ec4ca7dd447a0d98025648647e404e45d0e8fe9981cbb7102c0609c669e4799f
SSDeep: 96:z2xuQTN8W0BucSfR7gzqNZbedMZuJwqeXN3am5+OlAHlca4dZpqi7g:axdN+uR7gzG6dMcqZ75+OlClwdZpo
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF 1.52 KB MD5: 5931e2e3a1e732992a632090c3d9cb43
SHA1: df18e0c63059c66a9c11d2b6af5ee3b48be71dcc
SHA256: 3a7b018747c1bc229f13ce69a68186baeb3c2ebae01059fd8707f423f995a078
SSDeep: 24:WB0NSUBDjtZnm4Dg9G//OI/nEz8BTnu+iyuRpKHI3:WekWhZnhDK0OI/EzMBi/RGI3
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF 2.66 KB MD5: e668c910ccd0da834b0243a2bcd648ed
SHA1: c6ce6f7ee32a2264153fcf5196f13ee38bf57652
SHA256: 9d7ac9918492d896b1415c2a30b773884120078c1d60179447069dc580aa34a5
SSDeep: 48:Crl9kNJKoozvHd7OvDoMDFI6PyIegbsRJqk6H9Vx30BowDnxBnC4TiZzCVYYR:CxFo0HVOvDoIFI6lfbsHtK70BowDxrEK
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempsvchost.exe 19.50 KB MD5: e40c6c092f093bd84544c46b75136212
SHA1: 4e572fb842cbe318f6387d254741045f7bf5b230
SHA256: 0eff6a71d9bd1549d4c12bc984ed722b9139f75615d4adcb49f9ec240afe9d7d
SSDeep: 384:/beRWGOUNBkIcfdLLL9Oh3vDuqlU/6H6WWCsjVFrS47zHjjGB4wB:DyPOUNKIcfdLLL8h3w/bCSlnH8
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF 4.29 KB MD5: fdaba3d8eafe87024cf278c4f8fcfddd
SHA1: ec1646b57c68e1e317580eed3414b0c26ff6496d
SHA256: 61e2d657a680cf7abe9331ffcc62172c210e0cba0aeafbad9cb3cbc14157a477
SSDeep: 96:1NaX/foUfVfoKiH6nGM/cTKZRVrFnNPMuBz:69fdNRFbsu5
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF 4.87 KB MD5: 32f6a361175732d5349eff129c2e6826
SHA1: 31ac5188ca3505afea27b31c92d6a3fc0dab06f3
SHA256: a37ce1e9f113fafce3a0c18498e6b6a52f97501862e330e658357a3313aa258b
SSDeep: 96:E/pQ5jj2MQD2i8CmLILeoF1/RlZ+chPCS83UY4qIc+8/+EIevOiiogtJ4y:E/25jkyJLILe2/Z+CPjdf/e2iiogLD
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF 7.89 KB MD5: 67202d0aef3412db2c2400cc16ee83dc
SHA1: ba635301954c7430db939f24b95d170d3f5664bc
SHA256: f35ab1d4c72c7c8f248bdc8e8eaa97126ba3688ac2c8e62dd0e93fe200eff066
SSDeep: 192:nO3gqhwZdNbG+2NXoSjstiJTR8PYGuYfzRm3gdvvAMQ:khwZ7G+7SotiJTR8wM7RT4h
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG 11.30 KB MD5: 801198c9ced740c8e2bfe979048d29a6
SHA1: cb015b2ace22e06b513596a79086de58ba88440b
SHA256: 220ea4632511e7f2fc1beea166a92e51db5e0a51ad3c9bf4e0fc3ed6f27f93f9
SSDeep: 192:MqJoxX2BN1shK5OpPtz+0wA2tGVQPHyCGLF6NEhDtf55E2edPg73wJDv:/cX22hxPY0ObyCGLF6NEh/30PYu
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF 2.42 KB MD5: 09ee78ab2a2cb24a0e1dc0cbb9e900ee
SHA1: 29137addf6141e0ca2f16bcff816acdd678acf92
SHA256: 0f41e06748c8203ea496569b75448f99a431d5b3f0b8ebb24a4e1e1d91565c6e
SSDeep: 48:fC6cBwpjnAJSbqNStJS3WtxZSwN7T68nTv6fANt+bm5u00oRLG0:Ju4qi3xZVT681k00oxP
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00531L.GIF 8.02 KB MD5: 8ab238c018c5a42aa7f4b0e9bde126da
SHA1: 78e8cb1406f4e37292da743e2edeaf91593c748c
SHA256: b4f05d3a97f484f1dd59d4b6c2213f9118b8f979448894cd2682829cc66a5c61
SSDeep: 192:LO3glpkMLN5zUiwID9A5Mtj5pB3OXwjmCJwLAm8d2qeJx3Ky+r:Qib5zUQD9Aq9B6wpJ6Amo2zz7+r
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF 3.17 KB MD5: dab84eb316054469429e8bf70e74f0e2
SHA1: c9af6b480bce0b969a6baf729dba714968568d08
SHA256: 9666e562d7067a256df55d7c8fb6d8c3ed13b3594527d99c95d795ac41770e22
SSDeep: 96:KJRb2NixrK9MR8MvprrpslQT7slvk7DmCrH:yRb2NixrM688rtjT7s2L7
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF 7.91 KB MD5: ac6e2219b9514b3e21a1c3e075cfd565
SHA1: 940e56125348f4c9d5b0a751fd9dc3714a3ea259
SHA256: 39eb17dd4bcf3a05a1afbca03d86882fa6e7d39ca501623e8bea0724aded178b
SSDeep: 192:bmKAPDAaLxUYvYbcH0B2xLJCjns6cSTN7yerF+bVWYEYd5C:bq7tx5vNBJCjnAQye5uJEYjC
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG 26.76 KB MD5: a9575166bcb65c6aeadc251cccf7ac78
SHA1: 262fe5d53c76b2793e58f1da840e81018756d0b6
SHA256: fd00c26bfaff61489732c5f29601a02f3c69f95ab9e89e086a1d68d350ba5333
SSDeep: 768:ZtOqekk/AItythpQwejb1iO3IBZ4gwElricvUgl:ZtOqL2AqYrQwejpT3IBZN9ijM
False
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe 507.41 KB MD5: 97fb252033ece77a304da5db38a5cf40
SHA1: 96bea2544eb91099b97896fe3b90333f7741d330
SHA256: a13f7edab25a0ec5e3123cc3eb97e015cdd2b0b02c4f1df05acd569dbc461758
SSDeep: 12288:xEZWJbgVriXwRgS0C3lFrR8TOl/EUPPlIVA53hPs3ak:xEZWJMFiXVSt8iCUPPCVOPs3ak
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG 29.46 KB MD5: ad69eca390cd16d39bc627a1512ad59d
SHA1: 78d41471115ae9b9e7c6b62f523e79647d7765f2
SHA256: 52c487aa48b9b3f1ed4cd0cfa7755dd9dfff584ce6d080aafc9d66bf3dd1c237
SSDeep: 768:rQ/FGa5mTmxWOK5m7eXehv8HfY6i5INOLWEGyM+dWsdi1:DaimxWOgmyAvp6i5IsHM+dWsA1
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG 36.24 KB MD5: e402ad07124354453ef77e79aa470051
SHA1: 4e88726fe3c5392afc74690f34dc6824a9398f37
SHA256: f81d1b52258e6d977dfb92462f384377aeeedc1b2b8e2325d2400c714e63d53c
SSDeep: 768:AnrcpqSvc0K6T7op+2dR2KHwdMR/DS9KxSJe4fTbrdUp/bz:SMFK6T7oQfe3cksECR+
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF 1.35 KB MD5: 7f65c31bddd8a5fbf40665289b44e0fd
SHA1: caa62196d2ea839713759f0e1422dc4901c99f31
SHA256: 635245940f3406e3f7fb37361c5a0d1f9d59aa2ed30abae66d3ff3d5193ade3c
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3oFs96XjbMYNd0IlVH/8pxJXj4U:EAOpFu5jvr2Mk3inE6d7/OJX8U
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF 1.56 KB MD5: 689a55cdd27f22d1ed98d991e640d8f6
SHA1: 51832f164529fa4be23ef39ba7bfb6f9604f6bc7
SHA256: ff1b9eee93f795ed6302166a5438707ebb71b3fffbbbce9be88fe9a2972e5caa
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQluArsM5elH4uA41gB/tbcX9GQUH/:EAOpFu5jvr2Mk3XTH5eyupgRmsQUf
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF 5.19 KB MD5: 8c1439fca1b6a4112fa7548adcbeb93e
SHA1: 9e8aa787d1ee3ebbd7aae42d9d30815f279c1944
SHA256: 996098c1830a3e4d80ac19e5a021a2b9176aa4d21c252358a2f91469e6d6fa72
SSDeep: 96:8qaNcLvfia0zzc35xrRcA+gQ3uXIT2TJz7jKPXjaM:7ecLv6tnc3TSA+AXI6V7j6X+M
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF 9.03 KB MD5: 7841d04f1d6aa468961a1c094f50447e
SHA1: 6cf0e2bbc834659cf1b15af938ad6dd55fe4bbd8
SHA256: deda13853aeb8a78cccb90bc8c9013aeb7ac43dad35e7e4513f0d0b8f432c3b1
SSDeep: 192:Hy2/xZbuAVaegys0Pe3ldRG+6VCLSP8SJFcget1AM1WN:h/fPVR0dVdRGpEmWgy1AMYN
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF 4.90 KB MD5: a1e6a513d63398586bdebc936a3d5296
SHA1: c368339d251171a4f844c63d55c2ca7b8e482ec4
SHA256: d8be04a36735dd15ab2687f2bef54bbfc97e8f600d494f68217273c8f8112cf3
SSDeep: 96:A6zrbo0UIGQcW2KkBm7XSZaFl2kjiPYePI+fjcnzH:A6/bLnH2Kem7iZaFl2k2YeI+fe
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF 1.63 KB MD5: 96129ca7510120301f3c75bfc26b7395
SHA1: d89a809be710de8a75f9fcc09fcbe054c114f562
SHA256: b335da0fe0b039d10a04b77481aa7e8c80631dffb141efb0fef5bdf87442cde9
SSDeep: 48:EAOpFu5jvr2Mk3lUlQuaJLj/eyuNFx7a1e:E/pQ5jj2MQGZgy1/7aU
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF 3.40 KB MD5: 65e5f33676c51d026c66251d0542ba16
SHA1: c0fed56fbeed3cf9f52fb29b6e007ce7181b3bbd
SHA256: a63534c0e5484d37885e6017b42db1fae71aacee56ebdedaaac5ade213848815
SSDeep: 96:mpZWnfSyUcR4BN4zhrNs/6Y7GAuk4aoD7yDC97KfmM:mpZWnfSTc6BWs/L7GAu32CkeM
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF 3.86 KB MD5: 53c46839d5eb0a11e5cf046dfe0fd8a3
SHA1: 6ead4276827317951ac5e0a240dffa1642642ba6
SHA256: a85b7f04bc9d916400f676dc7dac7d4ab1f914cc40e779ae23c765f82fd03bad
SSDeep: 96:6VbuEvhFdAU74PkQ5ftnfJfUxkovHj7XgTk:3Evrb74PkQN9fVUxRfwTk
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF 2.40 KB MD5: b117e462ae4337431bb599bb75187bbd
SHA1: 210faee37881a06f0b37e8cbb2ed37090c49cfe6
SHA256: 8557be69328871d20d49bd91d1ad65e506335de000653c8aa2fadeebb753887c
SSDeep: 48:fOnUqO9+02LAAl8RDhycbMyLYmWkSXg687U0VQjqsx:fOIZ2LaRFycArmAqU0Vsdx
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF 2.92 KB MD5: afbd872813eb1b6bf772494de82edb96
SHA1: 507a826d33f8bf33e11dd0d90e68cd6f1d7660e1
SHA256: 8394cdbee5c1e6dad310a952232ea217d1f825e12c97b17f74d5dabe1f6ef0ce
SSDeep: 48:6O/Te9K2O2rRPgPGJUr3s6/3SmF2Cnf/kHAUG3RiMhPqNMOplzI999djw2W:6O7potgPGJUzs5mU4kHrQRiMhPYb899G
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143750.GIF 1.06 KB MD5: f85c15e4ebe5776776ce94675a110c6e
SHA1: e23e607d00815818669fd8f22442275ae4ac82fd
SHA256: 1e37d9c6d684323fb565a051eb431167253ab15b15e938ae625564e57791fe31
SSDeep: 24:+Tu13aCUTIf22DeqDm6++KmAHO5DDDDDDDDDDDDDDw6Jkm+VTIbjWYe:Z134Ifteq6nPu5DDDDDDDDDDDDDDw6Ji
False
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe 97.34 KB MD5: 67664f5f80824cf337d536d32c287568
SHA1: 1e43f0879b55b58953a20cfb10a54430e6c23bd2
SHA256: 915f117e1c1143c61e7b603fa0a5a92b49be80fc67a78a299780c842cbfc25ea
SSDeep: 1536:wCJQHwJRiH8vNNZ2J9y/4S+n8JXOjVDSzy/YW1j7wPZObnia8H5xxOC0En7D:wCQHuvNcnVh/YWxIYbiawGCN
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00673L.GIF 8.23 KB MD5: 1324c3c806fa2f7625beb7a9584a26fb
SHA1: 801f4cecb7694dcd89da14f3ae259c6bf7ab70d8
SHA256: d2a13d77bdbcd24e92ad0d8cdf408b37ff4d64015c0fddf8e510cd2fb791344a
SSDeep: 192:LO3gKsbLEv16Xfiz4TdyWnfaa6fJzve7vSffnfig7PI8C:QFsbLe16Xfi8TcWnfaa8YMffig79C
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG 20.09 KB MD5: 19cd1eb679fec9dc55cab1aeeec00b1a
SHA1: 8c910f8c30f362d7808851d440ecd8e81273f80f
SHA256: 93576ea599e458e56ba609e622d300e99aaf923971d47eb748a5654080caddc8
SSDeep: 384:DowfOdEQd4N4X9yzfkXE4pOYwhrU3C94MdCeNUqfCaVVrsN0VdwCR1:sGOdEk4NiEIOBpUS949euwruMdz
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF 14.95 KB MD5: 454e9ff1d50dc76dfd9d53b1029f27e9
SHA1: d7e9236aa25e4757e0eee27e93b9c6e586881c2d
SHA256: 76ae3226b9d54c4d9e7c8ebfff6351614f050e2b5225948ac3c234301961a773
SSDeep: 384:psmhHgXtMrtcZ1jZ9MQjHw/UFjVrZUAOGR+QTh3jJ/:psmFoMtI1THdnrOMt5J/
False
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\SmartTagInstall.exe 15.38 KB MD5: ef4232027083d37c7ef14a5169c59ff5
SHA1: 6081bca8d9d571e460eb11394df56c4693e48264
SHA256: 65c55176e4f4a4e37d987441577652d62ea80e2c5f0e11410dd57aad3cb64250
SSDeep: 192:HD5Mc+RmkTc+2azp9zp1sl1wHtqaLT+JXESdifjcSv9lJYvKOoyhV:j5F+HA9OvP2A5LTipdi7cSv1Y1hV
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF 0.99 KB MD5: 614b09bdc9715c5302193e9b803b1b2b
SHA1: 9a99ad9635f0a97332f5cd6f95d69fda1a7eb88d
SHA256: 87cf6a6a6a224cdc2e8dc6fccd40e2e0e7dd7ecc53771bc5feb97d43caeafd96
SSDeep: 24:QBh6uJq5who/azvsifXbx5Z3uSNzGgktQ0J7gUxjHpR/81wEg:QaEaw/QwXbx5Z3TqJkCW1Jg
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF 4.57 KB MD5: cdd81fe14278ff94df96f35097d2e3ea
SHA1: 6ba65e58e8cfc60e08fa5d9c58925e76c18cd0ed
SHA256: 6a115cd0d94ddc8175ed7ff4720720ad3a8aeeab6ffae3b9e106f9c4b173f3b0
SSDeep: 96:LOk2gQTfHPDkZuCwDygqhhLptVCX7wcP8aF0A7p5CvGyoQBW3:LO3gQPDkvweHLCXJP8GHpfd
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF 0.92 KB MD5: ee73edba15740bdcd3994f0bc43a760f
SHA1: fea2b2a773e5c7803c0aa20085a228fb8105f81a
SHA256: b83e6aaa41e40a96400fdab336b4141990bab10aae4c773e1622164314d3bd61
SSDeep: 24:v06VyE6d268Eq3eNiKYItQGY2lmw6dO7UTQ:vHQ20c20w6o7UTQ
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF 3.40 KB MD5: 4674c2d404d9fc1574f45aca052c6b22
SHA1: 74a47f85142defc720740853d5e890472b53f352
SHA256: 89c458f7fc023b19f61f4fe2f6339404603f1795e58a06ecf3e70dee50cb9683
SSDeep: 96:E/pQ5jj2MQdBLXwUQUdd+PQpHQ0ga6ZcrYv8XKpJuGyi:E/25jkdBLXw0mPQpH3V6ZwUpJ3yi
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB01741L.GIF 3.53 KB MD5: 8367f98703ba1f68daae6f710b82b4d4
SHA1: 8204c40558f1ff019553c2c5199103f03d7fe2c9
SHA256: c4e90c14f5788144037bdcda8c0e6d8a84ae121d8cede5eedf97c8fc903640e4
SSDeep: 96:pOk2g9q718h/GVVVD8HbBkPWSlrK3DCIBsO8k:pO3g9qmRS/D8HgdbIBsfk
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF 2.61 KB MD5: 6e23058b3998f2c24635e616133da99b
SHA1: e7a5fc94158c947caff500310e77621288e466d2
SHA256: 0e649c08d1d6dce13fd36b8fefacbf99575ef0342cd1ffcbda1e60f0dbace6ef
SSDeep: 48:hOaYHjU7B4scMa1J0W70B3Js8SN7gqlY/jvSw0MVNlEUBuxRaMNqMUuZ7J:hOpqBzkj70B1q7gZrrl7WRaIXf
False
C:\Users\5P5NRG~1\AppData\Local\Temp\Bdx48saERp3j6l1.exe 0.00 KB MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep: 3::
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF 13.20 KB MD5: 46b9d8b5e344686e627aac3a5fb1728c
SHA1: c2e66e2ba99dd4dde72400692ab81e4da7d843cc
SHA256: 16eb193119f850f9d6c86b4e54c0aa96fc288a39d173a57affed21060ad58ea8
SSDeep: 192:CRQN4pWug5ZzZ166H4wi6qWoqkjBmhIjpTpL9bWaEvoxi1p2ggYJDlEI2uiA:CyNM4H4V6qfjBmhI9dL9bEB1s7YJJeuD
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG 43.80 KB MD5: 6ff56c1e395e8791c966d6186a3fdd9b
SHA1: 0d4a9c4d33663c276387a29c691905c1f67c4073
SHA256: 63ecd3db9d996d9d73b5464fc00b7966fb7576be90bf42318cc667bdb8e22917
SSDeep: 768:IXWxlsq6k3vM7b2gXjjLhwQ0WdhvyauXK121kFD1MFas+Ef+OQZ+gjmy:IWLR3Q3jLuQ0RfRkF4y3OQZLP
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG 28.62 KB MD5: 10f893a3e81fd25d5c6cec38340cd318
SHA1: a0cba43ddcfa6e8b23326396dde6df2d180398ff
SHA256: 02c473f000884e1b313a326b96c203cb6e0d78f2d4f92426e5a6d52d9288f10f
SSDeep: 768:43DRygAInPOoBN457Dwd4pnbXCSxMWzuui6Q:cDNV7sEDSvPM
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF 7.41 KB MD5: fa21d6f73483d2af3c235240261d5475
SHA1: 63cd315b5d0a973c9ea112eb56f766616746f11c
SHA256: 3552195f3e8a4540014347b93354390e4ca6ffe5b568c7ab9eaea0c25b455b7c
SSDeep: 192:Z6jrxsGJt4MM0hdwvAu0VbZKCSWDmRpS7j84afMe1AM1WC:ZK1CMjhVzVNmWDB7wbz1AMYC
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG 32.24 KB MD5: 9149ecc9cd05a5b41169abdd4ecab813
SHA1: 0fe6cf1c0a6c7046768fa76aef404b6798e343c3
SHA256: d79cfcb0abe8f86a732d972291c133133ce8069f516469cf6db2082808bd75cd
SSDeep: 768:1pP1MJl2yhgEmH3pNWAdnlrO79lPypeJdCKoCTRMo9lr6UWi:1slXG3uAdnlO7qidCCRMoD6O
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF 8.04 KB MD5: 0096a7da3513fd2087ad2982e6d0f95b
SHA1: 41085a40469574db07123cf227d8185a915d5ea1
SHA256: 574ff77d25c082834b8bec08172070b2d7e0d55c3f2642502ea03e6c03e967ae
SSDeep: 192:npO3gMTpkktsQmPchaS1wAfQ632asGJdSFAppbm1m:+/7L68aaH8Y0Yxz
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF 12.19 KB MD5: d512f0cf933b139662f3cbb62956335c
SHA1: 910cacf619c64547abdbb890aa3e1eb6f7b625bc
SHA256: b9bc81b09e43bd5e86700bce6b365ff19265e1113b03a4d50f4fe8fa26acd4ff
SSDeep: 192:PcVfwA5lZpW7LGAqrkW25OGKGD/xBXzdTz8P659WGVJh1jHQjsZ4YwWd4KoAR:kV1U7qB25ZKGHhTz8N01jHfuWdqQ
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF 3.30 KB MD5: 54f2b830b149ba1ca57de1605865fb6c
SHA1: 629d8afa43fd8f4d071c5ab048b6c1b376aedc4a
SHA256: 259d95ff89b164c58a802b9f0624227ad8dfc863aab22bc5f092e58772ad401c
SSDeep: 48:vNsJZOTwmHsORwK+PwKhCZ2aFBqOOzFFSuIH3d5jaI1x7xyHbbYtGajt2bgqZSbZ:vNaXHdaFBqV7Snrx7GbEtGstygb
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF 8.38 KB MD5: 8f1cbafa5f5929aec49569b1d0d860fd
SHA1: 9dc39408990ce9edf12ca77834bcbe7f48a19578
SHA256: 23471b140c8e05e3d002757f44c00c84220b6e93e1468ebe1366e97a75cc26a1
SSDeep: 192:L64BubtUDLLx6g8BTXNAds1vTlymgFsNsiInycm:LRAUXLx6d7B17lymgIsi+Pm
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF 12.40 KB MD5: e74fa288f0b117203e0d3678884b9c9e
SHA1: 25c3a4c233316fe04f3edd19355729566fe5f668
SHA256: c6367fd3e7b56eff269ed894b343be6678ee5844b4a2115852964410f99e0e2c
SSDeep: 384:rI2bsvKQQkhCtcopf40nyK0eSI2bsvhQQkh+:rI2wKihChfhyhjI2whih+
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF 1.20 KB MD5: e60fad1084f6fecc230b64d6e449d4da
SHA1: 3c77a28a2bb3f74a716b9d0427e7035d20316328
SHA256: 20c07c6cfd6bb6fec522540f0a83ffd1c4d0edbd7a67ba6a57f774e223498e11
SSDeep: 24:/AlXxtjmD0NS0cGSBeJcjpg5aKiQO8PThVze078yE65Io:/WDNk0OeJweDi/8rhBj77B
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF 4.00 KB MD5: 03d1c843aa39792c814983ac0ca0073b
SHA1: 0e728a413ffde48be8566850a5d660b8f6485bd4
SHA256: c892b62e1ad245c1044a730edc6ba31dc0c45f35264e776cc7fa136c4901ba33
SSDeep: 96:E/pQ5jj2MQfaC4LEFrsa3CjzOMEEOeFh/KGl+E2nAfrw4Wd:E/25jkfq2wPh/KIKnA9Wd
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF 19.72 KB MD5: 67cf2f36e97b1004561d6f25d43b2e1c
SHA1: 6bde709b60cec01a465077d9dbd98308376933ce
SHA256: 6f2ea10d8659c2d7ee7b522f13416c2d244bae55c6630c8c08deed99deeef546
SSDeep: 384:0+cw9SpcmqxC1PKlGVZ1Qvv1+u46f0qC0wdIzU4DLZln3Dmh3DINm6Gekv+vPEg9:tcCS9qmZ1f6cbizBlmDINFGeM+vT
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF 0.49 KB MD5: fe7e005c7338b2c00bb1467ab8909235
SHA1: 5c00fc3172ac690b4bf44bab08f631cef2f61121
SHA256: 600619e185f1c727b7ed3cccb34eaa8a17ff25be8b5ff29c40684fb802b74b46
SSDeep: 12:KDkZL5fW2mFehOmw4FYCukOl0wffiqxztb5wosOl0wf+e:KA1RBmFVmw4Fv1Ifiqxztb5wNI+e
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG 27.92 KB MD5: 0c4e54c5d2593469eaad5d05be1b23a2
SHA1: 7bc5a6b37248fcd35e812db67b9bf6c8a60fe880
SHA256: 508bc2f071e5d5709d6b43b931e43e77f5ee8901c2172f41f951b0052046ddf1
SSDeep: 768:GgjoSjggSG3XJH6f06h8F7fz/6YwF5P1dsZh7B:h0SjpSwY06h8F77Ct9iZFB
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF 1.27 KB MD5: cbe13be4e82094dd191de907b1ffbbae
SHA1: 4ad6801cacdfd68821883c4c2babb44f9df62955
SHA256: a14175bd569f1c67560cc4d34b451c6ee09babd3518d7b08e6d38d9899013884
SSDeep: 24:3uhQlbzuhVliMfUqcWkCIKz3A46YKSmZXb7fLRa/ET3RUL:3LOnUqcW3gUoHVasTBs
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF 1.32 KB MD5: fe59030075cf1b422e603caea3d23ea5
SHA1: 4af14ddb7e2cf12129806c58f51da7bcc0b674fa
SHA256: 38c23cd67e11dffb804ae929bde4926ef5a5cf5795ffb8fce89f381981a654c6
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQZBNVn6JM1ToqmW8pqw5NHYb:EAOpFu5jvr2Mk3jBNgJwoqmWB6Yb
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG 29.22 KB MD5: df6e8a99a05d02e83895c4cab3a61bfd
SHA1: 9e8e9aa556f01643a17ae7604551abeacd6d75fa
SHA256: 36ae4cf1e1e722a7402115761e5bca8bce6c6a69ae058943943fdcf90aad1350
SSDeep: 768:vfEs5NMaQ/iqt84yat9oipkkG4c7TeyNVZ9oL:HB4aaiqt84yaDoKGxeyNa
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF 1.02 KB MD5: db738104771ed4163337f4d557c1135c
SHA1: b92e8750f4fa3c58f94dba2b4b2a23f70d5bba2e
SHA256: 55d75c0cd55910cf8f0f083724b9c06a3b8a12b1b88e96b5d4c99e991b86b9d2
SSDeep: 24:eTu13aCUTIf22DeqDm6++KmAHO5DDDDDDDDDDDDDDupF/EMtnRan:5134Ifteq6nPu5DDDDDDDDDDDDDDMhJa
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG 31.84 KB MD5: 870704dbc7df244fc6ae8f5d2908d4b3
SHA1: 7906a8427fba3b585382d80ca153feedc450fcad
SHA256: c19dbb2b0f2069b096d48d27094ceb74cc2370ec18878e95c4fe9e2b04be6eba
SSDeep: 768:vy1bw15q6fWMPsCzme42yUz/kpm9K0LBkFi8w9/RSp3lK9OFqBzn:vcsjq6bPyUyUgm9ZlJ8w9ZSp3xFqBzn
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF 1.12 KB MD5: 1c7621b47095acc693262ce9230781c1
SHA1: c99c0fa07493308c14853620fe226892e4fd4cf6
SHA256: 905216bcf15568fb1e1e65f320347ea2f84bcc85f0392404a97ceb7ccb47e7f5
SSDeep: 24:EB1TVY7eJRMBO05Y7eJRMBO9VwEIV8owbg1J7zzNo69kbyO:MObO0ebO0G01VzzNo69g
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF 2.00 KB MD5: 4f1e5e3cc71a53f96f0c7d8c2f60f1f2
SHA1: b19c8e5b4df044d0db448c1187be2f732af6e4b4
SHA256: 4d3a1c1b7fde614436cdb24a276813070c32ddad147e61c47be024943f954492
SSDeep: 48:EAOpFu5jvr2Mk3dEcNOZaUFP5VbXDqoleI27wVRDVzUfK:E/pQ5jj2MQpOZfjVbXDqQ2yFVwfK
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF 0.72 KB MD5: 3b502086d25774fdb6181bbce0e422e7
SHA1: c0998cc225751b073b2377cb4d8e782f965d1efc
SHA256: f7d271e716d34a1e2092fac03335a1938f90332b97490cfa40bc92a923fbb986
SSDeep: 12:oapBEghgHYTa2zB/gxcl7aeGOJPWRnLCZVEGt4wJVTHMwFDKG7Ycgc7TI5gwm+6:oanWA5l+qPWRLKEGRJxDKG7YHc7TEgwY
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF 1.39 KB MD5: 39c700c304fe2c617e52c15478d963ae
SHA1: 640c697c45a43a5099df42719242ed93ef0020b9
SHA256: 9460485ad10b359e703b82856df90765e05a704a0ed7aed5b78003af80dec707
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3o/RsjAlFmkLeSuWlWDqWWmkG/IL+s5x:EAOpFu5jvr2Mk3YRsMykLeSvlVMzU
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF 2.54 KB MD5: 43925c2fe4fe551fa4078681f1820132
SHA1: 32ebcccbc2e8d32c982d145e50d645ccb5e02f0a
SHA256: dd1f03acca9729e1cac39e194545ffca51cbbf25a6c76ad507e7885800f0a0da
SSDeep: 48:waMPLWkPwlfh/MN2MpVCBt/YsfpifDs0187FfLavZcUM6I5EJpG4ob:vMzNwlfh/MN2eCBF1wHq7FfLavZcUDIl
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF 1.32 KB MD5: 1043a14afdc6242d470be96e61275844
SHA1: 2e665b7f77905e39702f1de6f96368bd2a7735ae
SHA256: e723cea4c585384cec2b3cc8ffe7ad3776094a91d03f2f63da8bcae75f8b11c4
SSDeep: 24:uFulN0A10NS9L/91axRjQrZvUMGCLgRPmZFJBr2GKVEHDKfTrM2hBmY6Bql8:rik9L/91axB2ZUMGCLgR+XLljKfTUYsv
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF 2.94 KB MD5: d638f094dacae189c79a399dc4d6ed9f
SHA1: 385ba54fa7bd0424af43f8c2cfa4eeeff2139b34
SHA256: 20eeed5c2d7afdcb5a6e31431154574563436698b6c6c35ba413a4d3a50b0b2b
SSDeep: 48:7OnUqcW3gIhRye6BG5zlVn0x59gAGMyzfBYX1N3LW89kem:7Ok2gKRuBMV0zgADJ1N3if
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG 42.26 KB MD5: 8362ac6f8fbde4a2a9ad421e4af13c08
SHA1: 333b78fb38cfeac80af0cb5846a678a8cb2f278e
SHA256: f501b4b01f77f0c9ceda68c848e02750caf959f4c143e859e0279aba3ad91a86
SSDeep: 768:dXyqYXxzN6+xuTU2BF+2axONNZ0Ej4VKJIUlh8M3ZY2NszVy:SZ9xuA2BFQrEEVcJ1ZY2yzVy
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG 36.56 KB MD5: 8c5c8f96afe2100c568ada178519ac94
SHA1: 8823b5360be18e87be3280cca26eda3cc5ca0aff
SHA256: b508de82bf571012030216b97cbf23331628e4f2c3bfbc1b5319462b30b73072
SSDeep: 768:nIbo1tecWwQbAtnOIaWh3jVGhYzPI+EzTOiU/oCYmzadJz5j:Ibo1XWwWiawZxz9En5U/Tt+ddl
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF 1.88 KB MD5: c44093e93c939fd3fd1e602f52fdf086
SHA1: 5deb6d42034f303e3b160e53365867d903188072
SHA256: eb58f77aad5692c859716c9f092071879c91b30aa7284739347dcdb765f5cd8c
SSDeep: 48:EAOpFu5jvr2Mk3v8uoFn1hex7vMh3/857mLNTavgjv3oc28:E/pQ5jj2MQUuoF1hS7y3c7mxeob28
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG 41.46 KB MD5: 531c792163338e65f78c473134ac34d5
SHA1: 6444fe3aa47cf07f0e259ed4ab5aed28988b9ca9
SHA256: b891786679b1ee68a61b8964522e7735d21c45ce13ece9ceb1d0eccaa1709883
SSDeep: 768:LyPf2LSSNtEGaNPTxbwC7HFCX7UjIp3+pEq5+PoXxvXwmnXA1TUQY3:sCjEdZxbvCLUg8MPqxvXhX9QY3
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF 2.51 KB MD5: 6bc479bc4c086e5f2488b360e8413bd3
SHA1: c92ba0ebb860407a8e3f48e4532d8feff44cc7be
SHA256: 76c44aea0a19426769765ae52905f053176b43780d257c2d9953a4f8172fcd3e
SSDeep: 48:pJYknyHoBApc570OAwDuYc2AJUKq4K+drkgC7pfxDg5krpWZuBAmoJ:pJRMc570OAkLc2vKq4w97nUSrpWQBAP
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG 32.69 KB MD5: 5f2c986a1dcd47e70634cbaadb01ed27
SHA1: 5f065e6ee3e46742a8e3aad2055bf60aec23a463
SHA256: 9ab13ef294554f17c11d01f34307f2956d10a20f9604b3412d4c27b1409608f9
SSDeep: 768:45/HIf1qxHoecPsXHgq7J4orawkJTQUsYFHGlxaI4YCxKCwq0:SKqOeckwq1JeZTvmnQY
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF 1.38 KB MD5: 641b1c91f3099fd5e44394ae288f3e1d
SHA1: 45c723f508749e7f2fca1a1c932796426459fe88
SHA256: 3f79cafc14dfed12ab9d1f0ba26e1049f06b456905ec7392933975a39641a0d3
SSDeep: 24:8hQlbzuhVliMfUqcWkCIKz3A4mlbmvZQ2Sds/HBtq4abTYoRRamQb:pOnUqcW3gVKvuhdwHBt5abdQb
False
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG 1.04 KB MD5: 7b80cb4733cc9805632c3d46391518cd
SHA1: 3b35788498fe9af05dee506b267ed1a2ede2147c
SHA256: e5340e386612a18863b3aa5d06d44ebcd46a89dac40fec5c19ce756e9a77492e
SSDeep: 24:vPSmbMJy7i5bWk/ZcFsBfUPK5Bs5FEE9Eac9nxVVejEE2f:y8m5b1/Z8xPK5+oVA2f
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG 31.67 KB MD5: 1bfaca7741dbc287865537b326937513
SHA1: c79b1887eecd374905b4d79bf754ecb82c9e010a
SHA256: 4e504b401e30586c189a03352e8ee145d8e5e6ea2247ed202300c4b0019f3195
SSDeep: 768:ClPgIU8lGz+N1bphXLgSCSdsjP1xQKXOhlSw+/YL0sZUwjaRC:C5gIPlGzcjhX0F2G7QKXalS5/CTpaRC
False
C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE 614.91 KB MD5: 92a394b2b50432b5ac5201b672d2c7ad
SHA1: 4a473c5f17391ba5ed713c7412bcf41a18fadc88
SHA256: 549887579358ea224135ddb6154cc4f529f60e806d5a1671d8eb39681c07b927
SSDeep: 12288:mrPDOoj8JBvTYpEKX1UI2iefgNhUQYJ+zDWUd81jU8jjtNoC9kkyKAoX+:Iao+FYpE+12yUQFDWwwP1esX+
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF 1.67 KB MD5: f646c131f05240589dc5fef39d7e11b0
SHA1: b25e7129c36608639fe5678af413ff8f498b0e33
SHA256: f8468e037cbe66bcf29292294d760289086cdf1fca6c7919f5d275de52bb5c9d
SSDeep: 48:jq134Ifteq6nPu5DDDDDDDDDDDDDDXTEdHX/Fg7upsiI7fo35p:jI31tfEPCDDDDDDDDDDDDDDDJ7o3X
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF 0.05 KB MD5: 5f590f8706937eeaeb8b2b4f6779529a
SHA1: d2cd5d0a8508deb0d8ae18343fb8ec73c5d44d5b
SHA256: 53e6fd1475354165f3f9e63102618d488d7991abe7a069547c45d93e72f1f1c8
SSDeep: 3:CyVlazLO+vu:jPEy+m
False
C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV 26.18 KB MD5: dd2172d06edc1e918344b107a4a387ce
SHA1: 95753d1a1656b518ec43b2241a10db8e2b66a83e
SHA256: 994ca3b0625ae59c14e72b528d28793cdb8a3df91cbbac4b793da7000229a689
SSDeep: 768:99KYhe9ZLzf08tL7lF2T1zhnHvQinuKdBXwG0bGe+uoyW:99KYk9BzvL7oldHvLuyB0GHuo
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG 21.24 KB MD5: 47a50975751ef88d412f7fa32e288b30
SHA1: 9c85d766adaa2f260d51db6a18e8eec8db97f955
SHA256: d34c6734115f9580e43704088575a321095e18a952760f0f7a57b5b6825e24e5
SSDeep: 384:swGoilOub59hCbjw1JyyTSdmV48NxJr1A3ETBqt5paD4CM:XPi8ul9sUy9MfxdRTBQZn
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG 46.84 KB MD5: b9fd5aa6edaece993ee5466920aed3ea
SHA1: a4fa849aa3ad1c7bbc969d20620b4491571d9df2
SHA256: 9810322eff27d453641a927021a62d7207c6b1e281f29ed07f602478ce110a0f
SSDeep: 768:XOMN9FnS0wKXKM5YWStrdmd45uMiyh7+NjbXMnzoUzaKX/PHEAIIBR/IRZXuTXwI:HN9FhjXKMKdmdgiyh7+Nf89aiP/ePYu0
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF 2.16 KB MD5: 2ca98419e158f42408c5aef2ac5d803e
SHA1: b6812012229ce5f85b1e6a9c16ef716e28b91c69
SHA256: 599d4bcf4b2d57e8e4a5b8fc11abaeade8e0ace628f95cb447ad87e83315da06
SSDeep: 48:n299jukPAMefg4Xp10eyG0UBX+6ZQCxdOaNTypS0:2DhA7o4XpcnUBTZtxBNypS0
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF 1.70 KB MD5: edfa394b59a83325e60086078b8f25bc
SHA1: 781563cee81f922e9c2551d037a22d86814e7ba1
SHA256: 1d74dd669df9e840ab9b3e833d86c7515a757b80587e367818a22b329669593d
SSDeep: 48:EAOpFu5jvr2Mk37LM6s80/FXlwoRE47zT4IfFZk:E/pQ5jj2MQ368uF1Lvz0+FZk
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF 3.53 KB MD5: 46004cf0324398d352097d05cb3e0d6e
SHA1: 37f365827cf75776148fb417f364b8bc8fd52753
SHA256: bcacc5a768fe640910d982d32abf20dfa00153ef0a79b083d66ddd0c0332997e
SSDeep: 96:k4jbcUfhV+W9tnolptUTi9N0GhmFjIsUVr:kKcLWfC8e9NchUN
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG 32.77 KB MD5: 90563fdf9adf784ce53d1f2abb418eed
SHA1: b4261ae4dcbbaadf2528c0fc3ff824076c0825de
SHA256: 4304dee6cf0aa02b8b5b7b32fa7477c57154ff9870916351c70035e928f93096
SSDeep: 768:NsZNjiVyBSBIB2mPLOPJAqif2rMyubJveNEidAocyg:NsZ6yBeslPqAqGaubJv0Eid49
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF 4.78 KB MD5: f57eefd3d3809e0a20cf8e66971d1791
SHA1: e7c43a2dc0ca43bfc2858dbbf63904c04d62142e
SHA256: cfa725845c11b3412c847b5e12456312e1d7828d1ec5253d884a4bff6e13f962
SSDeep: 96:mggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggI:VxfzFS6NV1BJ038JTN
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG 33.36 KB MD5: fa59d924827586f5f8b40f74c3b77d9c
SHA1: 2abdc7fca7927070e554667d6bf58aee398457ac
SHA256: c0da3543693ac30d8e22e5a9f9a453dd153a052bd6d0441d15c89d4067335a98
SSDeep: 768:vUS4UgasMGgLnwe996OGJAsz7RnVEPNJg4NMhbK+lQNnq:uJasMGg/99nGJXlGPjgvK+lQNnq
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG 34.10 KB MD5: 66ec0ac768eab58d9632deff2d2b57e1
SHA1: 440c43abe888907c53b43331b2b2995c6319fac9
SHA256: 6915f0d6629219317cf0fef516de74694ae4836c9860112665c884f8d2801dff
SSDeep: 768:C2E/WygjvOqNLe8J6cp1OfaIjYc9/tqy8VM95G9buRHrCiVSv:uuyqOqw8XOfaw/9/tqy8VTbuRHr/Ve
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF 4.78 KB MD5: 7577856353bdd9c8112f7955af5094d0
SHA1: e9dbe48d94c13df7d7ce84c261b5dcacda8429fc
SHA256: 9a00367a04a59221c79cf33fa5a9b580bbe75b718f52fbcd1dcd764bc60adbd3
SSDeep: 96:1l6zPburpABvaI1uDJnoAgFsot1rAkcFsvCFeLT9uuW9aJjf:H6jbuWBvH1uDJnoAq7tVAkfKFeLESf
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF 0.92 KB MD5: 48a01091a98e45eceee655b2f98e0b76
SHA1: 11b90fa22c006e734885901a207cc792e30468c7
SHA256: 3c72bf7350a4abed59245d2880e3ae4eb1623db8a016675ae1980736ee5ed3fa
SSDeep: 24:zy15rtfUYSWVDFFfeg0lr5uoALCfDGrlMeaTfcpnn:zU5aWVBFfer5uFGfDGrlMPU
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF 8.77 KB MD5: cfb186333a921ad7fe08ee53819f224d
SHA1: 5ad3f5d9b44aed1602ccd73e5b076ca59254cccc
SHA256: 256d1bbf037c3c3cacb3508c7cd14fdf32a6ccd9c233883fa3527e777fbbf8e9
SSDeep: 192:LO3gSot41n+LTn6qytMlIagQ6lf1JnUgGlB0K2km+Lw64u:QD1+LT63tMGLQ6lf1q5NPnuu
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF 1.53 KB MD5: 9cc31577bbab2973879b168a3e194532
SHA1: cda48c47d333f36652b5089131c59e3f760c365c
SHA256: c4d561a627dc9afc9698ba7d9e8b1a797fa97128975b0fd00c1f38ddbe35f919
SSDeep: 48:hbV4EJOlZYZUhjfronz/iHIE2DkYqKRR9/6:oCCj6z/VkYqsX6
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG 17.98 KB MD5: 7e3a215b771fb630765aff9527512db6
SHA1: 0c54d8cdc76042e20f393453ffeb84bb1440249c
SHA256: 5693770e49734d66b0d15cac8ecaf08d061da6681fde028ddd347a40a6acb779
SSDeep: 384:aQV7J38UXGSrHFeGQGXIaWWUKKzEJ0frLdy9S7Cv7dcaMppaCapt:H8UXdTFd1r2nzo0ffdy9jwKpt
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG 31.23 KB MD5: 03f03a4321280c22e927d83020fcad77
SHA1: d81fea4fd13d34fe06bd9bfddb70b1d4640394b4
SHA256: ac3bbd8966f5215c0696f4ecad9b7bfa0995b02a95f2e4652760ee39024a3eb5
SSDeep: 768:Nf1i1SFCw7BysKbFaKytccqQkx8U42s261J3zYi+L4Dn9dHHR:NNi7w7By/ExccqxmTZul693
False
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe 1.31 MB MD5: 52f337abe6f178af62da475968653b69
SHA1: e49e03cb147b4a2d4471e96a57dc1f4a208db77b
SHA256: 9abc480c76facf8b7b75c2ba8f873dda0f6303fb5c67ac282bbcea3e7fbf575f
SSDeep: 24576:Qtf+jj8ZzUC/IaowFA6lPW/hjc2y6545RDqFRl4Nws/:QNvIP6UhjcAiRQRKd/
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG 21.30 KB MD5: 895c5d5cae5b3ad24addbf392d47bb45
SHA1: f5d1830f140383be421bfbb87ad1ecb3edf7752f
SHA256: 679b89cd312a88859a0434711bf883893657069b5df85cb3d844262dfa10b2e8
SSDeep: 384:m4vlsq1vq3Icate77dWmI0WzSCT670SohqtphnPlktGW9xcFh:mW9RqYd13SCT67mqtvPlktGWUFh
False
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE 818.88 KB MD5: e3844e85115cbddc33cea03e38f5e82d
SHA1: 81ab5e69816906eeb6ce285223f20d513f543db1
SHA256: 7bde8701cd837ecec564c59c63c293f89fce901548d7b78ab429e81cf632921a
SSDeep: 12288:NQFUNx5AQ1vWkbItYLK+te/fC3bHaZMceGfqlIDiBtCczDWUd88jU8MjtubC9kku:Ku3r1ukk+tyfCr6iGtDU3DWwBP+KsM
False
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 170.35 KB MD5: 3fbdd31e7c64979efe8cbad18c0994f6
SHA1: 6b70ceb896460a23a49700dbc95426cd275a00eb
SHA256: cd6d05db3154076cdf5b9394bd2307409251d04ce08405b7732b99ddbe9c0504
SSDeep: 3072:KopgfmLOe3+1OGOa9pMtTKlU/BYaw60onvWWER9Pd:3pgfZdJOa92tTKW/iacEuWER9Pd
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF 1.33 KB MD5: fefd4fc840e1a21e5d0fcf8af3869f8e
SHA1: a3ab2285e75c7ccfafa0afda484e8d7ef633cd20
SHA256: 8396f1282d03e5e42edde1a487ffba312f012c6995939ab0f9b330f16aea929e
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQLgmELOquyvCLgBgEpA9TqqxS:EAOpFu5jvr2Mk3ZgrL/BCLgBgJ9qKS
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG 18.38 KB MD5: 44ea8de9591a9052fd123c98882b174f
SHA1: 321f46bf8d1608cf1aa211ea3786b84aab10a59d
SHA256: 2ab52ecd69ace2f631c847e538d10ada77944bea0917ee64478b2886ce912f7a
SSDeep: 384:kz8Kor8k0iCdDMpJf3EUdOc2INxt4YZK5yMR6CdfBGQxFDtQCirSaB:kDygiCGJvELssqMxxFDtQrrSs
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG 25.78 KB MD5: 557e0428b85f954e23b79c3f9a63ace2
SHA1: 41695f2f8b237344fec473b25dde6372c39fc985
SHA256: 2918456fdd4b81e223033245d61d4d70fdd453705dcd2351f3d8e3b1dd53cdf1
SSDeep: 384:9MJg/2aEYR2oVsEwoYtvVtnuBPK05wxiPMRqyMfxpBtY/JzffRz6QFmijHUJjLAu:yg/aYR2Cw9jpuBy0KYERqymtqqi7GR
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG 43.26 KB MD5: 66d2d822cdca76c2f99f1b248ab629b3
SHA1: 5e0052893e51e6c5c41d6fc206be7ded2c51c28f
SHA256: 1aa9a0b4ce4f9b1cc196d28d220ce632f5ded981b27f5b10d45166b14971c0d1
SSDeep: 768:LKtwgKUqi16M75yqTUuQTLouZ7k/w+yV2OnvOTIeWj2jCVgiw:mwgKUqi1VE8QTRqykOnvOTmACKiw
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF 0.87 KB MD5: 935d768ae8409ea2eb3ed283153e0c5c
SHA1: 2ba8b5ac11bdf69874269ee0dd41d1957df9dc9a
SHA256: 384ef5db0b01d46bf103003307c581b544b8a3ac42734bb22cd9eff0377b018a
SSDeep: 12:9lLSbtUBrggvFrlCWXjur/Bzhhtli5SsJcUR6bTr7GgoVFwo9+IyGExdTsqVEYFD:HuhQlbzuhVliMfUqDho9+tGqlFFD
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF 4.85 KB MD5: b99b56c30649ed07b483a53dda599d27
SHA1: b874e1750765f8a3cb62f3d8ff1421fb111ae89b
SHA256: 08e9bde3758fe00f08a8a2ad7512060ec75e6e9cd310f3f37e4c5d4039c450a3
SSDeep: 96:qOk2gQ9hU/sSf/jBbYwI57WsFQLqGfuYvyib6DegiyBPeFUD3RDuGa:qO3gCm/bF8w+pFQ+CqitgifUDhDK
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF 3.87 KB MD5: c6836097f24a7630994f9326df4d41bd
SHA1: 7d32dee792bd63851d49311dddfcf6f342ecde4f
SHA256: eb1839c8ef4742d482c706d396b4973088e1e40544f151c42bf87b73f77f887c
SSDeep: 96:BNbKtqjhz1E87e997e68rUdm70EJjh37n4:BtK0hJH7e997e6CUdm706hr4
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG 24.64 KB MD5: de43d39ad5b58422c8c86e291659e8c1
SHA1: 70f2066c26780258f1019fc463e0efc7c2c7c392
SHA256: d5dcae3054e00a97be6d1881a899dc4a5952d87509912df8d4e5959fa26548e9
SSDeep: 384:QElh+0Dfdl5ReftFdiXhaJ2oMhLoNvwg6kJkG7F7a9J71C9wukp+PaakJoC5K:QElbDll5AbnuLWwgM79TuwHpHK
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF 2.38 KB MD5: 80fedb8697d9f40c4df14d401191c31d
SHA1: b6601d11f98b77490ce3018964b8d7787620bcdd
SHA256: a784a0837929f231fa77e629be10bf8ec4c79724ffc44a1621d7b05286fd936f
SSDeep: 48:YpOnUqO9+0nrasfbxs1nk9ZWebb98AVOG3DDWaS:YpOIZr3TS1nkzWP8O+pS
False
C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF 3.33 KB MD5: f5a7775a17f3291d5babbaa2ef5900be
SHA1: 212db561e632f2153979116777fe958519c14d8f
SHA256: 675dadf8bef4640eb3a408bee878106e6480a8fc9d5c039eb21e8710535f6d71
SSDeep: 96:2/DDDDDDDDDuh7i/sxy4yPI+zzR1kDB0IEGXBE5:2CNi0U4yPI+vvW0cBo
False
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF 1.04 KB MD5: 5005c28ea15fb9425869ea8b4d74c92f
SHA1: 0687a16f5e7fe80f0ff8d453df9cb61a7151d228
SHA256: 8dfa4486eb96abf552869d90d2b73fda6874d36150a650db991bddf378371295
SSDeep: 24:3ds5wNqfL7JaEeZ9M1M4bNXzthOT+ysS1jqXGPMdl0g6yYyPv8:3ds5wEfLwZABNqT+yXU2PqbYt
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF 5.13 KB MD5: 448295a4e2f3849466f5b3ba4506c038
SHA1: 82200d1269ea8636bec62d05d4fe6f3e7d441768
SHA256: 1ce87717b6df42c464e04cd732c906e64396fcb56cfb98a33563ac48d71798db
SSDeep: 96:D62bNeR95nDeR9545AbEbMw10iwRf4nHS9gbeQVIxmn:D6s0wdw10iwRkSxc
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02039_.GIF 0.89 KB MD5: 13443c8404ac40e9b1dbf86ae05eac5e
SHA1: 3572d470da702493f080f2b3cc4e8e03f696f86f
SHA256: 37aee9a77e71a61f1420b2ed382fc06d8827edb22ff1acfa99a0188547536a1e
SSDeep: 24:HuhQlbzuhVliMfUqDho9+tGql92OegOuME:rOnUqO9+0wegBME
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG 19.89 KB MD5: e0a1d485dfbe32f4bc24ad49e1a39915
SHA1: 8d48c2a1b84330266aba81486ea3e29b8fc3dd9a
SHA256: c28872b2572c5ab77576ff5bfbc889219b2fc1a7082474058c9a51a5c78e840e
SSDeep: 384:/b6sqxEDL+DNooWsSTEQK2IsireX8StdSN1TatUkdlYdNb:D6RkL+DNooZSg32PirIZdOTrkd2jb
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG 20.14 KB MD5: af0310a2c849d44114c4734a0761756c
SHA1: abdd1743ca3e036614f89ddccacfedf4271dd69f
SHA256: 2501271a04d2336aebe49a83f953fa2687b12a74c4f52c5c6667410ef37f9d90
SSDeep: 384:9LERI9oLGfki2n+zg2Y5Tl7mZhI5ujgyg4pgHPNbvwGqrxeoo7z00y6CH8Vwz+om:9wR4/2+zTYhm05Ej0NbvwDxeo4z0F6C6
False
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT 1.13 MB MD5: 27522279d561388756fb688d4f621d62
SHA1: a6d11be61361408e6dfce8bed6c42bd3fd574bcd
SHA256: 562b152448d9d0c1fdd8864cd606f2ef48eb151323f39693c7679926aa330dc4
SSDeep: 12288:xW3v2W/CA2lL/dxpyAG2i/6n5CAjtZdJ7gw+5+OK+YfrVi5b:Il/CAoi2x5HW+l+YfrVi5b
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF 1.26 KB MD5: 93cb36867c622bba672140fe15d97259
SHA1: 7398a766ef15a23ee8971887662bd15e6be88de2
SHA256: fed61e2d8c8448b29a6144c983561daf35d15b2d2c8abc22ac85d971c76446fa
SSDeep: 24:cblv0NSp/SlonA0h18cmnUW2rkmdbVlY/gHKClJrR2Nl:cZckplACyfnUHrtd/CgqUJd2Nl
False
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG 1.64 KB MD5: ded887badfdcbbe2503066d05e4806ad
SHA1: c04132c630b487cf5213b9b6a68034b79d902648
SHA256: c60a2892e780448691014bcd904797b8349800583200a46e27c1164eb238d220
SSDeep: 48:K3VP7keC8QJW2syZVIlsmG3FPnETTWgDh55KHhBB:KlPYeohFNmG354TWWh54BBB
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF 5.06 KB MD5: d7c48079e99aa9ed94f5e0190491570a
SHA1: a9a3871cec761fc91b014dc93a9f28a3eab81b1d
SHA256: b4e56249c137bb6eb1a0aff06081c4a83974554b236e6370a71a364857ab83ae
SSDeep: 96:E/pQ5jj2MQtDI8gxNaO4voSM8SgpxbZ3eyAvK71RMR2iEX+:E/25jkG3xsO4gSpSalZ3ITtEO
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF 2.78 KB MD5: 8617fbc08489cb36729ff85d26e486f4
SHA1: 6899c9e237af8c03e04250be6e8c7c4b72e77355
SHA256: 6a88a64d7c867879a77dda80dbc6b5435174e17ebbe8faf4cb6923bb3759577e
SSDeep: 48:EAOpFu5jvr2Mk3xyQj977QUn3uKnkJIhxRgMum1pyfv7q5jz000n2fILcIFT2g:E/pQ5jj2MQdfQMOJsTlumefjA0tKILcA
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG 31.64 KB MD5: d1a85dfc41dfc3f6620be3084cb20e4b
SHA1: 8ed756377dc38a7be59298917a4a1c2d8f607f99
SHA256: 6a6059b3e3a1052a3db8d07bc2738e0119b416e78aadf6d91e8eb2046574e908
SSDeep: 768:EeT8qLOdmBN7w3+uzo2VmBILQb07O7WSgy79HblpdT8GmOCHISaN:EeT8qLfBmlzo2hLQbLguHbtTPmkSm
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF 10.36 KB MD5: c351fef1d28527234407e082b698b255
SHA1: b3f3ece047921da39f76e846fee1c2d07bcb5248
SHA256: 4abee3e3acb26440fe2c950c55fea3feb8fe2cdc73ce5d9fc17441d21c11b3d5
SSDeep: 192:ku7slumJQhOTfLQhOTJ67bQhOD/nfvfV6/UhT/obQhOTu7z1xSw:6tJIsLIF7bIYd6MhsbI17zuw
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF 11.61 KB MD5: 331b9cf03a9955b95fdc4a3320ad8605
SHA1: 37bd2fed561479c4b4dd483eefbde35ebed3e98b
SHA256: 8f3664b5c10df44451b2b5ff2011ed0927e4e021a2cc63b33f374573bb476ff0
SSDeep: 192:k2e6calSUFwrvdb+RGMkfNzredwVMSxYZqSo+vlCyHtKuE5UG66DyG/q:kT6ca9wURBkfdH6FloQocKz5UGRTC
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02198_.GIF 18.68 KB MD5: 8538a71cb2b917ef59f115971238088f
SHA1: 5693e1a09d1339adac5a78a1bebc82e51367555a
SHA256: 8ad27815183ccaff6c2171a15cb0166c062a85286234ef9ed9fd865dcfe730e2
SSDeep: 384:ei5ZX6vr2rdlc7ZKV/5vPodeZc8/L3GJNZfeF57N+yc:D/6APRHT6fe52
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF 1.26 KB MD5: 2ec270a980a3ef90d05a2275705031df
SHA1: 6ae411fd9fd126f42cceec399b655dcb60380d94
SHA256: cd7e95ca3434dfdb465fe918e13159e90bfbeacadb0c37c6260ad51c69efd8c6
SSDeep: 24:tewi/Hx10NSNCz05yKBDwsjOxmg0pGCLg+jp6GAXo2WVKf54O0On:tTxkczGyU0uhpGCLg+l63Xo2WVK30m
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG 19.32 KB MD5: 5ee4baf0a0516386caa4978f91ab6948
SHA1: 3c1bb03fbc93d41752612fd64a639799ff92af17
SHA256: ad7909812b3fe9a77e12959310e32db97b3aa0c4ecddc31ae1f382d1062c36f3
SSDeep: 384:XSwcjsKcz/nkQfvTIjzeCqT0II1Y4jgZSDPUc+Y8VWNgaWzYydN6QoBe9x:XZ4ez/PfvT4eT0I+Y4juW+9V4gaWzYyN
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF 5.58 KB MD5: f40f513c7ee0b5d0fd5c496ac359c66d
SHA1: 4940ec361979ae074a4a7e5a423c4c7b395fbdae
SHA256: 226cc19c6ff5acdc95b4c0f45e4d6dc2c6492f4ebc7f0451e77a153866be0c4b
SSDeep: 96:8Ok2gD9QH9u/OAg5/8bchSu4G7bxVRvSsdqnNx0jnrgURXv2IADaAqQyBTk7B:8O3gD90GU/8bm7btunXWgUhfamad
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF 0.98 KB MD5: 9fe0394a881ebf9a3baeb036953bf461
SHA1: a7465da0e48a370316e4b010d32b0b075bd90d0c
SHA256: 004becd6b01e1f5d282c503dcc3b9d02917a531fed3fcf1e98716c827f01ad9e
SSDeep: 24:6hQlbzuhVliMfUqcWkCIKz3A4/4KF5WT/v2X:XOnUqcW3gpKnWTS
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF 2.13 KB MD5: cbe50950e3401236186e18684046e783
SHA1: 817b7a096011eb037a6faacf8b8b66571433a0f1
SHA256: 8cb0081910aca72ca16791ca363c937cf6c022daf1c1564c55d0defd1a53eb62
SSDeep: 48:EAOpFu5jvr2Mk32w7bPl7TXXTEDhk5onYZv:E/pQ5jj2MQ2wnl7TXX2Uv
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG 26.54 KB MD5: 2ba9087ec0b17878bf9018ecffdfff70
SHA1: bb4c57b6afb42631910f0d7849ffaa6fefc95b25
SHA256: 2e21367c037e6a28779e2eace8ebc1aef892bcacc580251d66855a138e48e760
SSDeep: 384:STwmUfsGzTothRqwDM81WtZInF1hCBG2l+mYfm9ixxC/ryMZ4Dpx7ed+Go9vCVDq:SnUfsGvotPWTUKG2sjcycnilVVv73
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF 1.53 KB MD5: b09fba096e1ed9797c9a996615d63d82
SHA1: 50970b0bbcbf7ffef193c2f3fe18a6fc8b587540
SHA256: 1b4f1485c24f0848eff7fc089545ff0d84526f204976f70390f91e50d95e53c2
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQFm4ah83qfEJopY3GNjzjCcypVU5DpF:EAOpFu5jvr2Mk3DX2EmYc39KU5DpF
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG 59.30 KB MD5: a2e32a988fccbd4f67f0f69f596b8c0c
SHA1: e28c4a1542ca650690c4977fbc4ad1263df61cbd
SHA256: 34b3fd63d8736ddc7ce02a5e979be2175ea0fa0274bb8318cb314cf655c27590
SSDeep: 1536:ChR39CrzxQsGO55g4YeSRJyLmuoI0sB434cf0di8UQdUJ9I:Cf9CrzxQvU5gWSvQrmsB434cf0g8xT
False
C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 970.88 KB MD5: b983a9b25ca63e0ece845239f7da8349
SHA1: 9250f579f0cc46eb496b369a113908fbf59271f9
SHA256: dd609b689de34997550b5ae3443e06d497c1ba4f5eb3e06254217b3836072001
SSDeep: 12288:B+jHIwAGMGckXMVPQ/NGInZF8Rifr7mo5dvLAiijnwsNtR7hjE+zDWUd81jU8jjw:BMHIwAG5MQnVfLnEJHX9DWwwP1eDRv
False
C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\HOW TO DECRYPT FILES.txt 0.29 KB MD5: 2efe72d837aed462e887ad524a404ebd
SHA1: 44f65243eb459429e9d211db025e6cfc0ae9a67e
SHA256: 35ee67934b321d71018d810616bda2b0b1687ca155a9a1654f82417d9b241e89
SSDeep: 6:tfCyoy2YdDDiy4o5X9dZA7qFnwFLBygDNKXqLzkROLtHfkN1obkhE:tfCykY8ylzZA7tJBypoQOpH1bh
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF 2.54 KB MD5: 22d1795fedd7a169b26b17459802e759
SHA1: 43de9cc280186df8bed23a694581bed0d558ba7d
SHA256: 4c23f9c65140f48d542d72bfcdf90e110c68af8a53baff8a63e1d55e23a1f170
SSDeep: 48:eVrZBz9l/2lYiAzE9xqQPPNOGvzjx34Pil5rKeME5MmcLCWLmOEt7Kw0eLr7i:enBze2iAzE3jPNOGzd4al5lME5YLmOKw
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF 2.47 KB MD5: 32cda83ca5895b585cbfa5a56f4bea2c
SHA1: 6b3dad45827e9cb1783e3d7ff620acb28bc3dc5d
SHA256: de3a1aea868e62d1258c72b85c066b5fdd8dcf2a0cb24e6115e437b5eec22d1d
SSDeep: 48:2TkefjAUP1/xDeV5tf/W5tQaVfkBN80gRmNloOGUtgqUx6Gbo4CeVD76LVw9w:Kke7AUd565tf/Wy0cBNTg6o1zxbbrCea
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF 14.52 KB MD5: 776785fa0efae33f7bbb30f9031be29d
SHA1: f8382f4eb7d85e8c2b034b80b94c11be95e5a701
SHA256: 2bea70d9f4f81b4db1cc01b9e97981bbf9317a305f87a69c587af433e79176d5
SSDeep: 384:kQj1YJJ2HmCFQ4oDrg4Z9FOszLdJwIwRDFjxH6:kQ6Jt+ofg4JzA39TH6
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF 4.45 KB MD5: dc3d3d0b00fd747dbc66fbe9a54e36df
SHA1: a761c92e229a334f470c9445ee6739cb462c5c8d
SHA256: 824cf0d8663f88500484e6864b3327167e14667044bff80de733642b8f92db9a
SSDeep: 96:r31tfEPCDDDDDDDDDDDDDDVmDYN6ffgxnQiDxGVmVhs8ETXzcNcEVhwVuciWef/:zLEPCAGn5i8ETXzcN9VeIRf/
False
C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV 22.09 KB MD5: 74ad09b781c0364b366bc577055e90b8
SHA1: 18e21a37787e909cf3bc8f430a8e35ea1ec84039
SHA256: e93d14f48372326b826c722eed5f87bc6b2fdb176e12b123b0e2f7abc674e34c
SSDeep: 192:d5hUYrpBNwiBuJSV4f1yTCUEesGh0ISCCAEJPdr:d5hvFBGxJm49ICUEeldC5P
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF 1.33 KB MD5: ec4866e3d6722c87496c435157dac61c
SHA1: 6375e1ca049d22f850e2d82fb56e6ee95b4656df
SHA256: 00004ec9b1375800d073b3e076529e8bb0111d964cc559b97bd3f47906faa303
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3oU587ckRTQ6cIRTnRNyG5+U:EAOpFu5jvr2Mk3P8cLI1RNeU
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF 5.00 KB MD5: a5bae2090ed98bff7e0db126f1a621f8
SHA1: 073a40006f882caafd38c26128bb708caf1b4482
SHA256: e5e82676df95ad93abdc3c55c0a09d193a69fc9f9de49babef92e77b898f4301
SSDeep: 96:E/pQ5jj2MQcQQy7qA/D/dWTcQMYgWcX4LhevqMjByZSx8Ylkg9ENtkSt:E/25jkd7lD/dqgJILhelBmA8uxSt
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF 1.40 KB MD5: 0fdb6fc3709019226a0af4685f3f0053
SHA1: cc0e38cbe504fdc11fa387e1183dc3c63a2d4d6e
SHA256: 299aaf39c98839750f2a630c6bc48dfea0939bde5136faf59fb7b722cb32b0a2
SSDeep: 12:fRvM5sE3LJxawEe8xXRiFpmpuPFTKLdAp70e8L5FdCiXA:5Eywxaw/gXMFpmpudTsdApoHLbdCkA
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF 1.31 KB MD5: c52c6e6628e57af89f261f6785678077
SHA1: 3df2b8e2c3a17b79900081825c4d7daf63953387
SHA256: 4037a60643e20dceb688850c3ee3895d2627eded4eb0c0abf9f418da55fe11c4
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQy/sq6O09+NQ/JhP6QcrVqAkWuzS:EAOpFu5jvr2Mk365D0OQRNgJIS
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF 1.41 KB MD5: 189cd0082e996b10f77e9df658fbfd5e
SHA1: 08680138acea9d462096acbaf0a790a359e54be7
SHA256: 62986afdea85226935ed6cc8f4c54d2e1b11c72daa1df82229f6bf28d7fc07dd
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQfE70jEjvX2fVcoVOHwFVYqUNo4U:EAOpFu5jvr2Mk39E703fVcoVOQYNlU
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF 3.87 KB MD5: 437cc457485e2dbb26d79c3d1e99729e
SHA1: 63dc53b4b6a0011f37c458693cd3b15b5bb196bf
SHA256: 2a1d4b05fc0d1f7f9a7d06d3e23f9351801522d78c0388b0e96287c19e3d6241
SSDeep: 96:X31tfEPCDDDDDDDDDDDDDD8q66t5QUKAaLDOCjizSVySMthucFBJ:HLEPCkq6UeUKAaHjWS+thucjJ
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF 3.88 KB MD5: 09098787b630f7dd58f73ff6a65f5025
SHA1: aab3d27fadc2f3b926c4baf3912e60913374f006
SHA256: 55a56573496e9fcadfcc646682f0edfd7fdd2b72e3570aa1f09f8c223657948e
SSDeep: 96:E/pQ5jj2MQhWlzD6KUjKN2zs3HkVrXrMpIPkl6G+uu:E/25jkAlfwj02E+wp0k0Gg
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG 51.87 KB MD5: 515db93b56cdfdb3c32f851b942f4542
SHA1: 101fd31c96a28a072f3c5656b38e3abde2c01e84
SHA256: 8111ec9141982901fa8a4d68c9c90213c68ffb17c4980066ea9d2ae66754d8f2
SSDeep: 768:ARmcbFOtZJwC4+WrIBP7dPnI4yywA23jeOU0rByYnHURIgfTTcpIY:ARmcbFQpPFn9wA2TQhYnHURIUrY
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG 19.07 KB MD5: ec7c48f21506b1238c53e0da21518577
SHA1: b04461cd7888a006e716ce5e3b82dacbb50c6a87
SHA256: 4d02fb5b8a5588f4e0c2dad7fddf1a5497ba56cd0587446867508fefcc77c83e
SSDeep: 384:Gg3JwgCbsmOVKvWgz1aK1xPj9wzvmW/20mkR0BsWhDFXDQXpzx:GKCb6GRaK1x79JW7mOWzzQZd
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF 5.25 KB MD5: 84e41df01e011d2487280cb06abbbc95
SHA1: be80b0ef54b122157e1a0986f018a8a7473af2c1
SHA256: bae5aaeea0263c1c361fcec9acfca60258b9b3f8251044c332760f17337e8982
SSDeep: 96:76z2Rfpz8AB9tiXUB2GzAvw1cha5ULVaybKUOaR27:76iJtirGzIwieUB07
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF 4.91 KB MD5: 914f22c35f21ce6c3e3b6b5c7a66c181
SHA1: 853c9bbfc6b2de0a380438fa6ee1d82f281cb3a7
SHA256: aad24bba5fe86a1b7498a156ab45b15d3b6e38ab2a4e00df933d6729709a3bf8
SSDeep: 96:AjcvpLa5+K+K9e0QTfjo7t1EXOBubXZF9iB+TLl1UrQ/QTuvllGX3N5jeJG:AjcvpLmjT9e3jGjYXZF42Ww8utlGnN5V
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF 15.36 KB MD5: f4371e40d292e58cfe58fbb566ae8125
SHA1: 9876e70f89948a638d47bfa4a30a82565ba2cbe6
SHA256: a492ba984df2226425e09c67c99c30c44322c1584d3fef4c6b3fc10cbaa43574
SSDeep: 384:hwxp/bbrAYdMQR2pyxD/EFw4WAkkFOf82JUP/LA7+o8fze+7o:hwxp/bbFb2pise49FODJUciJe+c
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG 32.50 KB MD5: 5f72f183b62c90722562b06c6924ef78
SHA1: fbf1b83a9dc7ff6ecc22103308698a5125903500
SHA256: 4c991ef415f5be3bff5c76b4bac269d902e3107be5bb3a990db529ef460e1c98
SSDeep: 768:fxsY10O20RkQS90TeNocrKNh+f76PCCr0QBRnR0wZ:pJ88m92spfeHHV
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF 1.62 KB MD5: c25c8d48a4248d15419f911239dbd723
SHA1: d4f06fdb3bf29ac7a2a327f906dad37f0731421d
SHA256: 9deeb95cd7fa90e8533dbd3e8f8a0d685a8fddfe4bb88b928b0ead373515ef88
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQJ/HW+OJeijpWy0mkzAQyu0/M1M3CZj:EAOpFu5jvr2Mk3bOBJeijOx+TUGyPQMn
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG 24.52 KB MD5: 4000546e34c1a16a1f5664302e73a3c7
SHA1: 76ddf63e457c6341cb85c74260f8be2c986e0901
SHA256: e84bc8ec93b62492b511e074cf480caf1af6ac274bf926fbce692d01d83cbf0d
SSDeep: 384:q0jgqICK8LhLKaDrpX+NkCBJwXf+6OxZtWtaT1w85qE55KSxFuh2qxzm9Jc:djgqjh8avpueCoXf+TtWtO1w85LbqU8
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF 3.05 KB MD5: 0672f6093fd6cbbf6d04c43595ffd747
SHA1: 68af0970ada217fa8fde59282b57f916a3601e47
SHA256: 01d35051fd5983ceaad9b36a086a177cbf5b692bb407dd52924cbfc77c5d2796
SSDeep: 48:mkeNpYulJOvw/wAut41tNlQyJrnK3Uo9oMnki1EmLXJna8ooC1ct0ZP2RlD3F9nx:aNpEvEck9+UE55a8pwP2R5vnEu0O
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG 17.95 KB MD5: d5e808421bea453dda4888faf8766bf3
SHA1: 14257e7aad1ae57d98614089a889cb5655e09c12
SHA256: 763047e71d3a2022087dcc6ec7defb0d1a13078803c5a55eaa1b39f0a980c773
SSDeep: 384:zEhRion/xMZhPJT+K/DXcVRmr7umQ1mvCP5zNCNK:zSg0eJ+K/DXcrmfVCPoK
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF 1.37 KB MD5: b46e7ea738e6b9ed71bcb49b072059f1
SHA1: a061b9dfcefb3acdd2ba7a3e9278a886ad412a56
SHA256: cd7053ec49c669f48a2c6036f6beb18582b2b76d1a8712c036e7d660067ab6f8
SSDeep: 24:GhQlbzuhVliMfUqcWkCIKz3A4F9rMur6Mw4HIGMmehiNaIHcmig7:jOnUqcW3gk9VWMbHELhiNaI8mig7
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF 6.53 KB MD5: 0b53d62d05dccd6e7a372bea9e7f60b1
SHA1: ef47a3fa0b13421e63fb1b346f6277b3253d0746
SHA256: 1f5889e13855beba4f1687cdc3ec2e09cc67f73866bf829747e5994cff3eb61c
SSDeep: 192:6y5XRcETsxyaU6s+RbyJOUwCcCM0aY1Yst1aFw:JXHabs+R2JOUwCtrWZw
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF 7.51 KB MD5: be442671dac38acabfb47df53be73f2a
SHA1: 566268ed9c345af3d3ffb75335a34794c71c8ed7
SHA256: e649df516213b8fa08a04f80d5aaa3aba67f2ad212c82400122bc849e93d6df7
SSDeep: 192:0kqOaNZmIMZqg2W82NTZvG09BTg7PA7B4o1S53k/tQTI:0xXZyZ182XvGQdgU3T/WI
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF 1.66 KB MD5: ef88c1d4a1f0c1dd50a1dd79fc974e17
SHA1: 75ad9d01d3fb756c7e424be8bb267cdc515c2167
SHA256: 2af1ad59d31380ef71fda9a5afbeffb27c7b1889529d4614a61da1cc8ea1e037
SSDeep: 24:YUgZaxT1UUOxcHH7krgdvZJrqdv2OVwGwmAdKaIVTlA7wfzlykCHolfAU8ZqUFn:J/UnrIZhkOO/gdK127EzZCIlfCn
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF 12.94 KB MD5: 4eece59ad748c214035561918a1c291f
SHA1: 6939976ca7f4b2166d9de982a0643aed0ac46902
SHA256: f6da0cdc8a2caa230df87683e82e001e4571350038ea67af9fbb743349a2a020
SSDeep: 192:N68cmHWUt2W4zlgsLNmATRy09LNsQYv+wIvUp42wddGfktSFrHSD9nOMXv2Vo61Z:NrmWiLNmATghTDIsp9wO2uDCNOMqVZ
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG 19.10 KB MD5: d06194f3bfbf6d903eff3e520d3e4aea
SHA1: fcb1e3353c5f42166462bc9cabb08b6ca8980a31
SHA256: 26471e5a1509bafe0f36f35e5285e2541ccb1448addb80f1666b7bc4769267e2
SSDeep: 384:ljRcgSswFspEzxTzh/tZogwlLWZbkX8+mzN45G6CWaKku1Dbc:ljzUFsm9tZogwlLWe82G62u1Xc
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF 19.97 KB MD5: 1a1624e337b0b0ef171297cd9c12f184
SHA1: 90b1710973031bb14cb09d82fa98e38d05b69b45
SHA256: ffe89c99913b223c61052324d9f6b07202c21dec9ded4a6eb882743c13dbcc85
SSDeep: 384:h//1UC88sWAiiZ3u1bZHHOn/dfGdf81zXRgoQw5SJB5gi9a+Gb7iUoZ6UIjTil:h/dUC881W+xZu/xGdf89XRdQ6SJvcAIe
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF 0.50 KB MD5: 88bead39c45d56ac85d839f5db70c932
SHA1: 9d85c2ce90c4b025c24d606983e1735bef881a86
SHA256: bce86060f8436b019efdece03010c4ca0b33911151b565de1cd2d3fb1462794a
SSDeep: 12:y/kZL5fHaXK61fu1zygN/FmbbZUbtXAc/TQjdZFj9Ac8TVL:N1R6XKfxN/FtAc/TcdZp9Ac81
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF 2.49 KB MD5: 3a9fb2c01d8d8e09a1ac2619ff96cae1
SHA1: ab0d1c2da5576d0db4b18e410ddfd655b5a071ab
SHA256: 8b00980e38e07d87166219b8d1389d6dc724b614e09a1a7110e8b1dab9418046
SSDeep: 48:MMzg8kBgoBBdtmA7aTRu9O4xz9lPYLk/x1u3LFHEUObLQyLsuM:MMziBB7v854pr+4IHHdB
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG 31.09 KB MD5: 91d31382ec52828b350393ec25f3199b
SHA1: f6e575bbf5875a101c6b7c4a4ef197c39844b977
SHA256: f3142d0691799895ec7a488bdd30941e4cf17668d186e2a28feb9c2cc723b4a7
SSDeep: 768:4LDWpUSCb2OcRYZXJY1Ekywxntui7GjzI1MuCq38n:b2Fb2OBZ2tZnsi70M7Cq38n
False
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF 6.82 KB MD5: c2dd69158274d793bba30224ad58d207
SHA1: 2c88d7282efc879f84c51719c227c67de566c873
SHA256: 14f9788492fbee641599f4fb3d7e2544af0392be5ac459968d9608935ce71175
SSDeep: 96:U6zMva+RLKG8ZM//lwagJbP///YW9Do3mjRRB07yiQhVva+7:U66Rl8ZCNwagJD39DoeVeyiQhN7
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG 16.35 KB MD5: 1651b875adda5c0dabcb00ae6d130771
SHA1: 3e308f5f0b6009b979f6235bc3f3ecb98d2642fb
SHA256: aab761e5f62695e6c0e3b3a10efdbb07d352c39d36b10b587eae2acb0fd6440d
SSDeep: 384:3motFXFpUMf6Mrk/41Gzbn+FpAUhYAOUJpEK3TRPxp8AEMA5QnTOTpAQ:3ff1pUMf6b//gXhsueW15ChST6AQ
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF 5.49 KB MD5: f3d931e0ed87f24e5ed2eafc12ba8912
SHA1: c34c2a0a01a4d3af02232885daf8246539f94753
SHA256: 2bcfc6ac1471fb8bb21a6056b352e9500add2ed74126b07093fc510eda111784
SSDeep: 96:vOk2gzrucoKkUU+OEKWaioDszp8iWRplMvSeeDRsYm8ouVmuP8Sc/INM:vO3gzruvKkUUXBYd9h7eljN9Dc/wM
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF 2.37 KB MD5: e47048fcf39cf1d262750c7df017e9fc
SHA1: 57fba8f2ba3bf3889c29512514d19ddb6c8c7e8e
SHA256: 65149a5c6c2977b8f484b59213e1e59dc1548cc6b25d92b8d8f7aefe3a986470
SSDeep: 48:2OnUqcW3gHKvCkdKAhpR9i0z08cVGJvA01wOfF+95apz/xqP8srLGl:2Ok2gHKJIAdIhoJ51ww+9Y9UPtPGl
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG 46.99 KB MD5: 1929756cdd1f6ea5245b25c1b3f2ad1e
SHA1: cfc1823236dd997387fa822eb85ce65217bba0a7
SHA256: 854e4e14b5cc79b8f472a2121d577caf9b3f089f7c3a8c4b810a4ff266c5879e
SSDeep: 768:tUmq5FmOyUzqDXjKbnnUH4MF96vUVCgsft9/ZoFaEG7To1B2yk5xUzs7SijvXLWc:emq5sO5Wi7nLQ96vUVC/ftJKUN7ToWTz
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF 1.64 KB MD5: 7e793a99b0aa31669c713fc40a52925b
SHA1: 92ea3cbe436e3912860f5d520d75b436dee363df
SHA256: 19a44adf7bc5ec71f1b465172354586c1383bda40d19756bec82d4430b6ec4f9
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQnZuyLN24Jb2Z21L/TUVIwMhn74GknB:EAOpFu5jvr2Mk3juyLI4JSZ4LQEkB
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF 0.75 KB MD5: 6901c88c04c2e33d444aef6006b7bcf2
SHA1: 28d27d4470cf95ddc0ecf941f6c33a430c977d73
SHA256: 725a5b2d97ce1f499583eb2254f3befa2ab335558d7e312ac8eb5ad927ecc159
SSDeep: 12:dXTAjD+QxDJwTEpew3kh/C4gCXPZWa58z0Z71TCtvM6rdqp52NYdGRPg6q5B2f29:Key4EA+k9C4gwPZv58z0Z718Mcdk2wz9
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF 6.87 KB MD5: 719705c2dfdf032f488d36f9faadf116
SHA1: 64df24803651f701bf8d6b6c4faedf1d9fa71a79
SHA256: 94a0318905c1803ba3b7f5592a133b2ec6e15171d7b88db3f37233033e1ba752
SSDeep: 192:bLEPC9vYDXrCiDlVEPo5bw4KqTzw6l+MpYGZNkewD5NluH3dnij:bVQDXrColVbVwq/wfMpYGYegrENij
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF 3.07 KB MD5: 6aa28565db5ecb60b63820d2f62050fb
SHA1: 45923d52d13aaeb8817847c11dde12cbd77e007f
SHA256: 1ef7641639cef1d8a62aebd0133c8fa7fb1b3dfad2d00a59957fcfb5a769bda3
SSDeep: 96:3WeC9OtiaHOrO11xZRPnUE50Pbg5y3rrwTja7aTp:3WeC9OYYOrO13fUE5kbgE3rgp
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF 1.32 KB MD5: 423d2e2aaf0e79f47a445b43178dfdd7
SHA1: 14df6b8b0c140563ea5f6288037ac99e37b50429
SHA256: 453f5d839f81116112929fe765757b76b65c3dd0b7796cc7d92b031c509d0d7b
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3oFs96XjJlCebRsyrz1IJ08pGO9k/hYGHkq:EAOpFu5jvr2Mk3in3RsU+OekpYGHyM
False
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe 170.35 KB MD5: d664e40ae53c5a2e4aa978068cdb3546
SHA1: 016c3a46b8ffae5af9c7b682180f5d4f7b2fc17b
SHA256: 48b0471b22141e7a2504dd7c7ca43d3327b143dfcc6414bdda0af7ebb697bc6d
SSDeep: 3072:pZHNa1L0OpjOFFyejsafB1nl318Alebo6kdmPcifjmp4EQCQvpBizXcrIfeM0S8V:r0Fpa2ejsafR318Fo6kdm0ifr/LibcsK
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF 1.42 KB MD5: af9049084a7185dea2eb95587382e9fa
SHA1: ccc88dce84d93208a1267d18516fd49aac1cb379
SHA256: d4b99649b88bed69d4ed76ebf5ec729f4e0dcbd43d642c50abe2ea63c81672d2
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQEC4nLpg0RIvZRlK/dcAWX71BKnitkc:EAOpFu5jvr2Mk3+pNgcILlecAWX7bKnk
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG 19.03 KB MD5: a84ed82c4d7545f637928a44354084e2
SHA1: 3c1b740ff7ed1cdff66a2e03a41269a3846eb90f
SHA256: d20fef1034f4e89a11058b64854adaa1b868956c4ef41e3fd9babc31de70877e
SSDeep: 384:Fu+BpjxDCTXn9UTN/VbrjpKRYB6Rsppo4z0cbll0enF:FuYxDCxU/bXpKeBME/z0QxF
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG 15.37 KB MD5: 557bf5a5df5bf4aeddb416d95a3bb762
SHA1: 17002c6190f7dd7424527e086e2c615334b2ba56
SHA256: 9a9493fcd8f6dea6a98bd9676c2b849e4a5e403e0718d97cf3c492afcb326997
SSDeep: 384:WmwyfsxfmbFvtjKmpblIXTawLoYb5zOKOpRZQ+ek0iY:WmPUQbFvtjK2mXNoy5zWpzQ7kHY
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF 2.26 KB MD5: 8d4bc05318f712d405cfcfa92bf5c33c
SHA1: 96c1ae67c99885f42ddb79433a5a9b5dbeba5c89
SHA256: f96fc652e4cf2a2bf3dd9a97ecf1017c74646a999bca4bbf1fbc33917c5e1bd5
SSDeep: 48:kOnUqO9+0ieGc/2cxOQkDp+/0gEmuRNqDceXru:kOIZXGcucMQkDk0gcRIAt
False
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 530.57 KB MD5: 0a583b1dfe415fac214579ab0ae65ab3
SHA1: a68d4a8b4a4be25900973ff37a06b57ef62ef487
SHA256: 7e072d6ac26bbab597228ee58ee871f7d32c946ab9b87f4ddeffb4f7ec54694b
SSDeep: 12288:jmZ5yE/34ueknA0/gVl1IvcA/yCc3vR6mNlec0jhmFII/OzWrm8ikVA5jk3:U34ubnAGgJ8cACI9jhJOKy
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF 4.84 KB MD5: f900518244f4a28c5d234540d5e26afe
SHA1: 5b6fa83358ec3fbb37affe838ad6d86de848c424
SHA256: ec4ca7dd447a0d98025648647e404e45d0e8fe9981cbb7102c0609c669e4799f
SSDeep: 96:z2xuQTN8W0BucSfR7gzqNZbedMZuJwqeXN3am5+OlAHlca4dZpqi7g:axdN+uR7gzG6dMcqZ75+OlClwdZpo
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF 1.52 KB MD5: 5931e2e3a1e732992a632090c3d9cb43
SHA1: df18e0c63059c66a9c11d2b6af5ee3b48be71dcc
SHA256: 3a7b018747c1bc229f13ce69a68186baeb3c2ebae01059fd8707f423f995a078
SSDeep: 24:WB0NSUBDjtZnm4Dg9G//OI/nEz8BTnu+iyuRpKHI3:WekWhZnhDK0OI/EzMBi/RGI3
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF 2.66 KB MD5: e668c910ccd0da834b0243a2bcd648ed
SHA1: c6ce6f7ee32a2264153fcf5196f13ee38bf57652
SHA256: 9d7ac9918492d896b1415c2a30b773884120078c1d60179447069dc580aa34a5
SSDeep: 48:Crl9kNJKoozvHd7OvDoMDFI6PyIegbsRJqk6H9Vx30BowDnxBnC4TiZzCVYYR:CxFo0HVOvDoIFI6lfbsHtK70BowDxrEK
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF 4.29 KB MD5: fdaba3d8eafe87024cf278c4f8fcfddd
SHA1: ec1646b57c68e1e317580eed3414b0c26ff6496d
SHA256: 61e2d657a680cf7abe9331ffcc62172c210e0cba0aeafbad9cb3cbc14157a477
SSDeep: 96:1NaX/foUfVfoKiH6nGM/cTKZRVrFnNPMuBz:69fdNRFbsu5
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF 4.87 KB MD5: 32f6a361175732d5349eff129c2e6826
SHA1: 31ac5188ca3505afea27b31c92d6a3fc0dab06f3
SHA256: a37ce1e9f113fafce3a0c18498e6b6a52f97501862e330e658357a3313aa258b
SSDeep: 96:E/pQ5jj2MQD2i8CmLILeoF1/RlZ+chPCS83UY4qIc+8/+EIevOiiogtJ4y:E/25jkyJLILe2/Z+CPjdf/e2iiogLD
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF 7.89 KB MD5: 67202d0aef3412db2c2400cc16ee83dc
SHA1: ba635301954c7430db939f24b95d170d3f5664bc
SHA256: f35ab1d4c72c7c8f248bdc8e8eaa97126ba3688ac2c8e62dd0e93fe200eff066
SSDeep: 192:nO3gqhwZdNbG+2NXoSjstiJTR8PYGuYfzRm3gdvvAMQ:khwZ7G+7SotiJTR8wM7RT4h
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG 11.30 KB MD5: 801198c9ced740c8e2bfe979048d29a6
SHA1: cb015b2ace22e06b513596a79086de58ba88440b
SHA256: 220ea4632511e7f2fc1beea166a92e51db5e0a51ad3c9bf4e0fc3ed6f27f93f9
SSDeep: 192:MqJoxX2BN1shK5OpPtz+0wA2tGVQPHyCGLF6NEhDtf55E2edPg73wJDv:/cX22hxPY0ObyCGLF6NEh/30PYu
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF 2.42 KB MD5: 09ee78ab2a2cb24a0e1dc0cbb9e900ee
SHA1: 29137addf6141e0ca2f16bcff816acdd678acf92
SHA256: 0f41e06748c8203ea496569b75448f99a431d5b3f0b8ebb24a4e1e1d91565c6e
SSDeep: 48:fC6cBwpjnAJSbqNStJS3WtxZSwN7T68nTv6fANt+bm5u00oRLG0:Ju4qi3xZVT681k00oxP
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00531L.GIF 8.02 KB MD5: 8ab238c018c5a42aa7f4b0e9bde126da
SHA1: 78e8cb1406f4e37292da743e2edeaf91593c748c
SHA256: b4f05d3a97f484f1dd59d4b6c2213f9118b8f979448894cd2682829cc66a5c61
SSDeep: 192:LO3glpkMLN5zUiwID9A5Mtj5pB3OXwjmCJwLAm8d2qeJx3Ky+r:Qib5zUQD9Aq9B6wpJ6Amo2zz7+r
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF 3.17 KB MD5: dab84eb316054469429e8bf70e74f0e2
SHA1: c9af6b480bce0b969a6baf729dba714968568d08
SHA256: 9666e562d7067a256df55d7c8fb6d8c3ed13b3594527d99c95d795ac41770e22
SSDeep: 96:KJRb2NixrK9MR8MvprrpslQT7slvk7DmCrH:yRb2NixrM688rtjT7s2L7
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF 7.91 KB MD5: ac6e2219b9514b3e21a1c3e075cfd565
SHA1: 940e56125348f4c9d5b0a751fd9dc3714a3ea259
SHA256: 39eb17dd4bcf3a05a1afbca03d86882fa6e7d39ca501623e8bea0724aded178b
SSDeep: 192:bmKAPDAaLxUYvYbcH0B2xLJCjns6cSTN7yerF+bVWYEYd5C:bq7tx5vNBJCjnAQye5uJEYjC
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG 26.76 KB MD5: a9575166bcb65c6aeadc251cccf7ac78
SHA1: 262fe5d53c76b2793e58f1da840e81018756d0b6
SHA256: fd00c26bfaff61489732c5f29601a02f3c69f95ab9e89e086a1d68d350ba5333
SSDeep: 768:ZtOqekk/AItythpQwejb1iO3IBZ4gwElricvUgl:ZtOqL2AqYrQwejpT3IBZN9ijM
False
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe 507.41 KB MD5: 97fb252033ece77a304da5db38a5cf40
SHA1: 96bea2544eb91099b97896fe3b90333f7741d330
SHA256: a13f7edab25a0ec5e3123cc3eb97e015cdd2b0b02c4f1df05acd569dbc461758
SSDeep: 12288:xEZWJbgVriXwRgS0C3lFrR8TOl/EUPPlIVA53hPs3ak:xEZWJMFiXVSt8iCUPPCVOPs3ak
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG 29.46 KB MD5: ad69eca390cd16d39bc627a1512ad59d
SHA1: 78d41471115ae9b9e7c6b62f523e79647d7765f2
SHA256: 52c487aa48b9b3f1ed4cd0cfa7755dd9dfff584ce6d080aafc9d66bf3dd1c237
SSDeep: 768:rQ/FGa5mTmxWOK5m7eXehv8HfY6i5INOLWEGyM+dWsdi1:DaimxWOgmyAvp6i5IsHM+dWsA1
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG 36.24 KB MD5: e402ad07124354453ef77e79aa470051
SHA1: 4e88726fe3c5392afc74690f34dc6824a9398f37
SHA256: f81d1b52258e6d977dfb92462f384377aeeedc1b2b8e2325d2400c714e63d53c
SSDeep: 768:AnrcpqSvc0K6T7op+2dR2KHwdMR/DS9KxSJe4fTbrdUp/bz:SMFK6T7oQfe3cksECR+
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF 1.35 KB MD5: 7f65c31bddd8a5fbf40665289b44e0fd
SHA1: caa62196d2ea839713759f0e1422dc4901c99f31
SHA256: 635245940f3406e3f7fb37361c5a0d1f9d59aa2ed30abae66d3ff3d5193ade3c
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3oFs96XjbMYNd0IlVH/8pxJXj4U:EAOpFu5jvr2Mk3inE6d7/OJX8U
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF 1.56 KB MD5: 689a55cdd27f22d1ed98d991e640d8f6
SHA1: 51832f164529fa4be23ef39ba7bfb6f9604f6bc7
SHA256: ff1b9eee93f795ed6302166a5438707ebb71b3fffbbbce9be88fe9a2972e5caa
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQluArsM5elH4uA41gB/tbcX9GQUH/:EAOpFu5jvr2Mk3XTH5eyupgRmsQUf
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF 5.19 KB MD5: 8c1439fca1b6a4112fa7548adcbeb93e
SHA1: 9e8aa787d1ee3ebbd7aae42d9d30815f279c1944
SHA256: 996098c1830a3e4d80ac19e5a021a2b9176aa4d21c252358a2f91469e6d6fa72
SSDeep: 96:8qaNcLvfia0zzc35xrRcA+gQ3uXIT2TJz7jKPXjaM:7ecLv6tnc3TSA+AXI6V7j6X+M
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF 9.03 KB MD5: 7841d04f1d6aa468961a1c094f50447e
SHA1: 6cf0e2bbc834659cf1b15af938ad6dd55fe4bbd8
SHA256: deda13853aeb8a78cccb90bc8c9013aeb7ac43dad35e7e4513f0d0b8f432c3b1
SSDeep: 192:Hy2/xZbuAVaegys0Pe3ldRG+6VCLSP8SJFcget1AM1WN:h/fPVR0dVdRGpEmWgy1AMYN
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF 4.90 KB MD5: a1e6a513d63398586bdebc936a3d5296
SHA1: c368339d251171a4f844c63d55c2ca7b8e482ec4
SHA256: d8be04a36735dd15ab2687f2bef54bbfc97e8f600d494f68217273c8f8112cf3
SSDeep: 96:A6zrbo0UIGQcW2KkBm7XSZaFl2kjiPYePI+fjcnzH:A6/bLnH2Kem7iZaFl2k2YeI+fe
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF 1.63 KB MD5: 96129ca7510120301f3c75bfc26b7395
SHA1: d89a809be710de8a75f9fcc09fcbe054c114f562
SHA256: b335da0fe0b039d10a04b77481aa7e8c80631dffb141efb0fef5bdf87442cde9
SSDeep: 48:EAOpFu5jvr2Mk3lUlQuaJLj/eyuNFx7a1e:E/pQ5jj2MQGZgy1/7aU
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF 3.40 KB MD5: 65e5f33676c51d026c66251d0542ba16
SHA1: c0fed56fbeed3cf9f52fb29b6e007ce7181b3bbd
SHA256: a63534c0e5484d37885e6017b42db1fae71aacee56ebdedaaac5ade213848815
SSDeep: 96:mpZWnfSyUcR4BN4zhrNs/6Y7GAuk4aoD7yDC97KfmM:mpZWnfSTc6BWs/L7GAu32CkeM
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF 3.86 KB MD5: 53c46839d5eb0a11e5cf046dfe0fd8a3
SHA1: 6ead4276827317951ac5e0a240dffa1642642ba6
SHA256: a85b7f04bc9d916400f676dc7dac7d4ab1f914cc40e779ae23c765f82fd03bad
SSDeep: 96:6VbuEvhFdAU74PkQ5ftnfJfUxkovHj7XgTk:3Evrb74PkQN9fVUxRfwTk
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF 2.40 KB MD5: b117e462ae4337431bb599bb75187bbd
SHA1: 210faee37881a06f0b37e8cbb2ed37090c49cfe6
SHA256: 8557be69328871d20d49bd91d1ad65e506335de000653c8aa2fadeebb753887c
SSDeep: 48:fOnUqO9+02LAAl8RDhycbMyLYmWkSXg687U0VQjqsx:fOIZ2LaRFycArmAqU0Vsdx
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF 2.92 KB MD5: afbd872813eb1b6bf772494de82edb96
SHA1: 507a826d33f8bf33e11dd0d90e68cd6f1d7660e1
SHA256: 8394cdbee5c1e6dad310a952232ea217d1f825e12c97b17f74d5dabe1f6ef0ce
SSDeep: 48:6O/Te9K2O2rRPgPGJUr3s6/3SmF2Cnf/kHAUG3RiMhPqNMOplzI999djw2W:6O7potgPGJUzs5mU4kHrQRiMhPYb899G
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143750.GIF 1.06 KB MD5: f85c15e4ebe5776776ce94675a110c6e
SHA1: e23e607d00815818669fd8f22442275ae4ac82fd
SHA256: 1e37d9c6d684323fb565a051eb431167253ab15b15e938ae625564e57791fe31
SSDeep: 24:+Tu13aCUTIf22DeqDm6++KmAHO5DDDDDDDDDDDDDDw6Jkm+VTIbjWYe:Z134Ifteq6nPu5DDDDDDDDDDDDDDw6Ji
False
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe 97.34 KB MD5: 67664f5f80824cf337d536d32c287568
SHA1: 1e43f0879b55b58953a20cfb10a54430e6c23bd2
SHA256: 915f117e1c1143c61e7b603fa0a5a92b49be80fc67a78a299780c842cbfc25ea
SSDeep: 1536:wCJQHwJRiH8vNNZ2J9y/4S+n8JXOjVDSzy/YW1j7wPZObnia8H5xxOC0En7D:wCQHuvNcnVh/YWxIYbiawGCN
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00673L.GIF 8.23 KB MD5: 1324c3c806fa2f7625beb7a9584a26fb
SHA1: 801f4cecb7694dcd89da14f3ae259c6bf7ab70d8
SHA256: d2a13d77bdbcd24e92ad0d8cdf408b37ff4d64015c0fddf8e510cd2fb791344a
SSDeep: 192:LO3gKsbLEv16Xfiz4TdyWnfaa6fJzve7vSffnfig7PI8C:QFsbLe16Xfi8TcWnfaa8YMffig79C
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG 20.09 KB MD5: 19cd1eb679fec9dc55cab1aeeec00b1a
SHA1: 8c910f8c30f362d7808851d440ecd8e81273f80f
SHA256: 93576ea599e458e56ba609e622d300e99aaf923971d47eb748a5654080caddc8
SSDeep: 384:DowfOdEQd4N4X9yzfkXE4pOYwhrU3C94MdCeNUqfCaVVrsN0VdwCR1:sGOdEk4NiEIOBpUS949euwruMdz
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF 14.95 KB MD5: 454e9ff1d50dc76dfd9d53b1029f27e9
SHA1: d7e9236aa25e4757e0eee27e93b9c6e586881c2d
SHA256: 76ae3226b9d54c4d9e7c8ebfff6351614f050e2b5225948ac3c234301961a773
SSDeep: 384:psmhHgXtMrtcZ1jZ9MQjHw/UFjVrZUAOGR+QTh3jJ/:psmFoMtI1THdnrOMt5J/
False
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\SmartTagInstall.exe 15.38 KB MD5: ef4232027083d37c7ef14a5169c59ff5
SHA1: 6081bca8d9d571e460eb11394df56c4693e48264
SHA256: 65c55176e4f4a4e37d987441577652d62ea80e2c5f0e11410dd57aad3cb64250
SSDeep: 192:HD5Mc+RmkTc+2azp9zp1sl1wHtqaLT+JXESdifjcSv9lJYvKOoyhV:j5F+HA9OvP2A5LTipdi7cSv1Y1hV
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF 0.99 KB MD5: 614b09bdc9715c5302193e9b803b1b2b
SHA1: 9a99ad9635f0a97332f5cd6f95d69fda1a7eb88d
SHA256: 87cf6a6a6a224cdc2e8dc6fccd40e2e0e7dd7ecc53771bc5feb97d43caeafd96
SSDeep: 24:QBh6uJq5who/azvsifXbx5Z3uSNzGgktQ0J7gUxjHpR/81wEg:QaEaw/QwXbx5Z3TqJkCW1Jg
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF 4.57 KB MD5: cdd81fe14278ff94df96f35097d2e3ea
SHA1: 6ba65e58e8cfc60e08fa5d9c58925e76c18cd0ed
SHA256: 6a115cd0d94ddc8175ed7ff4720720ad3a8aeeab6ffae3b9e106f9c4b173f3b0
SSDeep: 96:LOk2gQTfHPDkZuCwDygqhhLptVCX7wcP8aF0A7p5CvGyoQBW3:LO3gQPDkvweHLCXJP8GHpfd
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF 0.92 KB MD5: ee73edba15740bdcd3994f0bc43a760f
SHA1: fea2b2a773e5c7803c0aa20085a228fb8105f81a
SHA256: b83e6aaa41e40a96400fdab336b4141990bab10aae4c773e1622164314d3bd61
SSDeep: 24:v06VyE6d268Eq3eNiKYItQGY2lmw6dO7UTQ:vHQ20c20w6o7UTQ
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF 3.40 KB MD5: 4674c2d404d9fc1574f45aca052c6b22
SHA1: 74a47f85142defc720740853d5e890472b53f352
SHA256: 89c458f7fc023b19f61f4fe2f6339404603f1795e58a06ecf3e70dee50cb9683
SSDeep: 96:E/pQ5jj2MQdBLXwUQUdd+PQpHQ0ga6ZcrYv8XKpJuGyi:E/25jkdBLXw0mPQpH3V6ZwUpJ3yi
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB01741L.GIF 3.53 KB MD5: 8367f98703ba1f68daae6f710b82b4d4
SHA1: 8204c40558f1ff019553c2c5199103f03d7fe2c9
SHA256: c4e90c14f5788144037bdcda8c0e6d8a84ae121d8cede5eedf97c8fc903640e4
SSDeep: 96:pOk2g9q718h/GVVVD8HbBkPWSlrK3DCIBsO8k:pO3g9qmRS/D8HgdbIBsfk
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF 2.61 KB MD5: 6e23058b3998f2c24635e616133da99b
SHA1: e7a5fc94158c947caff500310e77621288e466d2
SHA256: 0e649c08d1d6dce13fd36b8fefacbf99575ef0342cd1ffcbda1e60f0dbace6ef
SSDeep: 48:hOaYHjU7B4scMa1J0W70B3Js8SN7gqlY/jvSw0MVNlEUBuxRaMNqMUuZ7J:hOpqBzkj70B1q7gZrrl7WRaIXf
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF 13.20 KB MD5: 46b9d8b5e344686e627aac3a5fb1728c
SHA1: c2e66e2ba99dd4dde72400692ab81e4da7d843cc
SHA256: 16eb193119f850f9d6c86b4e54c0aa96fc288a39d173a57affed21060ad58ea8
SSDeep: 192:CRQN4pWug5ZzZ166H4wi6qWoqkjBmhIjpTpL9bWaEvoxi1p2ggYJDlEI2uiA:CyNM4H4V6qfjBmhI9dL9bEB1s7YJJeuD
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG 43.80 KB MD5: 6ff56c1e395e8791c966d6186a3fdd9b
SHA1: 0d4a9c4d33663c276387a29c691905c1f67c4073
SHA256: 63ecd3db9d996d9d73b5464fc00b7966fb7576be90bf42318cc667bdb8e22917
SSDeep: 768:IXWxlsq6k3vM7b2gXjjLhwQ0WdhvyauXK121kFD1MFas+Ef+OQZ+gjmy:IWLR3Q3jLuQ0RfRkF4y3OQZLP
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG 28.62 KB MD5: 10f893a3e81fd25d5c6cec38340cd318
SHA1: a0cba43ddcfa6e8b23326396dde6df2d180398ff
SHA256: 02c473f000884e1b313a326b96c203cb6e0d78f2d4f92426e5a6d52d9288f10f
SSDeep: 768:43DRygAInPOoBN457Dwd4pnbXCSxMWzuui6Q:cDNV7sEDSvPM
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF 7.41 KB MD5: fa21d6f73483d2af3c235240261d5475
SHA1: 63cd315b5d0a973c9ea112eb56f766616746f11c
SHA256: 3552195f3e8a4540014347b93354390e4ca6ffe5b568c7ab9eaea0c25b455b7c
SSDeep: 192:Z6jrxsGJt4MM0hdwvAu0VbZKCSWDmRpS7j84afMe1AM1WC:ZK1CMjhVzVNmWDB7wbz1AMYC
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG 32.24 KB MD5: 9149ecc9cd05a5b41169abdd4ecab813
SHA1: 0fe6cf1c0a6c7046768fa76aef404b6798e343c3
SHA256: d79cfcb0abe8f86a732d972291c133133ce8069f516469cf6db2082808bd75cd
SSDeep: 768:1pP1MJl2yhgEmH3pNWAdnlrO79lPypeJdCKoCTRMo9lr6UWi:1slXG3uAdnlO7qidCCRMoD6O
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF 8.04 KB MD5: 0096a7da3513fd2087ad2982e6d0f95b
SHA1: 41085a40469574db07123cf227d8185a915d5ea1
SHA256: 574ff77d25c082834b8bec08172070b2d7e0d55c3f2642502ea03e6c03e967ae
SSDeep: 192:npO3gMTpkktsQmPchaS1wAfQ632asGJdSFAppbm1m:+/7L68aaH8Y0Yxz
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF 12.19 KB MD5: d512f0cf933b139662f3cbb62956335c
SHA1: 910cacf619c64547abdbb890aa3e1eb6f7b625bc
SHA256: b9bc81b09e43bd5e86700bce6b365ff19265e1113b03a4d50f4fe8fa26acd4ff
SSDeep: 192:PcVfwA5lZpW7LGAqrkW25OGKGD/xBXzdTz8P659WGVJh1jHQjsZ4YwWd4KoAR:kV1U7qB25ZKGHhTz8N01jHfuWdqQ
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF 3.30 KB MD5: 54f2b830b149ba1ca57de1605865fb6c
SHA1: 629d8afa43fd8f4d071c5ab048b6c1b376aedc4a
SHA256: 259d95ff89b164c58a802b9f0624227ad8dfc863aab22bc5f092e58772ad401c
SSDeep: 48:vNsJZOTwmHsORwK+PwKhCZ2aFBqOOzFFSuIH3d5jaI1x7xyHbbYtGajt2bgqZSbZ:vNaXHdaFBqV7Snrx7GbEtGstygb
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF 8.38 KB MD5: 8f1cbafa5f5929aec49569b1d0d860fd
SHA1: 9dc39408990ce9edf12ca77834bcbe7f48a19578
SHA256: 23471b140c8e05e3d002757f44c00c84220b6e93e1468ebe1366e97a75cc26a1
SSDeep: 192:L64BubtUDLLx6g8BTXNAds1vTlymgFsNsiInycm:LRAUXLx6d7B17lymgIsi+Pm
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF 12.40 KB MD5: e74fa288f0b117203e0d3678884b9c9e
SHA1: 25c3a4c233316fe04f3edd19355729566fe5f668
SHA256: c6367fd3e7b56eff269ed894b343be6678ee5844b4a2115852964410f99e0e2c
SSDeep: 384:rI2bsvKQQkhCtcopf40nyK0eSI2bsvhQQkh+:rI2wKihChfhyhjI2whih+
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF 1.20 KB MD5: e60fad1084f6fecc230b64d6e449d4da
SHA1: 3c77a28a2bb3f74a716b9d0427e7035d20316328
SHA256: 20c07c6cfd6bb6fec522540f0a83ffd1c4d0edbd7a67ba6a57f774e223498e11
SSDeep: 24:/AlXxtjmD0NS0cGSBeJcjpg5aKiQO8PThVze078yE65Io:/WDNk0OeJweDi/8rhBj77B
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF 4.00 KB MD5: 03d1c843aa39792c814983ac0ca0073b
SHA1: 0e728a413ffde48be8566850a5d660b8f6485bd4
SHA256: c892b62e1ad245c1044a730edc6ba31dc0c45f35264e776cc7fa136c4901ba33
SSDeep: 96:E/pQ5jj2MQfaC4LEFrsa3CjzOMEEOeFh/KGl+E2nAfrw4Wd:E/25jkfq2wPh/KIKnA9Wd
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF 19.72 KB MD5: 67cf2f36e97b1004561d6f25d43b2e1c
SHA1: 6bde709b60cec01a465077d9dbd98308376933ce
SHA256: 6f2ea10d8659c2d7ee7b522f13416c2d244bae55c6630c8c08deed99deeef546
SSDeep: 384:0+cw9SpcmqxC1PKlGVZ1Qvv1+u46f0qC0wdIzU4DLZln3Dmh3DINm6Gekv+vPEg9:tcCS9qmZ1f6cbizBlmDINFGeM+vT
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF 0.49 KB MD5: fe7e005c7338b2c00bb1467ab8909235
SHA1: 5c00fc3172ac690b4bf44bab08f631cef2f61121
SHA256: 600619e185f1c727b7ed3cccb34eaa8a17ff25be8b5ff29c40684fb802b74b46
SSDeep: 12:KDkZL5fW2mFehOmw4FYCukOl0wffiqxztb5wosOl0wf+e:KA1RBmFVmw4Fv1Ifiqxztb5wNI+e
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG 27.92 KB MD5: 0c4e54c5d2593469eaad5d05be1b23a2
SHA1: 7bc5a6b37248fcd35e812db67b9bf6c8a60fe880
SHA256: 508bc2f071e5d5709d6b43b931e43e77f5ee8901c2172f41f951b0052046ddf1
SSDeep: 768:GgjoSjggSG3XJH6f06h8F7fz/6YwF5P1dsZh7B:h0SjpSwY06h8F77Ct9iZFB
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF 1.27 KB MD5: cbe13be4e82094dd191de907b1ffbbae
SHA1: 4ad6801cacdfd68821883c4c2babb44f9df62955
SHA256: a14175bd569f1c67560cc4d34b451c6ee09babd3518d7b08e6d38d9899013884
SSDeep: 24:3uhQlbzuhVliMfUqcWkCIKz3A46YKSmZXb7fLRa/ET3RUL:3LOnUqcW3gUoHVasTBs
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF 1.32 KB MD5: fe59030075cf1b422e603caea3d23ea5
SHA1: 4af14ddb7e2cf12129806c58f51da7bcc0b674fa
SHA256: 38c23cd67e11dffb804ae929bde4926ef5a5cf5795ffb8fce89f381981a654c6
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQZBNVn6JM1ToqmW8pqw5NHYb:EAOpFu5jvr2Mk3jBNgJwoqmWB6Yb
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG 29.22 KB MD5: df6e8a99a05d02e83895c4cab3a61bfd
SHA1: 9e8e9aa556f01643a17ae7604551abeacd6d75fa
SHA256: 36ae4cf1e1e722a7402115761e5bca8bce6c6a69ae058943943fdcf90aad1350
SSDeep: 768:vfEs5NMaQ/iqt84yat9oipkkG4c7TeyNVZ9oL:HB4aaiqt84yaDoKGxeyNa
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF 1.02 KB MD5: db738104771ed4163337f4d557c1135c
SHA1: b92e8750f4fa3c58f94dba2b4b2a23f70d5bba2e
SHA256: 55d75c0cd55910cf8f0f083724b9c06a3b8a12b1b88e96b5d4c99e991b86b9d2
SSDeep: 24:eTu13aCUTIf22DeqDm6++KmAHO5DDDDDDDDDDDDDDupF/EMtnRan:5134Ifteq6nPu5DDDDDDDDDDDDDDMhJa
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG 31.84 KB MD5: 870704dbc7df244fc6ae8f5d2908d4b3
SHA1: 7906a8427fba3b585382d80ca153feedc450fcad
SHA256: c19dbb2b0f2069b096d48d27094ceb74cc2370ec18878e95c4fe9e2b04be6eba
SSDeep: 768:vy1bw15q6fWMPsCzme42yUz/kpm9K0LBkFi8w9/RSp3lK9OFqBzn:vcsjq6bPyUyUgm9ZlJ8w9ZSp3xFqBzn
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF 1.12 KB MD5: 1c7621b47095acc693262ce9230781c1
SHA1: c99c0fa07493308c14853620fe226892e4fd4cf6
SHA256: 905216bcf15568fb1e1e65f320347ea2f84bcc85f0392404a97ceb7ccb47e7f5
SSDeep: 24:EB1TVY7eJRMBO05Y7eJRMBO9VwEIV8owbg1J7zzNo69kbyO:MObO0ebO0G01VzzNo69g
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF 2.00 KB MD5: 4f1e5e3cc71a53f96f0c7d8c2f60f1f2
SHA1: b19c8e5b4df044d0db448c1187be2f732af6e4b4
SHA256: 4d3a1c1b7fde614436cdb24a276813070c32ddad147e61c47be024943f954492
SSDeep: 48:EAOpFu5jvr2Mk3dEcNOZaUFP5VbXDqoleI27wVRDVzUfK:E/pQ5jj2MQpOZfjVbXDqQ2yFVwfK
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF 0.72 KB MD5: 3b502086d25774fdb6181bbce0e422e7
SHA1: c0998cc225751b073b2377cb4d8e782f965d1efc
SHA256: f7d271e716d34a1e2092fac03335a1938f90332b97490cfa40bc92a923fbb986
SSDeep: 12:oapBEghgHYTa2zB/gxcl7aeGOJPWRnLCZVEGt4wJVTHMwFDKG7Ycgc7TI5gwm+6:oanWA5l+qPWRLKEGRJxDKG7YHc7TEgwY
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF 1.39 KB MD5: 39c700c304fe2c617e52c15478d963ae
SHA1: 640c697c45a43a5099df42719242ed93ef0020b9
SHA256: 9460485ad10b359e703b82856df90765e05a704a0ed7aed5b78003af80dec707
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3o/RsjAlFmkLeSuWlWDqWWmkG/IL+s5x:EAOpFu5jvr2Mk3YRsMykLeSvlVMzU
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF 2.54 KB MD5: 43925c2fe4fe551fa4078681f1820132
SHA1: 32ebcccbc2e8d32c982d145e50d645ccb5e02f0a
SHA256: dd1f03acca9729e1cac39e194545ffca51cbbf25a6c76ad507e7885800f0a0da
SSDeep: 48:waMPLWkPwlfh/MN2MpVCBt/YsfpifDs0187FfLavZcUM6I5EJpG4ob:vMzNwlfh/MN2eCBF1wHq7FfLavZcUDIl
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF 1.32 KB MD5: 1043a14afdc6242d470be96e61275844
SHA1: 2e665b7f77905e39702f1de6f96368bd2a7735ae
SHA256: e723cea4c585384cec2b3cc8ffe7ad3776094a91d03f2f63da8bcae75f8b11c4
SSDeep: 24:uFulN0A10NS9L/91axRjQrZvUMGCLgRPmZFJBr2GKVEHDKfTrM2hBmY6Bql8:rik9L/91axB2ZUMGCLgR+XLljKfTUYsv
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF 2.94 KB MD5: d638f094dacae189c79a399dc4d6ed9f
SHA1: 385ba54fa7bd0424af43f8c2cfa4eeeff2139b34
SHA256: 20eeed5c2d7afdcb5a6e31431154574563436698b6c6c35ba413a4d3a50b0b2b
SSDeep: 48:7OnUqcW3gIhRye6BG5zlVn0x59gAGMyzfBYX1N3LW89kem:7Ok2gKRuBMV0zgADJ1N3if
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG 42.26 KB MD5: 8362ac6f8fbde4a2a9ad421e4af13c08
SHA1: 333b78fb38cfeac80af0cb5846a678a8cb2f278e
SHA256: f501b4b01f77f0c9ceda68c848e02750caf959f4c143e859e0279aba3ad91a86
SSDeep: 768:dXyqYXxzN6+xuTU2BF+2axONNZ0Ej4VKJIUlh8M3ZY2NszVy:SZ9xuA2BFQrEEVcJ1ZY2yzVy
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG 36.56 KB MD5: 8c5c8f96afe2100c568ada178519ac94
SHA1: 8823b5360be18e87be3280cca26eda3cc5ca0aff
SHA256: b508de82bf571012030216b97cbf23331628e4f2c3bfbc1b5319462b30b73072
SSDeep: 768:nIbo1tecWwQbAtnOIaWh3jVGhYzPI+EzTOiU/oCYmzadJz5j:Ibo1XWwWiawZxz9En5U/Tt+ddl
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF 1.88 KB MD5: c44093e93c939fd3fd1e602f52fdf086
SHA1: 5deb6d42034f303e3b160e53365867d903188072
SHA256: eb58f77aad5692c859716c9f092071879c91b30aa7284739347dcdb765f5cd8c
SSDeep: 48:EAOpFu5jvr2Mk3v8uoFn1hex7vMh3/857mLNTavgjv3oc28:E/pQ5jj2MQUuoF1hS7y3c7mxeob28
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG 41.46 KB MD5: 531c792163338e65f78c473134ac34d5
SHA1: 6444fe3aa47cf07f0e259ed4ab5aed28988b9ca9
SHA256: b891786679b1ee68a61b8964522e7735d21c45ce13ece9ceb1d0eccaa1709883
SSDeep: 768:LyPf2LSSNtEGaNPTxbwC7HFCX7UjIp3+pEq5+PoXxvXwmnXA1TUQY3:sCjEdZxbvCLUg8MPqxvXhX9QY3
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF 2.51 KB MD5: 6bc479bc4c086e5f2488b360e8413bd3
SHA1: c92ba0ebb860407a8e3f48e4532d8feff44cc7be
SHA256: 76c44aea0a19426769765ae52905f053176b43780d257c2d9953a4f8172fcd3e
SSDeep: 48:pJYknyHoBApc570OAwDuYc2AJUKq4K+drkgC7pfxDg5krpWZuBAmoJ:pJRMc570OAkLc2vKq4w97nUSrpWQBAP
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG 32.69 KB MD5: 5f2c986a1dcd47e70634cbaadb01ed27
SHA1: 5f065e6ee3e46742a8e3aad2055bf60aec23a463
SHA256: 9ab13ef294554f17c11d01f34307f2956d10a20f9604b3412d4c27b1409608f9
SSDeep: 768:45/HIf1qxHoecPsXHgq7J4orawkJTQUsYFHGlxaI4YCxKCwq0:SKqOeckwq1JeZTvmnQY
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF 1.38 KB MD5: 641b1c91f3099fd5e44394ae288f3e1d
SHA1: 45c723f508749e7f2fca1a1c932796426459fe88
SHA256: 3f79cafc14dfed12ab9d1f0ba26e1049f06b456905ec7392933975a39641a0d3
SSDeep: 24:8hQlbzuhVliMfUqcWkCIKz3A4mlbmvZQ2Sds/HBtq4abTYoRRamQb:pOnUqcW3gVKvuhdwHBt5abdQb
False
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG 1.04 KB MD5: 7b80cb4733cc9805632c3d46391518cd
SHA1: 3b35788498fe9af05dee506b267ed1a2ede2147c
SHA256: e5340e386612a18863b3aa5d06d44ebcd46a89dac40fec5c19ce756e9a77492e
SSDeep: 24:vPSmbMJy7i5bWk/ZcFsBfUPK5Bs5FEE9Eac9nxVVejEE2f:y8m5b1/Z8xPK5+oVA2f
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG 31.67 KB MD5: 1bfaca7741dbc287865537b326937513
SHA1: c79b1887eecd374905b4d79bf754ecb82c9e010a
SHA256: 4e504b401e30586c189a03352e8ee145d8e5e6ea2247ed202300c4b0019f3195
SSDeep: 768:ClPgIU8lGz+N1bphXLgSCSdsjP1xQKXOhlSw+/YL0sZUwjaRC:C5gIPlGzcjhX0F2G7QKXalS5/CTpaRC
False
C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE 614.91 KB MD5: 92a394b2b50432b5ac5201b672d2c7ad
SHA1: 4a473c5f17391ba5ed713c7412bcf41a18fadc88
SHA256: 549887579358ea224135ddb6154cc4f529f60e806d5a1671d8eb39681c07b927
SSDeep: 12288:mrPDOoj8JBvTYpEKX1UI2iefgNhUQYJ+zDWUd81jU8jjtNoC9kkyKAoX+:Iao+FYpE+12yUQFDWwwP1esX+
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF 1.67 KB MD5: f646c131f05240589dc5fef39d7e11b0
SHA1: b25e7129c36608639fe5678af413ff8f498b0e33
SHA256: f8468e037cbe66bcf29292294d760289086cdf1fca6c7919f5d275de52bb5c9d
SSDeep: 48:jq134Ifteq6nPu5DDDDDDDDDDDDDDXTEdHX/Fg7upsiI7fo35p:jI31tfEPCDDDDDDDDDDDDDDDJ7o3X
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF 0.05 KB MD5: 5f590f8706937eeaeb8b2b4f6779529a
SHA1: d2cd5d0a8508deb0d8ae18343fb8ec73c5d44d5b
SHA256: 53e6fd1475354165f3f9e63102618d488d7991abe7a069547c45d93e72f1f1c8
SSDeep: 3:CyVlazLO+vu:jPEy+m
False
C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV 26.18 KB MD5: dd2172d06edc1e918344b107a4a387ce
SHA1: 95753d1a1656b518ec43b2241a10db8e2b66a83e
SHA256: 994ca3b0625ae59c14e72b528d28793cdb8a3df91cbbac4b793da7000229a689
SSDeep: 768:99KYhe9ZLzf08tL7lF2T1zhnHvQinuKdBXwG0bGe+uoyW:99KYk9BzvL7oldHvLuyB0GHuo
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG 21.24 KB MD5: 47a50975751ef88d412f7fa32e288b30
SHA1: 9c85d766adaa2f260d51db6a18e8eec8db97f955
SHA256: d34c6734115f9580e43704088575a321095e18a952760f0f7a57b5b6825e24e5
SSDeep: 384:swGoilOub59hCbjw1JyyTSdmV48NxJr1A3ETBqt5paD4CM:XPi8ul9sUy9MfxdRTBQZn
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG 46.84 KB MD5: b9fd5aa6edaece993ee5466920aed3ea
SHA1: a4fa849aa3ad1c7bbc969d20620b4491571d9df2
SHA256: 9810322eff27d453641a927021a62d7207c6b1e281f29ed07f602478ce110a0f
SSDeep: 768:XOMN9FnS0wKXKM5YWStrdmd45uMiyh7+NjbXMnzoUzaKX/PHEAIIBR/IRZXuTXwI:HN9FhjXKMKdmdgiyh7+Nf89aiP/ePYu0
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF 2.16 KB MD5: 2ca98419e158f42408c5aef2ac5d803e
SHA1: b6812012229ce5f85b1e6a9c16ef716e28b91c69
SHA256: 599d4bcf4b2d57e8e4a5b8fc11abaeade8e0ace628f95cb447ad87e83315da06
SSDeep: 48:n299jukPAMefg4Xp10eyG0UBX+6ZQCxdOaNTypS0:2DhA7o4XpcnUBTZtxBNypS0
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF 1.70 KB MD5: edfa394b59a83325e60086078b8f25bc
SHA1: 781563cee81f922e9c2551d037a22d86814e7ba1
SHA256: 1d74dd669df9e840ab9b3e833d86c7515a757b80587e367818a22b329669593d
SSDeep: 48:EAOpFu5jvr2Mk37LM6s80/FXlwoRE47zT4IfFZk:E/pQ5jj2MQ368uF1Lvz0+FZk
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF 3.53 KB MD5: 46004cf0324398d352097d05cb3e0d6e
SHA1: 37f365827cf75776148fb417f364b8bc8fd52753
SHA256: bcacc5a768fe640910d982d32abf20dfa00153ef0a79b083d66ddd0c0332997e
SSDeep: 96:k4jbcUfhV+W9tnolptUTi9N0GhmFjIsUVr:kKcLWfC8e9NchUN
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG 32.77 KB MD5: 90563fdf9adf784ce53d1f2abb418eed
SHA1: b4261ae4dcbbaadf2528c0fc3ff824076c0825de
SHA256: 4304dee6cf0aa02b8b5b7b32fa7477c57154ff9870916351c70035e928f93096
SSDeep: 768:NsZNjiVyBSBIB2mPLOPJAqif2rMyubJveNEidAocyg:NsZ6yBeslPqAqGaubJv0Eid49
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF 4.78 KB MD5: f57eefd3d3809e0a20cf8e66971d1791
SHA1: e7c43a2dc0ca43bfc2858dbbf63904c04d62142e
SHA256: cfa725845c11b3412c847b5e12456312e1d7828d1ec5253d884a4bff6e13f962
SSDeep: 96:mggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggI:VxfzFS6NV1BJ038JTN
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG 33.36 KB MD5: fa59d924827586f5f8b40f74c3b77d9c
SHA1: 2abdc7fca7927070e554667d6bf58aee398457ac
SHA256: c0da3543693ac30d8e22e5a9f9a453dd153a052bd6d0441d15c89d4067335a98
SSDeep: 768:vUS4UgasMGgLnwe996OGJAsz7RnVEPNJg4NMhbK+lQNnq:uJasMGg/99nGJXlGPjgvK+lQNnq
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG 34.10 KB MD5: 66ec0ac768eab58d9632deff2d2b57e1
SHA1: 440c43abe888907c53b43331b2b2995c6319fac9
SHA256: 6915f0d6629219317cf0fef516de74694ae4836c9860112665c884f8d2801dff
SSDeep: 768:C2E/WygjvOqNLe8J6cp1OfaIjYc9/tqy8VM95G9buRHrCiVSv:uuyqOqw8XOfaw/9/tqy8VTbuRHr/Ve
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF 4.78 KB MD5: 7577856353bdd9c8112f7955af5094d0
SHA1: e9dbe48d94c13df7d7ce84c261b5dcacda8429fc
SHA256: 9a00367a04a59221c79cf33fa5a9b580bbe75b718f52fbcd1dcd764bc60adbd3
SSDeep: 96:1l6zPburpABvaI1uDJnoAgFsot1rAkcFsvCFeLT9uuW9aJjf:H6jbuWBvH1uDJnoAq7tVAkfKFeLESf
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF 0.92 KB MD5: 48a01091a98e45eceee655b2f98e0b76
SHA1: 11b90fa22c006e734885901a207cc792e30468c7
SHA256: 3c72bf7350a4abed59245d2880e3ae4eb1623db8a016675ae1980736ee5ed3fa
SSDeep: 24:zy15rtfUYSWVDFFfeg0lr5uoALCfDGrlMeaTfcpnn:zU5aWVBFfer5uFGfDGrlMPU
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF 8.77 KB MD5: cfb186333a921ad7fe08ee53819f224d
SHA1: 5ad3f5d9b44aed1602ccd73e5b076ca59254cccc
SHA256: 256d1bbf037c3c3cacb3508c7cd14fdf32a6ccd9c233883fa3527e777fbbf8e9
SSDeep: 192:LO3gSot41n+LTn6qytMlIagQ6lf1JnUgGlB0K2km+Lw64u:QD1+LT63tMGLQ6lf1q5NPnuu
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF 1.53 KB MD5: 9cc31577bbab2973879b168a3e194532
SHA1: cda48c47d333f36652b5089131c59e3f760c365c
SHA256: c4d561a627dc9afc9698ba7d9e8b1a797fa97128975b0fd00c1f38ddbe35f919
SSDeep: 48:hbV4EJOlZYZUhjfronz/iHIE2DkYqKRR9/6:oCCj6z/VkYqsX6
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG 17.98 KB MD5: 7e3a215b771fb630765aff9527512db6
SHA1: 0c54d8cdc76042e20f393453ffeb84bb1440249c
SHA256: 5693770e49734d66b0d15cac8ecaf08d061da6681fde028ddd347a40a6acb779
SSDeep: 384:aQV7J38UXGSrHFeGQGXIaWWUKKzEJ0frLdy9S7Cv7dcaMppaCapt:H8UXdTFd1r2nzo0ffdy9jwKpt
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG 31.23 KB MD5: 03f03a4321280c22e927d83020fcad77
SHA1: d81fea4fd13d34fe06bd9bfddb70b1d4640394b4
SHA256: ac3bbd8966f5215c0696f4ecad9b7bfa0995b02a95f2e4652760ee39024a3eb5
SSDeep: 768:Nf1i1SFCw7BysKbFaKytccqQkx8U42s261J3zYi+L4Dn9dHHR:NNi7w7By/ExccqxmTZul693
False
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe 1.31 MB MD5: 52f337abe6f178af62da475968653b69
SHA1: e49e03cb147b4a2d4471e96a57dc1f4a208db77b
SHA256: 9abc480c76facf8b7b75c2ba8f873dda0f6303fb5c67ac282bbcea3e7fbf575f
SSDeep: 24576:Qtf+jj8ZzUC/IaowFA6lPW/hjc2y6545RDqFRl4Nws/:QNvIP6UhjcAiRQRKd/
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG 21.30 KB MD5: 895c5d5cae5b3ad24addbf392d47bb45
SHA1: f5d1830f140383be421bfbb87ad1ecb3edf7752f
SHA256: 679b89cd312a88859a0434711bf883893657069b5df85cb3d844262dfa10b2e8
SSDeep: 384:m4vlsq1vq3Icate77dWmI0WzSCT670SohqtphnPlktGW9xcFh:mW9RqYd13SCT67mqtvPlktGWUFh
False
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE 818.88 KB MD5: e3844e85115cbddc33cea03e38f5e82d
SHA1: 81ab5e69816906eeb6ce285223f20d513f543db1
SHA256: 7bde8701cd837ecec564c59c63c293f89fce901548d7b78ab429e81cf632921a
SSDeep: 12288:NQFUNx5AQ1vWkbItYLK+te/fC3bHaZMceGfqlIDiBtCczDWUd88jU8MjtubC9kku:Ku3r1ukk+tyfCr6iGtDU3DWwBP+KsM
False
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 170.35 KB MD5: 3fbdd31e7c64979efe8cbad18c0994f6
SHA1: 6b70ceb896460a23a49700dbc95426cd275a00eb
SHA256: cd6d05db3154076cdf5b9394bd2307409251d04ce08405b7732b99ddbe9c0504
SSDeep: 3072:KopgfmLOe3+1OGOa9pMtTKlU/BYaw60onvWWER9Pd:3pgfZdJOa92tTKW/iacEuWER9Pd
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF 1.33 KB MD5: fefd4fc840e1a21e5d0fcf8af3869f8e
SHA1: a3ab2285e75c7ccfafa0afda484e8d7ef633cd20
SHA256: 8396f1282d03e5e42edde1a487ffba312f012c6995939ab0f9b330f16aea929e
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQLgmELOquyvCLgBgEpA9TqqxS:EAOpFu5jvr2Mk3ZgrL/BCLgBgJ9qKS
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG 18.38 KB MD5: 44ea8de9591a9052fd123c98882b174f
SHA1: 321f46bf8d1608cf1aa211ea3786b84aab10a59d
SHA256: 2ab52ecd69ace2f631c847e538d10ada77944bea0917ee64478b2886ce912f7a
SSDeep: 384:kz8Kor8k0iCdDMpJf3EUdOc2INxt4YZK5yMR6CdfBGQxFDtQCirSaB:kDygiCGJvELssqMxxFDtQrrSs
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG 25.78 KB MD5: 557e0428b85f954e23b79c3f9a63ace2
SHA1: 41695f2f8b237344fec473b25dde6372c39fc985
SHA256: 2918456fdd4b81e223033245d61d4d70fdd453705dcd2351f3d8e3b1dd53cdf1
SSDeep: 384:9MJg/2aEYR2oVsEwoYtvVtnuBPK05wxiPMRqyMfxpBtY/JzffRz6QFmijHUJjLAu:yg/aYR2Cw9jpuBy0KYERqymtqqi7GR
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG 43.26 KB MD5: 66d2d822cdca76c2f99f1b248ab629b3
SHA1: 5e0052893e51e6c5c41d6fc206be7ded2c51c28f
SHA256: 1aa9a0b4ce4f9b1cc196d28d220ce632f5ded981b27f5b10d45166b14971c0d1
SSDeep: 768:LKtwgKUqi16M75yqTUuQTLouZ7k/w+yV2OnvOTIeWj2jCVgiw:mwgKUqi1VE8QTRqykOnvOTmACKiw
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF 0.87 KB MD5: 935d768ae8409ea2eb3ed283153e0c5c
SHA1: 2ba8b5ac11bdf69874269ee0dd41d1957df9dc9a
SHA256: 384ef5db0b01d46bf103003307c581b544b8a3ac42734bb22cd9eff0377b018a
SSDeep: 12:9lLSbtUBrggvFrlCWXjur/Bzhhtli5SsJcUR6bTr7GgoVFwo9+IyGExdTsqVEYFD:HuhQlbzuhVliMfUqDho9+tGqlFFD
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF 4.85 KB MD5: b99b56c30649ed07b483a53dda599d27
SHA1: b874e1750765f8a3cb62f3d8ff1421fb111ae89b
SHA256: 08e9bde3758fe00f08a8a2ad7512060ec75e6e9cd310f3f37e4c5d4039c450a3
SSDeep: 96:qOk2gQ9hU/sSf/jBbYwI57WsFQLqGfuYvyib6DegiyBPeFUD3RDuGa:qO3gCm/bF8w+pFQ+CqitgifUDhDK
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF 3.87 KB MD5: c6836097f24a7630994f9326df4d41bd
SHA1: 7d32dee792bd63851d49311dddfcf6f342ecde4f
SHA256: eb1839c8ef4742d482c706d396b4973088e1e40544f151c42bf87b73f77f887c
SSDeep: 96:BNbKtqjhz1E87e997e68rUdm70EJjh37n4:BtK0hJH7e997e6CUdm706hr4
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG 24.64 KB MD5: de43d39ad5b58422c8c86e291659e8c1
SHA1: 70f2066c26780258f1019fc463e0efc7c2c7c392
SHA256: d5dcae3054e00a97be6d1881a899dc4a5952d87509912df8d4e5959fa26548e9
SSDeep: 384:QElh+0Dfdl5ReftFdiXhaJ2oMhLoNvwg6kJkG7F7a9J71C9wukp+PaakJoC5K:QElbDll5AbnuLWwgM79TuwHpHK
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF 2.38 KB MD5: 80fedb8697d9f40c4df14d401191c31d
SHA1: b6601d11f98b77490ce3018964b8d7787620bcdd
SHA256: a784a0837929f231fa77e629be10bf8ec4c79724ffc44a1621d7b05286fd936f
SSDeep: 48:YpOnUqO9+0nrasfbxs1nk9ZWebb98AVOG3DDWaS:YpOIZr3TS1nkzWP8O+pS
False
C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF 3.33 KB MD5: f5a7775a17f3291d5babbaa2ef5900be
SHA1: 212db561e632f2153979116777fe958519c14d8f
SHA256: 675dadf8bef4640eb3a408bee878106e6480a8fc9d5c039eb21e8710535f6d71
SSDeep: 96:2/DDDDDDDDDuh7i/sxy4yPI+zzR1kDB0IEGXBE5:2CNi0U4yPI+vvW0cBo
False
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF 1.04 KB MD5: 5005c28ea15fb9425869ea8b4d74c92f
SHA1: 0687a16f5e7fe80f0ff8d453df9cb61a7151d228
SHA256: 8dfa4486eb96abf552869d90d2b73fda6874d36150a650db991bddf378371295
SSDeep: 24:3ds5wNqfL7JaEeZ9M1M4bNXzthOT+ysS1jqXGPMdl0g6yYyPv8:3ds5wEfLwZABNqT+yXU2PqbYt
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF 5.13 KB MD5: 448295a4e2f3849466f5b3ba4506c038
SHA1: 82200d1269ea8636bec62d05d4fe6f3e7d441768
SHA256: 1ce87717b6df42c464e04cd732c906e64396fcb56cfb98a33563ac48d71798db
SSDeep: 96:D62bNeR95nDeR9545AbEbMw10iwRf4nHS9gbeQVIxmn:D6s0wdw10iwRkSxc
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02039_.GIF 0.89 KB MD5: 13443c8404ac40e9b1dbf86ae05eac5e
SHA1: 3572d470da702493f080f2b3cc4e8e03f696f86f
SHA256: 37aee9a77e71a61f1420b2ed382fc06d8827edb22ff1acfa99a0188547536a1e
SSDeep: 24:HuhQlbzuhVliMfUqDho9+tGql92OegOuME:rOnUqO9+0wegBME
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG 19.89 KB MD5: e0a1d485dfbe32f4bc24ad49e1a39915
SHA1: 8d48c2a1b84330266aba81486ea3e29b8fc3dd9a
SHA256: c28872b2572c5ab77576ff5bfbc889219b2fc1a7082474058c9a51a5c78e840e
SSDeep: 384:/b6sqxEDL+DNooWsSTEQK2IsireX8StdSN1TatUkdlYdNb:D6RkL+DNooZSg32PirIZdOTrkd2jb
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG 20.14 KB MD5: af0310a2c849d44114c4734a0761756c
SHA1: abdd1743ca3e036614f89ddccacfedf4271dd69f
SHA256: 2501271a04d2336aebe49a83f953fa2687b12a74c4f52c5c6667410ef37f9d90
SSDeep: 384:9LERI9oLGfki2n+zg2Y5Tl7mZhI5ujgyg4pgHPNbvwGqrxeoo7z00y6CH8Vwz+om:9wR4/2+zTYhm05Ej0NbvwDxeo4z0F6C6
False
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT 1.13 MB MD5: 27522279d561388756fb688d4f621d62
SHA1: a6d11be61361408e6dfce8bed6c42bd3fd574bcd
SHA256: 562b152448d9d0c1fdd8864cd606f2ef48eb151323f39693c7679926aa330dc4
SSDeep: 12288:xW3v2W/CA2lL/dxpyAG2i/6n5CAjtZdJ7gw+5+OK+YfrVi5b:Il/CAoi2x5HW+l+YfrVi5b
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF 1.26 KB MD5: 93cb36867c622bba672140fe15d97259
SHA1: 7398a766ef15a23ee8971887662bd15e6be88de2
SHA256: fed61e2d8c8448b29a6144c983561daf35d15b2d2c8abc22ac85d971c76446fa
SSDeep: 24:cblv0NSp/SlonA0h18cmnUW2rkmdbVlY/gHKClJrR2Nl:cZckplACyfnUHrtd/CgqUJd2Nl
False
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG 1.64 KB MD5: ded887badfdcbbe2503066d05e4806ad
SHA1: c04132c630b487cf5213b9b6a68034b79d902648
SHA256: c60a2892e780448691014bcd904797b8349800583200a46e27c1164eb238d220
SSDeep: 48:K3VP7keC8QJW2syZVIlsmG3FPnETTWgDh55KHhBB:KlPYeohFNmG354TWWh54BBB
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF 5.06 KB MD5: d7c48079e99aa9ed94f5e0190491570a
SHA1: a9a3871cec761fc91b014dc93a9f28a3eab81b1d
SHA256: b4e56249c137bb6eb1a0aff06081c4a83974554b236e6370a71a364857ab83ae
SSDeep: 96:E/pQ5jj2MQtDI8gxNaO4voSM8SgpxbZ3eyAvK71RMR2iEX+:E/25jkG3xsO4gSpSalZ3ITtEO
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF 2.78 KB MD5: 8617fbc08489cb36729ff85d26e486f4
SHA1: 6899c9e237af8c03e04250be6e8c7c4b72e77355
SHA256: 6a88a64d7c867879a77dda80dbc6b5435174e17ebbe8faf4cb6923bb3759577e
SSDeep: 48:EAOpFu5jvr2Mk3xyQj977QUn3uKnkJIhxRgMum1pyfv7q5jz000n2fILcIFT2g:E/pQ5jj2MQdfQMOJsTlumefjA0tKILcA
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG 31.64 KB MD5: d1a85dfc41dfc3f6620be3084cb20e4b
SHA1: 8ed756377dc38a7be59298917a4a1c2d8f607f99
SHA256: 6a6059b3e3a1052a3db8d07bc2738e0119b416e78aadf6d91e8eb2046574e908
SSDeep: 768:EeT8qLOdmBN7w3+uzo2VmBILQb07O7WSgy79HblpdT8GmOCHISaN:EeT8qLfBmlzo2hLQbLguHbtTPmkSm
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF 10.36 KB MD5: c351fef1d28527234407e082b698b255
SHA1: b3f3ece047921da39f76e846fee1c2d07bcb5248
SHA256: 4abee3e3acb26440fe2c950c55fea3feb8fe2cdc73ce5d9fc17441d21c11b3d5
SSDeep: 192:ku7slumJQhOTfLQhOTJ67bQhOD/nfvfV6/UhT/obQhOTu7z1xSw:6tJIsLIF7bIYd6MhsbI17zuw
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF 11.61 KB MD5: 331b9cf03a9955b95fdc4a3320ad8605
SHA1: 37bd2fed561479c4b4dd483eefbde35ebed3e98b
SHA256: 8f3664b5c10df44451b2b5ff2011ed0927e4e021a2cc63b33f374573bb476ff0
SSDeep: 192:k2e6calSUFwrvdb+RGMkfNzredwVMSxYZqSo+vlCyHtKuE5UG66DyG/q:kT6ca9wURBkfdH6FloQocKz5UGRTC
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02198_.GIF 18.68 KB MD5: 8538a71cb2b917ef59f115971238088f
SHA1: 5693e1a09d1339adac5a78a1bebc82e51367555a
SHA256: 8ad27815183ccaff6c2171a15cb0166c062a85286234ef9ed9fd865dcfe730e2
SSDeep: 384:ei5ZX6vr2rdlc7ZKV/5vPodeZc8/L3GJNZfeF57N+yc:D/6APRHT6fe52
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF 1.26 KB MD5: 2ec270a980a3ef90d05a2275705031df
SHA1: 6ae411fd9fd126f42cceec399b655dcb60380d94
SHA256: cd7e95ca3434dfdb465fe918e13159e90bfbeacadb0c37c6260ad51c69efd8c6
SSDeep: 24:tewi/Hx10NSNCz05yKBDwsjOxmg0pGCLg+jp6GAXo2WVKf54O0On:tTxkczGyU0uhpGCLg+l63Xo2WVK30m
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG 19.32 KB MD5: 5ee4baf0a0516386caa4978f91ab6948
SHA1: 3c1bb03fbc93d41752612fd64a639799ff92af17
SHA256: ad7909812b3fe9a77e12959310e32db97b3aa0c4ecddc31ae1f382d1062c36f3
SSDeep: 384:XSwcjsKcz/nkQfvTIjzeCqT0II1Y4jgZSDPUc+Y8VWNgaWzYydN6QoBe9x:XZ4ez/PfvT4eT0I+Y4juW+9V4gaWzYyN
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF 5.58 KB MD5: f40f513c7ee0b5d0fd5c496ac359c66d
SHA1: 4940ec361979ae074a4a7e5a423c4c7b395fbdae
SHA256: 226cc19c6ff5acdc95b4c0f45e4d6dc2c6492f4ebc7f0451e77a153866be0c4b
SSDeep: 96:8Ok2gD9QH9u/OAg5/8bchSu4G7bxVRvSsdqnNx0jnrgURXv2IADaAqQyBTk7B:8O3gD90GU/8bm7btunXWgUhfamad
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF 0.98 KB MD5: 9fe0394a881ebf9a3baeb036953bf461
SHA1: a7465da0e48a370316e4b010d32b0b075bd90d0c
SHA256: 004becd6b01e1f5d282c503dcc3b9d02917a531fed3fcf1e98716c827f01ad9e
SSDeep: 24:6hQlbzuhVliMfUqcWkCIKz3A4/4KF5WT/v2X:XOnUqcW3gpKnWTS
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF 2.13 KB MD5: cbe50950e3401236186e18684046e783
SHA1: 817b7a096011eb037a6faacf8b8b66571433a0f1
SHA256: 8cb0081910aca72ca16791ca363c937cf6c022daf1c1564c55d0defd1a53eb62
SSDeep: 48:EAOpFu5jvr2Mk32w7bPl7TXXTEDhk5onYZv:E/pQ5jj2MQ2wnl7TXX2Uv
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG 26.54 KB MD5: 2ba9087ec0b17878bf9018ecffdfff70
SHA1: bb4c57b6afb42631910f0d7849ffaa6fefc95b25
SHA256: 2e21367c037e6a28779e2eace8ebc1aef892bcacc580251d66855a138e48e760
SSDeep: 384:STwmUfsGzTothRqwDM81WtZInF1hCBG2l+mYfm9ixxC/ryMZ4Dpx7ed+Go9vCVDq:SnUfsGvotPWTUKG2sjcycnilVVv73
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF 1.53 KB MD5: b09fba096e1ed9797c9a996615d63d82
SHA1: 50970b0bbcbf7ffef193c2f3fe18a6fc8b587540
SHA256: 1b4f1485c24f0848eff7fc089545ff0d84526f204976f70390f91e50d95e53c2
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQFm4ah83qfEJopY3GNjzjCcypVU5DpF:EAOpFu5jvr2Mk3DX2EmYc39KU5DpF
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG 59.30 KB MD5: a2e32a988fccbd4f67f0f69f596b8c0c
SHA1: e28c4a1542ca650690c4977fbc4ad1263df61cbd
SHA256: 34b3fd63d8736ddc7ce02a5e979be2175ea0fa0274bb8318cb314cf655c27590
SSDeep: 1536:ChR39CrzxQsGO55g4YeSRJyLmuoI0sB434cf0di8UQdUJ9I:Cf9CrzxQvU5gWSvQrmsB434cf0g8xT
False
C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 970.88 KB MD5: b983a9b25ca63e0ece845239f7da8349
SHA1: 9250f579f0cc46eb496b369a113908fbf59271f9
SHA256: dd609b689de34997550b5ae3443e06d497c1ba4f5eb3e06254217b3836072001
SSDeep: 12288:B+jHIwAGMGckXMVPQ/NGInZF8Rifr7mo5dvLAiijnwsNtR7hjE+zDWUd81jU8jjw:BMHIwAG5MQnVfLnEJHX9DWwwP1eDRv
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF 2.54 KB MD5: 22d1795fedd7a169b26b17459802e759
SHA1: 43de9cc280186df8bed23a694581bed0d558ba7d
SHA256: 4c23f9c65140f48d542d72bfcdf90e110c68af8a53baff8a63e1d55e23a1f170
SSDeep: 48:eVrZBz9l/2lYiAzE9xqQPPNOGvzjx34Pil5rKeME5MmcLCWLmOEt7Kw0eLr7i:enBze2iAzE3jPNOGzd4al5lME5YLmOKw
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF 2.47 KB MD5: 32cda83ca5895b585cbfa5a56f4bea2c
SHA1: 6b3dad45827e9cb1783e3d7ff620acb28bc3dc5d
SHA256: de3a1aea868e62d1258c72b85c066b5fdd8dcf2a0cb24e6115e437b5eec22d1d
SSDeep: 48:2TkefjAUP1/xDeV5tf/W5tQaVfkBN80gRmNloOGUtgqUx6Gbo4CeVD76LVw9w:Kke7AUd565tf/Wy0cBNTg6o1zxbbrCea
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF 14.52 KB MD5: 776785fa0efae33f7bbb30f9031be29d
SHA1: f8382f4eb7d85e8c2b034b80b94c11be95e5a701
SHA256: 2bea70d9f4f81b4db1cc01b9e97981bbf9317a305f87a69c587af433e79176d5
SSDeep: 384:kQj1YJJ2HmCFQ4oDrg4Z9FOszLdJwIwRDFjxH6:kQ6Jt+ofg4JzA39TH6
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF 4.45 KB MD5: dc3d3d0b00fd747dbc66fbe9a54e36df
SHA1: a761c92e229a334f470c9445ee6739cb462c5c8d
SHA256: 824cf0d8663f88500484e6864b3327167e14667044bff80de733642b8f92db9a
SSDeep: 96:r31tfEPCDDDDDDDDDDDDDDVmDYN6ffgxnQiDxGVmVhs8ETXzcNcEVhwVuciWef/:zLEPCAGn5i8ETXzcN9VeIRf/
False
C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV 22.09 KB MD5: 74ad09b781c0364b366bc577055e90b8
SHA1: 18e21a37787e909cf3bc8f430a8e35ea1ec84039
SHA256: e93d14f48372326b826c722eed5f87bc6b2fdb176e12b123b0e2f7abc674e34c
SSDeep: 192:d5hUYrpBNwiBuJSV4f1yTCUEesGh0ISCCAEJPdr:d5hvFBGxJm49ICUEeldC5P
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF 1.33 KB MD5: ec4866e3d6722c87496c435157dac61c
SHA1: 6375e1ca049d22f850e2d82fb56e6ee95b4656df
SHA256: 00004ec9b1375800d073b3e076529e8bb0111d964cc559b97bd3f47906faa303
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3oU587ckRTQ6cIRTnRNyG5+U:EAOpFu5jvr2Mk3P8cLI1RNeU
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF 5.00 KB MD5: a5bae2090ed98bff7e0db126f1a621f8
SHA1: 073a40006f882caafd38c26128bb708caf1b4482
SHA256: e5e82676df95ad93abdc3c55c0a09d193a69fc9f9de49babef92e77b898f4301
SSDeep: 96:E/pQ5jj2MQcQQy7qA/D/dWTcQMYgWcX4LhevqMjByZSx8Ylkg9ENtkSt:E/25jkd7lD/dqgJILhelBmA8uxSt
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF 1.40 KB MD5: 0fdb6fc3709019226a0af4685f3f0053
SHA1: cc0e38cbe504fdc11fa387e1183dc3c63a2d4d6e
SHA256: 299aaf39c98839750f2a630c6bc48dfea0939bde5136faf59fb7b722cb32b0a2
SSDeep: 12:fRvM5sE3LJxawEe8xXRiFpmpuPFTKLdAp70e8L5FdCiXA:5Eywxaw/gXMFpmpudTsdApoHLbdCkA
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF 1.31 KB MD5: c52c6e6628e57af89f261f6785678077
SHA1: 3df2b8e2c3a17b79900081825c4d7daf63953387
SHA256: 4037a60643e20dceb688850c3ee3895d2627eded4eb0c0abf9f418da55fe11c4
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQy/sq6O09+NQ/JhP6QcrVqAkWuzS:EAOpFu5jvr2Mk365D0OQRNgJIS
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF 1.41 KB MD5: 189cd0082e996b10f77e9df658fbfd5e
SHA1: 08680138acea9d462096acbaf0a790a359e54be7
SHA256: 62986afdea85226935ed6cc8f4c54d2e1b11c72daa1df82229f6bf28d7fc07dd
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQfE70jEjvX2fVcoVOHwFVYqUNo4U:EAOpFu5jvr2Mk39E703fVcoVOQYNlU
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF 3.87 KB MD5: 437cc457485e2dbb26d79c3d1e99729e
SHA1: 63dc53b4b6a0011f37c458693cd3b15b5bb196bf
SHA256: 2a1d4b05fc0d1f7f9a7d06d3e23f9351801522d78c0388b0e96287c19e3d6241
SSDeep: 96:X31tfEPCDDDDDDDDDDDDDD8q66t5QUKAaLDOCjizSVySMthucFBJ:HLEPCkq6UeUKAaHjWS+thucjJ
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF 3.88 KB MD5: 09098787b630f7dd58f73ff6a65f5025
SHA1: aab3d27fadc2f3b926c4baf3912e60913374f006
SHA256: 55a56573496e9fcadfcc646682f0edfd7fdd2b72e3570aa1f09f8c223657948e
SSDeep: 96:E/pQ5jj2MQhWlzD6KUjKN2zs3HkVrXrMpIPkl6G+uu:E/25jkAlfwj02E+wp0k0Gg
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG 51.87 KB MD5: 515db93b56cdfdb3c32f851b942f4542
SHA1: 101fd31c96a28a072f3c5656b38e3abde2c01e84
SHA256: 8111ec9141982901fa8a4d68c9c90213c68ffb17c4980066ea9d2ae66754d8f2
SSDeep: 768:ARmcbFOtZJwC4+WrIBP7dPnI4yywA23jeOU0rByYnHURIgfTTcpIY:ARmcbFQpPFn9wA2TQhYnHURIUrY
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG 19.07 KB MD5: ec7c48f21506b1238c53e0da21518577
SHA1: b04461cd7888a006e716ce5e3b82dacbb50c6a87
SHA256: 4d02fb5b8a5588f4e0c2dad7fddf1a5497ba56cd0587446867508fefcc77c83e
SSDeep: 384:Gg3JwgCbsmOVKvWgz1aK1xPj9wzvmW/20mkR0BsWhDFXDQXpzx:GKCb6GRaK1x79JW7mOWzzQZd
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF 5.25 KB MD5: 84e41df01e011d2487280cb06abbbc95
SHA1: be80b0ef54b122157e1a0986f018a8a7473af2c1
SHA256: bae5aaeea0263c1c361fcec9acfca60258b9b3f8251044c332760f17337e8982
SSDeep: 96:76z2Rfpz8AB9tiXUB2GzAvw1cha5ULVaybKUOaR27:76iJtirGzIwieUB07
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF 4.91 KB MD5: 914f22c35f21ce6c3e3b6b5c7a66c181
SHA1: 853c9bbfc6b2de0a380438fa6ee1d82f281cb3a7
SHA256: aad24bba5fe86a1b7498a156ab45b15d3b6e38ab2a4e00df933d6729709a3bf8
SSDeep: 96:AjcvpLa5+K+K9e0QTfjo7t1EXOBubXZF9iB+TLl1UrQ/QTuvllGX3N5jeJG:AjcvpLmjT9e3jGjYXZF42Ww8utlGnN5V
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF 15.36 KB MD5: f4371e40d292e58cfe58fbb566ae8125
SHA1: 9876e70f89948a638d47bfa4a30a82565ba2cbe6
SHA256: a492ba984df2226425e09c67c99c30c44322c1584d3fef4c6b3fc10cbaa43574
SSDeep: 384:hwxp/bbrAYdMQR2pyxD/EFw4WAkkFOf82JUP/LA7+o8fze+7o:hwxp/bbFb2pise49FODJUciJe+c
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG 32.50 KB MD5: 5f72f183b62c90722562b06c6924ef78
SHA1: fbf1b83a9dc7ff6ecc22103308698a5125903500
SHA256: 4c991ef415f5be3bff5c76b4bac269d902e3107be5bb3a990db529ef460e1c98
SSDeep: 768:fxsY10O20RkQS90TeNocrKNh+f76PCCr0QBRnR0wZ:pJ88m92spfeHHV
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF 1.62 KB MD5: c25c8d48a4248d15419f911239dbd723
SHA1: d4f06fdb3bf29ac7a2a327f906dad37f0731421d
SHA256: 9deeb95cd7fa90e8533dbd3e8f8a0d685a8fddfe4bb88b928b0ead373515ef88
SSDeep: 24:ErAR0pmyuGqjeV15r6cxQB/+MWaMt3ocSQJ/HW+OJeijpWy0mkzAQyu0/M1M3CZj:EAOpFu5jvr2Mk3bOBJeijOx+TUGyPQMn
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG 24.52 KB MD5: 4000546e34c1a16a1f5664302e73a3c7
SHA1: 76ddf63e457c6341cb85c74260f8be2c986e0901
SHA256: e84bc8ec93b62492b511e074cf480caf1af6ac274bf926fbce692d01d83cbf0d
SSDeep: 384:q0jgqICK8LhLKaDrpX+NkCBJwXf+6OxZtWtaT1w85qE55KSxFuh2qxzm9Jc:djgqjh8avpueCoXf+TtWtO1w85LbqU8
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF 3.05 KB MD5: 0672f6093fd6cbbf6d04c43595ffd747
SHA1: 68af0970ada217fa8fde59282b57f916a3601e47
SHA256: 01d35051fd5983ceaad9b36a086a177cbf5b692bb407dd52924cbfc77c5d2796
SSDeep: 48:mkeNpYulJOvw/wAut41tNlQyJrnK3Uo9oMnki1EmLXJna8ooC1ct0ZP2RlD3F9nx:aNpEvEck9+UE55a8pwP2R5vnEu0O
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG 17.95 KB MD5: d5e808421bea453dda4888faf8766bf3
SHA1: 14257e7aad1ae57d98614089a889cb5655e09c12
SHA256: 763047e71d3a2022087dcc6ec7defb0d1a13078803c5a55eaa1b39f0a980c773
SSDeep: 384:zEhRion/xMZhPJT+K/DXcVRmr7umQ1mvCP5zNCNK:zSg0eJ+K/DXcrmfVCPoK
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF 1.37 KB MD5: b46e7ea738e6b9ed71bcb49b072059f1
SHA1: a061b9dfcefb3acdd2ba7a3e9278a886ad412a56
SHA256: cd7053ec49c669f48a2c6036f6beb18582b2b76d1a8712c036e7d660067ab6f8
SSDeep: 24:GhQlbzuhVliMfUqcWkCIKz3A4F9rMur6Mw4HIGMmehiNaIHcmig7:jOnUqcW3gk9VWMbHELhiNaI8mig7
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF 6.53 KB MD5: 0b53d62d05dccd6e7a372bea9e7f60b1
SHA1: ef47a3fa0b13421e63fb1b346f6277b3253d0746
SHA256: 1f5889e13855beba4f1687cdc3ec2e09cc67f73866bf829747e5994cff3eb61c
SSDeep: 192:6y5XRcETsxyaU6s+RbyJOUwCcCM0aY1Yst1aFw:JXHabs+R2JOUwCtrWZw
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF 7.51 KB MD5: be442671dac38acabfb47df53be73f2a
SHA1: 566268ed9c345af3d3ffb75335a34794c71c8ed7
SHA256: e649df516213b8fa08a04f80d5aaa3aba67f2ad212c82400122bc849e93d6df7
SSDeep: 192:0kqOaNZmIMZqg2W82NTZvG09BTg7PA7B4o1S53k/tQTI:0xXZyZ182XvGQdgU3T/WI
False
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF 1.66 KB MD5: ef88c1d4a1f0c1dd50a1dd79fc974e17
SHA1: 75ad9d01d3fb756c7e424be8bb267cdc515c2167
SHA256: 2af1ad59d31380ef71fda9a5afbeffb27c7b1889529d4614a61da1cc8ea1e037
SSDeep: 24:YUgZaxT1UUOxcHH7krgdvZJrqdv2OVwGwmAdKaIVTlA7wfzlykCHolfAU8ZqUFn:J/UnrIZhkOO/gdK127EzZCIlfCn
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF 12.94 KB MD5: 4eece59ad748c214035561918a1c291f
SHA1: 6939976ca7f4b2166d9de982a0643aed0ac46902
SHA256: f6da0cdc8a2caa230df87683e82e001e4571350038ea67af9fbb743349a2a020
SSDeep: 192:N68cmHWUt2W4zlgsLNmATRy09LNsQYv+wIvUp42wddGfktSFrHSD9nOMXv2Vo61Z:NrmWiLNmATghTDIsp9wO2uDCNOMqVZ
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG 19.10 KB MD5: d06194f3bfbf6d903eff3e520d3e4aea
SHA1: fcb1e3353c5f42166462bc9cabb08b6ca8980a31
SHA256: 26471e5a1509bafe0f36f35e5285e2541ccb1448addb80f1666b7bc4769267e2
SSDeep: 384:ljRcgSswFspEzxTzh/tZogwlLWZbkX8+mzN45G6CWaKku1Dbc:ljzUFsm9tZogwlLWe82G62u1Xc
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF 19.97 KB MD5: 1a1624e337b0b0ef171297cd9c12f184
SHA1: 90b1710973031bb14cb09d82fa98e38d05b69b45
SHA256: ffe89c99913b223c61052324d9f6b07202c21dec9ded4a6eb882743c13dbcc85
SSDeep: 384:h//1UC88sWAiiZ3u1bZHHOn/dfGdf81zXRgoQw5SJB5gi9a+Gb7iUoZ6UIjTil:h/dUC881W+xZu/xGdf89XRdQ6SJvcAIe
False
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF 0.50 KB MD5: 88bead39c45d56ac85d839f5db70c932
SHA1: 9d85c2ce90c4b025c24d606983e1735bef881a86
SHA256: bce86060f8436b019efdece03010c4ca0b33911151b565de1cd2d3fb1462794a
SSDeep: 12:y/kZL5fHaXK61fu1zygN/FmbbZUbtXAc/TQjdZFj9Ac8TVL:N1R6XKfxN/FtAc/TcdZp9Ac81
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF 2.49 KB MD5: 3a9fb2c01d8d8e09a1ac2619ff96cae1
SHA1: ab0d1c2da5576d0db4b18e410ddfd655b5a071ab
SHA256: 8b00980e38e07d87166219b8d1389d6dc724b614e09a1a7110e8b1dab9418046
SSDeep: 48:MMzg8kBgoBBdtmA7aTRu9O4xz9lPYLk/x1u3LFHEUObLQyLsuM:MMziBB7v854pr+4IHHdB
False
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG 31.09 KB MD5: 91d31382ec52828b350393ec25f3199b
SHA1: f6e575bbf5875a101c6b7c4a4ef197c39844b977
SHA256: f3142d0691799895ec7a488bdd30941e4cf17668d186e2a28feb9c2cc723b4a7
SSDeep: 768:4LDWpUSCb2OcRYZXJY1Ekywxntui7GjzI1MuCq38n:b2Fb2OBZ2tZnsi70M7Cq38n
False
Host Behavior
File (5659)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Windows\explorer.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5P5NRG~1\AppData\Local\Temp\Bdx48saERp3j6l1.exe desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\cs-CZ\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\da-DK\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\de-DE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\el-GR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\en-US\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\es-ES\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\fi-FI\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\Fonts\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\fr-FR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\hu-HU\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\it-IT\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\ja-JP\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\ko-KR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\memtest.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\nb-NO\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\nl-NL\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\pl-PL\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\pt-BR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\pt-PT\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\ru-RU\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\sv-SE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\tr-TR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\zh-CN\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\zh-HK\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\zh-TW\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\correspondence_berlin_nfl.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\DESIGNER\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\dubai.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\DW\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\EQUATION\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\EURO\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Filters\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Help\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\en-US\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Smart Tag\SmartTagInstall.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Source Engine\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\TextConv\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\VC\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\VGX\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\VSTO\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Web Folders\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Services\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\Services\verisign.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 3
Fn
Create C:\Program Files\Common Files\System\ado\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\System\ado\en-US\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\System\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\System\en-US\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\System\msadc\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\System\msadc\en-US\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143750.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00531L.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00673L.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB01741L.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02039_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02198_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Document Themes 14\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0283209.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\3082\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\AccessWeb\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\ACCWIZ\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\ADDINS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\BCSSync.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Bibliography\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Bibliography\Style\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\BORDERS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\CLVIEW.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\CNFNOT32.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\CONVERT\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\CONVERT\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\EXCEL.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\excelcnv.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\FORMS\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\SignedComponents.cer desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\SignedManagedObjects.cer desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\Management.cer desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\RELAY.CER desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Code_Signing_2001-4_CA.cer desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Public_Primary_CA.cer desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\COUGH.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\GIGGLE.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\MMHMM.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\SNEEZE.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\THROAT.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\Whistling.wav desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\ALARM.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\BUZZ.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\LASER.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\TOOT.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\VIBE.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\WARN.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\COUPLER.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SHOT.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SHOVEL.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SPLASH.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\WHOOSH.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImages.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImageMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImageMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\GRIP.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\GRIPMASK.BMP desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\InformationIcon.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\InformationIconMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginDialogBackground.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24Images.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackground.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackgroundRTL.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierCloseButton.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableDownArrow.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableUpArrow.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierUpArrow.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIcon.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIconMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16Images.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16ImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24Images.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24ImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\SketchIconImages.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupicons.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupiconsmask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\STOPICON.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\StopIconMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImages256Colors.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\VeriSignLogo.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImages16x16.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImagesMask16x16.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarViewButtonImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImageMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Auto.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_AutoMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLow.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLowMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileHigh.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileHighMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOff.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOffMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_High.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_HighMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Medium.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Off.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMaskSmall.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageSmall.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMaskSmall.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIcon.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericon.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\WSSFilesToolHomePageBackground.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImageMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrow.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrowMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Casual.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePage.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Groove.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Premium.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_SlateBlue.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_VelvetRose.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_disable.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_over.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_over.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_disable.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_over.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\Attachments.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BREAK.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BUTTON.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CHECKBOX.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\COMBOBOX.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CONTACT.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CURRENCY.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATE.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATETIME.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DigitalInk.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HEADING.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\IMAGE.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LINE.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LISTBOX.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\NUMERIC.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\PASSWORD.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\RADIO.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\SectionHeading.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\StaticText.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTAREA.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTBOX.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\UnformattedNumeric.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsDoNotTrust.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPrintTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsVersion1Warning.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIconsMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewFrame.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormToolImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\menu_arrow.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SEARCH.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SPACER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEWBY.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ADD.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrowMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageSlice.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left_over.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_mid.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_mid_over.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right_over.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\CALENDAR.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\DELETE.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ERROR.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsImageTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\button.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_off.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_on.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\background.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_off.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_on.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\BUTTON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\background.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_off.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_on.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\background.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\header.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsVersion1Warning.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIcons.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIconsMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewFrame.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormToolImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\macroprogress.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignleft.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignright.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\RTF_BOLD.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_bullets.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_center.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosecolor.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosefont.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_increaseindent.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_italic.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_justify.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_pressed.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_underline.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SAVE.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ADD.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\BG_ADOBE.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Casual.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Country.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Earthy.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageSlice.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_GreenTea.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Groove.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_LightSpirit.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_OliveGreen.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Premium.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_SlateBlue.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_TexturedBlue.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_VelvetRose.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left_over.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\CALENDAR.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsColorChart.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsFormTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsMacroTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\BUTTON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_OFF.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_ON.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIcons.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewFrame.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\LAUNCH.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\macroprogress.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignleft.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignright.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_bullets.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_decreaseindent.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_hyperlink.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_increaseindent.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_justify.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_spellcheck.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\attention.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplateRTL.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsImageTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplateRTL.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplate.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\InfoPathWelcomeImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\macroprogress.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_choosecolor.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIcon.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIconMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIcons.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIconsMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIcon.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIconMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIcons.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIconsMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\MINUS.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\PLUS.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImage.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImageMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABOFF.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WHITEBOX.JPG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WhiteboxMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIcons.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIconsMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImages.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImagesMask.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Groove\XML Files\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\GROOVE.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\IEContentService.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\INFOPATH.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\InfoPathOM\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Library\Analysis\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Library\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\Library\SOLVER\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\APPLAUSE.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\ARROW.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\BOMB.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\BREEZE.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\CAMERA.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\CASHREG.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\CHIMES.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\CLICK.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\COIN.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\DRUMROLL.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\EXPLODE.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\HAMMER.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\LASER.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\PUSH.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\SUCTION.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\TYPE.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\VOLTAGE.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\WHOOSH.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MEDIA\WIND.WAV desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\misc.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MSOUC.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MSPUB.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MSQRY32.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MSTORDB.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\MSTORE.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\NAMECONTROLSERVER.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\OIS.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\OneNote\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\ORGWIZ.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\OSPP.HTM desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\PAGESIZE\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\PROOF\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\PROOF\1036\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\PROOF\3082\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\PROOF\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\PUBBA\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office14\PUBWIZ\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Templates\1033\Access\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Templates\1033\Access\Part\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Templates\1033\Access\WSS\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Templates\1033\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Templates\1033\FAX\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Synchronization Services\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Synchronization Services\humanities_delivery_brand.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\MSBuild\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\MSBuild\barn terms.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\HOW TO DECRYPT FILES.txt desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Write C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE size = 994149 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE size = 629629 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\EQUATION\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE size = 543269 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\EURO\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\Filters\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF size = 1034 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG size = 1026 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG size = 1647 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\Help\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\ink\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\ink\en-US\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT size = 1183381 True 1
Fn
Write C:\Program Files\Common Files\Microsoft Shared\Smart Tag\SmartTagInstall.exe size = 15709 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\Source Engine\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE size = 174405 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\Stationery\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF size = 1534 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG size = 25199 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF size = 2950 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG size = 19745 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF size = 2813 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG size = 34881 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF size = 2146 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG size = 20592 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF size = 1525 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG size = 32974 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF size = 1890 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG size = 27372 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF size = 3444 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG size = 31802 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF size = 2687 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG size = 43241 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF size = 910 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG size = 32572 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF size = 2009 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG size = 29890 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF size = 1328 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG size = 20336 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF size = 1258 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG size = 20540 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF size = 1252 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG size = 28560 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF size = 3922 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG size = 33242 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF size = 1418 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG size = 25071 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF size = 1312 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG size = 32368 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF size = 1312 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG size = 26367 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF size = 1319 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG size = 32398 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF size = 5085 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG size = 60689 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF size = 2517 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG size = 18782 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF size = 5144 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG size = 33524 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF size = 2441 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG size = 19450 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF size = 1197 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG size = 18378 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF size = 1624 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG size = 44815 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF size = 1344 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG size = 48080 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF size = 1329 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG size = 11538 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF size = 2539 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG size = 37405 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF size = 1558 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG size = 21710 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF size = 1304 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG size = 16703 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF size = 1404 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG size = 37077 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF size = 1631 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG size = 19528 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF size = 1388 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG size = 15702 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF size = 3935 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG size = 53080 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF size = 2569 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG size = 31940 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF size = 4065 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG size = 47927 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF size = 3576 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG size = 34128 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF size = 902 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG size = 29270 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF size = 974 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG size = 27142 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF size = 2174 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG size = 21777 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF size = 2492 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG size = 19490 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF size = 1702 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG size = 33444 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF size = 1640 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG size = 18345 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF size = 4956 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG size = 44267 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF size = 2633 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG size = 42418 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF size = 1536 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG size = 30135 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe size = 99637 True 1
Fn
Data
Write C:\Program Files\Common Files\Microsoft Shared\VSTO\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\System\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\System\en-US\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\System\msadc\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Common Files\System\msadc\en-US\HOW TO DECRYPT FILES.txt size = 294 True 2
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF size = 14838 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF size = 6649 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF size = 3216 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF size = 8062 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF size = 7651 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF size = 11856 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF size = 482 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF size = 467 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF size = 12667 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF size = 3449 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF size = 3105 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF size = 12447 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF size = 5218 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF size = 2561 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF size = 10572 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF size = 15273 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF size = 5280 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF size = 4920 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF size = 4995 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF size = 1111 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF size = 7548 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF size = 6949 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF size = 13219 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF size = 8547 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF size = 4859 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF size = 5340 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF size = 9213 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF size = 4981 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF size = 4355 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF size = 3931 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF size = 3343 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF size = 3085 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF size = 13480 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF size = 20154 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF size = 20419 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF size = 15698 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF size = 3924 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF size = 12 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF size = 698 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF size = 1394 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF size = 4526 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF size = 4864 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143750.GIF size = 1051 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF size = 1007 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF size = 7004 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF size = 1674 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF size = 1660 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF size = 4647 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00531L.GIF size = 8180 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00673L.GIF size = 8395 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF size = 8195 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF size = 8944 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF size = 8044 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB01741L.GIF size = 3578 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02039_.GIF size = 873 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF size = 2404 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF size = 858 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF size = 1267 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF size = 730 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF size = 2419 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF size = 2281 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF size = 1374 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF size = 5591 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF size = 972 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF size = 2396 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF size = 1366 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02198_.GIF size = 19097 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF size = 5680 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF size = 4936 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF size = 2977 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Document Themes 14\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV size = 22583 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV size = 26775 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF size = 3372 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0283209.GIF size = 19875 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG size = 25280 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG size = 10690 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG size = 13378 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG size = 23048 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG size = 9630 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG size = 24769 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\3082\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM size = 1196 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE size = 1449277 True 1
Fn
Write C:\Program Files\Microsoft Office\Office14\ACCWIZ\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\BCSSync.exe size = 112477 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Bibliography\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\CLVIEW.EXE size = 270165 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\CNFNOT32.EXE size = 225597 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\CONVERT\1033\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\CNFNOT32.EXE size = 198981 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\EXCEL.EXE size = 1528731 True 1
Fn
Write C:\Program Files\Microsoft Office\Office14\excelcnv.exe size = 1528731 True 1
Fn
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\SignedComponents.cer size = 699 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\SignedManagedObjects.cer size = 621 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\Management.cer size = 909 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\RELAY.CER size = 955 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Code_Signing_2001-4_CA.cer size = 907 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Public_Primary_CA.cer size = 541 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer size = 872 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\COUGH.WAV size = 27569 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\GIGGLE.WAV size = 30781 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV size = 14535 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\MMHMM.WAV size = 15069 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\SNEEZE.WAV size = 40033 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\THROAT.WAV size = 36115 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\Whistling.wav size = 29407 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\ALARM.WAV size = 33981 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\BUZZ.WAV size = 60245 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\LASER.WAV size = 54883 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV size = 65735 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\TOOT.WAV size = 54823 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\VIBE.WAV size = 59983 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\WARN.WAV size = 44647 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV size = 51417 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\COUPLER.WAV size = 40693 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV size = 41967 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SHOT.WAV size = 45355 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SHOVEL.WAV size = 62757 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SPLASH.WAV size = 60851 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\WHOOSH.WAV size = 27545 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg size = 5286 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImagesMask.bmp size = 1301 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImages.bmp size = 3861 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImagesMask.bmp size = 2325 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImage.jpg size = 10568 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImageMask.bmp size = 3925 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImages.jpg size = 5796 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImagesMask.bmp size = 1765 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg size = 5796 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp size = 1765 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImages.jpg size = 11916 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImagesMask.bmp size = 1557 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImage.jpg size = 10732 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImageMask.bmp size = 13813 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\GRIP.JPG size = 7430 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\GRIPMASK.BMP size = 3093 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\InformationIcon.jpg size = 3010 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\InformationIconMask.bmp size = 2069 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginDialogBackground.jpg size = 52938 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24Images.jpg size = 7792 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp size = 2773 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImages.jpg size = 9666 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImagesMask.bmp size = 2069 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImages.jpg size = 8915 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImagesMask.bmp size = 285 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackground.jpg size = 16090 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackgroundRTL.jpg size = 16519 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierCloseButton.jpg size = 719 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableDownArrow.jpg size = 681 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableUpArrow.jpg size = 740 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg size = 837 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierUpArrow.jpg size = 925 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMask.bmp size = 4887 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp size = 4887 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImages.jpg size = 7698 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImagesMask.bmp size = 6421 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImages.jpg size = 3946 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImagesMask.bmp size = 157 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImages.jpg size = 20960 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImagesMask.bmp size = 4629 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIcon.jpg size = 3064 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIconMask.bmp size = 2069 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16Images.jpg size = 25815 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16ImagesMask.bmp size = 3861 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24Images.jpg size = 6464 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24ImagesMask.bmp size = 5653 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\SketchIconImages.bmp size = 11541 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupicons.jpg size = 3444 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupiconsmask.bmp size = 1409 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\STOPICON.JPG size = 3313 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\StopIconMask.bmp size = 2069 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImages256Colors.bmp size = 3861 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp size = 1309 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg size = 9698 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp size = 2069 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\VeriSignLogo.jpg size = 1069 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImages.jpg size = 21518 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImagesMask.bmp size = 5397 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImages16x16.jpg size = 6514 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImagesMask16x16.bmp size = 2069 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImages.jpg size = 8933 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImagesMask.bmp size = 1557 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImages.jpg size = 13313 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImagesMask.bmp size = 3093 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarViewButtonImages.jpg size = 16255 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg size = 6950 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImageMask.bmp size = 1877 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Auto.jpg size = 17574 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_AutoMask.bmp size = 7243 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg size = 13107 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp size = 7245 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLow.jpg size = 12118 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLowMask.bmp size = 7245 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileHigh.jpg size = 18410 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileHighMask.bmp size = 7243 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOff.jpg size = 18107 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOffMask.bmp size = 7243 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_High.jpg size = 5031 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_HighMask.bmp size = 7243 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Medium.jpg size = 16827 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp size = 7243 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Off.jpg size = 15957 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp size = 7243 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg size = 8755 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp size = 2485 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMaskSmall.bmp size = 1549 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageSmall.jpg size = 7616 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImage.jpg size = 8861 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMask.bmp size = 2485 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMaskSmall.bmp size = 1549 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg size = 7604 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImages.jpg size = 10101 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp size = 157 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIcon.jpg size = 8137 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImages.jpg size = 8155 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp size = 1409 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericon.jpg size = 3576 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp size = 2069 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImages.jpg size = 14617 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImagesMask.bmp size = 5909 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\WSSFilesToolHomePageBackground.jpg size = 43758 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg size = 9462 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImageMask.bmp size = 3205 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg size = 2458 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImage.jpg size = 9418 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp size = 3205 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImages.jpg size = 2408 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImagesMask.bmp size = 81 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrow.jpg size = 3013 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrowMask.bmp size = 2305 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif size = 2757 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF size = 24875 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Casual.gif size = 5626 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif size = 32176 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif size = 4871 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePage.gif size = 47509 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif size = 20120 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif size = 22125 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Groove.gif size = 71 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif size = 8579 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif size = 15668 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Premium.gif size = 6178 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_SlateBlue.gif size = 20766 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif size = 6425 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_VelvetRose.gif size = 15425 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left.gif size = 595 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_disable.gif size = 195 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_over.gif size = 1016 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid.gif size = 150 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif size = 18 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_over.gif size = 152 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right.gif size = 587 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_disable.gif size = 190 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_over.gif size = 1016 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\Attachments.jpg size = 13929 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BREAK.JPG size = 14917 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BUTTON.JPG size = 12257 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CHECKBOX.JPG size = 13235 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\COMBOBOX.JPG size = 17280 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CONTACT.JPG size = 13978 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CURRENCY.JPG size = 15615 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATE.JPG size = 17036 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATETIME.JPG size = 16662 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DigitalInk.jpg size = 15838 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg size = 8389 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HEADING.JPG size = 15951 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\IMAGE.JPG size = 4983 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LINE.JPG size = 3650 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LISTBOX.JPG size = 15132 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\NUMERIC.JPG size = 17431 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\PASSWORD.JPG size = 4818 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\RADIO.JPG size = 17317 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\SectionHeading.jpg size = 15030 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\StaticText.jpg size = 14212 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTAREA.JPG size = 14688 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTBOX.JPG size = 14964 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG size = 17111 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\UnformattedNumeric.jpg size = 16644 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html size = 1167 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html size = 1924 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsDoNotTrust.html size = 2018 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html size = 3187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html size = 895 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPrintTemplate.html size = 575 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsVersion1Warning.htm size = 1753 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg size = 5238 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIconsMask.bmp size = 1557 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewFrame.html size = 3966 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormToolImages.jpg size = 7128 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\menu_arrow.gif size = 791 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SEARCH.GIF size = 1164 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SPACER.GIF size = 14 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEWBY.GIF size = 484 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg size = 3413 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ADD.GIF size = 545 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg size = 3013 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrowMask.bmp size = 2305 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gif size = 2757 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF size = 24875 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif size = 5626 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif size = 32176 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif size = 4871 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif size = 92058 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif size = 20120 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageSlice.gif size = 1004 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif size = 22125 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif size = 71 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif size = 8579 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif size = 15668 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif size = 6178 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif size = 20766 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif size = 6425 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif size = 15425 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left.gif size = 334 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left_over.gif size = 339 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_mid.gif size = 146 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_mid_over.gif size = 148 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right.gif size = 334 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right_over.gif size = 545 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\CALENDAR.GIF size = 864 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\DELETE.GIF size = 590 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ERROR.GIF size = 838 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html size = 1082 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html size = 2093 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html size = 714 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html size = 3185 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html size = 3161 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsImageTemplate.html size = 1995 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html size = 2099 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html size = 18139 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html size = 1519 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF size = 150 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HEADER.GIF size = 220 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif size = 288 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\button.gif size = 150 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_off.gif size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_on.gif size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HEADER.GIF size = 332 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF size = 113 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF size = 461 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF size = 990 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\HEADER.GIF size = 405 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_OFF.GIF size = 427 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIF size = 232 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\HEADER.GIF size = 2121 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_OFF.GIF size = 461 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIF size = 990 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_OFF.GIF size = 329 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_ON.GIF size = 329 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\background.gif size = 6871 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_off.gif size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_on.gif size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\BUTTON.GIF size = 393 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\background.gif size = 198 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif size = 3226 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_off.gif size = 427 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_on.gif size = 229 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\background.gif size = 780 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\header.gif size = 26992 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsVersion1Warning.htm size = 2259 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIcons.jpg size = 11968 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIconsMask.bmp size = 1557 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewFrame.html size = 4848 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewTemplate.html size = 2662 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormToolImages.jpg size = 7128 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF size = 580 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\macroprogress.gif size = 196689 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignleft.gif size = 813 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignright.gif size = 812 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\RTF_BOLD.GIF size = 835 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_bullets.gif size = 834 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_center.gif size = 812 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosecolor.gif size = 971 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosefont.gif size = 855 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif size = 828 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_increaseindent.gif size = 826 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_italic.gif size = 817 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_justify.gif size = 815 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_pressed.gif size = 848 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_underline.gif size = 825 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SAVE.GIF size = 586 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg size = 3413 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ADD.GIF size = 545 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg size = 3013 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp size = 2305 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif size = 2757 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\BG_ADOBE.GIF size = 24875 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Casual.gif size = 5626 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Country.gif size = 32176 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Earthy.gif size = 4871 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif size = 92058 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif size = 20120 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageSlice.gif size = 1004 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_GreenTea.gif size = 22125 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Groove.gif size = 71 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_LightSpirit.gif size = 8579 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_OliveGreen.gif size = 15668 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Premium.gif size = 6178 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_SlateBlue.gif size = 20766 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_TexturedBlue.gif size = 6425 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_VelvetRose.gif size = 15425 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left.gif size = 334 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left_over.gif size = 339 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid.gif size = 146 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif size = 148 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif size = 334 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif size = 545 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\CALENDAR.GIF size = 864 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF size = 590 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF size = 838 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html size = 1084 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html size = 2095 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsColorChart.html size = 716 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsFormTemplate.html size = 4407 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html size = 3449 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html size = 1997 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsMacroTemplate.html size = 2101 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html size = 18048 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html size = 1519 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF size = 150 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF size = 220 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif size = 288 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\BUTTON.GIF size = 150 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF size = 332 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF size = 113 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF size = 461 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF size = 990 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF size = 405 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF size = 427 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF size = 232 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF size = 2121 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\TAB_OFF.GIF size = 461 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\TAB_ON.GIF size = 990 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF size = 329 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF size = 329 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif size = 6871 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF size = 393 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif size = 198 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF size = 3226 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF size = 427 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF size = 229 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif size = 780 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF size = 26992 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_OFF.GIF size = 306 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_ON.GIF size = 187 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm size = 2261 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIcons.jpg size = 5238 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmp size = 1557 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewFrame.html size = 5671 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html size = 2748 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg size = 7128 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\LAUNCH.GIF size = 580 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\macroprogress.gif size = 42252 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignleft.gif size = 813 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignright.gif size = 812 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF size = 835 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_bullets.gif size = 834 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif size = 812 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif size = 969 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif size = 855 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_decreaseindent.gif size = 828 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_hyperlink.gif size = 206 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_increaseindent.gif size = 826 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif size = 817 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_justify.gif size = 815 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gif size = 848 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_spellcheck.gif size = 125 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif size = 825 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF size = 580 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg size = 3413 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF size = 545 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\attention.gif size = 2757 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF size = 864 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF size = 590 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF size = 838 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html size = 1047 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html size = 2054 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html size = 716 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplate.html size = 5016 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplateRTL.html size = 5026 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsImageTemplate.html size = 2184 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html size = 2101 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html size = 18140 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplateRTL.html size = 18150 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplate.html size = 1436 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html size = 1446 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg size = 5238 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp size = 1557 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\InfoPathWelcomeImage.jpg size = 82675 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF size = 580 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\macroprogress.gif size = 196689 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif size = 813 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif size = 812 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif size = 834 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif size = 812 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_choosecolor.gif size = 971 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif size = 828 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif size = 206 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif size = 826 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif size = 815 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif size = 848 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF size = 586 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIcon.jpg size = 5096 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIconMask.bmp size = 3923 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIcons.jpg size = 12970 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIconsMask.bmp size = 4393 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIcon.jpg size = 9879 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIconMask.bmp size = 1685 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIcons.jpg size = 6598 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIconsMask.bmp size = 2541 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg size = 8171 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp size = 1913 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\MINUS.GIF size = 802 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\PLUS.GIF size = 806 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF size = 772 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImages.jpg size = 20199 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImagesMask.bmp size = 8981 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImage.jpg size = 24285 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImageMask.bmp size = 82005 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP size = 255 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABOFF.JPG size = 2451 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG size = 2508 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WHITEBOX.JPG size = 3548 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WhiteboxMask.bmp size = 19791 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIcons.jpg size = 3126 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIconsMask.bmp size = 1557 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImages.jpg size = 4304 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImagesMask.bmp size = 2581 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\GROOVE.EXE size = 1528731 True 1
Fn
Write C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE size = 1371493 True 1
Fn
Write C:\Program Files\Microsoft Office\Office14\IEContentService.exe size = 725893 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\INFOPATH.EXE size = 1528731 True 1
Fn
Write C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\InfoPathOM\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Library\Analysis\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Library\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\Library\SOLVER\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\APPLAUSE.WAV size = 28039 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\ARROW.WAV size = 22995 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\BOMB.WAV size = 194131 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\BREEZE.WAV size = 4255 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\CAMERA.WAV size = 5489 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\CASHREG.WAV size = 7516 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\CHIMES.WAV size = 37275 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\CLICK.WAV size = 581 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\COIN.WAV size = 5529 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\DRUMROLL.WAV size = 19391 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\EXPLODE.WAV size = 23549 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\HAMMER.WAV size = 3993 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\LASER.WAV size = 1802 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\PUSH.WAV size = 15713 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\SUCTION.WAV size = 5697 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\TYPE.WAV size = 4601 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\VOLTAGE.WAV size = 13731 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\WHOOSH.WAV size = 1723 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MEDIA\WIND.WAV size = 11105 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\misc.exe size = 571197 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE size = 1528731 True 1
Fn
Write C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE size = 87901 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE size = 909661 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MSOUC.EXE size = 489813 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MSPUB.EXE size = 1528731 True 1
Fn
Write C:\Program Files\Microsoft Office\Office14\MSQRY32.EXE size = 856381 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MSTORDB.EXE size = 1045317 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\MSTORE.EXE size = 131381 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\NAMECONTROLSERVER.EXE size = 109405 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\OIS.EXE size = 299333 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE size = 1528731 True 1
Fn
Write C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE size = 245085 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\ORGWIZ.EXE size = 83309 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\OSPP.HTM size = 15586 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE size = 1528731 True 3
Fn
Write C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE size = 84325 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\PROOF\1033\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\PROOF\1036\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\PROOF\3082\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\PROOF\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office14\PUBWIZ\HOW TO DECRYPT FILES.txt size = 2039 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM size = 439 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Templates\1033\Access\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Templates\1033\Access\WSS\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Templates\1033\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Microsoft Synchronization Services\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\MSBuild\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Uninstall Information\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Windows Defender\en-US\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
Write C:\Program Files\Windows Defender\HOW TO DECRYPT FILES.txt size = 294 True 1
Fn
Data
For performance reasons, the remaining 3601 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (10)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Create Key HKEY_CLASSES_ROOT\.Boom - True 1
Fn
Create Key HKEY_CLASSES_ROOT\SSTWIPNUVDUSGRM - True 1
Fn
Create Key HKEY_CLASSES_ROOT\SSTWIPNUVDUSGRM\DefaultIcon - True 1
Fn
Create Key HKEY_CLASSES_ROOT\SSTWIPNUVDUSGRM\shell\open\command - True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run value_name = Alcmeter, data = C:\Users\5P5NRG~1\AppData\Local\Temp\Bdx48saERp3j6l1.exe, size = 56, type = REG_SZ True 1
Fn
Write Value HKEY_CLASSES_ROOT\.Boom data = SSTWIPNUVDUSGRM, size = 15, type = REG_SZ True 1
Fn
Write Value HKEY_CLASSES_ROOT\SSTWIPNUVDUSGRM data = CRYPTED!, size = 8, type = REG_SZ True 1
Fn
Write Value HKEY_CLASSES_ROOT\SSTWIPNUVDUSGRM\DefaultIcon data = C:\Users\5P5NRG~1\AppData\Local\Temp\Bdx48saERp3j6l1.exe,0, size = 58, type = REG_SZ True 1
Fn
Write Value HKEY_CLASSES_ROOT\SSTWIPNUVDUSGRM\shell\open\command data = C:\Users\5P5NRG~1\AppData\Local\Temp\Bdx48saERp3j6l1.exe, size = 56, type = REG_SZ True 1
Fn
Module (79)
»
Operation Module Additional Information Success Count Logfile
Load KERNEL32.DLL base_address = 0x75a20000 True 1
Fn
Load advapi32.dll base_address = 0x75b30000 True 1
Fn
Load comctl32.dll base_address = 0x75140000 True 1
Fn
Load gdi32.dll base_address = 0x773c0000 True 1
Fn
Load shell32.dll base_address = 0x76670000 True 1
Fn
Load shlwapi.dll base_address = 0x75ce0000 True 1
Fn
Load user32.dll base_address = 0x756f0000 True 1
Fn
Get Filename - process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\tempsvchost.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempsvchost.exe, size = 1280 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrlenA, address_out = 0x75a35a4b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseHandle, address_out = 0x75a31410 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CopyFileA, address_out = 0x75a558e5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileA, address_out = 0x75a353c6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitProcess, address_out = 0x75a37a10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindClose, address_out = 0x75a34442 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindFirstFileA, address_out = 0x75a3e2ce True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindNextFileA, address_out = 0x75a5d53e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindResourceA, address_out = 0x75a4e9bb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeResource, address_out = 0x75a4d3db True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCommandLineA, address_out = 0x75a351a1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentVariableA, address_out = 0x75a333a0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileAttributesA, address_out = 0x75a35414 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileSize, address_out = 0x75a3196e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileTime, address_out = 0x75a34407 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLogicalDrives, address_out = 0x75a35371 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameA, address_out = 0x75a314b1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleA, address_out = 0x75a31245 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcessHeap, address_out = 0x75a314e9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTempPathA, address_out = 0x75a5276c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetWindowsDirectoryA, address_out = 0x75a52b0a True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalFree, address_out = 0x75a35558 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapAlloc, address_out = 0x7787e026 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadResource, address_out = 0x75a3594c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LockResource, address_out = 0x75a35959 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MoveFileA, address_out = 0x75aad911 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReadFile, address_out = 0x75a33ed3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RtlMoveMemory, address_out = 0x778b3c40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetErrorMode, address_out = 0x75a31b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFilePointer, address_out = 0x75a317d1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFileTime, address_out = 0x75a4ecbb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SizeofResource, address_out = 0x75a35ac9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteFile, address_out = 0x75a31282 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcatA, address_out = 0x75a52b7a True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcmpA, address_out = 0x75a4eceb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcmpiA, address_out = 0x75a33e8e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcpyA, address_out = 0x75a52a9d True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCreateKeyExA, address_out = 0x75b41469 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptCreateHash, address_out = 0x75b3df4e True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptDestroyHash, address_out = 0x75b3df66 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptGetHashParam, address_out = 0x75b3df7e True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegSetValueExA, address_out = 0x75b414b3 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegDeleteKeyA, address_out = 0x75b5a8b7 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptAcquireContextA, address_out = 0x75b391dd True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCloseKey, address_out = 0x75b4469d True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptReleaseContext, address_out = 0x75b3e124 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptHashData, address_out = 0x75b3df36 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll function = InitCommonControls, address_out = 0x75141739 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateFontIndirectA, address_out = 0x773dcffd True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ShellExecuteA, address_out = 0x768b7078 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = SHGetSpecialFolderPathA, address_out = 0x768bfb26 True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = PathFindFileNameA, address_out = 0x75cf00aa True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = PathFindExtensionA, address_out = 0x75d0eced True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = PathAddBackslashA, address_out = 0x75cecf33 True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = PathMatchSpecA, address_out = 0x75d1af13 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = RegisterClassExA, address_out = 0x7570db98 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = PeekMessageA, address_out = 0x75715f74 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SendMessageA, address_out = 0x7571612e True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = LoadCursorA, address_out = 0x7570dad5 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetSystemMetrics, address_out = 0x75707d2f True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetMessageA, address_out = 0x75707bd3 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetDlgItemTextA, address_out = 0x75766b36 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = EndPaint, address_out = 0x75711341 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SystemParametersInfoA, address_out = 0x75716c30 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = TranslateMessage, address_out = 0x75707809 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = UpdateWindow, address_out = 0x75713559 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = MessageBoxA, address_out = 0x7575fd1e True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = DispatchMessageA, address_out = 0x75707bbb True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = DefWindowProcA, address_out = 0x778924e0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = CreateWindowExA, address_out = 0x7570d22e True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = BeginPaint, address_out = 0x75711361 True 1
Fn
Window (1)
»
Operation Window Name Additional Information Success Count Logfile
Create - - False 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Process #3: iexplore.exe
0 0
»
Information Value
ID #3
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:34, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:02:46
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x5e8
Parent PID 0x474 (c:\users\5p5nrgjn0js halpmcxz\desktop\boom ransomeware.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 674
0x 32C
0x 4E0
0x 608
0x 4C4
0x 7F4
0x 7B4
0x 6B4
0x 5C4
0x 628
0x 310
0x 128
0x 4BC
0x 51C
0x 6AC
0x 808
0x 824
0x 83C
0x 88C
0x C48
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
iexplore.exe.mui 0x000d0000 0x000d1fff Memory Mapped File rw False False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x0016ffff Private Memory rw True False False -
private_0x0000000000170000 0x00170000 0x00170fff Private Memory rw True False False -
oleaccrc.dll 0x00180000 0x00180fff Memory Mapped File r False False False -
private_0x0000000000190000 0x00190000 0x001cffff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f1fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000200000 0x00200000 0x00200fff Pagefile Backed Memory rw True False False -
index.dat 0x00210000 0x0021ffff Memory Mapped File rw True False False -
index.dat 0x00220000 0x00227fff Memory Mapped File rw True False False -
pagefile_0x0000000000230000 0x00230000 0x00230fff Pagefile Backed Memory r True False False -
private_0x0000000000240000 0x00240000 0x0033ffff Private Memory rw True False False -
index.dat 0x00340000 0x00353fff Memory Mapped File rw True False False -
pagefile_0x0000000000360000 0x00360000 0x00360fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000370000 0x00370000 0x00370fff Pagefile Backed Memory rw True False False -
private_0x0000000000380000 0x00380000 0x00380fff Private Memory rw True False False -
private_0x0000000000390000 0x00390000 0x00390fff Private Memory rw True False False -
pagefile_0x00000000003a0000 0x003a0000 0x003a1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003b0000 0x003b0000 0x003b1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c0fff Pagefile Backed Memory rw True False False -
private_0x00000000003d0000 0x003d0000 0x004cffff Private Memory rw True False False -
private_0x00000000004d0000 0x004d0000 0x0050ffff Private Memory rw True False False -
pagefile_0x0000000000510000 0x00510000 0x00510fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000520000 0x00520000 0x00521fff Pagefile Backed Memory r True False False -
private_0x0000000000530000 0x00530000 0x0056ffff Private Memory rw True False False -
pagefile_0x0000000000570000 0x00570000 0x00570fff Pagefile Backed Memory r True False False -
private_0x0000000000590000 0x00590000 0x005cffff Private Memory rw True False False -
private_0x00000000005d0000 0x005d0000 0x005dffff Private Memory rw True False False -
pagefile_0x00000000005e0000 0x005e0000 0x00767fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000770000 0x00770000 0x008f0fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x00900000 0x00bcefff Memory Mapped File r False False False -
private_0x0000000000bd0000 0x00bd0000 0x00ccffff Private Memory rw True False False -
private_0x0000000000cd0000 0x00cd0000 0x00d0ffff Private Memory rw True False False -
pagefile_0x0000000000d10000 0x00d10000 0x00d6cfff Pagefile Backed Memory rw True False False -
private_0x0000000000d70000 0x00d70000 0x00e6ffff Private Memory rw True False False -
private_0x0000000000e70000 0x00e70000 0x00e8ffff Private Memory rw True False False -
private_0x0000000000eb0000 0x00eb0000 0x00faffff Private Memory rw True False False -
private_0x0000000000fb0000 0x00fb0000 0x00feffff Private Memory rw True False False -
pagefile_0x0000000000ff0000 0x00ff0000 0x0105dfff Pagefile Backed Memory rw True False False -
private_0x0000000001090000 0x01090000 0x010cffff Private Memory rw True False False -
private_0x00000000010d0000 0x010d0000 0x0110ffff Private Memory rw True False False -
pagefile_0x0000000001110000 0x01110000 0x011eefff Pagefile Backed Memory r True False False -
private_0x0000000001120000 0x01120000 0x0112ffff Private Memory rw True False False -
private_0x00000000011f0000 0x011f0000 0x0122ffff Private Memory rw True False False -
private_0x0000000001250000 0x01250000 0x0128ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x00000000027e0000 0x027e0000 0x0281ffff Private Memory rw True False False -
private_0x0000000002830000 0x02830000 0x0292ffff Private Memory rw True False False -
private_0x0000000002960000 0x02960000 0x02a5ffff Private Memory rw True False False -
private_0x0000000002a80000 0x02a80000 0x02b7ffff Private Memory rw True False False -
private_0x0000000002bb0000 0x02bb0000 0x02beffff Private Memory rw True False False -
private_0x0000000002c00000 0x02c00000 0x02c3ffff Private Memory rw True False False -
private_0x0000000002c40000 0x02c40000 0x02d3ffff Private Memory rw True False False -
private_0x0000000002d60000 0x02d60000 0x02e5ffff Private Memory rw True False False -
private_0x0000000002e80000 0x02e80000 0x02f7ffff Private Memory rw True False False -
private_0x0000000002fb0000 0x02fb0000 0x02feffff Private Memory rw True False False -
private_0x00000000030e0000 0x030e0000 0x031dffff Private Memory rw True False False -
private_0x0000000003260000 0x03260000 0x0335ffff Private Memory rw True False False -
private_0x0000000003390000 0x03390000 0x0339ffff Private Memory rw True False False -
private_0x0000000003590000 0x03590000 0x0359ffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
rasapi32.dll 0x74c00000 0x74c51fff Memory Mapped File rwx False False False -
npmproxy.dll 0x74c50000 0x74c57fff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
nlaapi.dll 0x74cd0000 0x74cdffff Memory Mapped File rwx False False False -
rasadhlp.dll 0x74cd0000 0x74cd5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
netprofm.dll 0x74e40000 0x74e99fff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
sensapi.dll 0x74e50000 0x74e55fff Memory Mapped File rwx False False False -
sqmapi.dll 0x74e60000 0x74e92fff Memory Mapped File rwx False False False -
rtutils.dll 0x74e60000 0x74e6cfff Memory Mapped File rwx False False False -
rasman.dll 0x74e70000 0x74e84fff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9b000 0x7ef9b000 0x7ef9dfff Private Memory rw True False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 206 entries are omitted.
The remaining entries can be found in flog.txt.
Process #5: iexplore.exe
0 0
»
Information Value
ID #5
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:14337
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:38, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:02:42
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x784
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 788
0x 510
0x 6FC
0x 528
0x 4EC
0x 1C8
0x 62C
0x 6C0
0x 738
0x 518
0x 154
0x 560
0x 308
0x 5F4
0x 618
0x 6A4
0x 748
0x F0
0x 804
0x 838
0x 848
0x 84C
0x 850
0x 854
0x 858
0x 888
0x 92C
0x B28
0x C94
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
iexplore.exe.mui 0x00060000 0x00061fff Memory Mapped File rw False False False -
private_0x0000000000070000 0x00070000 0x00070fff Private Memory rw True False False -
private_0x0000000000080000 0x00080000 0x00080fff Private Memory rw True False False -
oleaccrc.dll 0x00090000 0x00090fff Memory Mapped File r False False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a1fff Pagefile Backed Memory r True False False -
private_0x00000000000b0000 0x000b0000 0x000effff Private Memory rw True False False -
locale.nls 0x000f0000 0x00156fff Memory Mapped File r False False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00190fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a1fff Pagefile Backed Memory r True False False -
private_0x00000000001b0000 0x001b0000 0x001bffff Private Memory rw True False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000200000 0x00200000 0x00200fff Pagefile Backed Memory r True False False -
private_0x0000000000210000 0x00210000 0x0030ffff Private Memory rw True False False -
pagefile_0x0000000000310000 0x00310000 0x0037dfff Pagefile Backed Memory rw True False False -
private_0x0000000000380000 0x00380000 0x003bffff Private Memory rw True False False -
cversions.1.db 0x003c0000 0x003c3fff Memory Mapped File r True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c0fff Pagefile Backed Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x003d0000 0x003eefff Memory Mapped File r True False False -
private_0x00000000003f0000 0x003f0000 0x0046ffff Private Memory rw True False False -
pagefile_0x0000000000470000 0x00470000 0x0054efff Pagefile Backed Memory r True False False -
private_0x0000000000550000 0x00550000 0x0064ffff Private Memory rw True False False -
pagefile_0x0000000000650000 0x00650000 0x007d7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000007e0000 0x007e0000 0x00960fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x00970000 0x00c3efff Memory Mapped File r False False False -
pagefile_0x0000000000c40000 0x00c40000 0x00c40fff Pagefile Backed Memory rw True False False -
private_0x0000000000c50000 0x00c50000 0x00c51fff Private Memory rwx True False False -
pagefile_0x0000000000c60000 0x00c60000 0x00c61fff Pagefile Backed Memory r True False False -
index.dat 0x00c70000 0x00c7ffff Memory Mapped File rw True False False -
index.dat 0x00c80000 0x00c87fff Memory Mapped File rw True False False -
index.dat 0x00c90000 0x00ca3fff Memory Mapped File rw True False False -
private_0x0000000000cb0000 0x00cb0000 0x00ceffff Private Memory rw True False False -
pagefile_0x0000000000cf0000 0x00cf0000 0x00cf0fff Pagefile Backed Memory rw True False False -
private_0x0000000000d00000 0x00d00000 0x00d3ffff Private Memory rw True False False -
private_0x0000000000d40000 0x00d40000 0x00d5ffff Private Memory rw True False False -
pagefile_0x0000000000d60000 0x00d60000 0x00d60fff Pagefile Backed Memory r True False False -
private_0x0000000000d70000 0x00d70000 0x00daffff Private Memory rw True False False -
private_0x0000000000db0000 0x00db0000 0x00db1fff Private Memory rw True False False -
private_0x0000000000e00000 0x00e00000 0x00efffff Private Memory rw True False False -
private_0x0000000000f00000 0x00f00000 0x00f3ffff Private Memory rw True False False -
private_0x0000000000f60000 0x00f60000 0x0105ffff Private Memory rw True False False -
private_0x00000000010c0000 0x010c0000 0x010fffff Private Memory rw True False False -
private_0x0000000001110000 0x01110000 0x0114ffff Private Memory rw True False False -
private_0x0000000001150000 0x01150000 0x0124ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002760000 0x02760000 0x0285ffff Private Memory rw True False False -
private_0x00000000028a0000 0x028a0000 0x028dffff Private Memory rw True False False -
private_0x0000000002920000 0x02920000 0x0295ffff Private Memory rw True False False -
private_0x00000000029b0000 0x029b0000 0x02aaffff Private Memory rw True False False -
private_0x0000000002b70000 0x02b70000 0x02c6ffff Private Memory rw True False False -
private_0x0000000002c70000 0x02c70000 0x02e6ffff Private Memory rw True False False -
private_0x0000000002f80000 0x02f80000 0x0307ffff Private Memory rw True False False -
pagefile_0x0000000003080000 0x03080000 0x03472fff Pagefile Backed Memory r True False False -
private_0x00000000035c0000 0x035c0000 0x036bffff Private Memory rw True False False -
private_0x0000000003810000 0x03810000 0x0384ffff Private Memory rw True False False -
private_0x00000000039e0000 0x039e0000 0x03a1ffff Private Memory rw True False False -
staticcache.dat 0x03a20000 0x0434ffff Memory Mapped File r False False False -
private_0x0000000004500000 0x04500000 0x0450ffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
msvcp90.dll 0x743c0000 0x7444dfff Memory Mapped File rwx False False False -
msvcr90.dll 0x74450000 0x744f2fff Memory Mapped File rwx False False False -
acroiehelpershim.dll 0x74500000 0x74510fff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
mlang.dll 0x74570000 0x7459dfff Memory Mapped File rwx False False False -
sqmapi.dll 0x74600000 0x74632fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 185 entries are omitted.
The remaining entries can be found in flog.txt.
Process #7: iexplore.exe
0 0
»
Information Value
ID #7
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:14340
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:02:03, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:02:17
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x860
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 864
0x 868
0x 86C
0x 870
0x 874
0x 878
0x 87C
0x 880
0x 884
0x 894
0x 898
0x 89C
0x 8A0
0x 8A4
0x 8A8
0x 8AC
0x 8B0
0x 8B4
0x 8E4
0x 8E8
0x 8EC
0x 904
0x 9E0
0x 9E8
0x BA8
0x CA0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
iexplore.exe.mui 0x000d0000 0x000d1fff Memory Mapped File rw False False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
oleaccrc.dll 0x00100000 0x00100fff Memory Mapped File r False False False -
pagefile_0x0000000000110000 0x00110000 0x00111fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000130000 0x00130000 0x00131fff Pagefile Backed Memory r True False False -
private_0x0000000000140000 0x00140000 0x00140fff Private Memory rw True False False -
pagefile_0x0000000000150000 0x00150000 0x00150fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00161fff Pagefile Backed Memory r True False False -
private_0x0000000000170000 0x00170000 0x00170fff Private Memory rw True False False -
pagefile_0x0000000000180000 0x00180000 0x00181fff Pagefile Backed Memory rw True False False -
private_0x0000000000190000 0x00190000 0x0020ffff Private Memory rw True False False -
pagefile_0x0000000000210000 0x00210000 0x00211fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory r True False False -
private_0x0000000000230000 0x00230000 0x0026ffff Private Memory rw True False False -
pagefile_0x0000000000270000 0x00270000 0x002ddfff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e0fff Pagefile Backed Memory r True False False -
cversions.1.db 0x002f0000 0x002f3fff Memory Mapped File r True False False -
pagefile_0x00000000002f0000 0x002f0000 0x002f0fff Pagefile Backed Memory rw True False False -
private_0x0000000000300000 0x00300000 0x003fffff Private Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00400000 0x0041efff Memory Mapped File r True False False -
pagefile_0x0000000000420000 0x00420000 0x00420fff Pagefile Backed Memory rw True False False -
private_0x0000000000430000 0x00430000 0x0046ffff Private Memory rw True False False -
private_0x0000000000470000 0x00470000 0x00471fff Private Memory rwx True False False -
private_0x0000000000480000 0x00480000 0x004bffff Private Memory rw True False False -
pagefile_0x00000000004c0000 0x004c0000 0x004c1fff Pagefile Backed Memory r True False False -
private_0x00000000004d0000 0x004d0000 0x0050ffff Private Memory rw True False False -
index.dat 0x00510000 0x0051ffff Memory Mapped File rw True False False -
index.dat 0x00520000 0x00527fff Memory Mapped File rw True False False -
private_0x0000000000530000 0x00530000 0x0062ffff Private Memory rw True False False -
pagefile_0x0000000000630000 0x00630000 0x007b7fff Pagefile Backed Memory r True False False -
index.dat 0x007c0000 0x007d3fff Memory Mapped File rw True False False -
pagefile_0x00000000007e0000 0x007e0000 0x007e0fff Pagefile Backed Memory rw True False False -
private_0x0000000000810000 0x00810000 0x0081ffff Private Memory rw True False False -
pagefile_0x0000000000820000 0x00820000 0x009a0fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x009b0000 0x00c7efff Memory Mapped File r False False False -
pagefile_0x0000000000c80000 0x00c80000 0x00d5efff Pagefile Backed Memory r True False False -
private_0x0000000000d70000 0x00d70000 0x00d71fff Private Memory rw True False False -
private_0x0000000000dc0000 0x00dc0000 0x00dcffff Private Memory rw True False False -
private_0x0000000000dd0000 0x00dd0000 0x00e0ffff Private Memory rw True False False -
private_0x0000000000e40000 0x00e40000 0x00e7ffff Private Memory rw True False False -
private_0x0000000000e80000 0x00e80000 0x00ebffff Private Memory rw True False False -
private_0x0000000000ee0000 0x00ee0000 0x00fdffff Private Memory rw True False False -
private_0x0000000000fe0000 0x00fe0000 0x0101ffff Private Memory rw True False False -
private_0x0000000001020000 0x01020000 0x0105ffff Private Memory rw True False False -
private_0x00000000010a0000 0x010a0000 0x0119ffff Private Memory rw True False False -
private_0x0000000001200000 0x01200000 0x0123ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002780000 0x02780000 0x0287ffff Private Memory rw True False False -
private_0x0000000002900000 0x02900000 0x029fffff Private Memory rw True False False -
private_0x0000000002a00000 0x02a00000 0x02afffff Private Memory rw True False False -
private_0x0000000002b40000 0x02b40000 0x02d3ffff Private Memory rw True False False -
private_0x0000000002d60000 0x02d60000 0x02e5ffff Private Memory rw True False False -
pagefile_0x0000000002e60000 0x02e60000 0x03252fff Pagefile Backed Memory r True False False -
private_0x00000000032c0000 0x032c0000 0x032fffff Private Memory rw True False False -
private_0x00000000033c0000 0x033c0000 0x034bffff Private Memory rw True False False -
private_0x00000000035d0000 0x035d0000 0x036cffff Private Memory rw True False False -
pagefile_0x00000000036d0000 0x036d0000 0x03a12fff Pagefile Backed Memory r True False False -
private_0x0000000003bf0000 0x03bf0000 0x03c2ffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x718d0000 0x71902fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
npmproxy.dll 0x745d0000 0x745d7fff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 170 entries are omitted.
The remaining entries can be found in flog.txt.
Process #8: iexplore.exe
0 0
»
Information Value
ID #8
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79876
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:02:06, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:02:14
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x8bc
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 8C0
0x 8C4
0x 8C8
0x 8CC
0x 8D0
0x 8D4
0x 8D8
0x 8DC
0x 8E0
0x 8F4
0x 8F8
0x 8FC
0x 900
0x 908
0x 90C
0x 910
0x 914
0x 918
0x 930
0x 93C
0x 970
0x 9DC
0x BF0
0x D24
0x D28
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0014ffff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x0018ffff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00193fff Pagefile Backed Memory r True False False -
iexplore.exe.mui 0x001a0000 0x001a1fff Memory Mapped File rw False False False -
private_0x00000000001b0000 0x001b0000 0x001b0fff Private Memory rw True False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
oleaccrc.dll 0x001d0000 0x001d0fff Memory Mapped File r False False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory r True False False -
private_0x00000000001f0000 0x001f0000 0x0026ffff Private Memory rw True False False -
pagefile_0x0000000000270000 0x00270000 0x00270fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000280000 0x00280000 0x00281fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x00290fff Private Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b1fff Pagefile Backed Memory r True False False -
private_0x00000000002c0000 0x002c0000 0x003bffff Private Memory rw True False False -
locale.nls 0x003c0000 0x00426fff Memory Mapped File r False False False -
pagefile_0x0000000000430000 0x00430000 0x005b7fff Pagefile Backed Memory r True False False -
private_0x00000000005c0000 0x005c0000 0x005c0fff Private Memory rw True False False -
pagefile_0x00000000005d0000 0x005d0000 0x005d1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000005e0000 0x005e0000 0x005e1fff Pagefile Backed Memory rw True False False -
private_0x00000000005f0000 0x005f0000 0x005fffff Private Memory rw True False False -
pagefile_0x0000000000600000 0x00600000 0x00780fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x00790000 0x00a5efff Memory Mapped File r False False False -
pagefile_0x0000000000a60000 0x00a60000 0x00b3efff Pagefile Backed Memory r True False False -
pagefile_0x0000000000b40000 0x00b40000 0x00badfff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000bb0000 0x00bb0000 0x00bb0fff Pagefile Backed Memory r True False False -
private_0x0000000000bc0000 0x00bc0000 0x00bfffff Private Memory rw True False False -
pagefile_0x0000000000c00000 0x00c00000 0x00c00fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000c10000 0x00c10000 0x00c10fff Pagefile Backed Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00c20000 0x00c3efff Memory Mapped File r True False False -
pagefile_0x0000000000c40000 0x00c40000 0x00c40fff Pagefile Backed Memory rw True False False -
private_0x0000000000c50000 0x00c50000 0x00c51fff Private Memory rwx True False False -
pagefile_0x0000000000c60000 0x00c60000 0x00c61fff Pagefile Backed Memory r True False False -
index.dat 0x00c70000 0x00c7ffff Memory Mapped File rw True False False -
private_0x0000000000c80000 0x00c80000 0x00cbffff Private Memory rw True False False -
index.dat 0x00cc0000 0x00cc7fff Memory Mapped File rw True False False -
index.dat 0x00cd0000 0x00ce3fff Memory Mapped File rw True False False -
pagefile_0x0000000000cf0000 0x00cf0000 0x00cf0fff Pagefile Backed Memory rw True False False -
private_0x0000000000d30000 0x00d30000 0x00d31fff Private Memory rw True False False -
private_0x0000000000d40000 0x00d40000 0x00d4ffff Private Memory rw True False False -
private_0x0000000000d50000 0x00d50000 0x00d8ffff Private Memory rw True False False -
private_0x0000000000dc0000 0x00dc0000 0x00dfffff Private Memory rw True False False -
private_0x0000000000e00000 0x00e00000 0x00e3ffff Private Memory rw True False False -
private_0x0000000000e60000 0x00e60000 0x00f5ffff Private Memory rw True False False -
private_0x0000000000f80000 0x00f80000 0x00fbffff Private Memory rw True False False -
private_0x0000000000fe0000 0x00fe0000 0x0101ffff Private Memory rw True False False -
private_0x0000000001090000 0x01090000 0x0118ffff Private Memory rw True False False -
private_0x0000000001190000 0x01190000 0x0128ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x00000000027c0000 0x027c0000 0x028bffff Private Memory rw True False False -
private_0x00000000028f0000 0x028f0000 0x029effff Private Memory rw True False False -
private_0x0000000002a30000 0x02a30000 0x02a6ffff Private Memory rw True False False -
private_0x0000000002a90000 0x02a90000 0x02acffff Private Memory rw True False False -
private_0x0000000002b90000 0x02b90000 0x02d8ffff Private Memory rw True False False -
private_0x0000000002ec0000 0x02ec0000 0x02fbffff Private Memory rw True False False -
pagefile_0x0000000002fc0000 0x02fc0000 0x033b2fff Pagefile Backed Memory r True False False -
private_0x00000000033d0000 0x033d0000 0x034cffff Private Memory rw True False False -
private_0x00000000035d0000 0x035d0000 0x036cffff Private Memory rw True False False -
private_0x0000000003800000 0x03800000 0x0383ffff Private Memory rw True False False -
pagefile_0x0000000003840000 0x03840000 0x03b82fff Pagefile Backed Memory r True False False -
private_0x0000000003d30000 0x03d30000 0x03d6ffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x71870000 0x718a2fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
npmproxy.dll 0x745d0000 0x745d7fff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wship6.dll 0x74b20000 0x74b25fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 180 entries are omitted.
The remaining entries can be found in flog.txt.
Process #9: iexplore.exe
0 0
»
Information Value
ID #9
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79881
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:02:12, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:02:08
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x954
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 958
0x 95C
0x 960
0x 964
0x 968
0x 96C
0x 974
0x 978
0x 97C
0x 980
0x 984
0x 988
0x 98C
0x 990
0x 994
0x 998
0x 99C
0x 9A0
0x 9A4
0x 9A8
0x 9AC
0x 9B4
0x 9B8
0x A6C
0x 128
0x D38
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
iexplore.exe.mui 0x00060000 0x00061fff Memory Mapped File rw False False False -
private_0x0000000000070000 0x00070000 0x000affff Private Memory rw True False False -
private_0x00000000000b0000 0x000b0000 0x000b0fff Private Memory rw True False False -
private_0x00000000000c0000 0x000c0000 0x000c0fff Private Memory rw True False False -
oleaccrc.dll 0x000d0000 0x000d0fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000f0000 0x000f0000 0x000f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000100000 0x00100000 0x00101fff Pagefile Backed Memory r True False False -
private_0x0000000000110000 0x00110000 0x0020ffff Private Memory rw True False False -
locale.nls 0x00210000 0x00276fff Memory Mapped File r False False False -
private_0x0000000000280000 0x00280000 0x00280fff Private Memory rw True False False -
pagefile_0x0000000000290000 0x00290000 0x00290fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a1fff Pagefile Backed Memory r True False False -
private_0x00000000002b0000 0x002b0000 0x002b0fff Private Memory rw True False False -
pagefile_0x00000000002c0000 0x002c0000 0x002c1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002f0000 0x002f0000 0x002f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000300000 0x00300000 0x00300fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000310000 0x00310000 0x00310fff Pagefile Backed Memory rw True False False -
private_0x0000000000320000 0x00320000 0x0039ffff Private Memory rw True False False -
pagefile_0x00000000003a0000 0x003a0000 0x0040dfff Pagefile Backed Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00410000 0x0042efff Memory Mapped File r True False False -
private_0x0000000000430000 0x00430000 0x00431fff Private Memory rwx True False False -
pagefile_0x0000000000440000 0x00440000 0x00441fff Pagefile Backed Memory r True False False -
index.dat 0x00450000 0x0045ffff Memory Mapped File rw True False False -
index.dat 0x00460000 0x00467fff Memory Mapped File rw True False False -
private_0x0000000000470000 0x00470000 0x0047ffff Private Memory rw True False False -
index.dat 0x00480000 0x00493fff Memory Mapped File rw True False False -
pagefile_0x00000000004a0000 0x004a0000 0x004a0fff Pagefile Backed Memory rw True False False -
private_0x00000000004b0000 0x004b0000 0x005affff Private Memory rw True False False -
pagefile_0x00000000005b0000 0x005b0000 0x00737fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000740000 0x00740000 0x008c0fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x008d0000 0x00b9efff Memory Mapped File r False False False -
pagefile_0x0000000000ba0000 0x00ba0000 0x00c7efff Pagefile Backed Memory r True False False -
private_0x0000000000cb0000 0x00cb0000 0x00cb1fff Private Memory rw True False False -
private_0x0000000000cc0000 0x00cc0000 0x00cfffff Private Memory rw True False False -
private_0x0000000000d50000 0x00d50000 0x00d8ffff Private Memory rw True False False -
private_0x0000000000db0000 0x00db0000 0x00deffff Private Memory rw True False False -
private_0x0000000000df0000 0x00df0000 0x00e2ffff Private Memory rw True False False -
private_0x0000000000e30000 0x00e30000 0x00e6ffff Private Memory rw True False False -
private_0x0000000000e90000 0x00e90000 0x00f8ffff Private Memory rw True False False -
private_0x0000000000fd0000 0x00fd0000 0x0100ffff Private Memory rw True False False -
private_0x0000000001010000 0x01010000 0x0110ffff Private Memory rw True False False -
private_0x0000000001110000 0x01110000 0x0120ffff Private Memory rw True False False -
private_0x0000000001250000 0x01250000 0x0128ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002750000 0x02750000 0x0284ffff Private Memory rw True False False -
private_0x0000000002860000 0x02860000 0x0289ffff Private Memory rw True False False -
private_0x00000000028a0000 0x028a0000 0x0299ffff Private Memory rw True False False -
private_0x00000000029f0000 0x029f0000 0x02a2ffff Private Memory rw True False False -
private_0x0000000002a50000 0x02a50000 0x02a8ffff Private Memory rw True False False -
private_0x0000000002ae0000 0x02ae0000 0x02cdffff Private Memory rw True False False -
private_0x0000000002d40000 0x02d40000 0x02d4ffff Private Memory rw True False False -
private_0x0000000002d80000 0x02d80000 0x02e7ffff Private Memory rw True False False -
pagefile_0x0000000002e80000 0x02e80000 0x03272fff Pagefile Backed Memory r True False False -
private_0x00000000032e0000 0x032e0000 0x033dffff Private Memory rw True False False -
private_0x0000000003480000 0x03480000 0x0357ffff Private Memory rw True False False -
private_0x0000000003660000 0x03660000 0x0369ffff Private Memory rw True False False -
pagefile_0x00000000036a0000 0x036a0000 0x039e2fff Pagefile Backed Memory r True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x71830000 0x71862fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
npmproxy.dll 0x745d0000 0x745d7fff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wship6.dll 0x74b20000 0x74b25fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 171 entries are omitted.
The remaining entries can be found in flog.txt.
Process #10: iexplore.exe
0 0
»
Information Value
ID #10
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79886
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:02:21, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:01:59
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xa0c
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A10
0x A14
0x A18
0x A1C
0x A20
0x A24
0x A28
0x A2C
0x A30
0x A70
0x A74
0x A78
0x A7C
0x A80
0x A84
0x A88
0x A8C
0x A90
0x A98
0x A9C
0x AA0
0x AA4
0x AB8
0x AE8
0x 9F4
0x E40
0x E44
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
iexplore.exe.mui 0x00060000 0x00061fff Memory Mapped File rw False False False -
private_0x0000000000070000 0x00070000 0x00070fff Private Memory rw True False False -
private_0x0000000000080000 0x00080000 0x00080fff Private Memory rw True False False -
oleaccrc.dll 0x00090000 0x00090fff Memory Mapped File r False False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a1fff Pagefile Backed Memory r True False False -
private_0x00000000000b0000 0x000b0000 0x000effff Private Memory rw True False False -
locale.nls 0x000f0000 0x00156fff Memory Mapped File r False False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00190fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a1fff Pagefile Backed Memory r True False False -
private_0x00000000001b0000 0x001b0000 0x001b0fff Private Memory rw True False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c1fff Pagefile Backed Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x001dffff Private Memory rw True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000200000 0x00200000 0x00200fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000210000 0x00210000 0x00210fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0032ffff Private Memory rw True False False -
pagefile_0x0000000000330000 0x00330000 0x004b7fff Pagefile Backed Memory r True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x004c0000 0x004defff Memory Mapped File r True False False -
private_0x00000000004e0000 0x004e0000 0x004e1fff Private Memory rwx True False False -
private_0x00000000004f0000 0x004f0000 0x0056ffff Private Memory rw True False False -
pagefile_0x0000000000570000 0x00570000 0x006f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000700000 0x00700000 0x00701fff Pagefile Backed Memory r True False False -
index.dat 0x00710000 0x0071ffff Memory Mapped File rw True False False -
index.dat 0x00720000 0x00727fff Memory Mapped File rw True False False -
private_0x0000000000730000 0x00730000 0x0082ffff Private Memory rw True False False -
sortdefault.nls 0x00830000 0x00afefff Memory Mapped File r False False False -
pagefile_0x0000000000b00000 0x00b00000 0x00bdefff Pagefile Backed Memory r True False False -
pagefile_0x0000000000be0000 0x00be0000 0x00c4dfff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000c50000 0x00c50000 0x00c50fff Pagefile Backed Memory rw True False False -
private_0x0000000000c60000 0x00c60000 0x00c9ffff Private Memory rw True False False -
index.dat 0x00ca0000 0x00cb3fff Memory Mapped File rw True False False -
private_0x0000000000cf0000 0x00cf0000 0x00d2ffff Private Memory rw True False False -
private_0x0000000000d30000 0x00d30000 0x00d31fff Private Memory rw True False False -
private_0x0000000000d40000 0x00d40000 0x00d7ffff Private Memory rw True False False -
private_0x0000000000db0000 0x00db0000 0x00deffff Private Memory rw True False False -
private_0x0000000000e70000 0x00e70000 0x00eaffff Private Memory rw True False False -
private_0x0000000000ed0000 0x00ed0000 0x00fcffff Private Memory rw True False False -
private_0x0000000001010000 0x01010000 0x0110ffff Private Memory rw True False False -
private_0x0000000001190000 0x01190000 0x011cffff Private Memory rw True False False -
private_0x0000000001200000 0x01200000 0x0123ffff Private Memory rw True False False -
private_0x0000000001240000 0x01240000 0x0127ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002750000 0x02750000 0x0284ffff Private Memory rw True False False -
private_0x0000000002850000 0x02850000 0x0294ffff Private Memory rw True False False -
private_0x0000000002a30000 0x02a30000 0x02b2ffff Private Memory rw True False False -
private_0x0000000002b30000 0x02b30000 0x02b6ffff Private Memory rw True False False -
private_0x0000000002c50000 0x02c50000 0x02e4ffff Private Memory rw True False False -
private_0x0000000002f20000 0x02f20000 0x02f5ffff Private Memory rw True False False -
private_0x0000000002fe0000 0x02fe0000 0x030dffff Private Memory rw True False False -
pagefile_0x00000000030e0000 0x030e0000 0x034d2fff Pagefile Backed Memory r True False False -
private_0x00000000034f0000 0x034f0000 0x035effff Private Memory rw True False False -
private_0x00000000036b0000 0x036b0000 0x037affff Private Memory rw True False False -
private_0x0000000003910000 0x03910000 0x0394ffff Private Memory rw True False False -
pagefile_0x0000000003950000 0x03950000 0x03c92fff Pagefile Backed Memory r True False False -
private_0x0000000003e90000 0x03e90000 0x03e9ffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x716a0000 0x716d2fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
npmproxy.dll 0x745d0000 0x745d7fff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wship6.dll 0x74b20000 0x74b25fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 182 entries are omitted.
The remaining entries can be found in flog.txt.
Process #11: iexplore.exe
0 0
»
Information Value
ID #11
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:145412
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:02:30, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:01:50
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xab0
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AB4
0x ABC
0x AC0
0x AC8
0x ACC
0x AD0
0x AD4
0x AD8
0x ADC
0x AE0
0x AE4
0x AEC
0x AF0
0x AF4
0x AF8
0x AFC
0x B00
0x B04
0x B08
0x B10
0x B18
0x B1C
0x B20
0x 570
0x E50
0x E54
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
private_0x00000000000d0000 0x000d0000 0x0010ffff Private Memory rw True False False -
iexplore.exe.mui 0x00110000 0x00111fff Memory Mapped File rw False False False -
private_0x0000000000120000 0x00120000 0x00120fff Private Memory rw True False False -
private_0x0000000000130000 0x00130000 0x00130fff Private Memory rw True False False -
oleaccrc.dll 0x00140000 0x00140fff Memory Mapped File r False False False -
pagefile_0x0000000000150000 0x00150000 0x00151fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
private_0x0000000000170000 0x00170000 0x0026ffff Private Memory rw True False False -
pagefile_0x0000000000270000 0x00270000 0x00271fff Pagefile Backed Memory r True False False -
private_0x0000000000280000 0x00280000 0x00280fff Private Memory rw True False False -
pagefile_0x0000000000290000 0x00290000 0x00290fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002b0000 0x002b0000 0x0038efff Pagefile Backed Memory r True False False -
private_0x0000000000390000 0x00390000 0x0039ffff Private Memory rw True False False -
private_0x00000000003a0000 0x003a0000 0x0041ffff Private Memory rw True False False -
private_0x0000000000420000 0x00420000 0x00420fff Private Memory rw True False False -
pagefile_0x0000000000430000 0x00430000 0x0049dfff Pagefile Backed Memory rw True False False -
pagefile_0x00000000004a0000 0x004a0000 0x004a1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000004b0000 0x004b0000 0x004b1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000004c0000 0x004c0000 0x004c0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000004d0000 0x004d0000 0x004d0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000004e0000 0x004e0000 0x004e0fff Pagefile Backed Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x004f0000 0x0050efff Memory Mapped File r True False False -
pagefile_0x0000000000510000 0x00510000 0x00510fff Pagefile Backed Memory rw True False False -
private_0x0000000000520000 0x00520000 0x00521fff Private Memory rwx True False False -
pagefile_0x0000000000530000 0x00530000 0x00531fff Pagefile Backed Memory r True False False -
index.dat 0x00540000 0x0054ffff Memory Mapped File rw True False False -
private_0x0000000000550000 0x00550000 0x0064ffff Private Memory rw True False False -
pagefile_0x0000000000650000 0x00650000 0x007d7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000007e0000 0x007e0000 0x00960fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x00970000 0x00c3efff Memory Mapped File r False False False -
index.dat 0x00c40000 0x00c47fff Memory Mapped File rw True False False -
index.dat 0x00c50000 0x00c63fff Memory Mapped File rw True False False -
pagefile_0x0000000000c70000 0x00c70000 0x00c70fff Pagefile Backed Memory rw True False False -
private_0x0000000000c80000 0x00c80000 0x00cbffff Private Memory rw True False False -
private_0x0000000000ce0000 0x00ce0000 0x00d1ffff Private Memory rw True False False -
private_0x0000000000d30000 0x00d30000 0x00d31fff Private Memory rw True False False -
private_0x0000000000d40000 0x00d40000 0x00d7ffff Private Memory rw True False False -
private_0x0000000000db0000 0x00db0000 0x00deffff Private Memory rw True False False -
private_0x0000000000e60000 0x00e60000 0x00f5ffff Private Memory rw True False False -
private_0x0000000000fa0000 0x00fa0000 0x00fdffff Private Memory rw True False False -
private_0x0000000000ff0000 0x00ff0000 0x0102ffff Private Memory rw True False False -
private_0x0000000001060000 0x01060000 0x0109ffff Private Memory rw True False False -
private_0x0000000001120000 0x01120000 0x0121ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002760000 0x02760000 0x0285ffff Private Memory rw True False False -
private_0x0000000002890000 0x02890000 0x0298ffff Private Memory rw True False False -
private_0x0000000002990000 0x02990000 0x02a8ffff Private Memory rw True False False -
private_0x0000000002b50000 0x02b50000 0x02d4ffff Private Memory rw True False False -
private_0x0000000002d70000 0x02d70000 0x02e6ffff Private Memory rw True False False -
pagefile_0x0000000002e70000 0x02e70000 0x03262fff Pagefile Backed Memory r True False False -
private_0x00000000032d0000 0x032d0000 0x0330ffff Private Memory rw True False False -
private_0x0000000003320000 0x03320000 0x0335ffff Private Memory rw True False False -
private_0x0000000003360000 0x03360000 0x0345ffff Private Memory rw True False False -
private_0x00000000034b0000 0x034b0000 0x035affff Private Memory rw True False False -
private_0x0000000003690000 0x03690000 0x036cffff Private Memory rw True False False -
pagefile_0x00000000036d0000 0x036d0000 0x03a12fff Pagefile Backed Memory r True False False -
private_0x0000000003b20000 0x03b20000 0x03b2ffff Private Memory rw True False False -
private_0x0000000003d00000 0x03d00000 0x03d3ffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x71660000 0x71692fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
npmproxy.dll 0x745d0000 0x745d7fff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wship6.dll 0x74b20000 0x74b25fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 175 entries are omitted.
The remaining entries can be found in flog.txt.
Process #12: iexplore.exe
0 0
»
Information Value
ID #12
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:210955
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:02:39, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:01:41
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb34
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B38
0x B3C
0x B40
0x B44
0x B48
0x B4C
0x B50
0x B54
0x B58
0x B5C
0x B60
0x B64
0x B68
0x B6C
0x B70
0x B74
0x B78
0x B7C
0x B80
0x B84
0x B88
0x B8C
0x B94
0x B98
0x BA0
0x 780
0x E64
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
iexplore.exe.mui 0x00060000 0x00061fff Memory Mapped File rw False False False -
private_0x0000000000070000 0x00070000 0x000effff Private Memory rw True False False -
locale.nls 0x000f0000 0x00156fff Memory Mapped File r False False False -
private_0x0000000000160000 0x00160000 0x00160fff Private Memory rw True False False -
private_0x0000000000170000 0x00170000 0x00170fff Private Memory rw True False False -
oleaccrc.dll 0x00180000 0x00180fff Memory Mapped File r False False False -
private_0x0000000000190000 0x00190000 0x001cffff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory r True False False -
private_0x00000000001e0000 0x001e0000 0x002dffff Private Memory rw True False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e0fff Pagefile Backed Memory r True False False -
private_0x00000000002f0000 0x002f0000 0x003effff Private Memory rw True False False -
pagefile_0x00000000003f0000 0x003f0000 0x003f1fff Pagefile Backed Memory r True False False -
private_0x0000000000400000 0x00400000 0x00400fff Private Memory rw True False False -
pagefile_0x0000000000410000 0x00410000 0x00410fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000420000 0x00420000 0x00421fff Pagefile Backed Memory r True False False -
private_0x0000000000430000 0x00430000 0x00430fff Private Memory rw True False False -
pagefile_0x0000000000440000 0x00440000 0x004adfff Pagefile Backed Memory rw True False False -
private_0x00000000004b0000 0x004b0000 0x004bffff Private Memory rw True False False -
pagefile_0x00000000004c0000 0x004c0000 0x00647fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000650000 0x00650000 0x007d0fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x007e0000 0x00aaefff Memory Mapped File r False False False -
pagefile_0x0000000000ab0000 0x00ab0000 0x00ab1fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000ac0000 0x00ac0000 0x00ac1fff Pagefile Backed Memory rw True False False -
private_0x0000000000ad0000 0x00ad0000 0x00b0ffff Private Memory rw True False False -
private_0x0000000000b10000 0x00b10000 0x00b4ffff Private Memory rw True False False -
pagefile_0x0000000000b50000 0x00b50000 0x00c2efff Pagefile Backed Memory r True False False -
pagefile_0x0000000000c30000 0x00c30000 0x00c30fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000c40000 0x00c40000 0x00c40fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000c50000 0x00c50000 0x00c50fff Pagefile Backed Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00c60000 0x00c7efff Memory Mapped File r True False False -
pagefile_0x0000000000c80000 0x00c80000 0x00c80fff Pagefile Backed Memory rw True False False -
private_0x0000000000c90000 0x00c90000 0x00c91fff Private Memory rwx True False False -
pagefile_0x0000000000ca0000 0x00ca0000 0x00ca1fff Pagefile Backed Memory r True False False -
index.dat 0x00cb0000 0x00cbffff Memory Mapped File rw True False False -
index.dat 0x00cc0000 0x00cc7fff Memory Mapped File rw True False False -
private_0x0000000000cd0000 0x00cd0000 0x00dcffff Private Memory rw True False False -
index.dat 0x00dd0000 0x00de3fff Memory Mapped File rw True False False -
pagefile_0x0000000000df0000 0x00df0000 0x00df0fff Pagefile Backed Memory rw True False False -
private_0x0000000000e00000 0x00e00000 0x00e3ffff Private Memory rw True False False -
private_0x0000000000e70000 0x00e70000 0x00e71fff Private Memory rw True False False -
private_0x0000000000e80000 0x00e80000 0x00ebffff Private Memory rw True False False -
private_0x0000000000ec0000 0x00ec0000 0x00fbffff Private Memory rw True False False -
private_0x0000000000fc0000 0x00fc0000 0x00ffffff Private Memory rw True False False -
private_0x0000000001000000 0x01000000 0x0103ffff Private Memory rw True False False -
private_0x0000000001040000 0x01040000 0x0107ffff Private Memory rw True False False -
private_0x00000000010a0000 0x010a0000 0x0119ffff Private Memory rw True False False -
private_0x00000000011d0000 0x011d0000 0x0120ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002770000 0x02770000 0x027affff Private Memory rw True False False -
private_0x00000000027d0000 0x027d0000 0x028cffff Private Memory rw True False False -
private_0x00000000028d0000 0x028d0000 0x029cffff Private Memory rw True False False -
private_0x0000000002a10000 0x02a10000 0x02c0ffff Private Memory rw True False False -
private_0x0000000002c50000 0x02c50000 0x02c8ffff Private Memory rw True False False -
private_0x0000000002da0000 0x02da0000 0x02ddffff Private Memory rw True False False -
private_0x0000000002e10000 0x02e10000 0x02f0ffff Private Memory rw True False False -
pagefile_0x0000000002f10000 0x02f10000 0x03302fff Pagefile Backed Memory r True False False -
private_0x0000000003420000 0x03420000 0x0342ffff Private Memory rw True False False -
private_0x0000000003440000 0x03440000 0x0353ffff Private Memory rw True False False -
private_0x0000000003630000 0x03630000 0x0372ffff Private Memory rw True False False -
pagefile_0x0000000003730000 0x03730000 0x03a72fff Pagefile Backed Memory r True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x716a0000 0x716d2fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
npmproxy.dll 0x745d0000 0x745d7fff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wship6.dll 0x74b20000 0x74b25fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 174 entries are omitted.
The remaining entries can be found in flog.txt.
Process #13: iexplore.exe
0 0
»
Information Value
ID #13
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:145422
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:02:49, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:01:31
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xbb4
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BB8
0x BC0
0x BC4
0x BC8
0x BCC
0x BD0
0x BD4
0x BD8
0x BDC
0x BEC
0x BF4
0x BF8
0x BFC
0x 6F8
0x 218
0x 38C
0x 640
0x 188
0x 820
0x 7F0
0x 52C
0x 828
0x 840
0x 928
0x 224
0x 6AC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
iexplore.exe.mui 0x000d0000 0x000d1fff Memory Mapped File rw False False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
oleaccrc.dll 0x00100000 0x00100fff Memory Mapped File r False False False -
pagefile_0x0000000000110000 0x00110000 0x00111fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory r True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00190fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a1fff Pagefile Backed Memory r True False False -
private_0x00000000001b0000 0x001b0000 0x001b0fff Private Memory rw True False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory rw True False False -
private_0x00000000001e0000 0x001e0000 0x0021ffff Private Memory rw True False False -
private_0x0000000000220000 0x00220000 0x0022ffff Private Memory rw True False False -
pagefile_0x0000000000230000 0x00230000 0x00230fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000240000 0x00240000 0x00240fff Pagefile Backed Memory r True False False -
private_0x0000000000250000 0x00250000 0x002cffff Private Memory rw True False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e0fff Pagefile Backed Memory rw True False False -
private_0x00000000002f0000 0x002f0000 0x003effff Private Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x0042ffff Private Memory rw True False False -
private_0x0000000000430000 0x00430000 0x00431fff Private Memory rwx True False False -
private_0x0000000000440000 0x00440000 0x0047ffff Private Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00480000 0x0049efff Memory Mapped File r True False False -
pagefile_0x00000000004a0000 0x004a0000 0x004a1fff Pagefile Backed Memory r True False False -
index.dat 0x004b0000 0x004bffff Memory Mapped File rw True False False -
index.dat 0x004c0000 0x004c7fff Memory Mapped File rw True False False -
private_0x00000000004d0000 0x004d0000 0x005cffff Private Memory rw True False False -
pagefile_0x00000000005d0000 0x005d0000 0x00757fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000760000 0x00760000 0x008e0fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x008f0000 0x00bbefff Memory Mapped File r False False False -
pagefile_0x0000000000bc0000 0x00bc0000 0x00c9efff Pagefile Backed Memory r True False False -
pagefile_0x0000000000ca0000 0x00ca0000 0x00d0dfff Pagefile Backed Memory rw True False False -
index.dat 0x00d10000 0x00d23fff Memory Mapped File rw True False False -
pagefile_0x0000000000d30000 0x00d30000 0x00d30fff Pagefile Backed Memory rw True False False -
private_0x0000000000d70000 0x00d70000 0x00d71fff Private Memory rw True False False -
private_0x0000000000db0000 0x00db0000 0x00deffff Private Memory rw True False False -
private_0x0000000000df0000 0x00df0000 0x00eeffff Private Memory rw True False False -
private_0x0000000000ef0000 0x00ef0000 0x00feffff Private Memory rw True False False -
private_0x0000000001020000 0x01020000 0x0105ffff Private Memory rw True False False -
private_0x0000000001060000 0x01060000 0x0115ffff Private Memory rw True False False -
private_0x0000000001190000 0x01190000 0x011cffff Private Memory rw True False False -
private_0x0000000001230000 0x01230000 0x0126ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002750000 0x02750000 0x0278ffff Private Memory rw True False False -
private_0x0000000002790000 0x02790000 0x027cffff Private Memory rw True False False -
private_0x0000000002830000 0x02830000 0x0292ffff Private Memory rw True False False -
private_0x00000000029b0000 0x029b0000 0x02baffff Private Memory rw True False False -
private_0x0000000002bb0000 0x02bb0000 0x02caffff Private Memory rw True False False -
private_0x0000000002d70000 0x02d70000 0x02daffff Private Memory rw True False False -
private_0x0000000002e10000 0x02e10000 0x02f0ffff Private Memory rw True False False -
pagefile_0x0000000002f10000 0x02f10000 0x03302fff Pagefile Backed Memory r True False False -
private_0x0000000003380000 0x03380000 0x0347ffff Private Memory rw True False False -
private_0x0000000003550000 0x03550000 0x0364ffff Private Memory rw True False False -
private_0x00000000037e0000 0x037e0000 0x0381ffff Private Memory rw True False False -
private_0x0000000003880000 0x03880000 0x03a7ffff Private Memory rw True False False -
pagefile_0x0000000003a80000 0x03a80000 0x03dc2fff Pagefile Backed Memory r True False False -
private_0x0000000003f40000 0x03f40000 0x03f7ffff Private Memory rw True False False -
private_0x0000000003fc0000 0x03fc0000 0x03fcffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x71660000 0x71692fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9b000 0x7ef9b000 0x7ef9dfff Private Memory rw True False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 183 entries are omitted.
The remaining entries can be found in flog.txt.
Process #14: iexplore.exe
0 0
»
Information Value
ID #14
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:210957
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:03:01, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:01:19
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x85c
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 8B8
0x 778
0x 81C
0x 950
0x 9B0
0x 9BC
0x A04
0x A08
0x A3C
0x 31C
0x 48C
0x 424
0x 948
0x A94
0x 630
0x 5FC
0x 634
0x 638
0x 64
0x 9FC
0x AC4
0x 9F8
0x AAC
0x 9E4
0x 830
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x0002ffff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
private_0x00000000000d0000 0x000d0000 0x0010ffff Private Memory rw True False False -
pagefile_0x0000000000110000 0x00110000 0x00111fff Pagefile Backed Memory rw True False False -
iexplore.exe.mui 0x00120000 0x00121fff Memory Mapped File rw False False False -
private_0x0000000000130000 0x00130000 0x001affff Private Memory rw True False False -
private_0x00000000001b0000 0x001b0000 0x001b0fff Private Memory rw True False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory rw True False False -
oleaccrc.dll 0x001d0000 0x001d0fff Memory Mapped File r False False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000200000 0x00200000 0x00201fff Pagefile Backed Memory r True False False -
private_0x0000000000210000 0x00210000 0x00210fff Private Memory rw True False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000230000 0x00230000 0x00231fff Pagefile Backed Memory r True False False -
private_0x0000000000240000 0x00240000 0x00240fff Private Memory rw True False False -
pagefile_0x0000000000250000 0x00250000 0x00251fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000260000 0x00260000 0x00261fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000270000 0x00270000 0x00270fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000280000 0x00280000 0x00280fff Pagefile Backed Memory r True False False -
private_0x0000000000290000 0x00290000 0x0038ffff Private Memory rw True False False -
pagefile_0x0000000000390000 0x00390000 0x00390fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003a0000 0x003a0000 0x003a0fff Pagefile Backed Memory rw True False False -
private_0x00000000003b0000 0x003b0000 0x004affff Private Memory rw True False False -
pagefile_0x00000000004b0000 0x004b0000 0x00637fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000640000 0x00640000 0x007c0fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x007d0000 0x00a9efff Memory Mapped File r False False False -
pagefile_0x0000000000aa0000 0x00aa0000 0x00b7efff Pagefile Backed Memory r True False False -
pagefile_0x0000000000b80000 0x00b80000 0x00bedfff Pagefile Backed Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00bf0000 0x00c0efff Memory Mapped File r True False False -
private_0x0000000000c10000 0x00c10000 0x00c11fff Private Memory rwx True False False -
pagefile_0x0000000000c20000 0x00c20000 0x00c21fff Pagefile Backed Memory r True False False -
private_0x0000000000c30000 0x00c30000 0x00c6ffff Private Memory rw True False False -
index.dat 0x00c70000 0x00c7ffff Memory Mapped File rw True False False -
private_0x0000000000c80000 0x00c80000 0x00cbffff Private Memory rw True False False -
index.dat 0x00cc0000 0x00cc7fff Memory Mapped File rw True False False -
index.dat 0x00cd0000 0x00ce3fff Memory Mapped File rw True False False -
pagefile_0x0000000000cf0000 0x00cf0000 0x00cf0fff Pagefile Backed Memory rw True False False -
private_0x0000000000d30000 0x00d30000 0x00d31fff Private Memory rw True False False -
private_0x0000000000d40000 0x00d40000 0x00d7ffff Private Memory rw True False False -
private_0x0000000000d90000 0x00d90000 0x00dcffff Private Memory rw True False False -
private_0x0000000000e10000 0x00e10000 0x00e4ffff Private Memory rw True False False -
private_0x0000000000e50000 0x00e50000 0x00e8ffff Private Memory rw True False False -
private_0x0000000000ea0000 0x00ea0000 0x00f9ffff Private Memory rw True False False -
private_0x0000000000fa0000 0x00fa0000 0x00fdffff Private Memory rw True False False -
private_0x0000000001030000 0x01030000 0x0106ffff Private Memory rw True False False -
private_0x0000000001080000 0x01080000 0x0117ffff Private Memory rw True False False -
private_0x0000000001180000 0x01180000 0x0127ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002740000 0x02740000 0x0283ffff Private Memory rw True False False -
private_0x0000000002840000 0x02840000 0x0287ffff Private Memory rw True False False -
private_0x00000000028a0000 0x028a0000 0x0299ffff Private Memory rw True False False -
private_0x00000000029c0000 0x029c0000 0x02bbffff Private Memory rw True False False -
private_0x0000000002c00000 0x02c00000 0x02cfffff Private Memory rw True False False -
private_0x0000000002d50000 0x02d50000 0x02d5ffff Private Memory rw True False False -
private_0x0000000002d80000 0x02d80000 0x02e7ffff Private Memory rw True False False -
pagefile_0x0000000002e80000 0x02e80000 0x03272fff Pagefile Backed Memory r True False False -
private_0x00000000033b0000 0x033b0000 0x033effff Private Memory rw True False False -
private_0x0000000003440000 0x03440000 0x0353ffff Private Memory rw True False False -
pagefile_0x0000000003540000 0x03540000 0x03882fff Pagefile Backed Memory r True False False -
private_0x0000000003a80000 0x03a80000 0x03abffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x716a0000 0x716d2fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
npmproxy.dll 0x745d0000 0x745d7fff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wship6.dll 0x74b20000 0x74b25fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 175 entries are omitted.
The remaining entries can be found in flog.txt.
Process #15: iexplore.exe
0 0
»
Information Value
ID #15
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79897
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:03:16, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:01:04
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xba4
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A48
0x A50
0x 53C
0x 7F8
0x 9D0
0x 330
0x 288
0x BE0
0x 328
0x 37C
0x B0C
0x 654
0x 7E8
0x C0
0x 94C
0x 660
0x 758
0x 974
0x 9AC
0x 49C
0x 834
0x 814
0x C04
0x C08
0x C2C
0x C3C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
iexplore.exe.mui 0x00060000 0x00061fff Memory Mapped File rw False False False -
private_0x0000000000070000 0x00070000 0x00070fff Private Memory rw True False False -
private_0x0000000000080000 0x00080000 0x00080fff Private Memory rw True False False -
oleaccrc.dll 0x00090000 0x00090fff Memory Mapped File r False False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a1fff Pagefile Backed Memory r True False False -
private_0x00000000000b0000 0x000b0000 0x000effff Private Memory rw True False False -
locale.nls 0x000f0000 0x00156fff Memory Mapped File r False False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00190fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a1fff Pagefile Backed Memory r True False False -
private_0x00000000001b0000 0x001b0000 0x001b0fff Private Memory rw True False False -
pagefile_0x00000000001c0000 0x001c0000 0x0022dfff Pagefile Backed Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0032ffff Private Memory rw True False False -
pagefile_0x0000000000330000 0x00330000 0x00331fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000340000 0x00340000 0x00341fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000350000 0x00350000 0x00350fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000360000 0x00360000 0x00360fff Pagefile Backed Memory r True False False -
private_0x0000000000370000 0x00370000 0x003affff Private Memory rw True False False -
pagefile_0x00000000003b0000 0x003b0000 0x003b0fff Pagefile Backed Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x003c0000 0x003defff Memory Mapped File r True False False -
pagefile_0x00000000003e0000 0x003e0000 0x003e0fff Pagefile Backed Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x003f1fff Private Memory rwx True False False -
private_0x0000000000400000 0x00400000 0x0047ffff Private Memory rw True False False -
private_0x0000000000480000 0x00480000 0x004bffff Private Memory rw True False False -
pagefile_0x00000000004c0000 0x004c0000 0x004c1fff Pagefile Backed Memory r True False False -
index.dat 0x004d0000 0x004dffff Memory Mapped File rw True False False -
index.dat 0x004e0000 0x004e7fff Memory Mapped File rw True False False -
index.dat 0x004f0000 0x00503fff Memory Mapped File rw True False False -
pagefile_0x0000000000510000 0x00510000 0x00510fff Pagefile Backed Memory rw True False False -
private_0x0000000000550000 0x00550000 0x0064ffff Private Memory rw True False False -
pagefile_0x0000000000650000 0x00650000 0x0072efff Pagefile Backed Memory r True False False -
private_0x0000000000730000 0x00730000 0x00731fff Private Memory rw True False False -
private_0x0000000000750000 0x00750000 0x0078ffff Private Memory rw True False False -
private_0x00000000007c0000 0x007c0000 0x007cffff Private Memory rw True False False -
pagefile_0x00000000007d0000 0x007d0000 0x00957fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000960000 0x00960000 0x00ae0fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x00af0000 0x00dbefff Memory Mapped File r False False False -
private_0x0000000000dc0000 0x00dc0000 0x00ebffff Private Memory rw True False False -
private_0x0000000000ec0000 0x00ec0000 0x00efffff Private Memory rw True False False -
private_0x0000000000f10000 0x00f10000 0x00f4ffff Private Memory rw True False False -
private_0x0000000000f50000 0x00f50000 0x0104ffff Private Memory rw True False False -
private_0x0000000001050000 0x01050000 0x0108ffff Private Memory rw True False False -
private_0x00000000010d0000 0x010d0000 0x0110ffff Private Memory rw True False False -
private_0x0000000001190000 0x01190000 0x0128ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002740000 0x02740000 0x0283ffff Private Memory rw True False False -
private_0x0000000002840000 0x02840000 0x0287ffff Private Memory rw True False False -
private_0x0000000002890000 0x02890000 0x0298ffff Private Memory rw True False False -
private_0x00000000029b0000 0x029b0000 0x029effff Private Memory rw True False False -
private_0x0000000002a90000 0x02a90000 0x02c8ffff Private Memory rw True False False -
private_0x0000000002dc0000 0x02dc0000 0x02ebffff Private Memory rw True False False -
pagefile_0x0000000002ec0000 0x02ec0000 0x032b2fff Pagefile Backed Memory r True False False -
private_0x00000000032c0000 0x032c0000 0x032fffff Private Memory rw True False False -
private_0x0000000003390000 0x03390000 0x0348ffff Private Memory rw True False False -
private_0x0000000003510000 0x03510000 0x0360ffff Private Memory rw True False False -
private_0x00000000037d0000 0x037d0000 0x0380ffff Private Memory rw True False False -
private_0x0000000003850000 0x03850000 0x03a4ffff Private Memory rw True False False -
pagefile_0x0000000003a50000 0x03a50000 0x03d92fff Pagefile Backed Memory r True False False -
private_0x0000000003f50000 0x03f50000 0x03f8ffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x71660000 0x71692fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wship6.dll 0x74b20000 0x74b25fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
rasadhlp.dll 0x74cd0000 0x74cd5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9b000 0x7ef9b000 0x7ef9dfff Private Memory rw True False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 187 entries are omitted.
The remaining entries can be found in flog.txt.
Process #16: iexplore.exe
0 0
»
Information Value
ID #16
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:276485
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:03:32, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:00:48
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xc10
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x C14
0x C18
0x C1C
0x C20
0x C24
0x C28
0x C30
0x C34
0x C38
0x C4C
0x C50
0x C54
0x C58
0x C5C
0x C60
0x C64
0x C68
0x C6C
0x C70
0x C74
0x C78
0x C7C
0x C80
0x C84
0x C8C
0x C90
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
iexplore.exe.mui 0x000d0000 0x000d1fff Memory Mapped File rw False False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
oleaccrc.dll 0x00100000 0x00100fff Memory Mapped File r False False False -
private_0x0000000000110000 0x00110000 0x0014ffff Private Memory rw True False False -
pagefile_0x0000000000150000 0x00150000 0x00151fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00190fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a1fff Pagefile Backed Memory r True False False -
private_0x00000000001b0000 0x001b0000 0x001b0fff Private Memory rw True False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c1fff Pagefile Backed Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x0020ffff Private Memory rw True False False -
pagefile_0x0000000000210000 0x00210000 0x00211fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000230000 0x00230000 0x00230fff Pagefile Backed Memory r True False False -
cversions.1.db 0x00240000 0x00243fff Memory Mapped File r True False False -
pagefile_0x0000000000240000 0x00240000 0x00240fff Pagefile Backed Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00250000 0x0026efff Memory Mapped File r True False False -
private_0x0000000000270000 0x00270000 0x0036ffff Private Memory rw True False False -
pagefile_0x0000000000370000 0x00370000 0x0044efff Pagefile Backed Memory r True False False -
pagefile_0x0000000000450000 0x00450000 0x004bdfff Pagefile Backed Memory rw True False False -
pagefile_0x00000000004c0000 0x004c0000 0x004c0fff Pagefile Backed Memory rw True False False -
private_0x00000000004d0000 0x004d0000 0x0054ffff Private Memory rw True False False -
private_0x0000000000550000 0x00550000 0x0058ffff Private Memory rw True False False -
private_0x0000000000590000 0x00590000 0x00591fff Private Memory rwx True False False -
pagefile_0x00000000005a0000 0x005a0000 0x005a1fff Pagefile Backed Memory r True False False -
index.dat 0x005b0000 0x005bffff Memory Mapped File rw True False False -
index.dat 0x005c0000 0x005c7fff Memory Mapped File rw True False False -
index.dat 0x005d0000 0x005e3fff Memory Mapped File rw True False False -
pagefile_0x00000000005f0000 0x005f0000 0x005f0fff Pagefile Backed Memory rw True False False -
private_0x0000000000610000 0x00610000 0x0064ffff Private Memory rw True False False -
private_0x0000000000670000 0x00670000 0x006affff Private Memory rw True False False -
private_0x00000000006b0000 0x006b0000 0x007affff Private Memory rw True False False -
private_0x00000000007b0000 0x007b0000 0x007effff Private Memory rw True False False -
private_0x00000000007f0000 0x007f0000 0x0082ffff Private Memory rw True False False -
private_0x0000000000830000 0x00830000 0x0092ffff Private Memory rw True False False -
private_0x0000000000930000 0x00930000 0x0093ffff Private Memory rw True False False -
pagefile_0x0000000000940000 0x00940000 0x00ac7fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000ad0000 0x00ad0000 0x00c50fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x00c60000 0x00f2efff Memory Mapped File r False False False -
private_0x0000000000f30000 0x00f30000 0x00f31fff Private Memory rw True False False -
private_0x0000000000fa0000 0x00fa0000 0x0109ffff Private Memory rw True False False -
private_0x00000000010e0000 0x010e0000 0x0111ffff Private Memory rw True False False -
private_0x0000000001140000 0x01140000 0x0123ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002750000 0x02750000 0x0278ffff Private Memory rw True False False -
private_0x0000000002790000 0x02790000 0x0288ffff Private Memory rw True False False -
private_0x00000000028e0000 0x028e0000 0x029dffff Private Memory rw True False False -
private_0x00000000029f0000 0x029f0000 0x02a2ffff Private Memory rw True False False -
private_0x0000000002a60000 0x02a60000 0x02a9ffff Private Memory rw True False False -
private_0x0000000002aa0000 0x02aa0000 0x02c9ffff Private Memory rw True False False -
private_0x0000000002cb0000 0x02cb0000 0x02ceffff Private Memory rw True False False -
private_0x0000000002cf0000 0x02cf0000 0x02d2ffff Private Memory rw True False False -
private_0x0000000002d80000 0x02d80000 0x02e7ffff Private Memory rw True False False -
pagefile_0x0000000002e80000 0x02e80000 0x03272fff Pagefile Backed Memory r True False False -
private_0x00000000032e0000 0x032e0000 0x033dffff Private Memory rw True False False -
private_0x0000000003420000 0x03420000 0x0351ffff Private Memory rw True False False -
private_0x00000000036a0000 0x036a0000 0x0389ffff Private Memory rw True False False -
private_0x00000000038a0000 0x038a0000 0x03a9ffff Private Memory rw True False False -
pagefile_0x0000000003aa0000 0x03aa0000 0x03de2fff Pagefile Backed Memory r True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x70ec0000 0x70ef2fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef98000 0x7ef98000 0x7ef9afff Private Memory rw True False False -
private_0x000000007ef9b000 0x7ef9b000 0x7ef9dfff Private Memory rw True False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 204 entries are omitted.
The remaining entries can be found in flog.txt.
Process #17: iexplore.exe
0 0
»
Information Value
ID #17
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79910
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:03:47, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:00:33
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xca8
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x CAC
0x CB0
0x CB4
0x CB8
0x CBC
0x CC0
0x CC4
0x CC8
0x CCC
0x CD0
0x CD4
0x CD8
0x CDC
0x CE0
0x CE8
0x CEC
0x CF0
0x CF4
0x CFC
0x D00
0x D04
0x D08
0x D0C
0x D10
0x D1C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory r True False False -
iexplore.exe.mui 0x000a0000 0x000a1fff Memory Mapped File rw False False False -
private_0x00000000000b0000 0x000b0000 0x000b0fff Private Memory rw True False False -
private_0x00000000000c0000 0x000c0000 0x000c0fff Private Memory rw True False False -
oleaccrc.dll 0x000d0000 0x000d0fff Memory Mapped File r False False False -
private_0x00000000000e0000 0x000e0000 0x0015ffff Private Memory rw True False False -
locale.nls 0x00160000 0x001c6fff Memory Mapped File r False False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f1fff Pagefile Backed Memory r True False False -
private_0x0000000000200000 0x00200000 0x00200fff Private Memory rw True False False -
pagefile_0x0000000000210000 0x00210000 0x00210fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000220000 0x00220000 0x00221fff Pagefile Backed Memory r True False False -
private_0x0000000000230000 0x00230000 0x0032ffff Private Memory rw True False False -
private_0x0000000000330000 0x00330000 0x00330fff Private Memory rw True False False -
pagefile_0x0000000000340000 0x00340000 0x00341fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000350000 0x00350000 0x00351fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000360000 0x00360000 0x00360fff Pagefile Backed Memory r True False False -
private_0x0000000000370000 0x00370000 0x0046ffff Private Memory rw True False False -
pagefile_0x0000000000470000 0x00470000 0x004ddfff Pagefile Backed Memory rw True False False -
pagefile_0x00000000004e0000 0x004e0000 0x004e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000004f0000 0x004f0000 0x004f0fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000500000 0x00500000 0x00500fff Pagefile Backed Memory rw True False False -
private_0x0000000000510000 0x00510000 0x0054ffff Private Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00550000 0x0056efff Memory Mapped File r True False False -
private_0x0000000000570000 0x00570000 0x005affff Private Memory rw True False False -
private_0x00000000005b0000 0x005b0000 0x005b1fff Private Memory rwx True False False -
pagefile_0x00000000005c0000 0x005c0000 0x005c1fff Pagefile Backed Memory r True False False -
private_0x00000000005d0000 0x005d0000 0x005dffff Private Memory rw True False False -
pagefile_0x00000000005e0000 0x005e0000 0x00767fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000770000 0x00770000 0x008f0fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x00900000 0x00bcefff Memory Mapped File r False False False -
pagefile_0x0000000000bd0000 0x00bd0000 0x00caefff Pagefile Backed Memory r True False False -
private_0x0000000000cb0000 0x00cb0000 0x00daffff Private Memory rw True False False -
index.dat 0x00db0000 0x00dc3fff Memory Mapped File rw True False False -
index.dat 0x00dd0000 0x00dd7fff Memory Mapped File rw True False False -
index.dat 0x00de0000 0x00df3fff Memory Mapped File rw True False False -
pagefile_0x0000000000e00000 0x00e00000 0x00e00fff Pagefile Backed Memory rw True False False -
private_0x0000000000e20000 0x00e20000 0x00e5ffff Private Memory rw True False False -
private_0x0000000000e80000 0x00e80000 0x00ebffff Private Memory rw True False False -
private_0x0000000000ec0000 0x00ec0000 0x00ec1fff Private Memory rw True False False -
private_0x0000000000f40000 0x00f40000 0x00f7ffff Private Memory rw True False False -
private_0x0000000000f80000 0x00f80000 0x0107ffff Private Memory rw True False False -
private_0x0000000001110000 0x01110000 0x0120ffff Private Memory rw True False False -
private_0x0000000001220000 0x01220000 0x0125ffff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002750000 0x02750000 0x0278ffff Private Memory rw True False False -
private_0x0000000002790000 0x02790000 0x027cffff Private Memory rw True False False -
private_0x00000000027d0000 0x027d0000 0x028cffff Private Memory rw True False False -
private_0x0000000002920000 0x02920000 0x02a1ffff Private Memory rw True False False -
private_0x0000000002a70000 0x02a70000 0x02aaffff Private Memory rw True False False -
private_0x0000000002b40000 0x02b40000 0x02d3ffff Private Memory rw True False False -
private_0x0000000002dd0000 0x02dd0000 0x02ddffff Private Memory rw True False False -
private_0x0000000002e40000 0x02e40000 0x02f3ffff Private Memory rw True False False -
pagefile_0x0000000002f40000 0x02f40000 0x03332fff Pagefile Backed Memory r True False False -
private_0x0000000003390000 0x03390000 0x0348ffff Private Memory rw True False False -
private_0x00000000035a0000 0x035a0000 0x0369ffff Private Memory rw True False False -
private_0x00000000037a0000 0x037a0000 0x037dffff Private Memory rw True False False -
private_0x0000000003850000 0x03850000 0x0388ffff Private Memory rw True False False -
pagefile_0x0000000003890000 0x03890000 0x03bd2fff Pagefile Backed Memory r True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x70ec0000 0x70ef2fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
npmproxy.dll 0x745d0000 0x745d7fff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wship6.dll 0x74b20000 0x74b25fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 170 entries are omitted.
The remaining entries can be found in flog.txt.
Process #18: iexplore.exe
0 0
»
Information Value
ID #18
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1512 CREDAT:79920
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:04:02, Reason: Child Process
Unmonitor End Time: 00:04:20, Reason: Terminated by Timeout
Monitor Duration 00:00:18
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xd44
Parent PID 0x5e8 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D48
0x D50
0x D54
0x D58
0x D5C
0x D60
0x D64
0x D68
0x D6C
0x D70
0x D74
0x D78
0x D7C
0x D80
0x D84
0x D88
0x D8C
0x D90
0x D98
0x D9C
0x DA0
0x DA4
0x E14
0x E1C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x0002ffff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d1fff Pagefile Backed Memory rw True False False -
iexplore.exe.mui 0x000e0000 0x000e1fff Memory Mapped File rw False False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
oleaccrc.dll 0x00110000 0x00110fff Memory Mapped File r False False False -
pagefile_0x0000000000120000 0x00120000 0x00121fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000130000 0x00130000 0x00130fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00141fff Pagefile Backed Memory r True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00191fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a1fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d0fff Pagefile Backed Memory rw True False False -
private_0x00000000001e0000 0x001e0000 0x0021ffff Private Memory rw True False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0026ffff Private Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00270000 0x0028efff Memory Mapped File r True False False -
private_0x0000000000290000 0x00290000 0x00291fff Private Memory rwx True False False -
private_0x00000000002a0000 0x002a0000 0x0039ffff Private Memory rw True False False -
pagefile_0x00000000003a0000 0x003a0000 0x00527fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000530000 0x00530000 0x00531fff Pagefile Backed Memory r True False False -
index.dat 0x00540000 0x00547fff Memory Mapped File rw True False False -
private_0x0000000000550000 0x00550000 0x005cffff Private Memory rw True False False -
pagefile_0x00000000005d0000 0x005d0000 0x00750fff Pagefile Backed Memory r True False False -
index.dat 0x00760000 0x00773fff Memory Mapped File rw True False False -
private_0x0000000000780000 0x00780000 0x0087ffff Private Memory rw True False False -
sortdefault.nls 0x00880000 0x00b4efff Memory Mapped File r False False False -
pagefile_0x0000000000b50000 0x00b50000 0x00c2efff Pagefile Backed Memory r True False False -
pagefile_0x0000000000c30000 0x00c30000 0x00c9dfff Pagefile Backed Memory rw True False False -
private_0x0000000000ca0000 0x00ca0000 0x00cdffff Private Memory rw True False False -
index.dat 0x00ce0000 0x00cf3fff Memory Mapped File rw True False False -
private_0x0000000000d00000 0x00d00000 0x00d3ffff Private Memory rw True False False -
pagefile_0x0000000000d40000 0x00d40000 0x00d40fff Pagefile Backed Memory rw True False False -
private_0x0000000000d80000 0x00d80000 0x00d81fff Private Memory rw True False False -
private_0x0000000000dc0000 0x00dc0000 0x00dfffff Private Memory rw True False False -
private_0x0000000000e00000 0x00e00000 0x00e3ffff Private Memory rw True False False -
private_0x0000000000e80000 0x00e80000 0x00ebffff Private Memory rw True False False -
private_0x0000000000ec0000 0x00ec0000 0x00fbffff Private Memory rw True False False -
private_0x0000000000fc0000 0x00fc0000 0x00ffffff Private Memory rw True False False -
private_0x0000000001060000 0x01060000 0x0109ffff Private Memory rw True False False -
private_0x00000000010a0000 0x010a0000 0x010dffff Private Memory rw True False False -
private_0x00000000010f0000 0x010f0000 0x011effff Private Memory rw True False False -
iexplore.exe 0x01290000 0x01335fff Memory Mapped File rwx False False False -
pagefile_0x0000000001340000 0x01340000 0x0273ffff Pagefile Backed Memory r True False False -
private_0x0000000002750000 0x02750000 0x0284ffff Private Memory rw True False False -
private_0x00000000028f0000 0x028f0000 0x0292ffff Private Memory rw True False False -
private_0x0000000002930000 0x02930000 0x02a2ffff Private Memory rw True False False -
private_0x0000000002a30000 0x02a30000 0x02c2ffff Private Memory rw True False False -
private_0x0000000002c30000 0x02c30000 0x02d2ffff Private Memory rw True False False -
private_0x0000000002e30000 0x02e30000 0x02f2ffff Private Memory rw True False False -
pagefile_0x0000000002f30000 0x02f30000 0x03322fff Pagefile Backed Memory r True False False -
private_0x00000000033e0000 0x033e0000 0x034dffff Private Memory rw True False False -
private_0x00000000035b0000 0x035b0000 0x035effff Private Memory rw True False False -
private_0x0000000003690000 0x03690000 0x0378ffff Private Memory rw True False False -
pagefile_0x0000000003790000 0x03790000 0x03ad2fff Pagefile Backed Memory r True False False -
private_0x0000000003be0000 0x03be0000 0x03beffff Private Memory rw True False False -
private_0x000000005fff0000 0x5fff0000 0x5fffffff Private Memory rwx True False False -
sqmapi.dll 0x70e80000 0x70eb2fff Memory Mapped File rwx False False False -
ieframe.dll 0x72cb0000 0x7372ffff Memory Mapped File rwx False False False -
apphelp.dll 0x74520000 0x7456bfff Memory Mapped File rwx False False False -
npmproxy.dll 0x745d0000 0x745d7fff Memory Mapped File rwx False False False -
netprofm.dll 0x745e0000 0x74639fff Memory Mapped File rwx False False False -
ieshims.dll 0x74640000 0x74674fff Memory Mapped File rwx False False False -
propsys.dll 0x74720000 0x74814fff Memory Mapped File rwx False False False -
ieproxy.dll 0x74ab0000 0x74adafff Memory Mapped File rwx False False False -
wship6.dll 0x74b20000 0x74b25fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x74b30000 0x74b34fff Memory Mapped File rwx False False False -
mswsock.dll 0x74b50000 0x74b8bfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c60000 0x74c6dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c70000 0x74caafff Memory Mapped File rwx False False False -
cryptsp.dll 0x74cb0000 0x74cc5fff Memory Mapped File rwx False False False -
dwmapi.dll 0x74ce0000 0x74cf2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74d00000 0x74d7ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74d90000 0x74d97fff Memory Mapped File rwx False False False -
wow64win.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wow64.dll 0x74e00000 0x74e3efff Memory Mapped File rwx False False False -
nlaapi.dll 0x74e40000 0x74e4ffff Memory Mapped File rwx False False False -
version.dll 0x74e90000 0x74e98fff Memory Mapped File rwx False False False -
winnsi.dll 0x74ea0000 0x74ea6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74eb0000 0x74ecbfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74ed0000 0x74f13fff Memory Mapped File rwx False False False -
comctl32.dll 0x74f20000 0x750bdfff Memory Mapped File rwx False False False -
oleacc.dll 0x750c0000 0x750fbfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x75130000 0x7513afff Memory Mapped File rwx False False False -
cryptbase.dll 0x753a0000 0x753abfff Memory Mapped File rwx False False False -
sspicli.dll 0x753b0000 0x7540ffff Memory Mapped File rwx False False False -
usp10.dll 0x75410000 0x754acfff Memory Mapped File rwx False False False -
clbcatq.dll 0x754b0000 0x75532fff Memory Mapped File rwx False False False -
ole32.dll 0x75540000 0x7569bfff Memory Mapped File rwx False False False -
wldap32.dll 0x756a0000 0x756e4fff Memory Mapped File rwx False False False -
user32.dll 0x756f0000 0x757effff Memory Mapped File rwx False False False -
iertutil.dll 0x757f0000 0x759eafff Memory Mapped File rwx False False False -
kernel32.dll 0x75a20000 0x75b2ffff Memory Mapped File rwx False False False -
advapi32.dll 0x75b30000 0x75bcffff Memory Mapped File rwx False False False -
wininet.dll 0x75be0000 0x75cd4fff Memory Mapped File rwx False False False -
shlwapi.dll 0x75ce0000 0x75d36fff Memory Mapped File rwx False False False -
msctf.dll 0x75d40000 0x75e0bfff Memory Mapped File rwx False False False -
devobj.dll 0x75e10000 0x75e21fff Memory Mapped File rwx False False False -
msvcrt.dll 0x75e30000 0x75edbfff Memory Mapped File rwx False False False -
comdlg32.dll 0x75ee0000 0x75f5afff Memory Mapped File rwx False False False -
oleaut32.dll 0x75f60000 0x75feefff Memory Mapped File rwx False False False -
setupapi.dll 0x75ff0000 0x7618cfff Memory Mapped File rwx False False False -
crypt32.dll 0x76190000 0x762acfff Memory Mapped File rwx False False False -
sechost.dll 0x762b0000 0x762c8fff Memory Mapped File rwx False False False -
lpk.dll 0x762d0000 0x762d9fff Memory Mapped File rwx False False False -
urlmon.dll 0x762e0000 0x76415fff Memory Mapped File rwx False False False -
psapi.dll 0x76420000 0x76424fff Memory Mapped File rwx False False False -
ws2_32.dll 0x764c0000 0x764f4fff Memory Mapped File rwx False False False -
imm32.dll 0x76500000 0x7655ffff Memory Mapped File rwx False False False -
kernelbase.dll 0x765f0000 0x76635fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x76640000 0x76666fff Memory Mapped File rwx False False False -
shell32.dll 0x76670000 0x772b9fff Memory Mapped File rwx False False False -
msasn1.dll 0x772c0000 0x772cbfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772d0000 0x773bffff Memory Mapped File rwx False False False -
gdi32.dll 0x773c0000 0x7744ffff Memory Mapped File rwx False False False -
private_0x0000000077450000 0x77450000 0x77549fff Private Memory rwx True False False -
private_0x0000000077550000 0x77550000 0x7766efff Private Memory rwx True False False -
ntdll.dll 0x77670000 0x77818fff Memory Mapped File rwx False False False -
nsi.dll 0x77820000 0x77825fff Memory Mapped File rwx False False False -
ntdll.dll 0x77850000 0x779cffff Memory Mapped File rwx False False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 167 entries are omitted.
The remaining entries can be found in flog.txt.
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image